Avira und Spybot lassen sich nicht aktualisieren, Windows-Update geht nicht.

ludibubi · 20.05.2015, 16:06

Guten Tag. Ich befürchte, meine Bekannter hat sich irgendeine Seuche eingefangen.

Symptome:
Avira lässt sich nicht aktualisieren und kann auch nicht neu installiert werden.
Für Spybot gilt das selbe.
Windows Update kann zwar geöffnet werden. Das Programmfenster bleibt aber nur weiß und hängt. Habe nach einer Stunde abgebrochen.

Da ich mir nicht sicher bin, was es sein könnte, habe ich die Logfiles laut Anleitung erstellt und bitte um Überprüfung/Hilfe.

FRST-Log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by meyer (administrator) on MEYER-PC on 20-05-2015 16:01:23
Running from C:\Users\meyer\Downloads
Loaded Profiles: meyer (Available profiles: meyer)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(COMPANYVERS_NAME) C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
() C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(VER_COMPANY_NAME) C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-18] (Google)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-08-26] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [ApnUpdater] => "C:\Program Files\Ask.com\Updater\Updater.exe"
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [Allin1Convert EPM Support] => C:\Program Files\Allin1Convert_8h\bar\1.bin\8hmedint.exe [12872 2014-01-25] (Mindspark Interactive Network, Inc.)
HKLM\...\Run: [Allin1Convert Home Page Guard 32 bit] => "C:\PROGRA~1\ALLIN1~2\bar\1.bin\AppIntegrator.exe"
HKLM\...\Run: [Allin1Convert Search Scope Monitor] => C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe [55368 2014-01-25] (Mindspark)
HKLM\...\Run: [Allin1Convert_8h Browser Plugin Loader] => C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe [61512 2014-01-25] (VER_COMPANY_NAME)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-18] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2010-06-01]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk [2010-06-01]
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-10-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-10-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (Mindspark)
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm099^YYA^de&si=wiseconvert&ptb=C191642F-F494-4F7C-86D9-DE18552D4CA0&ind=2014012512&n=780b6460&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM -> {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> DefaultScope {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_deDE315
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> {1B10327E-CA04-48D8-8FA5-5D1E79992205} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=9530491d-37fa-497d-a31c-32db583d0a12&apn_sauid=8DD8579E-B3ED-4565-981B-2EE7A398F974
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm099^YYA^de&si=wiseconvert&ptb=C191642F-F494-4F7C-86D9-DE18552D4CA0&ind=2014012512&n=780b6460&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE_deDE315
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-24] (Oracle Corporation)
BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
BHO: Search Assistant BHO -> {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} -> C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll [2014-01-25] (Mindspark)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-24] (Oracle Corporation)
BHO: Toolbar BHO -> {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -> C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll [2014-01-25] (Mindspark)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM - Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll [2014-01-25] (Mindspark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> Allin1Convert - {CD1A63BA-A08C-431B-9A34-F240AADC728D} - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll [2014-01-25] (Mindspark)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\..\Interfaces\{ECB6E1FF-DC62-4C83-9C17-39A1AD2F7143}: [NameServer] 192.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\fi8OXMfQ.default
FF Plugin: @Allin1Convert_8h.com/Plugin -> C:\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll [2014-01-25] (Mindspark)
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-05-28] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-20] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\fi8OXMfQ.default\Extensions\abs@avira.com [2014-11-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Allin1Convert_8hService; C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [88648 2014-01-25] (COMPANYVERS_NAME)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-18] (Google)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-11-30] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-14] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 catchme; \??\C:\Users\meyer\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 16:01 - 2015-05-20 16:02 - 00021152 _____ () C:\Users\meyer\Downloads\FRST.txt
2015-05-20 16:00 - 2015-05-20 16:01 - 00000000 ____D () C:\FRST
2015-05-20 16:00 - 2015-05-20 16:00 - 01146880 _____ (Farbar) C:\Users\meyer\Downloads\FRST.exe
2015-05-20 15:58 - 2015-05-20 15:58 - 00000472 _____ () C:\Users\meyer\Desktop\defogger_disable.log
2015-05-20 15:58 - 2015-05-20 15:58 - 00000000 _____ () C:\Users\meyer\defogger_reenable
2015-05-20 15:57 - 2015-05-20 15:57 - 00050477 _____ () C:\Users\meyer\Downloads\Defogger.exe
2015-05-20 13:53 - 2014-01-25 19:06 - 00859720 _____ (Mindspark) C:\Program Files\5qUninstall Zwinky.dll
2015-05-20 13:53 - 2014-01-25 19:06 - 00189816 _____ () C:\Program Files\5qres.dll
2015-05-20 13:05 - 2015-05-20 13:05 - 00001177 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-09 22:04 - 2015-05-09 22:04 - 00000348 _____ () C:\Windows\Tasks\0415tbUpdateInfo.job
2015-05-09 22:04 - 2015-05-09 22:04 - 00000000 ____D () C:\ProgramData\Avg_Update_0415tb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-20 15:58 - 2010-05-28 13:31 - 00000000 ____D () C:\Users\meyer
2015-05-20 15:53 - 2010-07-18 10:27 - 00000000 ____D () C:\Users\meyer\AppData\Roaming\Skype
2015-05-20 15:51 - 2010-05-28 13:55 - 01959166 _____ () C:\Windows\WindowsUpdate.log
2015-05-20 15:42 - 2010-05-08 07:17 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-20 15:39 - 2009-08-05 12:07 - 00000000 ____D () C:\Users\meyer\AppData\Local\Adobe
2015-05-20 15:38 - 2012-04-30 20:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-20 15:38 - 2012-04-30 20:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-20 15:38 - 2012-04-30 20:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-20 14:55 - 2010-05-28 14:09 - 01501000 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 14:53 - 2014-04-21 18:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-05-20 14:53 - 2014-04-21 18:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-05-20 14:53 - 2010-05-28 13:30 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-20 14:53 - 2010-05-28 13:30 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-20 14:53 - 2010-05-08 07:17 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-20 14:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 14:47 - 2010-05-28 13:45 - 00036796 _____ () C:\Windows\PFRO.log
2015-05-20 14:47 - 2009-07-14 06:39 - 00440672 _____ () C:\Windows\setupact.log
2015-05-20 13:51 - 2014-01-25 19:25 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2015-05-20 13:33 - 2013-06-24 21:55 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-20 13:25 - 2014-02-20 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-20 13:05 - 2014-11-30 13:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-20 13:05 - 2014-02-20 20:26 - 00000000 ____D () C:\Program Files\Avira
2015-05-20 13:05 - 2012-04-30 20:17 - 00000000 ____D () C:\ProgramData\Avira

==================== Files in the root of some directories =======

2015-05-20 13:53 - 2014-01-25 19:06 - 0189816 _____ () C:\Program Files\5qres.dll
2015-05-20 13:53 - 2014-01-25 19:06 - 0859720 _____ (Mindspark) C:\Program Files\5qUninstall Zwinky.dll
2009-02-18 11:02 - 2009-02-18 11:03 - 0000114 _____ () C:\Users\meyer\AppData\Roaming\wklnhst.dat
2010-07-18 10:28 - 2010-07-18 10:28 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\meyer\AppData\Local\Temp\avgnt.exe
C:\Users\meyer\AppData\Local\Temp\jre-8u45-windows-au.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 00:13

==================== End Of Log ============================

--- --- ---
Addition-Log

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015
Ran by meyer at 2015-05-20 16:02:30
Running from C:\Users\meyer\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1398980063-4242612766-3276201938-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1398980063-4242612766-3276201938-1004 - Limited - Enabled)
Gast (S-1-5-21-1398980063-4242612766-3276201938-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1398980063-4242612766-3276201938-1002 - Limited - Enabled)
meyer (S-1-5-21-1398980063-4242612766-3276201938-1000 - Administrator - Enabled) => C:\Users\meyer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
Allin1Convert Internet Explorer Toolbar (HKLM\...\Allin1Convert_8hbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.31.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.4.4.57710 - Ask.com) <==== ATTENTION
ATI Catalyst Install Manager (HKLM\...\{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
ccc-core-static (Version: 2009.0729.2238.38827 - Ihr Firmenname) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hauppauge Signal Monitor Utility (HKLM\...\Hauppauge Signal Monitor Utility) (Version: - )
Hauppauge Software MPEG-2 Decoder Installer (HKLM\...\Hauppauge Software MPEG-2 Decoder Installer) (Version: - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: - )
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000) (Version: 7.70.00.50 - Conexant)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.390 - Oracle)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.6 (HKLM\...\myphotobook) (Version: 3.6 - myphotobook)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.20 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.11 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.2 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4}\InprocServer32 -> C:\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (Mindspark)
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\meyer\AppData\Local\AskToolbar\Downloaded Program Files\AviraBrowserSecurity.dll (Ask.com)
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points =========================

21-08-2014 11:53:06 Geplanter Prüfpunkt
04-09-2014 09:59:13 Geplanter Prüfpunkt
23-11-2014 12:07:44 Geplanter Prüfpunkt
15-01-2015 13:22:46 Geplanter Prüfpunkt
20-02-2015 10:30:47 Geplanter Prüfpunkt
04-03-2015 11:47:24 Geplanter Prüfpunkt
03-05-2015 11:05:58 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2013-06-27 21:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C2EEE51-D595-451B-9FF9-33B6E5EF1954} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - meyer => C:\Program Files\Windows Calendar\WinCal.exe
Task: {1343CBDC-8638-4292-8350-9E3DB7FCC1EE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {19953A8C-063E-4896-82D7-FDBA918F4F5F} - System32\Tasks\{CD38E15E-62CD-4D71-AFEE-72DB243BEB8E} => pcalua.exe -a C:\Temp\tinstall.exe -d C:\Temp
Task: {19DD9452-00DE-44AC-B947-66D58001B59F} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe [2014-04-21] ()
Task: {2EFA7D69-DEFB-4DAF-B0CD-3990C22CA646} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{54C6D427-7A58-4694-B87C-2A395B866C89}.exe [2015-05-09] ()
Task: {3B4C8405-5C5B-4E1B-979B-2571D4C5212C} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe [2014-04-21] ()
Task: {3D1D8917-8FFB-442E-A3BA-F1AC35C395FE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {412B1BC1-D399-40D5-823E-D991085D2880} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-20] (Adobe Systems Incorporated)
Task: {436C5CDC-353C-4323-88C3-46A231BE6898} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {81E87554-0547-4D38-AA14-E1064E32E53D} - System32\Tasks\{82382185-3A68-4EF0-B3D7-8988FE6D2056} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {87C3C785-AFE8-4AAA-8AA8-63979F189200} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{940240B9-0B79-40C8-907A-72B121437EBC}.exe [2014-12-14] ()
Task: {9A5270B6-8960-4271-A4D2-66739C02F6CC} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{2005D3B5-5B50-4B78-A922-980ACE1DB1B2}.exe [2015-03-12] ()
Task: {AE2B07F9-EF2E-4CE8-BDFE-E52040AD5935} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {D16A0E16-A8BD-4915-B4CA-13AB6B5E8464} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED396B59-9233-4C67-93B5-3BB66D451BAA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{2005D3B5-5B50-4B78-A922-980ACE1DB1B2}.exe
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{54C6D427-7A58-4694-B87C-2A395B866C89}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{940240B9-0B79-40C8-907A-72B121437EBC}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-06-01 21:40 - 2009-04-01 17:55 - 00024064 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2013-06-30 14:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-30 14:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-30 14:22 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-06-30 14:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-30 14:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-05-07 16:37 - 2015-05-07 16:37 - 00245760 _____ () C:\Program Files\Avira\Launcher\System.ComponentModel.Composition.dll
2008-04-24 19:25 - 2008-04-24 19:25 - 00126976 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 19:25 - 2008-04-24 19:25 - 06701056 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 19:25 - 2008-04-24 19:25 - 00995328 _____ () C:\Windows\system32\FaceRec.dll
2014-04-21 18:42 - 2014-04-21 18:41 - 02725912 ____N () C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
2008-03-06 11:14 - 2008-03-06 11:14 - 05121912 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-10-07 16:56 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 13:03 - 2007-12-25 13:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2008-10-07 17:14 - 2010-07-18 08:58 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2009-05-04 10:45 - 2009-05-04 10:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-02 12:36 - 2010-06-02 12:36 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.8.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{341CD94B-5664-4351-AC45-562CF0458B4E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F221B037-F35B-4FB4-AE2F-E07C75E5BC31}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{FF500449-BB7A-44C6-BE41-30562B31AE3E}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{AB1FE149-543C-43D4-8D3A-4E79FA501894}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{AB8FE88B-E7C1-46F8-885B-01CDFFF9D94F}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2015 03:45:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.exe, Version 6.1.7600.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11ec

Startzeit: 01d0930219d3451c

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.exe

Berichts-ID:

Error: (05/20/2015 03:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450, Zeitstempel: 0x4aeba271
Name des fehlerhaften Moduls: wucltux.dll, Version: 7.3.7600.16385, Zeitstempel: 0x4a5bdb45
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000068cf
ID des fehlerhaften Prozesses: 0x8bc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/20/2015 03:17:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error: (05/20/2015 03:17:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error: (05/20/2015 03:17:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error: (05/20/2015 03:17:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: 12007 (0x2ee7).

Error: (05/20/2015 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 01:33:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915, Zeitstempel: 0x4ec49caf
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x00056c91
ID des fehlerhaften Prozesses: 0x16e0
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (05/20/2015 00:38:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 00:36:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/20/2015 03:33:18 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9B1F122C-2982-4E91-AA8B-E071D54F2A4D}

Error: (05/20/2015 02:47:54 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/20/2015 02:47:54 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/20/2015 00:38:11 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/20/2015 00:38:11 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/20/2015 00:34:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (05/20/2015 00:34:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (05/20/2015 00:34:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (05/20/2015 00:34:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (05/20/2015 00:34:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2010-05-28 12:01:06.824
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.699
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.590
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.465
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.309
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Processor: AMD Athlon(tm) X2 Dual-Core QL-62
Percentage of memory in use: 39%
Total physical RAM: 2813.84 MB
Available physical RAM: 1689.54 MB
Total Pagefile: 5625.96 MB
Available Pagefile: 3967.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.26 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:116.29 GB) (Free:84.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:109.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E43EEFE7)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=116.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Gmer-Log

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-20 16:54:44
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD2500BEVS-26UST0 rev.01.01A01 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\meyer\AppData\Local\Temp\kwloypow.sys


---- System - GMER 2.1 ----

SSDT 907289A6 ZwCreateSection
SSDT 907289B0 ZwRequestWaitReplyPort
SSDT 907289AB ZwSetContextThread
SSDT 907289B5 ZwSetSecurityObject
SSDT 907289BA ZwSystemDebugControl
SSDT 90728947 ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8308D5D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B2092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 370 830B99B0 4 Bytes [A6, 89, 72, 90] {CMPSB ; MOV [EDX-0x70], ESI}
.text ntkrnlpa.exe!RtlSidHashLookup + 6CC 830B9D0C 4 Bytes [B0, 89, 72, 90] {MOV AL, 0x89; JB 0xffffff94}
.text ntkrnlpa.exe!RtlSidHashLookup + 710 830B9D50 4 Bytes [AB, 89, 72, 90] {STOSD ; MOV [EDX-0x70], ESI}
.text ntkrnlpa.exe!RtlSidHashLookup + 78C 830B9DCC 4 Bytes [B5, 89, 72, 90] {MOV CH, 0x89; JB 0xffffff94}
.text ntkrnlpa.exe!RtlSidHashLookup + 7E0 830B9E20 4 Bytes [BA, 89, 72, 90]
.text ... 
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91039000, 0x2D5526, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2136] kernel32.dll!CreateThread 762D279D 5 Bytes JMP 5F0F7303 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!EnableWindow 75FFA72E 5 Bytes JMP 5F139A14 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!UnhookWindowsHookEx 75FFCC7B 5 Bytes JMP 5F17EB00 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!CallNextHookEx 75FFCC8F 5 Bytes JMP 5F157BAF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!DefWindowProcA 75FFE0E4 7 Bytes JMP 5F0F952D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!CreateWindowExA 75FFE18A 5 Bytes JMP 5F103363 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!CreateWindowExW 76000E51 5 Bytes JMP 5F15FF87 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!SetWindowsHookExW 7600210A 5 Bytes JMP 5F132194 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!DefWindowProcW 7600724B 7 Bytes JMP 5F157C12 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!DialogBoxIndirectParamW 76024AA7 5 Bytes JMP 5F286336 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!DialogBoxParamW 7602564A 5 Bytes JMP 5F09170B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!DialogBoxParamA 7603CF6A 5 Bytes JMP 5F2862D1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!DialogBoxIndirectParamA 7603D29C 5 Bytes JMP 5F28639B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!MessageBoxIndirectA 7604E8C9 5 Bytes JMP 5F286258 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!MessageBoxIndirectW 7604E9C3 5 Bytes JMP 5F2861DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!MessageBoxExA 7604EA29 5 Bytes JMP 5F28617B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] USER32.dll!MessageBoxExW 7604EA4D 5 Bytes JMP 5F286117 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2136] ole32.dll!OleLoadFromStream 75845BF6 5 Bytes JMP 5F286B0F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!CreateThread 762D279D 5 Bytes JMP 5F0F7303 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!EnableWindow 75FFA72E 5 Bytes JMP 5F139A14 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!UnhookWindowsHookEx 75FFCC7B 5 Bytes JMP 5F17EB00 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CallNextHookEx 75FFCC8F 5 Bytes JMP 5F157BAF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DefWindowProcA 75FFE0E4 7 Bytes JMP 5F0F952D C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CreateWindowExA 75FFE18A 5 Bytes JMP 5F103363 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CreateWindowExW 76000E51 5 Bytes JMP 5F15FF87 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!SetWindowsHookExW 7600210A 5 Bytes JMP 5F132194 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DefWindowProcW 7600724B 7 Bytes JMP 5F157C12 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxIndirectParamW 76024AA7 5 Bytes JMP 5F286336 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxParamW 7602564A 5 Bytes JMP 5F09170B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxParamA 7603CF6A 5 Bytes JMP 5F2862D1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxIndirectParamA 7603D29C 5 Bytes JMP 5F28639B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxIndirectA 7604E8C9 5 Bytes JMP 5F286258 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxIndirectW 7604E9C3 5 Bytes JMP 5F2861DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxExA 7604EA29 5 Bytes JMP 5F28617B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxExW 7604EA4D 5 Bytes JMP 5F286117 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2356] ole32.dll!OleLoadFromStream 75845BF6 5 Bytes JMP 5F286B0F C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!EnableWindow 75FFA72E 5 Bytes JMP 5F139A14 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamW 76024AA7 5 Bytes JMP 5F286336 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamW 7602564A 5 Bytes JMP 5F09170B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxParamA 7603CF6A 5 Bytes JMP 5F2862D1 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!DialogBoxIndirectParamA 7603D29C 5 Bytes JMP 5F28639B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectA 7604E8C9 5 Bytes JMP 5F286258 C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxIndirectW 7604E9C3 5 Bytes JMP 5F2861DF C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExA 7604EA29 5 Bytes JMP 5F28617B C:\Windows\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3172] USER32.dll!MessageBoxExW 7604EA4D 5 Bytes JMP 5F286117 C:\Windows\system32\IEFRAME.dll

---- Devices - GMER 2.1 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys

---- Registry - GMER 2.1 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo 863945481
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30446331
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo 863945481
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30446331

---- EOF - GMER 2.1 ----

--- --- ---

M-K-D-B · 20.05.2015, 16:08

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

ludibubi · 20.05.2015, 17:12

Hallo Matthias, schon mal vorab Danke für deine Hilfe.

Hier das Log:

Zitat:

17:46:24.0576 0x10d4 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
17:46:32.0054 0x10d4 ============================================================
17:46:32.0054 0x10d4 Current date / time: 2015/05/20 17:46:32.0054
17:46:32.0054 0x10d4 SystemInfo:
17:46:32.0064 0x10d4
17:46:32.0064 0x10d4 OS Version: 6.1.7600 ServicePack: 0.0
17:46:32.0064 0x10d4 Product type: Workstation
17:46:32.0064 0x10d4 ComputerName: MEYER-PC
17:46:32.0064 0x10d4 UserName: meyer
17:46:32.0064 0x10d4 Windows directory: C:\Windows
17:46:32.0064 0x10d4 System windows directory: C:\Windows
17:46:32.0064 0x10d4 Processor architecture: Intel x86
17:46:32.0064 0x10d4 Number of processors: 2
17:46:32.0064 0x10d4 Page size: 0x1000
17:46:32.0064 0x10d4 Boot type: Normal boot
17:46:32.0064 0x10d4 ============================================================
17:46:36.0376 0x10d4 KLMD registered as C:\Windows\system32\drivers\64897827.sys
17:46:36.0693 0x10d4 System UUID: {1C437C7D-6D74-64A5-1D27-81B94225E0B9}
17:46:37.0584 0x10d4 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:46:37.0584 0x10d4 ============================================================
17:46:37.0584 0x10d4 \Device\Harddisk0\DR0:
17:46:37.0584 0x10d4 MBR partitions:
17:46:37.0584 0x10d4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2EE000
17:46:37.0584 0x10d4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xE893000
17:46:37.0584 0x10d4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xEB81800, BlocksNum 0xE643970
17:46:37.0584 0x10d4 ============================================================
17:46:37.0626 0x10d4 C: <-> \Device\Harddisk0\DR0\Partition2
17:46:37.0656 0x10d4 E: <-> \Device\Harddisk0\DR0\Partition3
17:46:37.0656 0x10d4 ============================================================
17:46:37.0656 0x10d4 Initialize success
17:46:37.0656 0x10d4 ============================================================
17:48:13.0369 0x0ebc ============================================================
17:48:13.0369 0x0ebc Scan started
17:48:13.0369 0x0ebc Mode: Manual; SigCheck; TDLFS;
17:48:13.0369 0x0ebc ============================================================
17:48:13.0369 0x0ebc KSN ping started
17:48:16.0195 0x0ebc KSN ping finished: true
17:48:17.0823 0x0ebc ================ Scan system memory ========================
17:48:17.0823 0x0ebc System memory - ok
17:48:17.0833 0x0ebc ================ Scan services =============================
17:48:18.0133 0x0ebc [ 6D2ACA41739BFE8CB86EE8E85F29697D, 74A4F53C8309A8E5E94CDE4D440DD5308566185E6D8D98FD08E70A25BD728C91 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
17:48:18.0255 0x0ebc 1394ohci - ok
17:48:18.0302 0x0ebc [ F0E07D144C8685B8774BC32FC8DA4DF0, 39816ED2623CA9ABE2B2EDCDB2F8481634742F00FEEF7E324F34D2BAAD668A67 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
17:48:18.0329 0x0ebc ACPI - ok
17:48:18.0357 0x0ebc [ 98D81CA942D19F7D9153B095162AC013, ACE5C073323176621F3312AA9B1EE1A3382F8CDD590D90DC57B34035FD6BC281 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
17:48:18.0457 0x0ebc AcpiPmi - ok
17:48:18.0587 0x0ebc [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:48:18.0607 0x0ebc AdobeFlashPlayerUpdateSvc - ok
17:48:18.0669 0x0ebc [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:48:18.0739 0x0ebc adp94xx - ok
17:48:18.0776 0x0ebc [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:48:18.0821 0x0ebc adpahci - ok
17:48:18.0849 0x0ebc [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:48:18.0883 0x0ebc adpu320 - ok
17:48:18.0921 0x0ebc [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:48:18.0965 0x0ebc AeLookupSvc - ok
17:48:19.0025 0x0ebc [ 0DB7A48388D54D154EBEC120461A0FCD, 567B65F96ADE0E8252B7D8CE7F254CB8054C3AE4BC3577C394EFDEF8D8A61427 ] AFD C:\Windows\system32\drivers\afd.sys
17:48:19.0145 0x0ebc AFD - ok
17:48:19.0175 0x0ebc [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
17:48:19.0205 0x0ebc agp440 - ok
17:48:19.0247 0x0ebc [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:48:19.0277 0x0ebc aic78xx - ok
17:48:19.0319 0x0ebc [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
17:48:19.0379 0x0ebc ALG - ok
17:48:19.0419 0x0ebc [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
17:48:19.0449 0x0ebc aliide - ok
17:48:19.0511 0x0ebc [ 42B9D6E7B18F7AD09CF47323E592D421, 94ED6430067AB2DCE286DD7673AB0EEF5C547B5113ACEC9E162970592AE8A935 ] Allin1Convert_8hService C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe
17:48:19.0541 0x0ebc Allin1Convert_8hService - ok
17:48:19.0583 0x0ebc [ 0BC6704F6FB4C63CDCB85401E8263A1B, C9297943E6FA49EC78EB77BF98593F2EACB5E3F5DF57A34D2E60EF8BF3D10FF4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:48:19.0665 0x0ebc AMD External Events Utility - ok
17:48:19.0685 0x0ebc [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
17:48:19.0713 0x0ebc amdagp - ok
17:48:19.0721 0x0ebc [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
17:48:19.0746 0x0ebc amdide - ok
17:48:19.0777 0x0ebc [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:48:19.0817 0x0ebc AmdK8 - ok
17:48:19.0857 0x0ebc [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:48:19.0897 0x0ebc AmdPPM - ok
17:48:19.0927 0x0ebc [ 2101A86C25C154F8314B24EF49D7FBC2, E4C1326CF55850793B45B2BFDF361C4E98A07FB13E08BFD6DB50135489700998 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
17:48:19.0957 0x0ebc amdsata - ok
17:48:20.0009 0x0ebc [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:48:20.0049 0x0ebc amdsbs - ok
17:48:20.0071 0x0ebc [ B81C2B5616F6420A9941EA093A92B150, DA2000C9E06533232F8716A6674BC9DFD5C3AAE1FC46F7A91B8E917DB913F42F ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
17:48:20.0095 0x0ebc amdxata - ok
17:48:20.0231 0x0ebc [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:48:20.0274 0x0ebc AntiVirSchedulerService - ok
17:48:20.0363 0x0ebc [ C2700D35AA42311A32DF7EA09630B401, 35B305916DB91EBC86CA70AF23140684F57CF527A0ADE099A79610335C61E861 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:48:20.0425 0x0ebc AntiVirService - ok
17:48:20.0490 0x0ebc [ 027820FE847A7B4245234A4E6E825BE1, EB5638C22C52D0B07F9782B7660BBA730A10A80DC138B7DAD20F849221DEF80B ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
17:48:20.0554 0x0ebc AntiVirWebService - ok
17:48:20.0585 0x0ebc [ FEB834C02CE1E84B6A38F953CA067706, E5A7F8B632ABFBD1283C3D44FB02449814EDB653B204E1720DAA780A6D64FD01 ] AppID C:\Windows\system32\drivers\appid.sys
17:48:20.0665 0x0ebc AppID - ok
17:48:20.0705 0x0ebc [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:48:20.0877 0x0ebc AppIDSvc - ok
17:48:20.0897 0x0ebc [ 7DEAD9E3F65DCB2794F2711003BBF650, F541C30EEFD1BDB70F361B878B6E51DC728873695DD137148CE531FBACCDA21B ] Appinfo C:\Windows\System32\appinfo.dll
17:48:20.0957 0x0ebc Appinfo - ok
17:48:20.0987 0x0ebc [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:48:21.0057 0x0ebc AppMgmt - ok
17:48:21.0113 0x0ebc [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:48:21.0144 0x0ebc arc - ok
17:48:21.0159 0x0ebc [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:48:21.0189 0x0ebc arcsas - ok
17:48:21.0271 0x0ebc [ 39CDCB109BF200CC8A05B9C7E6272D11, A7352D84A492EA25F92D534E03E722DAB1B4D5CC7DB336F9F90CD546565FAB7F ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:48:21.0301 0x0ebc aspnet_state - ok
17:48:21.0334 0x0ebc [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:48:21.0453 0x0ebc AsyncMac - ok
17:48:21.0473 0x0ebc [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
17:48:21.0494 0x0ebc atapi - ok
17:48:22.0497 0x0ebc [ C97BE8350FBCB1960B22FAD2E6C2B514, A4565029BE99F94A6D076A6FB894ED18F4B7325C3FCB81BD502A78FCFE9B6A57 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:48:22.0803 0x0ebc atikmdag - ok
17:48:22.0881 0x0ebc [ B73C832088DD54B55E04FF6F9646AD8C, 52A9F9240FAFB2F50E48579F02221CC0D6872F834104F91EF63ADC6AA82A2CD0 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
17:48:22.0955 0x0ebc AtiPcie - ok
17:48:23.0033 0x0ebc [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:48:23.0245 0x0ebc AudioEndpointBuilder - ok
17:48:23.0325 0x0ebc [ 510C873BFA135AA829F4180352772734, BC528D840EB338B0C5D11801C63D8EADD40AF8043DC77ACB4B42E8D20767538F ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:48:23.0379 0x0ebc Audiosrv - ok
17:48:23.0437 0x0ebc [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:48:23.0467 0x0ebc avgntflt - ok
17:48:23.0519 0x0ebc [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:48:23.0560 0x0ebc avipbb - ok
17:48:23.0691 0x0ebc [ 7E7520D15E0D509A5B42C28F270A29B5, 6542BF31BB6B5D967EC21B7B11CE6CF8F3BDB81DF06CA8D1FB4956DA4D66F244 ] Avira.OE.ServiceHost C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
17:48:23.0721 0x0ebc Avira.OE.ServiceHost - ok
17:48:23.0756 0x0ebc [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:48:23.0785 0x0ebc avkmgr - ok
17:48:23.0813 0x0ebc [ 98FA7A438389DE905512774856B82BB8, E8BF7C4CA0F60D0F89CE9A8AD11CE77E8A7193D4D56A82E23D4CC1BE1E6B5A91 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
17:48:23.0843 0x0ebc avnetflt - ok
17:48:23.0882 0x0ebc [ DD6A431B43E34B91A767D1CE33728175, 8BFF6474C9DFBEC96FA7B2789EF9B17C7910B52DBCF70CDA1F0C698CFA5EFB6E ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:48:23.0965 0x0ebc AxInstSV - ok
17:48:24.0065 0x0ebc [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:48:24.0167 0x0ebc b06bdrv - ok
17:48:24.0227 0x0ebc [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:48:24.0297 0x0ebc b57nd60x - ok
17:48:24.0357 0x0ebc [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
17:48:24.0427 0x0ebc BDESVC - ok
17:48:24.0447 0x0ebc [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
17:48:24.0497 0x0ebc Beep - ok
17:48:24.0564 0x0ebc [ 85AC71C045CEB054ED48A7841AAE0C11, BA0C0CC50E5C49838116AC9A12A7CF1A683601FD08D3CF6EC06620C51C0806FF ] BFE C:\Windows\System32\bfe.dll
17:48:24.0679 0x0ebc BFE - ok
17:48:24.0741 0x0ebc [ 53F476476F55A27F580661BDE09C4EC4, 90DFBF97F011CFF41D2CFA2E33978BC746A7E693AC75EED1436130C4F10B4E67 ] BITS C:\Windows\system32\qmgr.dll
17:48:24.0886 0x0ebc BITS - ok
17:48:24.0925 0x0ebc [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:48:24.0996 0x0ebc blbdrive - ok
17:48:25.0047 0x0ebc [ 9A5C671B7FBAE4865149BB11F59B91B2, BE1D5901CB8EF20E34F711D6451BDFBCA4BD65AFAD6028964C5CE1673D94FBAD ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:48:25.0087 0x0ebc bowser - ok
17:48:25.0107 0x0ebc [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:48:25.0157 0x0ebc BrFiltLo - ok
17:48:25.0177 0x0ebc [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:48:25.0217 0x0ebc BrFiltUp - ok
17:48:25.0267 0x0ebc [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:48:25.0327 0x0ebc BridgeMP - ok
17:48:25.0379 0x0ebc [ 598E1280E7FF3744F4B8329366CC5635, 9B6392AEBE7EF26253487AF8C7C114822ABB187BA32DA8DBF622DB1B8DA6F1C0 ] Browser C:\Windows\System32\browser.dll
17:48:25.0439 0x0ebc Browser - ok
17:48:25.0531 0x0ebc [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:48:25.0607 0x0ebc Brserid - ok
17:48:25.0623 0x0ebc [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:48:25.0663 0x0ebc BrSerWdm - ok
17:48:25.0693 0x0ebc [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:48:25.0733 0x0ebc BrUsbMdm - ok
17:48:25.0753 0x0ebc [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:48:25.0803 0x0ebc BrUsbSer - ok
17:48:25.0823 0x0ebc [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:48:25.0883 0x0ebc BTHMODEM - ok
17:48:25.0946 0x0ebc [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
17:48:26.0007 0x0ebc bthserv - ok
17:48:26.0265 0x0ebc catchme - ok
17:48:26.0295 0x0ebc [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:48:26.0355 0x0ebc cdfs - ok
17:48:26.0417 0x0ebc [ BA6E70AA0E6091BC39DE29477D866A77, A17A68BDA46995F75FB1C2C593A81CD3B2BFE290CEAA45FA2380DDF5537A23C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:48:26.0467 0x0ebc cdrom - ok
17:48:26.0537 0x0ebc [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] CertPropSvc C:\Windows\System32\certprop.dll
17:48:26.0663 0x0ebc CertPropSvc - ok
17:48:26.0685 0x0ebc [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:48:26.0736 0x0ebc circlass - ok
17:48:26.0759 0x0ebc [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
17:48:26.0809 0x0ebc CLFS - ok
17:48:26.0858 0x0ebc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:48:26.0871 0x0ebc clr_optimization_v2.0.50727_32 - ok
17:48:26.0907 0x0ebc [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:48:26.0963 0x0ebc CmBatt - ok
17:48:26.0983 0x0ebc [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
17:48:27.0013 0x0ebc cmdide - ok
17:48:27.0051 0x0ebc [ 36C252E474B2FFA0F0FBBFF20D92A640, 40A278B1F5BB546A19715BB9F963E64A81CA59EC3F13A8D2C80735505A59BB88 ] CNG C:\Windows\system32\Drivers\cng.sys
17:48:27.0115 0x0ebc CNG - ok
17:48:27.0145 0x0ebc [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:48:27.0175 0x0ebc Compbatt - ok
17:48:27.0217 0x0ebc [ F1724BA27E97D627F808FB0BA77A28A6, F7D69082EEFEC0FB8B309F6AEE282D4A5DFC1A40851ED65904AA9582C5DEA5AB ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
17:48:27.0247 0x0ebc CompositeBus - ok
17:48:27.0257 0x0ebc COMSysApp - ok
17:48:27.0349 0x0ebc [ D10D01B2DFCD8D2F32A32ED29E8DA1C2, D5F89AFF51D690494A70F0E17CB5609DB81F7C9BACD2952D411C7959E90BEEE3 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
17:48:27.0389 0x0ebc ConfigFree Service - detected UnsignedFile.Multi.Generic ( 1 )
17:48:37.0482 0x0ebc ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
17:48:57.0513 0x0ebc [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:48:57.0543 0x0ebc crcdisk - ok
17:48:57.0605 0x0ebc [ 9C231178CE4FB385F4B54B0A9080B8A4, 08EFAEBFF68D5CCE432D75116ED4BDC63FEA651459C9AD363CBEEDB769806527 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:48:57.0675 0x0ebc CryptSvc - ok
17:48:57.0715 0x0ebc [ 27C9490BDD0AE48911AB8CF1932591ED, 751F576F797F8A7BA576C32598BD6FD2E60D4FACC7836CC5BA3F68C38D27CCCA ] CSC C:\Windows\system32\drivers\csc.sys
17:48:57.0857 0x0ebc CSC - ok
17:48:57.0907 0x0ebc [ 56FB5F222EA30D3D3FC459879772CB73, 2C4646774575858E26DBA9C73853E06D0BD18CC8A4C73C633071FF5FE04CA0F4 ] CscService C:\Windows\System32\cscsvc.dll
17:48:57.0979 0x0ebc CscService - ok
17:48:58.0041 0x0ebc [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] DcomLaunch C:\Windows\system32\rpcss.dll
17:48:58.0123 0x0ebc DcomLaunch - ok
17:48:58.0175 0x0ebc [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
17:48:58.0235 0x0ebc defragsvc - ok
17:48:58.0277 0x0ebc [ 83D1ECEA8FAAE75604C0FA49AC7AD996, 0EB4F374CB91AFF12ABC7EFC7858BDB6E58B50FCE0ADA1711F90FF592059DA40 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:48:58.0337 0x0ebc DfsC - ok
17:48:58.0427 0x0ebc [ C56495FBD770712367CAD35E5DE72DA6, 9D5456A2E208F542F0B6C951EFCABA2A10919777C4287D7298A28F543D5BAC32 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:48:58.0497 0x0ebc Dhcp - ok
17:48:58.0547 0x0ebc [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
17:48:58.0637 0x0ebc discache - ok
17:48:58.0689 0x0ebc [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:48:58.0709 0x0ebc Disk - ok
17:48:58.0751 0x0ebc [ B15BE77A2BACF9C3177D27518AFE26A9, FBF02038C2EC0262B401FCBD348C48DF184AD76E95643E3D6ED32C02E90D8FC9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:48:58.0843 0x0ebc Dnscache - ok
17:48:58.0893 0x0ebc [ 4408C85C21EEA48EB0CE486BAEEF0502, 67EA726F4053665D94D7790EC89616EA0698A7548073A9211E3F75937B4384BE ] dot3svc C:\Windows\System32\dot3svc.dll
17:48:58.0993 0x0ebc dot3svc - ok
17:48:59.0030 0x0ebc [ 7FA81C6E11CAA594ADB52084DA73A1E5, 9ED1C585D9CA091E75E4A2A1E5B923B104EBDC5FC9D12154DE909C583E4D0CAE ] DPS C:\Windows\system32\dps.dll
17:48:59.0085 0x0ebc DPS - ok
17:48:59.0127 0x0ebc [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:48:59.0167 0x0ebc drmkaud - ok
17:48:59.0237 0x0ebc [ C94B6C3CC628179CB9B9061C19888B99, 47614189E6B3DBD972D68B383EBA24ED01095B0C924B720B8CFF44297CC7FF6D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:48:59.0319 0x0ebc DXGKrnl - ok
17:48:59.0359 0x0ebc [ 22EF8965101685ADD128F03A2B03CE16, 677F7B32C7A45C26F2F0DB67FFB526E9742E4B3A8BEAEA7B814CBCA2F56D6D5A ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:48:59.0409 0x0ebc E1G60 - ok
17:48:59.0469 0x0ebc [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
17:48:59.0509 0x0ebc EapHost - ok
17:48:59.0714 0x0ebc [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:48:59.0955 0x0ebc ebdrv - ok
17:49:00.0000 0x0ebc [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] EFS C:\Windows\System32\lsass.exe
17:49:00.0057 0x0ebc EFS - ok
17:49:00.0177 0x0ebc [ 3A74A6E33685662B125A3269B1F2114F, 183E180E4B35E549B5D7363D926E17226FF70CFDE7328F7B0B3676B9A27E2569 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:49:00.0359 0x0ebc ehRecvr - ok
17:49:00.0394 0x0ebc [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
17:49:00.0451 0x0ebc ehSched - ok
17:49:00.0531 0x0ebc [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:49:00.0611 0x0ebc elxstor - ok
17:49:00.0631 0x0ebc [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
17:49:00.0673 0x0ebc ErrDev - ok
17:49:00.0743 0x0ebc [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
17:49:00.0823 0x0ebc EventSystem - ok
17:49:00.0850 0x0ebc [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
17:49:00.0942 0x0ebc exfat - ok
17:49:00.0967 0x0ebc [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:49:01.0029 0x0ebc fastfat - ok
17:49:01.0109 0x0ebc [ F7EA23CC5E6BF2181F3F399D54F6EFC1, 4659A2EDC5D5171668FB20BED7B56466A674876888519D6F524F7456EBD11263 ] Fax C:\Windows\system32\fxssvc.exe
17:49:01.0189 0x0ebc Fax - ok
17:49:01.0221 0x0ebc [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:49:01.0261 0x0ebc fdc - ok
17:49:01.0281 0x0ebc [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
17:49:01.0341 0x0ebc fdPHost - ok
17:49:01.0376 0x0ebc [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
17:49:01.0443 0x0ebc FDResPub - ok
17:49:01.0471 0x0ebc [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:49:01.0499 0x0ebc FileInfo - ok
17:49:01.0513 0x0ebc [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:49:01.0565 0x0ebc Filetrace - ok
17:49:01.0599 0x0ebc [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:49:01.0637 0x0ebc flpydisk - ok
17:49:01.0687 0x0ebc [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:49:01.0737 0x0ebc FltMgr - ok
17:49:01.0829 0x0ebc [ 151258FC2EC8C48BDF8A53350AE0A676, 21F808E29E06AF03E1E55498C7975830157021BE9648117B27F4D21BBD07E9DB ] FontCache C:\Windows\system32\FntCache.dll
17:49:01.0911 0x0ebc FontCache - ok
17:49:01.0981 0x0ebc [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:49:01.0991 0x0ebc FontCache3.0.0.0 - ok
17:49:02.0031 0x0ebc [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:49:02.0061 0x0ebc FsDepends - ok
17:49:02.0110 0x0ebc [ 500A9814FD9446A8126858A5A7F7D273, FB9607A43B8DDA87A449A3BFEBDC035F00BA7B5D9CC56AD5F310732A38F56A46 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:49:02.0143 0x0ebc Fs_Rec - ok
17:49:02.0225 0x0ebc [ 5592F5DBA26282D24D2B080EB438A4D7, 5376D6CFFE9A1406CFA0BF4325EB65206F57A5C50034DA7EB4238BEB08D4D6DB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:49:02.0279 0x0ebc fvevol - ok
17:49:02.0307 0x0ebc [ 0F76E205BDC60364F08A5949082771CA, 13990BAE670BB37A683135FBEA4E93DFAC413099493F495E22BDDB81AD73D899 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
17:49:02.0357 0x0ebc FwLnk - ok
17:49:02.0387 0x0ebc [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:49:02.0417 0x0ebc gagp30kx - ok
17:49:02.0499 0x0ebc [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:49:02.0519 0x0ebc GoogleDesktopManager-051210-111108 - ok
17:49:02.0629 0x0ebc [ 8BA3C04702BF8F927AB36AE8313CA4EE, 3B6460C8134AA9D6E4FB978201B35FE9B67DD5BBB6C8D9625F3097DDA30C2893 ] gpsvc C:\Windows\System32\gpsvc.dll
17:49:02.0707 0x0ebc gpsvc - ok
17:49:02.0741 0x0ebc [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:02.0771 0x0ebc gupdate - ok
17:49:02.0791 0x0ebc [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:49:02.0808 0x0ebc gupdatem - ok
17:49:02.0843 0x0ebc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:49:02.0863 0x0ebc gusvc - ok
17:49:02.0965 0x0ebc [ 593FA686FC0A5993784271F8EF6DB596, 336E04D8EF1CFCC6D231488EA3417B4B1C002F9340A3C04F2B3D9A3F9000134B ] HauppaugeTVServer C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
17:49:03.0034 0x0ebc HauppaugeTVServer - detected UnsignedFile.Multi.Generic ( 1 )
17:49:13.0043 0x0ebc HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
17:49:33.0077 0x0ebc [ 03A0F87B3DEAC103197EECE096072073, 5A2479ED9361B8DD97A26F4F8C266D9AE035F4FB740D7D76B369FBAFCAADACA3 ] hcw17bda C:\Windows\system32\drivers\hcw17bda.sys
17:49:33.0137 0x0ebc hcw17bda - ok
17:49:33.0177 0x0ebc [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:49:33.0237 0x0ebc hcw85cir - ok
17:49:33.0277 0x0ebc [ 717A2207FD6F13AD3E664C7D5A43C7BF, BF28A6F00B64FA0E801493E3289CFFD5E313E724DF7B5AB521C9E37A20890DCF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:49:33.0317 0x0ebc HDAudBus - ok
17:49:33.0347 0x0ebc [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:49:33.0397 0x0ebc HidBatt - ok
17:49:33.0417 0x0ebc [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:49:33.0478 0x0ebc HidBth - ok
17:49:33.0509 0x0ebc [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:49:33.0549 0x0ebc HidIr - ok
17:49:33.0589 0x0ebc [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
17:49:33.0649 0x0ebc hidserv - ok
17:49:33.0691 0x0ebc [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:49:33.0721 0x0ebc HidUsb - ok
17:49:33.0763 0x0ebc [ 741C2A45CA8407E374AABA3E330B7872, FCF31C46297CFDF8240F0E783A61C8463FEDB1EF7A676AB89DFF0EAE9F3534B4 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:49:33.0837 0x0ebc hkmsvc - ok
17:49:33.0885 0x0ebc [ A768CA158BB06782A2835B907F4873C3, EFF736C6BA38FB8FC8807286AB273E7274F505E8E59D952E8563DF77C412C5AE ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:49:33.0935 0x0ebc HomeGroupListener - ok
17:49:33.0975 0x0ebc [ FB08DEC5EF43D0C66D83B8E9694E7549, 9C9ECE9E90F524791FC5DCE797BAE39605F966592126FF058BA3FA0BEFD07BEB ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:49:34.0021 0x0ebc HomeGroupProvider - ok
17:49:34.0067 0x0ebc [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
17:49:34.0117 0x0ebc HpSAMD - ok
17:49:34.0219 0x0ebc [ CC267848CB3508E72762BE65734E764D, E7E39607A48E77544EE286EA678FC2ED8A6C20C9DCB8C901BC70140ECB2E7C2F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:49:34.0361 0x0ebc HSF_DPV - ok
17:49:34.0391 0x0ebc [ A2882945CC4B6E3E4E9E825590438888, C0B7E695BBFFB927A3A7122BCA41B454B27F285A0A380E82CEDF87CE573A5C60 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:49:34.0441 0x0ebc HSXHWAZL - ok
17:49:34.0487 0x0ebc [ C531C7FD9E8B62021112787C4E2C5A5A, 09205E2A5BFB6C623B312B8AC82F7F7CA8A922B1D9A0E3952BD3BA47BBE1F18C ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:49:34.0600 0x0ebc HTTP - ok
17:49:34.0624 0x0ebc [ 8305F33CDE89AD6C7A0763ED0B5A8D42, A7CA4978DC1FF6105EA39124DF854F0B1FD478476B871ED0E018AF3AE2165282 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:49:34.0645 0x0ebc hwpolicy - ok
17:49:34.0695 0x0ebc [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:49:34.0765 0x0ebc i8042prt - ok
17:49:34.0815 0x0ebc [ 934AF4D7C5F457B9F0743F4299B77B67, F232554352BB7CD716D6173FC1AB2661E49480994BB22E9A6FE7A33B51F0A51B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
17:49:34.0875 0x0ebc iaStorV - ok
17:49:34.0967 0x0ebc [ 5AF815EB5BC9802E5A064E2BA62BFC0C, DC8CED05F623D30C57E8A7A382A219B4266C9C766ABF8A8D71783EACB8607B82 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:49:35.0049 0x0ebc idsvc - ok
17:49:35.0101 0x0ebc [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:49:35.0131 0x0ebc iirsp - ok
17:49:35.0223 0x0ebc [ FAC0EE6562B121B1399D6E855583F7A5, 034C9EE9232EB2CE64297EC4BCBEB5DA443ED9176C436CC754EF84FFB4AD4B08 ] IKEEXT C:\Windows\System32\ikeext.dll
17:49:35.0308 0x0ebc IKEEXT - ok
17:49:35.0482 0x0ebc [ B9CBD3DEA7CA02868621173BF7A2AF9F, FC3A84A8D3878B14F3070299B8B878C71A66CE400507FBA3FCF23FC732DFB90D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:49:35.0596 0x0ebc IntcAzAudAddService - ok
17:49:35.0632 0x0ebc [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
17:49:35.0677 0x0ebc intelide - ok
17:49:35.0739 0x0ebc [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:49:35.0789 0x0ebc intelppm - ok
17:49:35.0821 0x0ebc [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:49:35.0901 0x0ebc IPBusEnum - ok
17:49:35.0922 0x0ebc [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:49:35.0993 0x0ebc IpFilterDriver - ok
17:49:36.0045 0x0ebc [ 477397B432A256A50EE7E4339EB9EA14, 3722938E69D16962F773F39669E9B90279DC9527BBC63564B33C89DAFD283497 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:49:36.0138 0x0ebc iphlpsvc - ok
17:49:36.0197 0x0ebc [ E4454B6C37D7FFD5649611F6496308A7, 5B2AA8C06076C9A1FF944E5EA07C29BA7FABEBB38E6BFB388ED46933EAC465FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:49:36.0268 0x0ebc IPMIDRV - ok
17:49:36.0289 0x0ebc [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:49:36.0381 0x0ebc IPNAT - ok
17:49:36.0411 0x0ebc [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:49:36.0441 0x0ebc IRENUM - ok
17:49:36.0462 0x0ebc [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
17:49:36.0493 0x0ebc isapnp - ok
17:49:36.0555 0x0ebc [ ED46C223AE46C6866AB77CDC41C404B7, 1B2A4A3FF0E5F8F02717F20983D57612D62DFF809064A7E524700E7254BB7DB3 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:49:36.0615 0x0ebc iScsiPrt - ok
17:49:36.0647 0x0ebc [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:49:36.0677 0x0ebc kbdclass - ok
17:49:36.0700 0x0ebc [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:49:36.0729 0x0ebc kbdhid - ok
17:49:36.0759 0x0ebc [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] KeyIso C:\Windows\system32\lsass.exe
17:49:36.0799 0x0ebc KeyIso - ok
17:49:36.0837 0x0ebc [ 0263364ACB9C834ACE52FB85C2C064EC, 0D5A80911550872DD909E4219960DC8C06005D6DD77EA8F46CF344E34251E4D0 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:49:36.0867 0x0ebc KSecDD - ok
17:49:36.0903 0x0ebc [ 27391DB553BE2A4E2B0ADEEA2873B2AF, 3CDC53B77CAFA005135DB8A660075159B9C25CDDAD81F7E71891182FC0ED3577 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:49:36.0931 0x0ebc KSecPkg - ok
17:49:36.0981 0x0ebc [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:49:37.0093 0x0ebc KtmRm - ok
17:49:37.0135 0x0ebc [ 8F6BF790D3168224C16F2AF68A84438C, CEEA0E38B746163A4110E157DAB50CC35A689A5BBC9B3691F2B9D3AE49B0D95E ] LanmanServer C:\Windows\System32\srvsvc.dll
17:49:37.0205 0x0ebc LanmanServer - ok
17:49:37.0255 0x0ebc [ B9891F885DCF1F0513A51CB58493CB1F, C883D243E1E7B7AEA031FB90FE4FCEED631F835DC95F9D9D60BC554E6EC358C2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:49:37.0297 0x0ebc LanmanWorkstation - ok
17:49:37.0347 0x0ebc [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:49:37.0417 0x0ebc lltdio - ok
17:49:37.0477 0x0ebc [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:49:37.0547 0x0ebc lltdsvc - ok
17:49:37.0575 0x0ebc [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:49:37.0649 0x0ebc lmhosts - ok
17:49:37.0691 0x0ebc [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:49:37.0721 0x0ebc LSI_FC - ok
17:49:37.0743 0x0ebc [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:49:37.0775 0x0ebc LSI_SAS - ok
17:49:37.0790 0x0ebc [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:49:37.0813 0x0ebc LSI_SAS2 - ok
17:49:37.0833 0x0ebc [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:49:37.0867 0x0ebc LSI_SCSI - ok
17:49:37.0895 0x0ebc [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
17:49:37.0955 0x0ebc luafv - ok
17:49:37.0997 0x0ebc [ E2B0887816ED336685954E3D8FDAA51D, 4DCB08ADC6A89DCA68D1285734B283B567888EF72249F6BBA73A63D1BD462466 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:49:38.0037 0x0ebc Mcx2Svc - ok
17:49:38.0067 0x0ebc [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:49:38.0097 0x0ebc mdmxsdk - ok
17:49:38.0135 0x0ebc [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:49:38.0169 0x0ebc megasas - ok
17:49:38.0198 0x0ebc [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:49:38.0251 0x0ebc MegaSR - ok
17:49:38.0274 0x0ebc [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
17:49:38.0320 0x0ebc MMCSS - ok
17:49:38.0338 0x0ebc [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
17:49:38.0375 0x0ebc Modem - ok
17:49:38.0403 0x0ebc [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:49:38.0443 0x0ebc monitor - ok
17:49:38.0503 0x0ebc [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:49:38.0523 0x0ebc mouclass - ok
17:49:38.0547 0x0ebc [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:49:38.0575 0x0ebc mouhid - ok
17:49:38.0595 0x0ebc [ 921C18727C5920D6C0300736646931C2, 19ACE502982E9C5B0134676102EAEE96675C9CA237E410DB36C389D6B4078301 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:49:38.0635 0x0ebc mountmgr - ok
17:49:38.0655 0x0ebc [ 2AF5997438C55FB79D33D015C30E1974, E8F048A02FEB400C133D0BFC1659921E73B59549E3F7D2A13929901B87A1901F ] mpio C:\Windows\system32\DRIVERS\mpio.sys
17:49:38.0707 0x0ebc mpio - ok
17:49:38.0738 0x0ebc [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:49:38.0829 0x0ebc mpsdrv - ok
17:49:39.0041 0x0ebc [ 5CD996CECF45CBC3E8D109C86B82D69E, ABE40DA4DA555D3D5054BE28BF82E775D90DCB9E31409DC95FABF2F016B17700 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:49:39.0113 0x0ebc MpsSvc - ok
17:49:39.0146 0x0ebc [ B1BE47008D20E43DA3ADC37C24CDB89D, 6E8555E84B42E5098227B35EA5ABADF2CD3AC247B37CB9E9304FF67064EBE59B ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:49:39.0205 0x0ebc MRxDAV - ok
17:49:39.0265 0x0ebc [ CA7570E42522E24324A12161DB14EC02, E4DA5EDC7CBCC9E601543071A49347A0AA3EB4EAC205E342A1F2768FD785D08F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:49:39.0345 0x0ebc mrxsmb - ok
17:49:39.0390 0x0ebc [ F965C3AB2B2AE5C378F4562486E35051, 5FFDD5531B98FF0EA19A901C4EE1CE6043C245A4BE5533A495E331B5834D696B ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:49:39.0447 0x0ebc mrxsmb10 - ok
17:49:39.0477 0x0ebc [ 25C38264A3C72594DD21D355D70D7A5D, DCEF2DEBB1859FED6FC7A19D13A841B6B6CA10577E12F116D0EB2D2B8C72A4A1 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:49:39.0507 0x0ebc mrxsmb20 - ok
17:49:39.0517 0x0ebc [ 4326D168944123F38DD3B2D9C37A0B12, 322AE93418BE3BA6B3E11C86431EC3F4B23CADC3B968B92978A08A7C0D0D8902 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
17:49:39.0551 0x0ebc msahci - ok
17:49:39.0589 0x0ebc [ 455029C7174A2DBB03DBA8A0D8BDDD9A, 614D71978B024109ADD9A7A74F74ABD5FAA1C36A2E859AF288398EAE7CD76DF2 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
17:49:39.0629 0x0ebc msdsm - ok
17:49:39.0671 0x0ebc [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
17:49:39.0711 0x0ebc MSDTC - ok
17:49:39.0731 0x0ebc [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:49:39.0781 0x0ebc Msfs - ok
17:49:39.0805 0x0ebc [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:49:39.0853 0x0ebc mshidkmdf - ok
17:49:39.0895 0x0ebc [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
17:49:39.0915 0x0ebc msisadrv - ok
17:49:39.0955 0x0ebc [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:49:40.0025 0x0ebc MSiSCSI - ok
17:49:40.0035 0x0ebc msiserver - ok
17:49:40.0064 0x0ebc [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:49:40.0117 0x0ebc MSKSSRV - ok
17:49:40.0151 0x0ebc [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:49:40.0209 0x0ebc MSPCLOCK - ok
17:49:40.0231 0x0ebc [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:49:40.0291 0x0ebc MSPQM - ok
17:49:40.0337 0x0ebc [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:49:40.0397 0x0ebc MsRPC - ok
17:49:40.0415 0x0ebc [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:49:40.0433 0x0ebc mssmbios - ok
17:49:40.0440 0x0ebc [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:49:40.0484 0x0ebc MSTEE - ok
17:49:40.0513 0x0ebc [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:49:40.0565 0x0ebc MTConfig - ok
17:49:40.0596 0x0ebc [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
17:49:40.0622 0x0ebc Mup - ok
17:49:40.0697 0x0ebc [ 80284F1985C70C86F0B5F86DA2DFE1DF, 424A5BBC28C72DA0DBABEB9E423B8C409754CD1BA3DFC9E174BF22D8BCE1BE63 ] napagent C:\Windows\system32\qagentRT.dll
17:49:40.0748 0x0ebc napagent - ok
17:49:40.0819 0x0ebc [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:49:40.0909 0x0ebc NativeWifiP - ok
17:49:41.0001 0x0ebc [ 23759D175A0A9BAAF04D05047BC135A8, 2C8C553B4E1ED3A644F619F16BCEDD5A3C6D74A17E6E75A3E740E06B1D636348 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:49:41.0058 0x0ebc NDIS - ok
17:49:41.0081 0x0ebc [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:49:41.0133 0x0ebc NdisCap - ok
17:49:41.0172 0x0ebc [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:49:41.0205 0x0ebc NdisTapi - ok
17:49:41.0241 0x0ebc [ B30AE7F2B6D7E343B0DF32E6C08FCE75, 39BBBF7AF886732CB9ED3E6C06DA4318554089F3BEA74C74328FE1C6EF68E70B ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:49:41.0289 0x0ebc Ndisuio - ok
17:49:41.0317 0x0ebc [ 267C415EADCBE53C9CA873DEE39CF3A4, BAA8626BDA7B68176B19A99FBBD40FB2A774C8F44B56F9FFB99A1F5C16A1C555 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:49:41.0377 0x0ebc NdisWan - ok
17:49:41.0413 0x0ebc [ AF7E7C63DCEF3F8772726F86039D6EB4, 1CFDED48E8844138864786DBF9D5519162A6DB28F885A781934E8AFBD52EAC50 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:49:41.0479 0x0ebc NDProxy - ok
17:49:41.0508 0x0ebc [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:49:41.0561 0x0ebc NetBIOS - ok
17:49:41.0606 0x0ebc [ DD52A733BF4CA5AF84562A5E2F963B91, 5CEB9664CED3D120F5408A12035748728710D41090A289CF66023CED4C838A1F ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:49:41.0673 0x0ebc NetBT - ok
17:49:41.0700 0x0ebc [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] Netlogon C:\Windows\system32\lsass.exe
17:49:41.0719 0x0ebc Netlogon - ok
17:49:41.0775 0x0ebc [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
17:49:41.0839 0x0ebc Netman - ok
17:49:41.0877 0x0ebc [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
17:49:41.0957 0x0ebc netprofm - ok
17:49:42.0009 0x0ebc [ FE2AA5A684B0DD9B1FAE57B7817C198B, 59137B15AD038C31BEB909EC11019E08C072DD7EE611B9618B7523880453BD4F ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:49:42.0059 0x0ebc NetTcpPortSharing - ok
17:49:42.0098 0x0ebc [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:49:42.0121 0x0ebc nfrd960 - ok
17:49:42.0158 0x0ebc [ 2226496E34BD40734946A054B1CD657F, 98392D98C9213822268971432BB55047ABD8B4EBD42483FA69BF50FB8FAD64A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:49:42.0217 0x0ebc NlaSvc - ok
17:49:42.0232 0x0ebc [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:49:42.0273 0x0ebc Npfs - ok
17:49:42.0305 0x0ebc [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
17:49:42.0355 0x0ebc nsi - ok
17:49:42.0367 0x0ebc [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:49:42.0431 0x0ebc nsiproxy - ok
17:49:42.0617 0x0ebc [ 3795DCD21F740EE799FB7223234215AF, B03DBFD33B201134473D23038E0BD86CFE64556754BF4EBA42C10B67AEECAEA6 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:49:42.0741 0x0ebc Ntfs - ok
17:49:42.0760 0x0ebc [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
17:49:42.0819 0x0ebc Null - ok
17:49:42.0861 0x0ebc [ 3F3D04B1D08D43C16EA7963954EC768D, BA82C1D3D9F4AA5F1C9729D61D4E06DB961FDF2B1E9B483D29DB308204DF0754 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
17:49:42.0891 0x0ebc nvraid - ok
17:49:42.0943 0x0ebc [ C99F251A5DE63C6F129CF71933ACED0F, 24D48A5F5D699AB0DD4D4435F8F7C6B73A924AEF8F9D1170FD644E26499546A2 ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
17:49:42.0983 0x0ebc nvstor - ok
17:49:43.0005 0x0ebc [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
17:49:43.0045 0x0ebc nv_agp - ok
17:49:43.0187 0x0ebc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:49:43.0237 0x0ebc odserv - ok
17:49:43.0266 0x0ebc [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:49:43.0319 0x0ebc ohci1394 - ok
17:49:43.0359 0x0ebc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:49:43.0399 0x0ebc ose - ok
17:49:43.0491 0x0ebc [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:49:43.0583 0x0ebc p2pimsvc - ok
17:49:43.0625 0x0ebc [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
17:49:43.0695 0x0ebc p2psvc - ok
17:49:43.0747 0x0ebc [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:49:43.0859 0x0ebc Parport - ok
17:49:43.0879 0x0ebc [ FF4218952B51DE44FE910953A3E686B9, 871E4F8300AFE2AE770B8F00C12911A08D8BBD8E07C37A11AFF67CA92607A602 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:49:43.0909 0x0ebc partmgr - ok
17:49:43.0932 0x0ebc [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:49:43.0971 0x0ebc Parvdm - ok
17:49:44.0001 0x0ebc [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:49:44.0031 0x0ebc PcaSvc - ok
17:49:44.0051 0x0ebc [ C858CB77C577780ECC456A892E7E7D0F, 21AE545B736739DE5A7B02CF227516BA6D02B1AAAECD8CC516CCF9F1FD710BCF ] pci C:\Windows\system32\DRIVERS\pci.sys
17:49:44.0077 0x0ebc pci - ok
17:49:44.0103 0x0ebc [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
17:49:44.0123 0x0ebc pciide - ok
17:49:44.0154 0x0ebc [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:49:44.0234 0x0ebc pcmcia - ok
17:49:44.0259 0x0ebc [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
17:49:44.0296 0x0ebc pcw - ok
17:49:44.0357 0x0ebc [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:49:44.0526 0x0ebc PEAUTH - ok
17:49:44.0619 0x0ebc [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:49:44.0731 0x0ebc PeerDistSvc - ok
17:49:44.0973 0x0ebc [ 9C1BFF7910C89A1D12E57343475840CB, 62E00E1278BD263B2AC8CB803C31F2818C54DB143C49470FAD07731E04BD2DE3 ] pla C:\Windows\system32\pla.dll
17:49:45.0127 0x0ebc pla - ok
17:49:45.0199 0x0ebc [ 71DEF5EC79774C798342D0EA16E41780, 5B5A365E57A7ACE3C4EDA1D891BD613879B284831E8253FDE498E40B2091E3B6 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:49:45.0269 0x0ebc PlugPlay - ok
17:49:45.0309 0x0ebc [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:49:45.0378 0x0ebc PNRPAutoReg - ok
17:49:45.0431 0x0ebc [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:49:45.0461 0x0ebc PNRPsvc - ok
17:49:45.0533 0x0ebc [ 48E1B75C6DC0232FD92BAAE4BD344721, 5BA4EB5A60725836D8085EABF87F51160BA57E318A0C4378410217911A393CE7 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:49:45.0615 0x0ebc PolicyAgent - ok
17:49:45.0663 0x0ebc [ DBFF83F709A91049621C1D35DD45C92C, 0A722A44F431CAB5EA77FF5F25EB6975C2111B605564FF9FB59751067E7CD3A7 ] Power C:\Windows\system32\umpo.dll
17:49:45.0777 0x0ebc Power - ok
17:49:45.0813 0x0ebc [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:49:45.0951 0x0ebc PptpMiniport - ok
17:49:45.0997 0x0ebc [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:49:46.0047 0x0ebc Processor - ok
17:49:46.0107 0x0ebc [ 630CF26F0227498B7D5A92B12548960F, 7B6E2A3C398DF2E8F63C03ED5B59BB8DA47D5C1ACA9F37438F71F35633ACD6CD ] ProfSvc C:\Windows\system32\profsvc.dll
17:49:46.0177 0x0ebc ProfSvc - ok
17:49:46.0207 0x0ebc [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] ProtectedStorage C:\Windows\system32\lsass.exe
17:49:46.0226 0x0ebc ProtectedStorage - ok
17:49:46.0259 0x0ebc [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:49:46.0328 0x0ebc Psched - ok
17:49:46.0371 0x0ebc [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
17:49:46.0401 0x0ebc PxHelp20 - ok
17:49:46.0493 0x0ebc [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:49:46.0664 0x0ebc ql2300 - ok
17:49:46.0707 0x0ebc [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:49:46.0737 0x0ebc ql40xx - ok
17:49:46.0809 0x0ebc [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
17:49:46.0869 0x0ebc QWAVE - ok
17:49:46.0919 0x0ebc [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:49:46.0968 0x0ebc QWAVEdrv - ok
17:49:47.0005 0x0ebc [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:49:47.0050 0x0ebc RasAcd - ok
17:49:47.0081 0x0ebc [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:49:47.0151 0x0ebc RasAgileVpn - ok
17:49:47.0173 0x0ebc [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
17:49:47.0223 0x0ebc RasAuto - ok
17:49:47.0255 0x0ebc [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:49:47.0325 0x0ebc Rasl2tp - ok
17:49:47.0364 0x0ebc [ 0CE66EC736B7FC526D78F7624C7D2A94, D70B45AA413691CF84B24E966EBA1689955E54BDDA206380CAB7CD50F56D5CEB ] RasMan C:\Windows\System32\rasmans.dll
17:49:47.0437 0x0ebc RasMan - ok
17:49:47.0469 0x0ebc [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:49:47.0529 0x0ebc RasPppoe - ok
17:49:47.0561 0x0ebc [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:49:47.0611 0x0ebc RasSstp - ok
17:49:47.0644 0x0ebc [ 835D7E81BF517A3B72384BDCC85E1CE6, DC855AF17150C1B27926293115C01B5E1FD00FABCE18AFAEAB3DC68BDE4C908B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:49:47.0714 0x0ebc rdbss - ok
17:49:47.0745 0x0ebc [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:49:47.0785 0x0ebc rdpbus - ok
17:49:47.0795 0x0ebc [ 1E016846895B15A99F9A176A05029075, 78AE674B6E7D3A69099B24AC07E06563A4C867F9DCD8548E4DAAE6FC5ACA4E29 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:49:47.0835 0x0ebc RDPCDD - ok
17:49:47.0866 0x0ebc [ C5FF95883FFEF704D50C40D21CFB3AB5, 26CC53DDE126A6BD99F606695F063BB7FDC4BBABB9F75F7AD7A84B58C837EEAA ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:49:47.0931 0x0ebc RDPDR - ok
17:49:47.0959 0x0ebc [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:49:48.0009 0x0ebc RDPENCDD - ok
17:49:48.0038 0x0ebc [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:49:48.0088 0x0ebc RDPREFMP - ok
17:49:48.0131 0x0ebc [ 0399C725A9C95A6F1862B93F008DDF4A, 7ED8A5678B877FA5A2FCF0DC033CFFAA59F9D2E5C90F16921AD7B8C53DC5ED7C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:49:48.0181 0x0ebc RDPWD - ok
17:49:48.0261 0x0ebc [ 4EA225BF1CF05E158853F30A99CA29A7, F211480F13E2FE36C31110AE67ABE74E9D572D3A36BEEDE29E14ECBD8C246878 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:49:48.0291 0x0ebc rdyboost - ok
17:49:48.0353 0x0ebc [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:49:48.0435 0x0ebc RemoteAccess - ok
17:49:48.0465 0x0ebc [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:49:48.0545 0x0ebc RemoteRegistry - ok
17:49:48.0587 0x0ebc [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:49:48.0647 0x0ebc RpcEptMapper - ok
17:49:48.0699 0x0ebc [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
17:49:48.0729 0x0ebc RpcLocator - ok
17:49:48.0791 0x0ebc [ B82CD39E336973359D7C9BF911E8E84F, 45DB8F1E88FC25A81D2F3C2F8A8CDB6B34C44950B038E24FB71DCDD9823DB22A ] RpcSs C:\Windows\system32\rpcss.dll
17:49:48.0850 0x0ebc RpcSs - ok
17:49:48.0893 0x0ebc [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:49:48.0963 0x0ebc rspndr - ok
17:49:49.0005 0x0ebc [ C853AE16CCF5033C0CBA0855390F5C7F, 9D76415D2A13EE5188F36A196E7BC21145A1A2FB5D1B9575C68E7AB58E1E10DE ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
17:49:49.0055 0x0ebc RTHDMIAzAudService - ok
17:49:49.0127 0x0ebc [ 7157E70A90CCE49DEB8885D23A073A39, B0EB23C0EDBA8BE4851F14483EC6E5C0CC66DAC2A14A815AACB6A7D9158C3168 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
17:49:49.0289 0x0ebc RTL8169 - ok
17:49:49.0381 0x0ebc [ CA5A4FBFE341F13733955B8AAC98F0B5, 4675BAB8BBB1069FADF880E7E570A255DBCAB063DF4F754D5CBEF1D2793ED993 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
17:49:49.0421 0x0ebc RTL8187B - ok
17:49:49.0463 0x0ebc [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64, CC7BBB3B177559190E425F33E00CDA153C87B47AFAA8330361BC6ADA26B2C97B ] RtlProt C:\Windows\system32\DRIVERS\rtlprot.sys
17:49:49.0483 0x0ebc RtlProt - ok
17:49:49.0530 0x0ebc [ 9FF7D9CF3A5F296613588B0E8DB83AFE, 69DF889D09539CF342957A91751DAF733EE929AE5DD573E1BC0019660CA5CB83 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
17:49:49.0595 0x0ebc RTSTOR - ok
17:49:49.0635 0x0ebc [ 5423D8437051E89DD34749F242C98648, 28FD190E13676B0FD452A73C3069B72206E2938DB2240BAA9BDB56687C748A2B ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
17:49:49.0745 0x0ebc s3cap - ok
17:49:49.0768 0x0ebc [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] SamSs C:\Windows\system32\lsass.exe
17:49:49.0788 0x0ebc SamSs - ok
17:49:49.0837 0x0ebc [ 34EE0C44B724E3E4CE2EFF29126DE5B5, D27AAF77CB8830893558A600E19CDBF9A6AA7D69DE4B34F317ED4AFD38E8CAFB ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
17:49:49.0867 0x0ebc sbp2port - ok
17:49:49.0909 0x0ebc [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:49:49.0979 0x0ebc SCardSvr - ok
17:49:50.0002 0x0ebc [ A95C54B2AC3CC9C73FCDF9E51A1D6B51, 8C0189A6AF9AEC46CBA4DA422C52B2D3E4858B2F2658DB6CA7996B5F368D2503 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:49:50.0069 0x0ebc scfilter - ok
17:49:50.0141 0x0ebc [ DF1E5C82E4D09CF8105CC644980C4803, 36BB8402B29466CF1AE5BD56ED6CF6FE47DE162ADF04D44E2BCEA168CB0BD4D4 ] Schedule C:\Windows\system32\schedsvc.dll
17:49:50.0263 0x0ebc Schedule - ok
17:49:50.0283 0x0ebc [ 628A9E30EC5E18DD5DE6BE4DBDC12198, DDA43DCCB195440D6BD5752BD00D984F45BD6D23DBE2A656C33E3CD1E5D17AD7 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:49:50.0323 0x0ebc SCPolicySvc - ok
17:49:50.0375 0x0ebc [ 5FD90ABDBFAEE85986802622CBB03446, 0A8D9DC09C2ACA9EAABED04737E9EBF6EFB92BB2B9E5F37F10BFDF47CBF7DEDB ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:49:50.0457 0x0ebc SDRSVC - ok
17:49:50.0641 0x0ebc [ 95AA9E165C7DE1B64A11E8B18E91E499, 505BB51F358EAE5835071A89069530DFDA99E9C5220EA6A648842C15E74E4907 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
17:49:50.0741 0x0ebc SDScannerService - ok
17:49:50.0819 0x0ebc [ D31398D4BB4907B517B6E784C2100C4A, 36BDB2BFAC2C0ADF8C6DF6D1511ECF43C8F6ED7D4D76244DC5232AD97BA5E9C9 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:49:50.0896 0x0ebc SDUpdateService - ok
17:49:50.0923 0x0ebc [ 6AE8E702D1027A9627DDE2B77BB9992B, 5EA68E2A487D252A68DB0861E7FAFA69956D266CBAA5A1D77751F7E6BD4169B7 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:49:50.0941 0x0ebc SDWSCService - ok
17:49:50.0991 0x0ebc [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:49:51.0063 0x0ebc secdrv - ok
17:49:51.0105 0x0ebc [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
17:49:51.0155 0x0ebc seclogon - ok
17:49:51.0197 0x0ebc [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
17:49:51.0257 0x0ebc SENS - ok
17:49:51.0283 0x0ebc [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:49:51.0329 0x0ebc SensrSvc - ok
17:49:51.0359 0x0ebc [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:49:51.0379 0x0ebc Serenum - ok
17:49:51.0409 0x0ebc [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:49:51.0451 0x0ebc Serial - ok
17:49:51.0471 0x0ebc [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:49:51.0521 0x0ebc sermouse - ok
17:49:51.0564 0x0ebc [ 8F55CE568C543D5ADF45C409D16718FC, 64D45854A91B656C1AF36EB272FDC54E9B5FB0200CB93E20F7D997DDA109EF7F ] SessionEnv C:\Windows\system32\sessenv.dll
17:49:51.0613 0x0ebc SessionEnv - ok
17:49:51.0641 0x0ebc [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:49:51.0665 0x0ebc sffdisk - ok
17:49:51.0685 0x0ebc [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:49:51.0727 0x0ebc sffp_mmc - ok
17:49:51.0747 0x0ebc [ 4F1E5B0FE7C8050668DBFADE8999AEFB, E36DAACC3D11F004808A3F44C471BBFDC2F33411D9F5C18B55B0DB2A6DA6E74C ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:49:51.0787 0x0ebc sffp_sd - ok
17:49:51.0817 0x0ebc [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:49:51.0849 0x0ebc sfloppy - ok
17:49:51.0899 0x0ebc [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:49:51.0976 0x0ebc SharedAccess - ok
17:49:52.0031 0x0ebc [ CD2E48FA5B29EE2B3B5858056D246EF2, B743F92D0121CF3D827753C85F1F5A14C2DAA1CAFD42C7810C3BECB853DB6175 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:49:52.0091 0x0ebc ShellHWDetection - ok
17:49:52.0116 0x0ebc [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
17:49:52.0143 0x0ebc sisagp - ok
17:49:52.0178 0x0ebc [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:49:52.0205 0x0ebc SiSRaid2 - ok
17:49:52.0215 0x0ebc [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:49:52.0251 0x0ebc SiSRaid4 - ok
17:49:52.0297 0x0ebc [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:49:52.0404 0x0ebc SkypeUpdate - ok
17:49:52.0469 0x0ebc [ 3566310DF25EA5C3B2E9F50F5B50EAC1, FB27E0AF4DFB2AA373C94370A1241C2D9D2CE93A52E69D8D259A023FC907ED39 ] SmartFaceVWatchSrv C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
17:49:52.0479 0x0ebc SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic ( 1 )
17:50:02.0479 0x0ebc SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
17:50:21.0283 0x0ebc [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:50:21.0411 0x0ebc Smb - ok
17:50:21.0455 0x0ebc [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:50:21.0496 0x0ebc SNMPTRAP - ok
17:50:21.0527 0x0ebc [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
17:50:21.0579 0x0ebc spldr - ok
17:50:21.0689 0x0ebc [ D1BB750EB51694DE183E08B9C33BE5B2, 07B3A7EF51957615B6B8793F610BCC73EA0524B379B5CE457928CE2E021D0C06 ] Spooler C:\Windows\System32\spoolsv.exe
17:50:21.0781 0x0ebc Spooler - ok
17:50:22.0016 0x0ebc [ 4C287F9069FEDBD791178876EE9DE536, 6099E76FF6FBA002EBA2BA7BE4E3238D91332E077524D1DD402E0C9ADA22E852 ] sppsvc C:\Windows\system32\sppsvc.exe
17:50:22.0315 0x0ebc sppsvc - ok
17:50:22.0345 0x0ebc [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7, E7A8A5774C62DC12B56DC3E0A385ACA9069F3A5E6AC664AD0C383EF44DCF81B3 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:50:22.0407 0x0ebc sppuinotify - ok
17:50:22.0489 0x0ebc [ C4A027B8C0BD3FC0699F41FA5E9E0C87, A709BD7DDF0ACA5CF65B5A541FC6013FF86181138B86D1BF631E4BF5F4F2E266 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:50:22.0591 0x0ebc srv - ok
17:50:22.0641 0x0ebc [ 414BB592CAD8A79649D01F9D94318FB3, 093F52568B48E94B6C53F2E7F229416B8643DD9CEBB3E41601C64E932E3098F3 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:50:22.0703 0x0ebc srv2 - ok
17:50:22.0733 0x0ebc [ FF207D67700AA18242AAF985D3E7D8F4, CFB36B6AA3D6915D23654FB11E848EC47DA8346F47151BE66967E51101FD4222 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:50:22.0783 0x0ebc srvnet - ok
17:50:22.0827 0x0ebc [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:50:22.0905 0x0ebc SSDPSRV - ok
17:50:22.0957 0x0ebc [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:50:22.0977 0x0ebc ssmdrv - ok
17:50:22.0997 0x0ebc [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:50:23.0049 0x0ebc SstpSvc - ok
17:50:23.0094 0x0ebc [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:50:23.0141 0x0ebc stexstor - ok
17:50:23.0213 0x0ebc [ A22825E7BB7018E8AF3E229A5AF17221, 5C97557F8BC6ABBB5BE624AE41AAC22C3D845F76C3E930337A4C07B2381086D7 ] StiSvc C:\Windows\System32\wiaservc.dll
17:50:23.0291 0x0ebc StiSvc - ok
17:50:23.0314 0x0ebc [ 957E346CA948668F2496A6CCF6FF82CC, 5C0E0F0E0F2D36E3213885C60BC3B075AFD2257FEB4B8186FC1FE253E0C218AF ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
17:50:23.0335 0x0ebc storflt - ok
17:50:23.0377 0x0ebc [ D5751969DC3E4B88BF482AC8EC9FE019, DAEB50C0045364C75965B0E94744C6E2E1E85C8D00F1E8A5593F3EC780BDD7D9 ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
17:50:23.0417 0x0ebc storvsc - ok
17:50:23.0437 0x0ebc [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:50:23.0461 0x0ebc swenum - ok
17:50:23.0549 0x0ebc [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
17:50:23.0607 0x0ebc swprv - ok
17:50:23.0651 0x0ebc [ 55F6E55CC2430CA8713387106FA79817, 721C86B806AEFBD4D7B368AE6E7A689A0F4B3B378B701D29D3DFE459066188F3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:50:23.0691 0x0ebc SynTP - ok
17:50:23.0863 0x0ebc [ 04105C8DA62353589C29BDAEB8D88BD8, CC7A3A779A143E09FE5C0AA6795A7B13496C4E121347949CB23F7946EE5E2DED ] SysMain C:\Windows\system32\sysmain.dll
17:50:23.0951 0x0ebc SysMain - ok
17:50:23.0978 0x0ebc [ FCFB6C552FBC0DA299799CBD50AD9FD4, A2A90829087B1A7F9B57D6F184EB4AE38D10B2986B0DC8D2ACA5EE9412CA3976 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:50:24.0025 0x0ebc TabletInputService - ok
17:50:24.0045 0x0ebc [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF, FF66CBA014F3F8B721088F5AB3D004C1711E7F587CC8D4AC3DCFB45CDB746800 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:50:24.0095 0x0ebc TapiSrv - ok
17:50:24.0118 0x0ebc [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
17:50:24.0177 0x0ebc TBS - ok
17:50:24.0319 0x0ebc [ 56C198AC82EFA622DD93E9E43575F79C, E36A2857057765DDCA9971D415AE3AE47AF01C22102A8092F7675AD487924E45 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:50:24.0474 0x0ebc Tcpip - ok
17:50:24.0553 0x0ebc [ 56C198AC82EFA622DD93E9E43575F79C, E36A2857057765DDCA9971D415AE3AE47AF01C22102A8092F7675AD487924E45 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:50:24.0614 0x0ebc TCPIP6 - ok
17:50:24.0657 0x0ebc [ E64444523ADD154F86567C469BC0B17F, FBE8A1DC28C102068183754F6BF0D03F5D18FD24BEB7E4B57D1CFCEBB13B381F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:50:24.0765 0x0ebc tcpipreg - ok
17:50:24.0797 0x0ebc [ 1825BCEB47BF41C5A9F0E44DE82FC27A, 6E5F2654852060A61728686A1877A1EA93645EEED0D2612842D951B4E83750A3 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:50:24.0867 0x0ebc tdcmdpst - ok
17:50:24.0887 0x0ebc [ 1875C1490D99E70E449E3AFAE9FCBADF, FFDF03826DAB748D51B53B648B632E79B3CD6238F684FDEA749B4D0F93BE5A77 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:50:24.0937 0x0ebc TDPIPE - ok
17:50:24.0977 0x0ebc [ 7156308896D34EA75A582F9A09E50C17, B5663B4035EE4D7957D2EDB4F9D3342806CB0E094D9661C6BD6AFC031160F176 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:50:25.0007 0x0ebc TDTCP - ok
17:50:25.0027 0x0ebc [ CB39E896A2A83702D1737BFD402B3542, FA77D98EA3606CA2FCEF0E0949FDE2C32A080B47CAFDE46CE903CA3CBFC5DF35 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:50:25.0105 0x0ebc tdx - ok
17:50:25.0159 0x0ebc [ 66E536772F6FD08BB303DAD58C6CDE6A, D7D49AD17CC926956883AE0D5473EBFAD53D734E0A4BACCF7CEC534F0974305D ] TempoMonitoringService C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
17:50:25.0169 0x0ebc TempoMonitoringService - ok
17:50:25.0189 0x0ebc [ C36F41EE20E6999DBF4B0425963268A5, 9DB789A17DF2C283D6E803EEA15F2BDFC56EE3BE342A5606DD5C179C3550ECA6 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:50:25.0229 0x0ebc TermDD - ok
17:50:25.0313 0x0ebc [ A01E50A04D7B1960B33E92B9080E6A94, 0512BF11F2FD62BDBD2B1AA34D509BE82AC374C37B925C8C0ED119C6331930FD ] TermService C:\Windows\System32\termsrv.dll
17:50:25.0401 0x0ebc TermService - ok
17:50:25.0434 0x0ebc [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
17:50:25.0463 0x0ebc Themes - ok
17:50:25.0473 0x0ebc [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
17:50:25.0521 0x0ebc THREADORDER - ok
17:50:25.0585 0x0ebc [ B146492A882A25A2DF1DB4668FCED6C8, B8C46B4536A7DE5A39EB7EE6F4BB6A7962FFA25563AF8ED8615B439123027E92 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
17:50:25.0615 0x0ebc TNaviSrv - ok
17:50:25.0645 0x0ebc [ C5AC715B65B01788ABC22D10749DDDD8, 3237B8CBEA645F550CE588511BC7085358B3D1358D46AF5EED65F3BAC5174195 ] TODDSrv C:\Windows\system32\TODDSrv.exe
17:50:25.0688 0x0ebc TODDSrv - ok
17:50:25.0767 0x0ebc [ DA6903958CBDC091FFCBBCA70CCFF34C, 4B663ACC6BEBE5CB8DE910E640004017F8FF533F589263456E6031408FEAFA15 ] TosCoSrv c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:50:25.0811 0x0ebc TosCoSrv - ok
17:50:25.0869 0x0ebc [ 22690DFFC7F2A18279A7A0489AA02BAC, 703B10A17AF6871439143AF9E419D780779BD4ED54D32FA7751A5630C4CCFC0C ] TOSHIBA SMART Log Service c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
17:50:25.0909 0x0ebc TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic ( 1 )
17:50:28.0673 0x0ebc Detect skipped due to KSN trusted
17:50:28.0673 0x0ebc TOSHIBA SMART Log Service - ok
17:50:28.0713 0x0ebc [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
17:50:28.0773 0x0ebc TrkWks - ok
17:50:28.0855 0x0ebc [ 41A4C781D2286208D397D72099304133, 447CAAD5589AA499EEE49FBA2CB53210359DB76AFF1DF2F0BD4D92A397037C1D ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:50:28.0885 0x0ebc TrustedInstaller - ok
17:50:28.0895 0x0ebc [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242, 9606DACB8CBDAF520282BE8C8F064535767405F138D9E9A215D2C59183E93CC1 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:50:28.0957 0x0ebc tssecsrv - ok
17:50:29.0029 0x0ebc [ 3E461D890A97F9D4C168F5FDA36E1D00, 82A8778F404F7AC5102802CF46F279F1E58AC74244665D06FD0C68A8BD887536 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:50:29.0069 0x0ebc tunnel - ok
17:50:29.0111 0x0ebc [ 792A8B80F8188ABA4B2BE271583F3E46, BFE96D13926F3CB7D807CEBB5E190736B742EB5C93F7FED08AA5D145F4B6A874 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:50:29.0131 0x0ebc TVALZ - ok
17:50:29.0151 0x0ebc [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:50:29.0181 0x0ebc uagp35 - ok
17:50:29.0207 0x0ebc [ 09CC3E16F8E5EE7168E01CF8FCBE061A, 81EEAC72A7C4D72666C743DEFF8096FDB465AA1FA8076C60D19CC192846F01CA ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:50:29.0303 0x0ebc udfs - ok
17:50:29.0343 0x0ebc [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:50:29.0375 0x0ebc UI0Detect - ok
17:50:29.0435 0x0ebc [ 332D341D92B933600D41953B08360DFB, 213A5C84ABB0D627C05B355084A26A5081645D4EC398FF19EF6BBCB690B10055 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
17:50:29.0475 0x0ebc UleadBurningHelper - detected UnsignedFile.Multi.Generic ( 1 )
17:50:32.0225 0x0ebc Detect skipped due to KSN trusted
17:50:32.0225 0x0ebc UleadBurningHelper - ok
17:50:32.0295 0x0ebc [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
17:50:32.0315 0x0ebc uliagpkx - ok
17:50:32.0355 0x0ebc [ 049B3A50B3D646BAEEEE9EEC9B0668DC, 5774438BBD0976424C20559E14BA2AC158D9FF5D4E1FDC1C9C9F4D7A5CE8C377 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:50:32.0397 0x0ebc umbus - ok
17:50:32.0427 0x0ebc [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:50:32.0447 0x0ebc UmPass - ok
17:50:32.0477 0x0ebc [ 8ECACA5454844F66386F7BE4AE0D7CD1, F3B02A9F598C6A9EFA019F5833959DD1A86FDFDB9FDDF99A8687BBB6211AAD00 ] UmRdpService C:\Windows\System32\umrdp.dll
17:50:32.0517 0x0ebc UmRdpService - ok
17:50:32.0567 0x0ebc [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
17:50:32.0637 0x0ebc upnphost - ok
17:50:32.0669 0x0ebc [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:50:32.0709 0x0ebc usbccgp - ok
17:50:32.0749 0x0ebc [ 04EC7CEC62EC3B6D9354EEE93327FC82, 6CB41D8644618A5F701F6CA91FB65BB94AA83EA48992133B5262DC539B334B2E ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
17:50:32.0779 0x0ebc usbcir - ok
17:50:32.0802 0x0ebc [ 1C333BFD60F2FED2C7AD5DAF533CB742, 97AE9CA39482B886FCD063E80B8AB153E1FC1459452657393D8B1745EF69E1C3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:50:32.0830 0x0ebc usbehci - ok
17:50:32.0871 0x0ebc [ EE6EF93CCFA94FAE8C6AB298273D8AE2, CBEE16CEAD02E994F0C2AD77DD8C01CB9964C6B42DE49FF7A787849CD25767B4 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:50:32.0921 0x0ebc usbhub - ok
17:50:32.0942 0x0ebc [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:50:32.0983 0x0ebc usbohci - ok
17:50:33.0013 0x0ebc [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:50:33.0053 0x0ebc usbprint - ok
17:50:33.0083 0x0ebc [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:50:33.0133 0x0ebc usbscan - ok
17:50:33.0153 0x0ebc [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:50:33.0193 0x0ebc USBSTOR - ok
17:50:33.0223 0x0ebc [ 78780C3EBCE17405B1CCD07A3A8A7D72, FBFF3111E22EE0B4BCAFA81F89AAE985135BFF48EEFD130C09B49CCF8A9946B9 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:50:33.0265 0x0ebc usbuhci - ok
17:50:33.0335 0x0ebc [ F642A7E4BF78CFA359CCA0A3557C28D7, 12F1ABDD5C871147AFC682BCEF099F319A4F542AC3F0B647D7A5DFE63EDAE061 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:50:33.0375 0x0ebc usbvideo - ok
17:50:33.0397 0x0ebc [ 8C5094A8AB24DE7496C7C19942F2DF04, B6F0CF09FD307793EE799221FA8BF1DC3C772748B2B6CA40EC8127A6E1462787 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
17:50:33.0447 0x0ebc UVCFTR - ok
17:50:33.0467 0x0ebc [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
17:50:33.0517 0x0ebc UxSms - ok
17:50:33.0549 0x0ebc [ C2243FF9E9AAD0C30E8B1A0914DA15B6, CD01BD44659FDAA6FE8679D0F76748409680A4F4885905EA56F655C60DDEC01F ] VaultSvc C:\Windows\system32\lsass.exe
17:50:33.0567 0x0ebc VaultSvc - ok
17:50:33.0599 0x0ebc [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
17:50:33.0629 0x0ebc vdrvroot - ok
17:50:33.0667 0x0ebc [ 8C4E7C49D3641BC9E299E466A7F8867D, 4F2E742EFE2DE47EE187B3BCDFDCB525FE484B74700A226D7894F9633F957AFA ] vds C:\Windows\System32\vds.exe
17:50:33.0721 0x0ebc vds - ok
17:50:33.0761 0x0ebc [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:50:33.0781 0x0ebc vga - ok
17:50:33.0791 0x0ebc [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:50:33.0844 0x0ebc VgaSave - ok
17:50:33.0865 0x0ebc [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583, 33DF8F7C9A3176175113CA10D69FAF17A5412C055943F14DDC9923531FADB82D ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
17:50:33.0893 0x0ebc vhdmp - ok
17:50:33.0935 0x0ebc [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
17:50:33.0965 0x0ebc viaagp - ok
17:50:33.0975 0x0ebc [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:50:34.0027 0x0ebc ViaC7 - ok
17:50:34.0061 0x0ebc [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
17:50:34.0085 0x0ebc viaide - ok
17:50:34.0108 0x0ebc [ 379B349F65F453D2A6E75EA6B7448E49, F52B1B3AE9F5D38B45C889A7B1EBE59533C17E73678D355D1466B5EF3338BF16 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
17:50:34.0139 0x0ebc vmbus - ok
17:50:34.0149 0x0ebc [ EC2BBAB4B84D0738C6C83D2234DC36FE, 8BA2FA187DAC6994D5A29897AE5F46E6424FB53C827553E0BB148E31825D6676 ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
17:50:34.0183 0x0ebc VMBusHID - ok
17:50:34.0202 0x0ebc [ 384E5A2AA49934295171E499F86BA6F3, C79271F98506392422325C075144F45436F9979FE1E002B57F9426F3DA96CEF0 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
17:50:34.0231 0x0ebc volmgr - ok
17:50:34.0255 0x0ebc [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:50:34.0317 0x0ebc volmgrx - ok
17:50:34.0345 0x0ebc [ 58DF9D2481A56EDDE167E51B334D44FD, C77D7BE83CF1C0DEC80429C5A519E794FD2E8C1E6DAD6F5C92B5EB5694CEB8EA ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
17:50:34.0391 0x0ebc volsnap - ok
17:50:34.0421 0x0ebc [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:50:34.0451 0x0ebc vsmraid - ok
17:50:34.0533 0x0ebc [ 7EA2BCD94D9CFAF4C556F5CC94532A6C, 7CD6637BE0A08E3B0F9991D79751DCA8AEC9224B83301821DAA29C9F42B7A9E3 ] VSS C:\Windows\system32\vssvc.exe
17:50:34.0625 0x0ebc VSS - ok
17:50:34.0655 0x0ebc [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:50:34.0695 0x0ebc vwifibus - ok
17:50:34.0737 0x0ebc [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
17:50:34.0817 0x0ebc W32Time - ok
17:50:34.0852 0x0ebc [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:50:34.0869 0x0ebc WacomPen - ok
17:50:34.0900 0x0ebc [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:50:34.0949 0x0ebc WANARP - ok
17:50:34.0956 0x0ebc [ 692A712062146E96D28BA0B7D75DE31B, B6D260272330E0C8EBFAD8F09212F48F1EFED42E6BD3F29A5780D0B691D55B34 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:50:34.0994 0x0ebc Wanarpv6 - ok
17:50:35.0104 0x0ebc [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:50:35.0210 0x0ebc WatAdminSvc - ok
17:50:35.0285 0x0ebc [ 7790B77FE1E5EE47DCC66247095BB4C9, FFB541F83CDE32E65007D41217C2F46CDDF68121E2846B638EAB620ACA940B05 ] wbengine C:\Windows\system32\wbengine.exe
17:50:35.0439 0x0ebc wbengine - ok
17:50:35.0469 0x0ebc [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:50:35.0519 0x0ebc WbioSrvc - ok
17:50:35.0559 0x0ebc [ D0F88AA11EE1A62BCC6D6A8A7783CA11, 3DBC1806E6F8CD58A9E93EA2A0CDC83C1A90E37B5E385209E4D9A0C81922F447 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:50:35.0599 0x0ebc wcncsvc - ok
17:50:35.0623 0x0ebc [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:50:35.0688 0x0ebc WcsPlugInService - ok
17:50:35.0713 0x0ebc [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:50:35.0743 0x0ebc Wd - ok
17:50:35.0785 0x0ebc [ 9950E3D0F08141C7E89E64456AE7DC73, DE4B96812B305A63F5874BBF2DC40354FB45B3D96C1D33436E677099760BA448 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:50:35.0855 0x0ebc Wdf01000 - ok
17:50:35.0865 0x0ebc [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:50:35.0907 0x0ebc WdiServiceHost - ok
17:50:35.0917 0x0ebc [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:50:35.0937 0x0ebc WdiSystemHost - ok
17:50:35.0980 0x0ebc [ D87C7D2C517F82A5AB7A73E203063D9E, 8861AB4ECEDAE801008BE0406FCB19418AA2864E89D0776B94E25773E6DB5E88 ] WebClient C:\Windows\System32\webclnt.dll
17:50:36.0049 0x0ebc WebClient - ok
17:50:36.0085 0x0ebc [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:50:36.0153 0x0ebc Wecsvc - ok
17:50:36.0175 0x0ebc [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:50:36.0223 0x0ebc wercplsupport - ok
17:50:36.0273 0x0ebc [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
17:50:36.0305 0x0ebc WerSvc - ok
17:50:36.0357 0x0ebc [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:50:36.0408 0x0ebc WfpLwf - ok
17:50:36.0422 0x0ebc [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:50:36.0447 0x0ebc WIMMount - ok
17:50:36.0509 0x0ebc [ 0ACD399F5DB3DF1B58903CF4949AB5A8, F8FA0A8F631AA8F34A0506F1E5E09DFB6CDA1E9E92207A73A74F1A0E7768C49A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:50:36.0589 0x0ebc winachsf - ok
17:50:36.0671 0x0ebc [ 3FAE8F94296001C32EAB62CD7D82E0FD, 180FAECC426CF8F46700C855022E5865D528B1A20686F96D11080AB2FE2E0430 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:50:36.0731 0x0ebc WinDefend - ok
17:50:36.0747 0x0ebc WinHttpAutoProxySvc - ok
17:50:36.0813 0x0ebc [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:50:36.0863 0x0ebc Winmgmt - ok
17:50:36.0955 0x0ebc [ C4F5D3901D1B41D602DDC196E0B95B51, 20FF2A9DEE3ECBFB163DFA62A407E30ED49F609EF46936F286C2A08A24EA3E7C ] WinRM C:\Windows\system32\WsmSvc.dll
17:50:37.0079 0x0ebc WinRM - ok
17:50:37.0181 0x0ebc [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:50:37.0268 0x0ebc Wlansvc - ok
17:50:37.0303 0x0ebc [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:50:37.0323 0x0ebc WmiAcpi - ok
17:50:37.0361 0x0ebc [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:50:37.0415 0x0ebc wmiApSrv - ok
17:50:37.0527 0x0ebc [ 77FBD400984CF72BA0FC4B3489D65F74, 9AA404F17177FEB43A9EA1A86061B452E7C4A93C873E61B68269047519CD433E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:50:37.0619 0x0ebc WMPNetworkSvc - ok
17:50:37.0669 0x0ebc [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:50:37.0719 0x0ebc WPCSvc - ok
17:50:37.0739 0x0ebc [ B7F658A2EBC07129538AD9AB35212637, 86774A760189E4B126C972A778F890C00C1C30EDD28044DD43B40644A8778B4D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:50:37.0768 0x0ebc WPDBusEnum - ok
17:50:37.0821 0x0ebc [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:50:37.0881 0x0ebc ws2ifsl - ok
17:50:37.0909 0x0ebc [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
17:50:37.0943 0x0ebc wscsvc - ok
17:50:37.0953 0x0ebc WSearch - ok
17:50:38.0078 0x0ebc [ A33408CC036F9C08142B11BE5E93F0A1, A6CE3681EE4DE3C9A8B8B5DA4E8E46DB4443A32D1339F7D0893F1F2153635D86 ] wuauserv C:\Windows\system32\wuaueng.dll
17:50:38.0235 0x0ebc wuauserv - ok
17:50:38.0261 0x0ebc [ 6F9B6C0C93232CFF47D0F72D6DB1D21E, C685A458951820ED0F09E6197251CE6FC55AAB75D4FBEFF2992805309239A47A ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:50:38.0332 0x0ebc WudfPf - ok
17:50:38.0387 0x0ebc [ F91FF1E51FCA30B3C3981DB7D5924252, D7052B58F22638CA8B59C6FD7408D6D6DD1C33910912CACC05C133472CE0DDCE ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:50:38.0435 0x0ebc WUDFRd - ok
17:50:38.0456 0x0ebc [ DDEE3682FE97037C45F4D7AB467CB8B6, D5A8F07AF4EDD9D7E17FEC6222D187E2981C177A479511E407756E0E5CB8D387 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:50:38.0498 0x0ebc wudfsvc - ok
17:50:38.0525 0x0ebc [ FF2D745B560F7C71B31F30F4D49F73D2, B2FBF7E5F58E34AC64FE6CF65800F1F07939279203BDE89375FAC92B884A4F37 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:50:38.0589 0x0ebc WwanSvc - ok
17:50:38.0629 0x0ebc [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
17:50:38.0659 0x0ebc XAudio - ok
17:50:38.0709 0x0ebc [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
17:50:38.0771 0x0ebc XAudioService - ok
17:50:38.0801 0x0ebc ================ Scan global ===============================
17:50:38.0841 0x0ebc [ 9A595DF601070DA78C40481120DD2C06, 4C2D6216F212DE9346339ED29152962A39E4435E70F18DD655156727E70818F6 ] C:\Windows\system32\basesrv.dll
17:50:38.0881 0x0ebc [ 008F51AE989C3DF1CBAF8B39DC423CCC, C7083B4F5E0C2B829980CF3ADC831A418119F2347250876835037D025C9B69DA ] C:\Windows\system32\winsrv.dll
17:50:38.0901 0x0ebc [ 008F51AE989C3DF1CBAF8B39DC423CCC, C7083B4F5E0C2B829980CF3ADC831A418119F2347250876835037D025C9B69DA ] C:\Windows\system32\winsrv.dll
17:50:38.0951 0x0ebc [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
17:50:38.0991 0x0ebc [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
17:50:39.0001 0x0ebc [ Global ] - ok
17:50:39.0001 0x0ebc ================ Scan MBR ==================================
17:50:39.0021 0x0ebc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:50:39.0853 0x0ebc \Device\Harddisk0\DR0 - ok
17:50:39.0853 0x0ebc ================ Scan VBR ==================================
17:50:39.0863 0x0ebc [ 2FAC75B7756F0873BAD8202FC3B20908 ] \Device\Harddisk0\DR0\Partition1
17:50:39.0913 0x0ebc \Device\Harddisk0\DR0\Partition1 - ok
17:50:39.0923 0x0ebc [ B2BE7ADF79F765C7B13F351E425DC690 ] \Device\Harddisk0\DR0\Partition2
17:50:39.0923 0x0ebc \Device\Harddisk0\DR0\Partition2 - ok
17:50:39.0933 0x0ebc [ D857B90E8167C96D24E514B666D11CB7 ] \Device\Harddisk0\DR0\Partition3
17:50:39.0973 0x0ebc \Device\Harddisk0\DR0\Partition3 - ok
17:50:39.0973 0x0ebc ================ Scan generic autorun ======================
17:50:40.0073 0x0ebc [ 98888488D0E6DB0256E5E661BCD35EB6, A1FE5D097A131998A617E5C4DD9F55DCDAAD75A1D7CEA584CA4FE64E543A28CE ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
17:50:40.0134 0x0ebc SynTPEnh - ok
17:50:40.0439 0x0ebc [ 6C887E9BA3AE7F62635F098BFC9853CD, B7644B9882F387F87140930503E1EA0E766A90ADDD963CB9D96A013716AC7B2F ] C:\Windows\RtHDVCpl.exe
17:50:40.0899 0x0ebc RtHDVCpl - ok
17:50:41.0011 0x0ebc [ C8612E58FB7FCFA5EEA4E39F7B8CBC17, 91FAF64968D26992574D5078989493F5A5F24239C7CB6834B31A25ECA9AA189A ] C:\Windows\Skytel.exe
17:50:41.0116 0x0ebc Skytel - ok
17:50:41.0193 0x0ebc [ EF1464C1F3334F65F55943BFDA45C519, 4FD00B7C1DBE43A839900AB9402EB04887E481390AFAF7E3AEA42ADCE1044EC6 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
17:50:41.0245 0x0ebc 00TCrdMain - detected UnsignedFile.Multi.Generic ( 1 )
17:50:43.0887 0x0ebc Detect skipped due to KSN trusted
17:50:43.0887 0x0ebc 00TCrdMain - ok
17:50:43.0937 0x0ebc [ 8B9145D229D4E89D15ACB820D4A3A90F, F3831D9AE752B6AFBD3380E0BC849E4B051D6E06A88C1F61293A6DE4F66794E1 ] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
17:50:43.0977 0x0ebc Adobe Reader Speed Launcher - ok
17:50:44.0057 0x0ebc [ B1DB5EDB658F3FF4F13AC069CE622893, D4AC66DD9CF9EE4770AA34936EE28844D2BE39968727E8A9CAAB9E9A09387CC6 ] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
17:50:44.0099 0x0ebc Camera Assistant Software - detected UnsignedFile.Multi.Generic ( 1 )
17:50:46.0783 0x0ebc Detect skipped due to KSN trusted
17:50:46.0783 0x0ebc Camera Assistant Software - ok
17:50:46.0883 0x0ebc [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
17:50:46.0915 0x0ebc Google Desktop Search - ok
17:50:46.0965 0x0ebc [ 5F0D3BD87EA98332B5B1D5B86C40FBF9, 27CF8676C6EF2B21C38A1DEB516D96FFCC31080F290E35B4002D3B3F1103971D ] C:\Program Files\TOSHIBA\TBS\HSON.exe
17:50:46.0995 0x0ebc HSON - ok
17:50:47.0055 0x0ebc [ B50D6E98F87616444B7E3F8D190A5F09, 6CFE3E008DC4279B9BFC764DE9371BEA637BF5FF0089BC3D14D243AC86BF0536 ] C:\Program Files\Toshiba\SmoothView\SmoothView.exe
17:50:47.0085 0x0ebc SmoothView - ok
17:50:47.0157 0x0ebc [ E1FAAF7915BC07352CCF1DFF37058414, 8F79435F7B2E1D3F40B5E61ED195587574EF078FD196924100DE109DB45AF1CC ] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
17:50:47.0191 0x0ebc topi - detected UnsignedFile.Multi.Generic ( 1 )
17:50:49.0851 0x0ebc Detect skipped due to KSN trusted
17:50:49.0851 0x0ebc topi - ok
17:50:49.0951 0x0ebc [ 74D358BD3AA79C90C7DAD0234792F238, 0D4F34064F2D19F679FFC277899164232A05E080CEDEA580E72693A2750556AC ] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
17:50:49.0985 0x0ebc Toshiba Registration - ok
17:50:50.0013 0x0ebc [ 559AC2F9AE520265F0D14215CB8232CA, DDA0AF9F98396B6D808E2DA68A68F41194CEB4B5EA8CEE5222D627F9AD8C1DF1 ] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
17:50:50.0033 0x0ebc Toshiba TEMPO - ok
17:50:50.0070 0x0ebc [ B0674AE101707D21F9E30484D6465704, D4285A5BF03EE01DFBBDBE5619B2266D73D64B8E5E2418DCAD8870AE3C86626A ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
17:50:50.0096 0x0ebc TPwrMain - ok
17:50:50.0155 0x0ebc [ 8143723D21F4FA9B7AA295A29AE9541C, 3261A2463A5E4D8068964CD9ECCA1B203B21BFA2F8AC8EAA5AF32DC08D03FE38 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
17:50:50.0185 0x0ebc StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
17:50:52.0949 0x0ebc Detect skipped due to KSN trusted
17:50:52.0949 0x0ebc StartCCC - ok
17:50:53.0049 0x0ebc [ D63797E8E7781EE1500A810CB6194FA6, 5C96DA00B98F0776E6174EBB7D4D6DB634838E130D8581E11811831D2C57B119 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
17:50:53.0069 0x0ebc SunJavaUpdateSched - ok
17:50:53.0131 0x0ebc [ AD156AF046A8480D6E36EF499103727B, 4E7E00F3934C0D7C325EABE9396A9168038DDD3BC051D453C1CA13A080F6E956 ] C:\Windows\ehome\ehTray.exe
17:50:53.0161 0x0ebc ehTray.exe - ok
17:50:53.0267 0x0ebc [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files\Windows Sidebar\sidebar.exe
17:50:53.0367 0x0ebc Sidebar - ok
17:50:53.0397 0x0ebc Skype - ok
17:50:53.0447 0x0ebc [ 2F0EAAF91FC7A5C70D1F4BE9B18A1CF5, 6075E8ADD4136AC6497C1FE9CC937E6652FAD5024AED1CF901CE107078955C4F ] C:\Windows\System32\StikyNot.exe
17:50:53.0501 0x0ebc RESTART_STICKY_NOTES - ok
17:50:53.0678 0x0ebc [ D71699B1030F1021E663DBD567F7B018, 3CDEC180C567F73F9F78CFA37DBF731780AE09C8D89FC96E8CC08B63BB8DDE48 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
17:50:53.0807 0x0ebc Spybot-S&D Cleaning - ok
17:50:53.0817 0x0ebc Waiting for KSN requests completion. In queue: 8
17:50:54.0823 0x0ebc Waiting for KSN requests completion. In queue: 8
17:50:55.0823 0x0ebc Waiting for KSN requests completion. In queue: 8
17:50:56.0845 0x0ebc AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.440 ), 0x41010 ( enabled : outofdate )
17:50:56.0845 0x0ebc Win FW state via NFP2: enabled
17:50:59.0517 0x0ebc ============================================================
17:50:59.0517 0x0ebc Scan finished
17:50:59.0517 0x0ebc ============================================================
17:50:59.0527 0x14f8 Detected object count: 3
17:50:59.0527 0x14f8 Actual detected object count: 3
18:06:16.0903 0x14f8 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:16.0913 0x14f8 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:06:16.0913 0x14f8 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:16.0913 0x14f8 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:06:16.0913 0x14f8 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
18:06:16.0913 0x14f8 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:06:33.0533 0x0d84 Deinitialize success

Noch eine Info von mir: Eben kam auf dem Bildschirm rechts unten die Meldung:
"Avira wurde aktualisiert. Ihre Version ist aktuell"
Es war ein dunkelgrauer Balken mit weißer Schrift, nicht die normale Meldung von Avira.

Im Kontrollcenter steht: "Ihr Computer ist nicht sicher!"
Letztes Update im März 2015.

M-K-D-B · 20.05.2015, 18:25

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\Program Files\5qres.dll
C:\Program Files\5qUninstall Zwinky.dll
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 5

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

ludibubi · 21.05.2015, 13:06

Hier sind die nächsten Logs. Anmerkung: MBAM konnte seine Datenbank nicht aktualisieren. Eskommt immer wieder die Meldung, dass die Aktualisierung fehlgeschlagen ist!

FRST.fix

Zitat:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-05-2015
Ran by meyer at 2015-05-21 08:53:28 Run:1
Running from C:\Users\meyer\Downloads
Loaded Profiles: meyer (Available profiles: meyer)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files\5qres.dll
C:\Program Files\5qUninstall Zwinky.dll
EmptyTemp:
end

*****************

Processes closed successfully.
"C:\Program Files\5qres.dll" => File/Directory not found.
"C:\Program Files\5qUninstall Zwinky.dll" => File/Directory not found.
EmptyTemp: => Removed 1.2 GB temporary data.

The system needed a reboot.

==== End of Fixlog 08:54:31 ====

AdwCleaner

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.204 - Bericht erstellt 21/05/2015 um 09:08:55
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-20.1 [Server]
# Betriebssystem : Windows 7 Ultimate  (x86)
# Benutzername : meyer - MEYER-PC
# Gestarted von : C:\Users\meyer\Downloads\AdwCleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Allin1Convert_8hService

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Program Files\AVG Security Toolbar
Ordner Gelöscht : C:\Program Files\Allin1Convert_8h
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\meyer\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\meyer\AppData\Local\iac
Ordner Gelöscht : C:\Users\meyer\AppData\Local\Allin1Convert_8h
Ordner Gelöscht : C:\Users\meyer\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\meyer\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\meyer\AppData\LocalLow\Allin1Convert_8h

***** [ Geplante Tasks ] *****

Task Gelöscht : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@Allin1Convert_8h.com/Plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.FeedManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.FeedManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.HTMLMenu
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.HTMLMenu.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.HTMLPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.HTMLPanel.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.MultipleButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.MultipleButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.PseudoTransparentPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.PseudoTransparentPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.Radio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.Radio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.RadioSettings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.RadioSettings.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ScriptButton
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ScriptButton.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.SettingsPlugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.SettingsPlugin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ThirdPartyInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ThirdPartyInstaller.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Zwinky_5q.ToolbarProtector.1
Schlüssel Gelöscht : HKCU\Software\Classes\CLSID\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Allin1Convert EPM Support]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Allin1Convert Home Page Guard 32 bit]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Allin1Convert Search Scope Monitor]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Allin1Convert_8h Browser Plugin Loader]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{248B3E95-17A4-482D-A8A8-6B3DF4D05C35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39D4F1A1-A94D-4B7D-BF1D-7446308800ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{443321F7-E46C-42F8-812B-F35E98CBB44F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5CDE4714-32DC-473C-8194-0645E62C2E96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8F83D657-5993-4FFA-9AEE-DA0B20D828A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF5DB804-585B-472E-B415-BC63F8F01BF6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27f49273-de3a-4111-90f9-6c474c37aefb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7caefafc-9a1e-4bcc-94dd-bc7d8d52717a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{889f49d2-6cea-40be-be5f-7217485f9745}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{a7583d7e-f1b5-415b-8021-f63aef937dd1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{c8ef8f70-3807-424a-83f7-da06fd4dacf9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{cd1a63ba-a08c-431b-9a34-f240aadc728d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{de0f6787-9d1c-42b7-a0b9-eac630f87902}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{e4ef697f-434b-4dc7-a464-4412462206db}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ef3f28c8-0330-4d18-b901-d24cb83e5aa1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{f2c368c5-9f44-4d43-89f3-a1cc87f1da96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{f99ddd9a-07d0-47ab-86f1-193533dd2c60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5e58cda9-3b21-4611-a859-26ee28950e61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6c5561b6-3dd2-46b5-83be-eae744366046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4BD0FCFF-AD64-4315-9F2C-960EF3C21623}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507C73BB-FC69-425E-8A49-9204F886B328}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6EC57031-1740-4151-93C5-C465D6063DD2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{16976e15-10ea-44fd-804a-6ecbc9ebbfc7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{b48ac2cd-9662-47e0-a3c0-3b01bb3f463e}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2561fd25-fe31-4e56-a120-af7feaae3124}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{d617cf84-b0bc-441f-9984-b676afba1e8d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{70e4e0f6-cff4-4f93-bde4-bda9ef3752bc}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{be698e51-830b-447a-954d-901d6e05dde2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{bfcf748f-a56e-451f-aa45-0d7eb699e416}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9d217b94-6fc9-44fe-94b1-30c711871266}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7caefafc-9a1e-4bcc-94dd-bc7d8d52717a}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{cd1a63ba-a08c-431b-9a34-f240aadc728d}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{cd1a63ba-a08c-431b-9a34-f240aadc728d}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{27f49273-de3a-4111-90f9-6c474c37aefb}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7caefafc-9a1e-4bcc-94dd-bc7d8d52717a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e4ef697f-434b-4dc7-a464-4412462206db}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f99ddd9a-07d0-47ab-86f1-193533dd2c60}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{248B3E95-17A4-482D-A8A8-6B3DF4D05C35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{88E44198-D164-4EC0-B2C0-F679D866C6DA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F671C1B3-9776-426D-A350-55FB2D9B53F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5e58cda9-3b21-4611-a859-26ee28950e61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6874fade-02c8-4181-831a-fc7486cf1d74}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6c5561b6-3dd2-46b5-83be-eae744366046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cb3599c0-8bd2-4785-a076-889638c7a66c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fd98d4ff-3371-4f27-9ec4-9a790a589a26}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{cd1a63ba-a08c-431b-9a34-f240aadc728d}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{cd1a63ba-a08c-431b-9a34-f240aadc728d}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1B10327E-CA04-48D8-8FA5-5D1E79992205}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Allin1Convert_8h
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Allin1Convert_8h
Schlüssel Gelöscht : HKLM\SOFTWARE\APN
Schlüssel Gelöscht : HKLM\SOFTWARE\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Allin1Convert_8h
Schlüssel Gelöscht : HKU\.DEFAULT\Software\APN
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Allin1Convert_8hbar Uninstall Internet Explorer
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Allin1Convert_8hbar Uninstall Firefox
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v


*************************

AdwCleaner[R0].txt - [16721 Bytes] - [21/05/2015 09:05:51]
AdwCleaner[S0].txt - [14681 Bytes] - [21/05/2015 09:08:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14741  Bytes] ##########

--- --- ---

MBAM

Zitat:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 21.05.2015
Suchlauf-Zeit: 09:30:34
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.05.16.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7
CPU: x86
Dateisystem: NTFS
Benutzer: meyer

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 324948
Verstrichene Zeit: 15 Min, 41 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 0
(Keine schädliche Elemente gefunden)

Registrierungswerte: 0
(Keine schädliche Elemente gefunden)

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)

(end)

JRT

Zitat:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.6 (05.21.2015:1)
OS: Windows 7 Ultimate x86
Ran by meyer on 21.05.2015 at 13:29:54,66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Classes\TypeLib\{006ad7b2-968a-11de-88c9-5bde55d89593}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d}

~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini
Successfully deleted: [File] C:\Windows\prefetch\DRIVERINSTALLER.EXE-E86237C4.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-A88BF077.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_BA9226F4-C533DBA5.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-EB3F2433.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-4E14BB2A.pf
Successfully deleted: [File] C:\Windows\prefetch\TOOLBARUPDATER.EXE-46860CD3.pf

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.05.2015 at 13:32:24,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Frst

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by meyer (administrator) on MEYER-PC on 21-05-2015 13:49:11
Running from C:\Users\meyer\Downloads
Loaded Profiles: meyer &  (Available profiles: meyer)
Platform: Microsoft Windows 7 Ultimate  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-18] (Google)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-08-26] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-18] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2010-06-01]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk [2010-06-01]
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-10-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-10-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} -  No File
URLSearchHook: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} -  No File
SearchScopes: HKLM -> {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> DefaultScope {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-24] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-24] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\..\Interfaces\{ECB6E1FF-DC62-4C83-9C17-39A1AD2F7143}: [NameServer] 192.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\fi8OXMfQ.default
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-05-28] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\fi8OXMfQ.default\Extensions\abs@avira.com [2014-11-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-18] (Google)
S2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
S2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
S2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-11-30] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-14] (Realtek Semiconductor Corporation                           )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 catchme; \??\C:\Users\meyer\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 13:49 - 2015-05-21 13:49 - 00018675 _____ () C:\Users\meyer\Downloads\FRST.txt
2015-05-21 13:32 - 2015-05-21 13:32 - 00002026 _____ () C:\Users\meyer\Downloads\JRT.txt
2015-05-21 13:30 - 2015-05-21 13:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MEYER-PC-Windows-7-Ultimate-(32-bit).dat
2015-05-21 13:30 - 2015-05-21 13:30 - 00000000 ____D () C:\RegBackup
2015-05-21 13:28 - 2015-05-21 13:28 - 02720009 _____ (Thisisu) C:\Users\meyer\Downloads\JRT.exe
2015-05-21 09:48 - 2015-05-21 09:48 - 00001194 _____ () C:\Users\meyer\Downloads\mbam.txt
2015-05-21 09:29 - 2015-05-21 09:29 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 09:28 - 2015-05-21 09:28 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-21 09:28 - 2015-05-21 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-21 09:28 - 2015-05-21 09:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 09:28 - 2015-05-21 09:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-21 09:28 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 09:28 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 09:28 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 09:24 - 2015-05-21 09:24 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\meyer\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 09:05 - 2015-05-21 09:09 - 00000000 ____D () C:\AdwCleaner
2015-05-21 09:00 - 2015-05-21 09:00 - 02209792 _____ () C:\Users\meyer\Downloads\AdwCleaner_4.204.exe
2015-05-20 17:45 - 2015-05-20 17:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\meyer\Downloads\tdsskiller.exe
2015-05-20 16:54 - 2015-05-20 16:54 - 00014462 _____ () C:\Users\meyer\Downloads\gmer.log
2015-05-20 16:04 - 2015-05-20 16:04 - 00380416 _____ () C:\Users\meyer\Downloads\Gmer-19357.exe
2015-05-20 16:00 - 2015-05-21 13:49 - 00000000 ____D () C:\FRST
2015-05-20 16:00 - 2015-05-20 16:00 - 01146880 _____ (Farbar) C:\Users\meyer\Downloads\FRST.exe
2015-05-20 15:58 - 2015-05-20 15:58 - 00000472 _____ () C:\Users\meyer\Desktop\defogger_disable.log
2015-05-20 15:58 - 2015-05-20 15:58 - 00000000 _____ () C:\Users\meyer\defogger_reenable
2015-05-20 15:57 - 2015-05-20 15:57 - 00050477 _____ () C:\Users\meyer\Downloads\Defogger.exe
2015-05-20 13:05 - 2015-05-20 13:05 - 00001177 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-09 22:04 - 2015-05-09 22:04 - 00000348 _____ () C:\Windows\Tasks\0415tbUpdateInfo.job
2015-05-09 22:04 - 2015-05-09 22:04 - 00000000 ____D () C:\ProgramData\Avg_Update_0415tb

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-21 13:47 - 2010-05-08 07:17 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 13:44 - 2010-05-28 13:55 - 01214276 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 13:23 - 2010-07-18 10:27 - 00000000 ____D () C:\Users\meyer\AppData\Roaming\Skype
2015-05-21 13:06 - 2012-04-30 20:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-21 09:28 - 2010-05-28 14:09 - 01501000 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 09:26 - 2009-07-14 06:39 - 00444307 _____ () C:\Windows\setupact.log
2015-05-21 09:15 - 2010-05-28 13:30 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 09:15 - 2010-05-28 13:30 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 09:12 - 2014-04-21 18:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-05-21 09:12 - 2014-04-21 18:42 - 00000362 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-05-21 09:12 - 2010-05-08 07:17 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 09:10 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-20 17:41 - 2010-05-28 13:45 - 00039408 _____ () C:\Windows\PFRO.log
2015-05-20 15:58 - 2010-05-28 13:31 - 00000000 ____D () C:\Users\meyer
2015-05-20 15:39 - 2009-08-05 12:07 - 00000000 ____D () C:\Users\meyer\AppData\Local\Adobe
2015-05-20 15:38 - 2012-04-30 20:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-20 15:38 - 2012-04-30 20:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-20 13:33 - 2013-06-24 21:55 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-20 13:25 - 2014-02-20 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-20 13:05 - 2014-11-30 13:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-20 13:05 - 2014-02-20 20:26 - 00000000 ____D () C:\Program Files\Avira
2015-05-20 13:05 - 2012-04-30 20:17 - 00000000 ____D () C:\ProgramData\Avira

==================== Files in the root of some directories =======

2009-02-18 11:02 - 2009-02-18 11:03 - 0000114 _____ () C:\Users\meyer\AppData\Roaming\wklnhst.dat
2010-07-18 10:28 - 2010-07-18 10:28 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

Some content of TEMP:
====================
C:\Users\meyer\AppData\Local\Temp\avgnt.exe
C:\Users\meyer\AppData\Local\Temp\Quarantine.exe
C:\Users\meyer\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-04 00:13

==================== End Of Log ============================

--- --- ---

Addition

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-05-2015
Ran by meyer at 2015-05-21 13:50:02
Running from C:\Users\meyer\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1398980063-4242612766-3276201938-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1398980063-4242612766-3276201938-1004 - Limited - Enabled)
Gast (S-1-5-21-1398980063-4242612766-3276201938-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1398980063-4242612766-3276201938-1002 - Limited - Enabled)
meyer (S-1-5-21-1398980063-4242612766-3276201938-1000 - Administrator - Enabled) => C:\Users\meyer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
ccc-core-static (Version: 2009.0729.2238.38827 - Ihr Firmenname) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Hauppauge Signal Monitor Utility (HKLM\...\Hauppauge Signal Monitor Utility) (Version: - )
Hauppauge Software MPEG-2 Decoder Installer (HKLM\...\Hauppauge Software MPEG-2 Decoder Installer) (Version: - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: - )
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000) (Version: 7.70.00.50 - Conexant)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.390 - Oracle)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.6 (HKLM\...\myphotobook) (Version: 3.6 - myphotobook)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.20 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.11 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.2 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\meyer\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points =========================

21-08-2014 11:53:06 Geplanter Prüfpunkt
04-09-2014 09:59:13 Geplanter Prüfpunkt
23-11-2014 12:07:44 Geplanter Prüfpunkt
15-01-2015 13:22:46 Geplanter Prüfpunkt
20-02-2015 10:30:47 Geplanter Prüfpunkt
04-03-2015 11:47:24 Geplanter Prüfpunkt
03-05-2015 11:05:58 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2013-06-27 21:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0C2EEE51-D595-451B-9FF9-33B6E5EF1954} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - meyer => C:\Program Files\Windows Calendar\WinCal.exe
Task: {1343CBDC-8638-4292-8350-9E3DB7FCC1EE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {19953A8C-063E-4896-82D7-FDBA918F4F5F} - System32\Tasks\{CD38E15E-62CD-4D71-AFEE-72DB243BEB8E} => pcalua.exe -a C:\Temp\tinstall.exe -d C:\Temp
Task: {19DD9452-00DE-44AC-B947-66D58001B59F} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {2EFA7D69-DEFB-4DAF-B0CD-3990C22CA646} - System32\Tasks\0415tbUpdateInfo => C:\ProgramData\Avg_Update_0415tb\0415tb_{54C6D427-7A58-4694-B87C-2A395B866C89}.exe [2015-05-09] ()
Task: {3B4C8405-5C5B-4E1B-979B-2571D4C5212C} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {3D1D8917-8FFB-442E-A3BA-F1AC35C395FE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {412B1BC1-D399-40D5-823E-D991085D2880} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-20] (Adobe Systems Incorporated)
Task: {436C5CDC-353C-4323-88C3-46A231BE6898} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {81E87554-0547-4D38-AA14-E1064E32E53D} - System32\Tasks\{82382185-3A68-4EF0-B3D7-8988FE6D2056} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {87C3C785-AFE8-4AAA-8AA8-63979F189200} - System32\Tasks\1214tbUpdateInfo => C:\ProgramData\Avg_Update_1214tb\1214tb_{940240B9-0B79-40C8-907A-72B121437EBC}.exe [2014-12-14] ()
Task: {9A5270B6-8960-4271-A4D2-66739C02F6CC} - System32\Tasks\0215tbUpdateInfo => C:\ProgramData\Avg_Update_0215tb\0215tb_{2005D3B5-5B50-4B78-A922-980ACE1DB1B2}.exe [2015-03-12] ()
Task: {AE2B07F9-EF2E-4CE8-BDFE-E52040AD5935} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED396B59-9233-4C67-93B5-3BB66D451BAA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0215tbUpdateInfo.job => C:\ProgramData\Avg_Update_0215tb\0215tb_{2005D3B5-5B50-4B78-A922-980ACE1DB1B2}.exe
Task: C:\Windows\Tasks\0415tbUpdateInfo.job => C:\ProgramData\Avg_Update_0415tb\0415tb_{54C6D427-7A58-4694-B87C-2A395B866C89}.exe
Task: C:\Windows\Tasks\1214tbUpdateInfo.job => C:\ProgramData\Avg_Update_1214tb\1214tb_{940240B9-0B79-40C8-907A-72B121437EBC}.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-06-30 14:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-30 14:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-30 14:22 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-06-30 14:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-30 14:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2008-03-06 11:14 - 2008-03-06 11:14 - 05121912 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-10-07 16:56 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 13:03 - 2007-12-25 13:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2015-05-07 16:37 - 2015-05-07 16:37 - 00245760 _____ () C:\Program Files\Avira\Launcher\System.ComponentModel.Composition.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.8.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{341CD94B-5664-4351-AC45-562CF0458B4E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F221B037-F35B-4FB4-AE2F-E07C75E5BC31}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{FF500449-BB7A-44C6-BE41-30562B31AE3E}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{AB1FE149-543C-43D4-8D3A-4E79FA501894}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{AB8FE88B-E7C1-46F8-885B-01CDFFF9D94F}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/21/2015 09:11:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 08:56:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 08:37:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 05:42:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 03:45:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.exe, Version 6.1.7600.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11ec

Startzeit: 01d0930219d3451c

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.exe

Berichts-ID:

Error: (05/20/2015 03:37:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450, Zeitstempel: 0x4aeba271
Name des fehlerhaften Moduls: wucltux.dll, Version: 7.3.7600.16385, Zeitstempel: 0x4a5bdb45
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000068cf
ID des fehlerhaften Prozesses: 0x8bc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/20/2015 03:17:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error: (05/20/2015 03:17:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error: (05/20/2015 03:17:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: Diese Netzwerkverbindung ist nicht vorhanden.
.

Error: (05/20/2015 03:17:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Fehler bei der automatischen Aktualisierung des Drittanbieterstammzertifikats von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E.crt>. Fehler: 12007 (0x2ee7).

System errors:
=============
Error: (05/21/2015 01:31:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 01:31:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 01:30:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 01:30:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 01:30:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SmartFaceVWatchSrv" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 01:30:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 01:30:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 01:30:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/21/2015 01:30:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "XAudioService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 01:30:31 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ulead Burning Helper" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2010-05-28 12:01:06.824
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.699
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.590
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.465
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.309
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Processor: AMD Athlon(tm) X2 Dual-Core QL-62
Percentage of memory in use: 33%
Total physical RAM: 2813.84 MB
Available physical RAM: 1869.51 MB
Total Pagefile: 5625.96 MB
Available Pagefile: 4389.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1908.09 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:116.29 GB) (Free:84.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:109.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E43EEFE7)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=116.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 21.05.2015, 17:03

Servus,

Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
*Allin1Convert*

:folderfind
*Allin1Convert*

:regfind
Allin1Convert
AVG SafeGuard toolbar
AVG Security Toolbar

Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

ludibubi · 21.05.2015, 21:39

Hallo Matthias,

ich muss das bis nächste Woche Mittwoch verschieben. Ich habe den Rechner im Büro stehen und bin ab morgen bis nächste Woche Dienstag ein paar Tage weg. Werde die Logs dann am Mittwoch posten.
Schöne Pfingsttage!

M-K-D-B · 22.05.2015, 13:31

Zitat:

Zitat von ludibubi

Werde die Logs dann am Mittwoch posten.

Ok, dann bis Mittwoch.

ludibubi · 27.05.2015, 09:46

Guten Morgen Matthias,

ich hoffe, du hattest ein schönes Wochenende. Hier das Log Systemlook

[QUOTESystemLook 30.07.11 by jpshortstuff
Log created at 10:39 on 27/05/2015 by meyer
Administrator - Elevation successful

========== filefind ==========

Searching for "*Allin1Convert*"
No files found.

========== folderfind ==========

Searching for "*Allin1Convert*"
C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h d------ [07:08 21/05/2015]
C:\AdwCleaner\Quarantine\C\Users\meyer\AppData\Local\Allin1Convert_8h d------ [07:08 21/05/2015]
C:\AdwCleaner\Quarantine\C\Users\meyer\AppData\LocalLow\Allin1Convert_8h d------ [07:09 21/05/2015]

========== regfind ==========

Searching for "Allin1Convert"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2e88ecae_0]
@="{0.0.0.00000000}.{419ba3e1-7f1e-4a4b-a513-d0c12f6bd44f}|\Device\HarddiskVolume2\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C}\1.0\0\win32]
@="C:\Program Files\Allin1Convert_8h\bar\1.bin\t8res.dll\1604"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C}\1.0\HELPDIR]
@="C:\Program Files\Allin1Convert_8h\bar\1.bin"
[HKEY_USERS\S-1-5-21-1398980063-4242612766-3276201938-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\2e88ecae_0]
@="{0.0.0.00000000}.{419ba3e1-7f1e-4a4b-a513-d0c12f6bd44f}|\Device\HarddiskVolume2\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe%b{00000000-0000-0000-0000-000000000000}"

Searching for "AVG SafeGuard toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Avg Secure Update\0414c\Info]
"DefaultPartner"="AVG SafeGuard toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Avg Secure Update\0414c\Info]
"RegKey"="AVG SafeGuard toolbar"

Searching for "AVG Security Toolbar"
No data found.

Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res

-= EOF =-][/QUOTE]

M-K-D-B · 27.05.2015, 12:12

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Avg Secure Update
RemoveProxy:
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
AdwCleaner starten, eine neue Version liegt vor. Lade diese auf deinen Desktop und führe das Tool erneut aus (wie weiter oben beschrieben). Poste im Abschluss wieder die Logdatei.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 5

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von AdwCleaner,
die Logdatei von ESET,
die Logdatei von SecurityCheck,
die beiden neuen Logdateien von FRST.

ludibubi · 28.05.2015, 10:28

Hallo Matthias,

ich mache das direkt morgen früh, weil ich heute ncht mehr im Büro bin. Logs folgen dann schnellstens!

So, alles durch. Hier sind die Logs:

FRST.Fix

Zitat:

Fix result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by meyer at 2015-05-28 09:19:41 Run:2
Running from C:\Users\meyer\Downloads
Loaded Profiles: meyer (Available Profiles: meyer)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Avg Secure Update
RemoveProxy:
EmptyTemp:
end

*****************

Processes closed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{76FC1003-0825-48BD-B59B-3B7A5754972C} => key Removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Avg Secure Update => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Avg Secure Update => key Removed successfully.

========= RemoveProxy: =========

"HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.

========= End of RemoveProxy: =========

EmptyTemp: => Removed 28.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 09:19:59 ====

AdwCleaner

AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v4.205 - Bericht erstellt 28/05/2015 um 09:52:42
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Ultimate  (x86)
# Benutzername : meyer - MEYER-PC
# Gestarted von : C:\Users\meyer\Downloads\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Avg_Update_0215tb
Ordner Gelöscht : C:\ProgramData\Avg_Update_0415tb
Ordner Gelöscht : C:\ProgramData\Avg_Update_0814tb
Ordner Gelöscht : C:\ProgramData\Avg_Update_1214tb

***** [ Geplante Tasks ] *****

Task Gelöscht : 0215tbUpdateInfo
Task Gelöscht : 0415tbUpdateInfo
Task Gelöscht : 1214tbUpdateInfo
Task Gelöscht : AVG-Secure-Search-Update_0414c_rel
Task Gelöscht : AVG-Secure-Search-Update_0414c_rmv

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v


*************************

AdwCleaner[R0].txt - [16721 Bytes] - [21/05/2015 09:05:51]
AdwCleaner[R1].txt - [1502 Bytes] - [28/05/2015 09:49:45]
AdwCleaner[S0].txt - [14822 Bytes] - [21/05/2015 09:08:55]
AdwCleaner[S1].txt - [1216 Bytes] - [28/05/2015 09:52:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1275  Bytes] ##########

--- --- ---

ESET

Zitat:

ESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cabErr

er Vorgang wurde erfolgreich beendet.
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=41473
esets_scanner_update returned -1 esets_gle=41473
ESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files\ESET\ESET Online Scanner\OnlineScanner.cabErr:Eine Datei kann nicht erstellt werden, wenn sie bereits vorhanden ist.
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=26f64708e20a954ca873ffd6cc87a384
# engine=24059
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-28 08:42:46
# local_time=2015-05-28 10:42:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 6657604 40434121 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 177315667 185241309 0 0
# scanned=119816
# found=49
# cleaned=49
# scan_time=1495
sh=71FBE0A32060ECCCE43C00B7C02ED06565D7F09F ft=1 fh=0f654da018985d81 vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hauxstb.dll.vir"
sh=7C73445F65C0FD08EAAD3A3E7FE1A28F5F482D08 ft=1 fh=dc7dda4109371c06 vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hauxstb64.dll.vir"
sh=5999E5206196F262092C8FE839FEC463EAC22157 ft=1 fh=27b135a74e6530eb vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbar.dll.vir"
sh=F6A514CC002B36C286D706701C54DB9A07BAE730 ft=1 fh=b29ee21a99e6c053 vn="Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe.vir"
sh=FA5D0D2DDD909D51A44BBC1818919626D4C223D7 ft=1 fh=1c9e878eed49a678 vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbprtct.dll.vir"
sh=7377286A011223C8EDB6D569EA9E9C530DE7DD9D ft=1 fh=8a1350a06e74ff7f vn="Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon.exe.vir"
sh=ED5F07C2013EC69C4A03AC9B48BBC6A3896347DA ft=1 fh=572d0aa7c713be6e vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbrmon64.exe.vir"
sh=F6230624FB2F593045AB2DEABE4373AF84CFF516 ft=1 fh=67a8f5e8cdb93eed vn="Variante von Win32/Toolbar.MyWebSearch.AM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub.dll.vir"
sh=02647F8CD70D673E477EC052154028FE08A86AD7 ft=1 fh=c1ea64bddc5cb8f1 vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hbrstub64.dll.vir"
sh=4DB17C0736B233AD37D6F337A8A03F362389DAE4 ft=1 fh=0c59bba2392f33ae vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hdatact.dll.vir"
sh=B040804B32E089C8926BB6A5FBC0D48E3BBAE03C ft=1 fh=443fd092f8ac3cce vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hdlghk.dll.vir"
sh=30017B37C5E874DA90B03618CE9432551D52244D ft=1 fh=33c46fedbb586f3b vn="Variante von Win64/Toolbar.MyWebSearch.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hdlghk64.dll.vir"
sh=157E1B95A1D344798CFB127B7CA276F88F637B01 ft=1 fh=8478345427d1f126 vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hfeedmg.dll.vir"
sh=74BB4E32B185DCD8553F2822D28977FF6A299BDE ft=1 fh=db00904785107d2d vn="Variante von Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hhighin.exe.vir"
sh=6590A892157BA2D363C4DECC22EBF4E48FF583F0 ft=1 fh=01c5e45c97b96046 vn="Variante von Win32/Toolbar.MyWebSearch.AM evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hhkstub.dll.vir"
sh=EC0D7D670552573E60A1516C7E47D71C0F7EB9CB ft=1 fh=bb9cd4821c42bac3 vn="Variante von Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hhtmlmu.dll.vir"
sh=AD0190339DE0DC3A2703310FC27CEB3DCAB6D040 ft=1 fh=aab0e17e5ff4782d vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hhttpct.dll.vir"
sh=5F84D4E3CA35DBD52CFB6B92A40D5AF76BDFFD37 ft=1 fh=d99c7ae8a2ef809c vn="Variante von Win32/Toolbar.MyWebSearch.AE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hidle.dll.vir"
sh=87CBF3283883EABF7F9F3A941D757573120D9B23 ft=1 fh=d55236b93d2dacb3 vn="Variante von Win32/Toolbar.MyWebSearch.AG evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hieovr.dll.vir"
sh=5D93ACDE3B4E491BA6A1193AB1CEC7C8379A2C8D ft=1 fh=631467c6a5376239 vn="Variante von Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hmedint.exe.vir"
sh=40214B5E70E7B4498B8A2C48CBB9AB0BA9843F36 ft=1 fh=e78cd0435ec00d54 vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hmlbtn.dll.vir"
sh=41CE4E72C7F26BA4B93CCF677ECC4E652BAFF507 ft=1 fh=dece550d141ec719 vn="Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hPlugin.dll.vir"
sh=37B2999CB30551F06DB841B79FD6F5D144E43046 ft=1 fh=bb9855177fd67662 vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hradio.dll.vir"
sh=7C6A76190F6CD9F904A2EE79D4B96E8241164615 ft=1 fh=c1ef878ae2e9284a vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hregfft.dll.vir"
sh=FD1D6F9C023EB9BBD29C75E83FCB6A8A3FC83346 ft=1 fh=2d2b6200895b81c3 vn="Variante von Win32/Toolbar.MyWebSearch.AK evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hreghk.dll.vir"
sh=25456A655000D5CEA7CAAC881486F7CBEC4414BB ft=1 fh=2a1c57d3dd98c7aa vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hregiet.dll.vir"
sh=734FEA6BB78C6D96DA51E70811ACEDBEBDC1D0E8 ft=1 fh=deeaf86e29a79180 vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hscript.dll.vir"
sh=18C17FF38FCDE8AD5B46549A50FFD98A319956B5 ft=1 fh=862260e8ce4a17d6 vn="Variante von Win32/Toolbar.MyWebSearch.P evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hskin.dll.vir"
sh=87E77F21EBBEE058158B046F24EF159203328931 ft=1 fh=4096f84f5d42b246 vn="Variante von Win32/Toolbar.MyWebSearch.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hskplay.exe.vir"
sh=B8267AA57FA0C998CAD83BABB2EF2282BF42A4CB ft=1 fh=da68ea2b1c3aea79 vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll.vir"
sh=27701684B9B28362D3FEA99A07818FFA492D3A4E ft=1 fh=bcc2ec90b8678e6e vn="Win32/Toolbar.MyWebSearch.AJ evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hSrchMn.exe.vir"
sh=3AC24FD6F613B463B8165D7A32205EC75AC48DF9 ft=1 fh=8b9fef4ee3f4c5cf vn="Variante von Win32/Toolbar.MyWebSearch.AK evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8hsrchmr.dll.vir"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="Variante von Win32/Toolbar.MyWebSearch.AA evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\8htpinst.dll.vir"
sh=F168820EBBB25A99251B35F4328E09BB914DCC9A ft=1 fh=bab93d68c29f066d vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe.vir"
sh=A6AD21A19469FB3650387953DDA171CF78464458 ft=1 fh=8261ecd8fca1a29c vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\AppIntegratorStub64.dll.vir"
sh=503D175296F62A84A1DC5D322E02A5898B53F057 ft=1 fh=8e03bdd376c83f71 vn="Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\CREXT.DLL.vir"
sh=A65106770308130C9099A8B1CE950B18B322A5A1 ft=1 fh=a5f508a382e83cd5 vn="Variante von Win32/Toolbar.MyWebSearch.Z evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\CrExtP8h.exe.vir"
sh=03AF68978658C3350452ACA5567A9F1358E3D387 ft=1 fh=ca334dce2d24b211 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\DPNMNGR.DLL.vir"
sh=293AE2F735B9C76ACF2BE9410EBFF2CD88D47F96 ft=1 fh=59afe8ea20712c28 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\EXEMANAGER.DLL.vir"
sh=F1729FFA87F558D1309B5EC71203DA6F33EADDED ft=1 fh=88b155e75251f720 vn="Variante von Win32/Toolbar.MyWebSearch.AI evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\FF-NativeMessagingDispatcher.dll.vir"
sh=B879BC93FA5D87733EDC9FD055A6AF538A554074 ft=1 fh=a792084cb5dc54a4 vn="Variante von Win64/Toolbar.MyWebSearch.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\Hpg64.dll.vir"
sh=FEC95DF73A91B7CA7A2B4A91688C4F1DCA37C961 ft=1 fh=b010d70978566d1c vn="Variante von Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll.vir"
sh=D8B759975F559EA0F0187F61FA557578B87758B7 ft=1 fh=ad0793bbaa3d8264 vn="Variante von Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\T8EPMSUP.DLL.vir"
sh=F8A298CC5DDB145D071A78148B7BF566A8B3C650 ft=1 fh=d2be10d612551eb6 vn="Variante von Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTEX.DLL.vir"
sh=1DC03C09702E4516B9267453FEE9BE1BF1554232 ft=1 fh=3f9fd7636822191c vn="Variante von Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\T8EXTPEX.DLL.vir"
sh=AF326F9B1D27D3007DC1CC20EAEBBAB07D711E7E ft=1 fh=6ca914416977a615 vn="Variante von Win32/Toolbar.MyWebSearch.AS evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\T8HTML.DLL.vir"
sh=CBB4DC6C8F822C67FA32B9F71C185FB535EA8E19 ft=1 fh=b7fc3d548175f148 vn="Variante von Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\T8TICKER.DLL.vir"
sh=DD0123C4D8DA38E948888E4EC29778DE0B0DA4D4 ft=1 fh=dea466b0175c3c32 vn="Win32/Toolbar.MyWebSearch.AL evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\UNIFIEDLOGGING.DLL.vir"
sh=AC5619AAD8CFE80E7E8F44176D56D916102DE59F ft=1 fh=733353b010d950fe vn="Variante von Win32/Toolbar.MyWebSearch.AC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Allin1Convert_8h\bar\1.bin\VERIFY.DLL.vir"

SecurityCheck

Zitat:

Results of screen317's Security Check version 1.002
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java(TM) 6 Update 39
Java 7 Update 25
Java(TM) 6 Update 3
Java version 32-bit out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FRST

Zitat:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by meyer (administrator) on MEYER-PC on 28-05-2015 11:14:02
Running from C:\Users\meyer\Downloads
Loaded Profiles: meyer (Available Profiles: meyer)
Platform: Microsoft Windows 7 Ultimate (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Ulead Systems, Inc.) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6037504 2008-04-08] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-18] (Google)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [topi] => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [Toshiba TEMPO] => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe [103824 2008-08-26] (Toshiba Europe GmbH)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2015-01-10] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [128760 2015-05-07] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-07-18] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk [2010-06-01]
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk [2010-06-01]
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-10-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk [2008-10-07]
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
URLSearchHook: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - No File
SearchScopes: HKLM -> {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSEE;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> DefaultScope {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> {F4C81C47-F663-403F-B2F0-9ED00511AEB6} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-24] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-24] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
Toolbar: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-01] (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\..\Interfaces\{ECB6E1FF-DC62-4C83-9C17-39A1AD2F7143}: [NameServer] 192.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\fi8OXMfQ.default
FF Plugin: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files\Picasa2\npPicasa2.dll [2008-08-21] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-06-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-06-24] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-05-28] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll [2013-01-24] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Extension: Avira Browser Safety - C:\Users\meyer\AppData\Roaming\Mozilla\Firefox\Profiles\fi8OXMfQ.default\Extensions\abs@avira.com [2014-11-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [993584 2015-01-10] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [206584 2015-05-07] (Avira Operations GmbH & Co. KG)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-17] (TOSHIBA CORPORATION) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-18] (Google)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [442368 2009-04-01] (Hauppauge Computer Works) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba) [File not signed]
R2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation) [File not signed]
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-11-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-14] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37384 2014-11-30] (Avira Operations GmbH & Co. KG)
S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [45824 2008-12-11] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [141408 2008-02-27] (Realtek Semiconductor Corp.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [347136 2009-07-14] (Realtek Semiconductor Corporation )
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows (R) Codename Longhorn DDK provider)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-02-14] (Avira GmbH)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 catchme; \??\C:\Users\meyer\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 11:14 - 2015-05-28 11:14 - 00018356 _____ () C:\Users\meyer\Downloads\FRST.txt
2015-05-28 11:05 - 2015-05-28 11:05 - 00001238 _____ () C:\Users\meyer\Downloads\checkup.txt
2015-05-28 11:02 - 2015-05-28 11:02 - 00852639 _____ () C:\Users\meyer\Downloads\SecurityCheck.exe
2015-05-28 10:08 - 2015-05-28 10:08 - 02347384 _____ (ESET) C:\Users\meyer\Downloads\esetsmartinstaller_deu.exe
2015-05-28 09:48 - 2015-05-28 09:48 - 02222592 _____ () C:\Users\meyer\Downloads\AdwCleaner_4.205.exe
2015-05-28 09:19 - 2015-05-28 09:19 - 00000000 ____D () C:\Users\meyer\Downloads\FRST-OlderVersion
2015-05-27 10:39 - 2015-05-27 10:41 - 00005844 _____ () C:\Users\meyer\Downloads\SystemLook.txt
2015-05-27 10:38 - 2015-05-27 10:38 - 00139264 _____ () C:\Users\meyer\Downloads\SystemLook.exe
2015-05-21 13:32 - 2015-05-21 13:32 - 00002026 _____ () C:\Users\meyer\Downloads\JRT.txt
2015-05-21 13:30 - 2015-05-21 13:30 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MEYER-PC-Windows-7-Ultimate-(32-bit).dat
2015-05-21 13:30 - 2015-05-21 13:30 - 00000000 ____D () C:\RegBackup
2015-05-21 13:28 - 2015-05-21 13:28 - 02720009 _____ (Thisisu) C:\Users\meyer\Downloads\JRT.exe
2015-05-21 09:48 - 2015-05-21 09:48 - 00001194 _____ () C:\Users\meyer\Downloads\mbam.txt
2015-05-21 09:29 - 2015-05-28 10:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-21 09:28 - 2015-05-21 09:28 - 00001072 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-21 09:28 - 2015-05-21 09:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-21 09:28 - 2015-05-21 09:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-21 09:28 - 2015-05-21 09:28 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-21 09:28 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-21 09:28 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-21 09:28 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-21 09:24 - 2015-05-21 09:24 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\meyer\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-21 09:05 - 2015-05-28 09:52 - 00000000 ____D () C:\AdwCleaner
2015-05-20 17:45 - 2015-05-20 17:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\meyer\Downloads\tdsskiller.exe
2015-05-20 16:54 - 2015-05-20 16:54 - 00014462 _____ () C:\Users\meyer\Downloads\gmer.log
2015-05-20 16:04 - 2015-05-20 16:04 - 00380416 _____ () C:\Users\meyer\Downloads\Gmer-19357.exe
2015-05-20 16:00 - 2015-05-28 11:14 - 00000000 ____D () C:\FRST
2015-05-20 16:00 - 2015-05-28 09:19 - 01147392 _____ (Farbar) C:\Users\meyer\Downloads\FRST.exe
2015-05-20 15:58 - 2015-05-20 15:58 - 00000472 _____ () C:\Users\meyer\Desktop\defogger_disable.log
2015-05-20 15:58 - 2015-05-20 15:58 - 00000000 _____ () C:\Users\meyer\defogger_reenable
2015-05-20 15:57 - 2015-05-20 15:57 - 00050477 _____ () C:\Users\meyer\Downloads\Defogger.exe
2015-05-20 13:05 - 2015-05-20 13:05 - 00001177 _____ () C:\Users\Public\Desktop\Avira.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 11:14 - 2010-07-18 10:27 - 00000000 ____D () C:\Users\meyer\AppData\Roaming\Skype
2015-05-28 11:06 - 2012-04-30 20:16 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 11:00 - 2010-05-28 13:55 - 01683405 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 10:47 - 2010-05-08 07:17 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 10:02 - 2010-05-28 13:30 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 10:02 - 2010-05-28 13:30 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 09:59 - 2010-05-08 07:17 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 09:57 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 09:57 - 2009-07-14 06:39 - 00447857 _____ () C:\Windows\setupact.log
2015-05-28 09:50 - 2010-05-28 14:09 - 01501000 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-21 14:58 - 2010-05-28 13:45 - 00039772 _____ () C:\Windows\PFRO.log
2015-05-20 15:58 - 2010-05-28 13:31 - 00000000 ____D () C:\Users\meyer
2015-05-20 15:39 - 2009-08-05 12:07 - 00000000 ____D () C:\Users\meyer\AppData\Local\Adobe
2015-05-20 15:38 - 2012-04-30 20:16 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-20 15:38 - 2012-04-30 20:16 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-20 13:33 - 2013-06-24 21:55 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-20 13:25 - 2014-02-20 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-20 13:05 - 2014-11-30 13:21 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-20 13:05 - 2014-02-20 20:26 - 00000000 ____D () C:\Program Files\Avira
2015-05-20 13:05 - 2012-04-30 20:17 - 00000000 ____D () C:\ProgramData\Avira

==================== Files in the root of some directories =======

2009-02-18 11:02 - 2009-02-18 11:03 - 0000114 _____ () C:\Users\meyer\AppData\Roaming\wklnhst.dat
2010-07-18 10:28 - 2010-07-18 10:28 - 0000048 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\meyer\AppData\Local\Temp\avgnt.exe
C:\Users\meyer\AppData\Local\Temp\Quarantine.exe
C:\Users\meyer\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-21 14:24

==================== End of log ============================

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by meyer at 2015-05-28 11:15:12
Running from C:\Users\meyer\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1398980063-4242612766-3276201938-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1398980063-4242612766-3276201938-1004 - Limited - Enabled)
Gast (S-1-5-21-1398980063-4242612766-3276201938-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1398980063-4242612766-3276201938-1002 - Limited - Enabled)
meyer (S-1-5-21-1398980063-4242612766-3276201938-1000 - Administrator - Enabled) => C:\Users\meyer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader 8.1.2 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81200000003}) (Version: 8.1.2 - Adobe Systems Incorporated)
ATI Catalyst Install Manager (HKLM\...\{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{022ef99f-0db2-4efc-964d-5dd2da3151f6}) (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.37.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.193.0508L - Chicony Electronics Co.,Ltd.)
ccc-core-static (Version: 2009.0729.2238.38827 - Ihr Firmenname) Hidden
CD/DVD Drive Acoustic Silencer (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.03 - TOSHIBA)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DVD MovieFactory for TOSHIBA (HKLM\...\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}) (Version: 5.51 - Ulead Systems, Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Hauppauge Signal Monitor Utility (HKLM\...\Hauppauge Signal Monitor Utility) (Version: - )
Hauppauge Software MPEG-2 Decoder Installer (HKLM\...\Hauppauge Software MPEG-2 Decoder Installer) (Version: - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: - )
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version: - )
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000) (Version: 7.70.00.50 - Conexant)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 3 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160030}) (Version: 1.6.0.30 - Sun Microsystems, Inc.)
Java(TM) 6 Update 39 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.390 - Oracle)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20125.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
myphotobook 3.6 (HKLM\...\myphotobook) (Version: 3.6 - myphotobook)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.52 - BVRP Software, Inc)
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
REALTEK RTL8187B Wireless LAN Driver (HKLM\...\{895722FE-25FE-4854-95AC-B0C42F9DBEDA}) (Version: Package:1.00.0026 Driver:6.1116.1226.2007 - )
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - Realtek Semiconductor Corp.)
Realtek WiFi Protected Setup Library (HKLM\...\{02CA24DD-C8B0-4280-BE53-7862869C2EB1}) (Version: Package:1.00.0026 - REALTEK Semiconductor Corp.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.20 - Safer-Networking Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.1.8.0 - Synaptics)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.04 - TOSHIBA)
TOSHIBA Benutzerhandbücher (HKLM\...\{1C971EE3-B4C4-4367-9676-57549919C6CE}) (Version: 7.40 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.13 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.30.12 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.2.32 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM\...\{2883F6F5-0509-43F3-868C-D50330DD9DD3}) (Version: 2.00.11 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.1b - TOSHIBA)
TOSHIBA Supervisor Password (HKLM\...\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}) (Version: 2.00.04 - )
Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.2 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.19 - TOSHIBA Corporation)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{A0359AE6-F410-4425-A975-684AAB785ABD}\InprocServer32 -> C:\Users\meyer\AppData\Local\ASKTOO~1\DOWNLO~1\AVIRAB~1.DLL No File
CustomCLSID: HKU\S-1-5-21-1398980063-4242612766-3276201938-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points =========================

23-11-2014 12:07:44 Geplanter Prüfpunkt
15-01-2015 13:22:46 Geplanter Prüfpunkt
20-02-2015 10:30:47 Geplanter Prüfpunkt
04-03-2015 11:47:24 Geplanter Prüfpunkt
03-05-2015 11:05:58 Geplanter Prüfpunkt
21-05-2015 14:31:35 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2013-06-27 21:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C2EEE51-D595-451B-9FF9-33B6E5EF1954} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - meyer => C:\Program Files\Windows Calendar\WinCal.exe
Task: {1343CBDC-8638-4292-8350-9E3DB7FCC1EE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {19953A8C-063E-4896-82D7-FDBA918F4F5F} - System32\Tasks\{CD38E15E-62CD-4D71-AFEE-72DB243BEB8E} => pcalua.exe -a C:\Temp\tinstall.exe -d C:\Temp
Task: {3D1D8917-8FFB-442E-A3BA-F1AC35C395FE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-05-16] (Safer-Networking Ltd.)
Task: {412B1BC1-D399-40D5-823E-D991085D2880} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-20] (Adobe Systems Incorporated)
Task: {436C5CDC-353C-4323-88C3-46A231BE6898} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {81E87554-0547-4D38-AA14-E1064E32E53D} - System32\Tasks\{82382185-3A68-4EF0-B3D7-8988FE6D2056} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {AE2B07F9-EF2E-4CE8-BDFE-E52040AD5935} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {ED396B59-9233-4C67-93B5-3BB66D451BAA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [2013-05-16] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2010-06-01 21:40 - 2009-04-01 17:55 - 00024064 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2013-06-30 14:22 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-06-30 14:22 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-06-30 14:22 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-06-30 14:22 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2013-06-30 14:22 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-05-07 16:37 - 2015-05-07 16:37 - 00245760 _____ () C:\Program Files\Avira\Launcher\System.ComponentModel.Composition.dll
2008-04-24 19:25 - 2008-04-24 19:25 - 00126976 _____ () C:\Windows\system32\SmartFaceVCtrl.dll
2008-04-24 19:25 - 2008-04-24 19:25 - 06701056 _____ () C:\Windows\system32\FaceHI.dll
2008-04-24 19:25 - 2008-04-24 19:25 - 00995328 _____ () C:\Windows\system32\FaceRec.dll
2008-03-06 11:14 - 2008-03-06 11:14 - 05121912 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2008-10-07 16:56 - 2006-10-10 11:44 - 00009728 _____ () C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
2007-12-25 13:03 - 2007-12-25 13:03 - 00015184 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2006-12-01 18:55 - 2006-12-01 18:55 - 00009216 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2008-10-07 17:14 - 2010-07-18 08:58 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2009-05-04 10:45 - 2009-05-04 10:45 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-02 12:36 - 2010-06-02 12:36 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1398980063-4242612766-3276201938-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\meyer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.8.100

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{341CD94B-5664-4351-AC45-562CF0458B4E}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F221B037-F35B-4FB4-AE2F-E07C75E5BC31}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{FF500449-BB7A-44C6-BE41-30562B31AE3E}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
FirewallRules: [{AB1FE149-543C-43D4-8D3A-4E79FA501894}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{AB8FE88B-E7C1-46F8-885B-01CDFFF9D94F}] => (Allow) C:\Program Files\AVG\AVG2013\avgmfapx.exe
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot-S&D 2 Tray Icon
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 09:57:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 09:22:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2015 08:58:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/27/2015 09:42:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 02:58:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 09:11:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 08:56:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/21/2015 08:37:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 05:42:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/20/2015 03:45:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.exe, Version 6.1.7600.16450 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 11ec

Startzeit: 01d0930219d3451c

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.exe

Berichts-ID:

System errors:
=============
Error: (05/28/2015 09:57:01 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (05/28/2015 09:57:01 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (05/28/2015 09:53:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" ist vom Dienst "Sicherheitscenter" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (05/28/2015 09:53:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Sicherheitscenter" ist vom Dienst "Windows-Verwaltungsinstrumentation" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%3

Error: (05/28/2015 09:53:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3

Error: (05/28/2015 09:53:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109

Error: (05/28/2015 09:53:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Druckwarteschlange" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (05/28/2015 09:53:41 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "Spooler" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (05/28/2015 09:53:18 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056

Error: (05/28/2015 09:52:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2010-05-28 12:01:06.824
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.699
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.590
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.465
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2010-05-28 12:01:06.309
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Processor: AMD Athlon(tm) X2 Dual-Core QL-62
Percentage of memory in use: 50%
Total physical RAM: 2813.84 MB
Available physical RAM: 1388.24 MB
Total Pagefile: 5625.96 MB
Available Pagefile: 3632.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.29 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:116.29 GB) (Free:85.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Data) (Fixed) (Total:115.13 GB) (Free:109.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E43EEFE7)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=116.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=115.1 GB) - (Type=07 NTFS)

==================== End of log ============================

M-K-D-B · 28.05.2015, 12:14

Servus,

wie sieht es mittlerweile mit Avira, Spybot und Windows Updates aus?

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

ludibubi · 28.05.2015, 14:00

Stand der Dinge:
Avira ließ sich nicht aktualisieren. Habe das jetzt deinstalliert, mit dem Regcleaner-Tool von Avira alle Spuren beseitigt und neu installiert. Hat jetzt das Update für heute gemacht.
Sbybot ließ sich aktualisieren.
Windows Update funktioniert nicht.

Log von FSS:

Zitat:

Farbar Service Scanner Version: 17-01-2015
Ran by meyer (administrator) on 28-05-2015 at 14:57:50
Running from "C:\Users\meyer\Downloads"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

M-K-D-B · 28.05.2015, 20:48

Servus,

Downloade WinUpdateFix auf den Desktop.
Starte das Tool, es öffnet sich ein Fenster.
Erstelle einen Screenshot von dem Fenster, ändere nichts ohne Anweisung.
Schließe das Tool wieder.

ludibubi · 28.05.2015, 20:54

Hallo, da ich Freitags immer frei habe (da arbeitet meine Frau dann), kann ich das erst am Montag machen. Ich melde mich dann.
Schönes Wochenende!

28.05.2015, 20:48	#14
M-K-D-B /// TB-Ausbilder	Avira und Spybot lassen sich nicht aktualisieren, Windows-Update geht nicht. Servus, Downloade WinUpdateFix auf den Desktop. Starte das Tool, es öffnet sich ein Fenster. Erstelle einen Screenshot von dem Fenster, ändere nichts ohne Anweisung. Schließe das Tool wieder.

Avira und Spybot lassen sich nicht aktualisieren, Windows-Update geht nicht.

Plagegeister aller Art und deren Bekämpfung: Avira und Spybot lassen sich nicht aktualisieren, Windows-Update geht nicht.