Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Tägliche "Erkennung interaktiver Dienste" und "automatische Abmeldung" bei web.de (https://www.trojaner-board.de/161986-taegliche-erkennung-interaktiver-dienste-automatische-abmeldung-web-de.html)

sir peter 18.12.2014 19:18
Tägliche "Erkennung interaktiver Dienste" und "automatische Abmeldung" bei web.de
 
Liebe Froumgemeinde,

ich habe seit einigen Tagen täglich folgende Meldung:

Erkennung interaktiver Dienste

Von einem auf diesem Computer ausgeführten Programm wird versucht, eine Meldung anzuzeigen

Möglicherweise sind Informationen oder Berechtigungen erforderlich, damit das Programm den Vorgang abschließen kann. Woran liegt das?

-> Meldung anzeigen
-> Später erneut nachfragen

Programmdetails:

Programme und Geräte, für den ein Eingreifen angefordert wird.
Nachricht: Alert
Programmpfad: C:\Windows\system32\MsiExec.exe
Empfangen: Heute

Dieses Problem tritt auf, wenn ein Programm nicht vollständig kompatibel mit Windows ist. Wenden Sie sich an den Programm- oder Gerätehersteller, um weitere Informationen zu erhalten.

Wenn ich mir die Meldung anzeigen lasse, dann schaltet sich mein 2. Monitor ab und ich komme ca. 3 sek später in ein hellblau unterlegtes Bild wo zwei Meldungen zu sehen sind. Die untere lautet:

Alert
The version of the Player that you are trying to install is lower then what is currently installed.

Dann gehe ich auf ok und die andere Meldung lautet:
Für das Programm ist kein Eingreifen mehr erforderlich...

Ich hatte bevor diese Meldung das 1. Mal auftauchte irgendein update gemacht und dabei wurde irgendein player runtergeladen, da dieser vor der Installation jedoch als veraltet gemeldet wurde, habe ich die Installation abgebrochen.
Die Install-exe habe ich aber nicht mehr in meinem Download-Speicherordner gefunden.

Seit gestern ist mir auch aufgefallen,
dass wenn ich mich über die Website von web einloggen will, folgende Meldung angezeigt wird:

Keine Internetverbindung

Ihre Internetverbindung wurde unterbrochen. Es wird versucht, die Verbindung wieder herzustellen. Bitte haben Sie einen Augenblick Geduld.
Sie wurden automatisch abgemeldet

Aus Sicherheitsgründen wurden Sie automatisch von Ihrem WEB.DE-Konto abgemeldet. Bitte melden Sie sich neu an, um auf Ihr Postfach zugreifen zu können. Zur Anmeldung

Logout

Start
Posteingang
Adressbuch
Online-Speicher
Fotoalbum
WEB.DE Club
De-Mail
Domains


Da ich nun etwas misstrauisch geworden bin, frage ich mich nun ob das ein Virus ist und wie ich weiter vorgehen soll.

Hier nun die Log files:

FRST

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2014
Ran by Der Peter (administrator) on DERPETER-PC on 18-12-2014 17:53:21
Running from C:\Users\Der Peter\Desktop
Loaded Profile: Der Peter (Available profiles: Der Peter)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
() C:\Windows\System32\PSIService.exe
(Dropbox, Inc.) C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Secunia) C:\Program Files\Secunia\PSI\SUA\91fa336b2ac29ef07c32e849a032f313045e2d19\AdobeFlashPlayer_16.0.0.235_NPAPI_SPS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Secure Search\vprot.exe [2640408 2014-09-07] ()
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\MountPoints2: E - E:\autorun.exe
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\MountPoints2: {69d272d9-242e-11e2-83aa-0022152b33d1} - E:\START32.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={5CAEE2CE-544F-49BA-BAA0-0B56D899B3C4}&mid=b0ccef9f6f5647e1ba32614e8a2d49e8-9855e9ac8b62faab56e43865bc5715ee1f1b0764&lang=de&ds=wa011&pr=&d=2012-11-16 19:26:03&v=17.2.0.38&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default
FF DefaultSearchEngine: Ecosia
FF SelectedSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program File\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3580812390-2972974327-1728687882-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Der Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\searchplugins\benefind.xml
FF SearchPlugin: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\searchplugins\gutscheinsuche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: NoScript - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-14]
FF Extension: Ecosia — The search engine that plants trees! - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2014-09-05]
FF Extension: Adblock Plus - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-31]
FF Extension: Adblock Edge - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-31]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-09-07]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-09-07] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-07] (AVG Technologies)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-01] (DT Soft Ltd)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 17:53 - 2014-12-18 17:54 - 00013829 _____ () C:\Users\Der Peter\Desktop\FRST.txt
2014-12-18 17:53 - 2014-12-18 17:53 - 00000000 ____D () C:\FRST
2014-12-18 17:52 - 2014-12-18 17:52 - 01113600 _____ (Farbar) C:\Users\Der Peter\Desktop\FRST.exe
2014-12-18 17:45 - 2014-12-18 17:46 - 00000550 _____ () C:\Users\Der Peter\Desktop\defogger_disable.log
2014-12-18 17:45 - 2014-12-18 17:45 - 00000156 _____ () C:\Users\Der Peter\defogger_reenable
2014-12-18 17:44 - 2014-12-18 17:44 - 00050477 _____ () C:\Users\Der Peter\Desktop\Defogger.exe
2014-12-16 21:18 - 2014-12-16 22:09 - 00000000 ____D () C:\Users\Der Peter\Desktop\Bilder für Fotoshow
2014-12-14 18:25 - 2014-12-14 18:25 - 01156136 _____ (Ruiware) C:\Users\Der Peter\Downloads\wpsetup.exe
2014-12-14 18:11 - 2014-12-14 18:13 - 00000000 ____D () C:\Users\Der Peter\Documents\My ISO Files
2014-12-14 18:11 - 2014-12-14 18:11 - 00000929 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Program Files\UltraISO
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Program Files\Common Files\EZB Systems
2014-12-14 18:05 - 2014-12-14 18:05 - 04348103 _____ (EZB Systems, Inc. ) C:\Users\Der Peter\Downloads\uiso962_pe_DE.exe
2014-12-12 14:12 - 2014-12-12 14:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 00:26 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 00:26 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 00:26 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 00:26 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 00:26 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 22:34 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 22:34 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 22:33 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 22:33 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 22:33 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 22:33 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 22:33 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 22:33 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 22:33 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 22:33 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 22:33 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 22:33 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 22:33 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-11 22:33 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 22:33 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 22:33 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 22:33 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 22:33 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 22:33 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 22:33 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 22:33 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 22:33 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 22:33 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 22:32 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 22:32 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 22:32 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 22:32 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 22:32 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 22:32 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 22:32 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 22:32 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 22:32 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 22:32 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 22:32 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 22:32 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 22:31 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 22:31 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 15:35 - 2014-12-10 15:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-26 15:14 - 2014-11-26 15:14 - 00002005 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-26 15:13 - 2014-11-26 15:13 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-26 15:13 - 2014-11-26 15:13 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-20 14:57 - 2014-12-16 22:12 - 00004608 _____ () C:\Users\Der Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-19 11:22 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 11:22 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-18 17:45 - 2012-10-31 18:44 - 00000000 ____D () C:\Users\Der Peter
2014-12-18 17:41 - 2012-10-31 19:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-18 17:14 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 17:14 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 17:12 - 2012-10-31 18:37 - 01727692 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 17:09 - 2012-11-01 13:47 - 00000000 ___RD () C:\Users\Der Peter\Dropbox
2014-12-18 17:06 - 2012-11-01 13:24 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Dropbox
2014-12-18 17:05 - 2014-07-14 20:42 - 00009840 _____ () C:\Windows\SecuniaPackage.log
2014-12-18 17:03 - 2013-06-03 20:36 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-12-18 17:02 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 17:02 - 2009-07-14 05:39 - 00102496 _____ () C:\Windows\setupact.log
2014-12-17 19:44 - 2012-11-01 19:32 - 00000000 ____D () C:\Users\Der Peter\AppData\Local\Adobe
2014-12-17 19:44 - 2012-10-31 19:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-17 19:44 - 2012-10-31 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-17 19:25 - 2013-07-03 23:29 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Aquamarin Haushaltsbuch
2014-12-17 18:26 - 2014-05-28 20:21 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA.job
2014-12-16 21:26 - 2014-05-28 20:21 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core.job
2014-12-16 21:20 - 2009-10-15 10:59 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-15 20:01 - 2012-11-01 14:38 - 00191104 _____ () C:\Windows\PFRO.log
2014-12-14 18:26 - 2014-07-14 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-12-14 18:26 - 2014-07-14 20:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-14 09:26 - 2012-11-01 13:47 - 00001032 _____ () C:\Users\Der Peter\Desktop\Dropbox.lnk
2014-12-14 09:26 - 2012-11-01 13:25 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 15:19 - 2014-10-06 09:17 - 00001432 _____ () C:\Users\Der Peter\Desktop\Seppel Praxis.lnk
2014-12-12 14:12 - 2014-05-12 13:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 14:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-12 14:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 00:24 - 2013-08-29 10:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 00:19 - 2012-10-31 20:07 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 22:20 - 2012-11-01 15:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 22:08 - 2012-10-31 19:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-06 01:16 - 2012-11-21 14:08 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\vlc
2014-11-26 15:14 - 2012-10-31 18:53 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-26 15:14 - 2012-10-31 18:53 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-26 15:13 - 2014-05-12 12:05 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-26 15:13 - 2014-01-06 11:44 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-11-26 15:13 - 2013-03-19 00:02 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-26 15:13 - 2013-03-19 00:02 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-26 15:13 - 2012-10-31 18:53 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-26 15:13 - 2012-10-31 18:53 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-24 14:04 - 2012-10-31 18:58 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-19 21:44 - 2012-11-01 19:49 - 00000000 ____D () C:\Users\Der Peter\Documents\Corel PaintShop Pro
2014-11-18 19:41 - 2013-09-10 19:43 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Skype

Some content of TEMP:
====================
C:\Users\Der Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjzjdht.dll
C:\Users\Der Peter\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Der Peter\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-05 15:05

==================== End Of Log ============================

Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Der Peter at 2014-12-18 17:55:22
Running from C:\Users\Der Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\{F1410A0A-8205-4D45-BF2B-9C7ACB2F4B24}) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\{B21D5938-6B90-408B-B827-92F6E0E11B48}) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.2 (HKLM\...\{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}) (Version: 4.2.1 - Adobe)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Allway Sync version 14.0.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
Aquamarin Haushaltsbuch 2.9.2 b (HKLM\...\{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1) (Version:  - makasy.com)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Corel PaintShop Pro X4 (HKLM\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (Version: 14.2.0.1 - Corel Corporation) Hidden
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Dropbox (HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garmin BaseCamp (HKLM\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{9C31FFDC-E796-4884-B990-41B9A5B2A647}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
ICA (Version: 14.0.0.332 - Corel Corporation) Hidden
IPM_PSP_COM (Version: 14.0.0.332 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
ISO to USB (HKLM\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LibreOffice 4.2.7.2 (HKLM\...\{A313C39F-79A7-408B-97EE-8F958407D694}) (Version: 4.2.7.2 - The Document Foundation)
MAGIX hiphop maker (HKLM\...\MAGIX hiphop maker) (Version: 1.0.0.0 - MAGIX Entertainment)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA PhysX (HKLM\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSPPContent (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (Version: 14.0.0.332 - Corel Corporation) Hidden
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Setup (Version: 14.0.0.332 - Ihr Firmenname) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.50 - Ghisler Software GmbH)
UltraISO Premium V9.62 (HKLM\...\UltraISO_is1) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
XMind (HKLM\...\XMind) (Version: 3.3.0 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No File
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{1EF21888-3BD8-4064-BAD3-4BF694952652}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\WLPG.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Der Peter\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Der Peter\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Der Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-11-2014 14:33:54 Windows Update
19-11-2014 12:16:05 Windows Update
26-11-2014 15:01:32 Windows Update
26-11-2014 15:11:11 avast! antivirus system restore point
02-12-2014 22:30:26 Windows Update
11-12-2014 22:31:58 Windows Update
12-12-2014 00:18:39 Windows Update
16-12-2014 08:50:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03FEED26-A270-4097-96D2-2918B9FBAFC3} - System32\Tasks\{97EC7512-BA5D-45F1-9A4D-39C3316F6545} => C:\Program Files\1602.exe
Task: {114CEE5A-C82E-477C-B0F7-21360BA0E1DC} - System32\Tasks\{A8CBA0FA-44BB-4DCD-88A9-1AFC30074848} => G:\check.exe
Task: {1B5B31FC-C410-431C-8A9D-49F95A728EA3} - System32\Tasks\{1A3975A3-204F-4020-A3AE-1F47F0F3411D} => C:\Program Files\1602.exe
Task: {1DECE877-BE8A-4BC3-AB14-C08713E5B209} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA => C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-28] (Facebook Inc.)
Task: {25C83CBE-D6B4-4AB5-B4AD-F24F9CF9FE72} - System32\Tasks\{0A657B28-E4EE-497D-8892-B7CCF22A9FD3} => G:\check.exe
Task: {28775E87-2B6F-4746-850A-245302E9C12C} - System32\Tasks\{D07F1F52-1CE0-45EA-90C4-0955B5ED0E21} => C:\BlueByte\Siedler3\AUTORUN.EXE
Task: {5311C552-F1D3-41A6-AC08-7C6ED153A3BD} - System32\Tasks\{17DEF135-9569-4BA5-95E3-48C7AA23B2F8} => G:\check.exe
Task: {57A402B2-6EED-44B0-8C11-BFBE198D04DF} - System32\Tasks\{2DBDD41D-243F-4DDE-874B-74D37969213F} => C:\Program Files\1602.exe
Task: {58BD1DAE-13F2-4F18-BE96-60C3B663DF69} - System32\Tasks\{49EF9064-42D9-4D8A-931F-07D7699E0132} => C:\Program Files\1602.exe
Task: {7BE91E5F-FDC5-4F74-A2D9-EF620957D479} - System32\Tasks\{DFCE74AB-D7A9-4837-8187-C10C68858B07} => C:\Program Files\1602.exe
Task: {8C90D7E9-10D0-4541-A5E1-48077299C5FD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: {9AB87F04-62D9-44B2-88F7-3D7FC45B3573} - System32\Tasks\{E66DB108-FF6D-44E7-91CF-DB0BCEE5E11C} => G:\check.exe
Task: {B869A3F5-6241-49AE-8099-3C03C0801086} - System32\Tasks\{3AAD059D-B040-4917-AF54-6D6B3363DE92} => G:\check.exe
Task: {C2C3FA7F-EAA0-472D-BE8B-064C50AC4327} - System32\Tasks\{1DE3ECA0-83BC-4DBD-873E-25DB5C034703} => C:\Program Files\1602.exe
Task: {C7223C8C-9A82-447A-92F3-FE1F5D6442D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-17] (Adobe Systems Incorporated)
Task: {D3D5D37B-2EB5-45C2-B3CD-A983499E380D} - System32\Tasks\{0E5448D0-541C-4220-80AE-5F9F5445DE60} => pcalua.exe -a C:\BlueByte\Siedler3\siedler-3-urversion-160\s3old160.exe -d C:\BlueByte\Siedler3\siedler-3-urversion-160
Task: {DC429F0F-863B-4D4E-B945-432FC9A13C87} - System32\Tasks\{A9DED861-AFD3-43E1-A59B-90428AE26238} => G:\_setup\Setup.exe
Task: {E2D86434-606D-4B9A-85E1-6EC9B984ACA3} - System32\Tasks\{7268DC39-C6B1-4D2A-B9BA-EBE36791C299} => C:\Westwood\AR2\Ra2.exe
Task: {E30659E5-0D2D-42CF-981A-F690A013C51E} - System32\Tasks\{218CE1E3-9A9F-44F9-BD29-20A42E735F13} => C:\Program Files\1602.exe
Task: {ECAA8B98-9BAF-46CE-AF08-1521C5A68C33} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4B2680C8-6825-4582-ACD4-68569385F09F}.exe
Task: {F0335FB9-37EB-4D30-906B-829286C930AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core => C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-28] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4B2680C8-6825-4582-ACD4-68569385F09F}.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core.job => C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA.job => C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-18 14:50 - 2014-12-18 14:50 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121800\algo.dll
2012-10-31 20:07 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-11-16 19:25 - 2014-09-07 21:36 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2014-09-07 21:40 - 2014-09-07 21:36 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-11-26 15:13 - 2014-11-26 15:13 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-18 17:05 - 2014-12-18 17:05 - 00043008 _____ () c:\Users\Der Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjzjdht.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00118784 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
2014-09-07 21:40 - 2014-09-07 21:35 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-12-10 15:35 - 2014-12-10 15:35 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00282304 _____ () C:\Program Files\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C64BF02A

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3580812390-2972974327-1728687882-500 - Administrator - Disabled)
Der Peter (S-1-5-21-3580812390-2972974327-1728687882-1001 - Administrator - Enabled) => C:\Users\Der Peter
Gast (S-1-5-21-3580812390-2972974327-1728687882-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3580812390-2972974327-1728687882-1185 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2014 05:06:12 PM) (Source: MsiInstaller) (EventID: 11705) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 15 Plugin -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (12/17/2014 06:27:30 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/17/2014 06:27:15 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/17/2014 02:38:22 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/16/2014 07:47:34 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/16/2014 07:29:34 PM) (Source: MsiInstaller) (EventID: 11705) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 15 Plugin -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (12/15/2014 09:26:35 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/14/2014 05:35:43 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/14/2014 09:32:46 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/12/2014 02:29:26 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start


System errors:
=============
Error: (12/18/2014 05:02:27 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/18/2014 05:02:27 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/18/2014 05:02:26 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/18/2014 05:02:26 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/18/2014 02:57:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (12/18/2014 02:49:41 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/18/2014 02:49:41 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/18/2014 02:49:39 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/18/2014 02:49:39 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/17/2014 06:27:39 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (12/18/2014 05:06:12 PM) (Source: MsiInstaller) (EventID: 11705) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 15 Plugin -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/17/2014 06:27:30 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/17/2014 06:27:15 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/17/2014 02:38:22 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/16/2014 07:47:34 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/16/2014 07:29:34 PM) (Source: MsiInstaller) (EventID: 11705) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 15 Plugin -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/15/2014 09:26:35 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/14/2014 05:35:43 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/14/2014 09:32:46 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/12/2014 02:29:26 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 60%
Total physical RAM: 3071.27 MB
Available physical RAM: 1207.68 MB
Total Pagefile: 6140.84 MB
Available Pagefile: 4415.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:37.02 GB) NTFS
Drive e: (Klick! Mathe 1) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive i: (SEBPETRICH) (Removable) (Total:7.45 GB) (Free:4.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 552D552D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 6E652072)
No partition Table on disk 1.

==================== End Of Log ============================
gmer:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2014
Ran by Der Peter at 2014-12-18 17:55:22
Running from C:\Users\Der Peter\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\{F1410A0A-8205-4D45-BF2B-9C7ACB2F4B24}) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\{B21D5938-6B90-408B-B827-92F6E0E11B48}) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.2 (HKLM\...\{FC5A8E68-A2E5-4E14-91FA-7A3FB83C7E23}) (Version: 4.2.1 - Adobe)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Allway Sync version 14.0.1 (HKLM\...\Allway Sync_is1) (Version:  - Botkind Inc)
Aquamarin Haushaltsbuch 2.9.2 b (HKLM\...\{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1) (Version:  - makasy.com)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
AVG Security Toolbar (HKLM\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.2.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.2.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Corel PaintShop Pro X4 (HKLM\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
Corel PaintShop Pro X4 (Version: 14.2.0.1 - Corel Corporation) Hidden
Counter-Strike 1.6 (HKLM\...\Counter-Strike 1.6) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Dropbox (HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Garmin BaseCamp (HKLM\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{9C31FFDC-E796-4884-B990-41B9A5B2A647}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
ICA (Version: 14.0.0.332 - Corel Corporation) Hidden
IPM_PSP_COM (Version: 14.0.0.332 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
ISO to USB (HKLM\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LibreOffice 4.2.7.2 (HKLM\...\{A313C39F-79A7-408B-97EE-8F958407D694}) (Version: 4.2.7.2 - The Document Foundation)
MAGIX hiphop maker (HKLM\...\MAGIX hiphop maker) (Version: 1.0.0.0 - MAGIX Entertainment)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Image Composite Editor (HKLM\...\{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola SM56 Speakerphone Modem (HKLM\...\SMSERIAL) (Version: 6.12.25.06 - Motorola Inc)
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
NVIDIA PhysX (HKLM\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
PDF24 Creator 5.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PSPPContent (Version: 14.0.0.332 - Corel Corporation) Hidden
PSPPHelp (Version: 14.0.0.332 - Corel Corporation) Hidden
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Setup (Version: 14.0.0.332 - Ihr Firmenname) Hidden
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.50 - Ghisler Software GmbH)
UltraISO Premium V9.62 (HKLM\...\UltraISO_is1) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 32.0.2014.5 - Ruiware)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
XMind (HKLM\...\XMind) (Version: 3.3.0 - XMind Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{1AC77AE9-9EC6-405A-9F9B-C06AB3C10B71}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\ShellExtension.dll No File
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{1EF21888-3BD8-4064-BAD3-4BF694952652}\InprocServer32 -> C:\Program Files\Microsoft Research\Image Composite Editor\WLPG.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Der Peter\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Der Peter\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Der Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3580812390-2972974327-1728687882-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

18-11-2014 14:33:54 Windows Update
19-11-2014 12:16:05 Windows Update
26-11-2014 15:01:32 Windows Update
26-11-2014 15:11:11 avast! antivirus system restore point
02-12-2014 22:30:26 Windows Update
11-12-2014 22:31:58 Windows Update
12-12-2014 00:18:39 Windows Update
16-12-2014 08:50:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03FEED26-A270-4097-96D2-2918B9FBAFC3} - System32\Tasks\{97EC7512-BA5D-45F1-9A4D-39C3316F6545} => C:\Program Files\1602.exe
Task: {114CEE5A-C82E-477C-B0F7-21360BA0E1DC} - System32\Tasks\{A8CBA0FA-44BB-4DCD-88A9-1AFC30074848} => G:\check.exe
Task: {1B5B31FC-C410-431C-8A9D-49F95A728EA3} - System32\Tasks\{1A3975A3-204F-4020-A3AE-1F47F0F3411D} => C:\Program Files\1602.exe
Task: {1DECE877-BE8A-4BC3-AB14-C08713E5B209} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA => C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-28] (Facebook Inc.)
Task: {25C83CBE-D6B4-4AB5-B4AD-F24F9CF9FE72} - System32\Tasks\{0A657B28-E4EE-497D-8892-B7CCF22A9FD3} => G:\check.exe
Task: {28775E87-2B6F-4746-850A-245302E9C12C} - System32\Tasks\{D07F1F52-1CE0-45EA-90C4-0955B5ED0E21} => C:\BlueByte\Siedler3\AUTORUN.EXE
Task: {5311C552-F1D3-41A6-AC08-7C6ED153A3BD} - System32\Tasks\{17DEF135-9569-4BA5-95E3-48C7AA23B2F8} => G:\check.exe
Task: {57A402B2-6EED-44B0-8C11-BFBE198D04DF} - System32\Tasks\{2DBDD41D-243F-4DDE-874B-74D37969213F} => C:\Program Files\1602.exe
Task: {58BD1DAE-13F2-4F18-BE96-60C3B663DF69} - System32\Tasks\{49EF9064-42D9-4D8A-931F-07D7699E0132} => C:\Program Files\1602.exe
Task: {7BE91E5F-FDC5-4F74-A2D9-EF620957D479} - System32\Tasks\{DFCE74AB-D7A9-4837-8187-C10C68858B07} => C:\Program Files\1602.exe
Task: {8C90D7E9-10D0-4541-A5E1-48077299C5FD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: {9AB87F04-62D9-44B2-88F7-3D7FC45B3573} - System32\Tasks\{E66DB108-FF6D-44E7-91CF-DB0BCEE5E11C} => G:\check.exe
Task: {B869A3F5-6241-49AE-8099-3C03C0801086} - System32\Tasks\{3AAD059D-B040-4917-AF54-6D6B3363DE92} => G:\check.exe
Task: {C2C3FA7F-EAA0-472D-BE8B-064C50AC4327} - System32\Tasks\{1DE3ECA0-83BC-4DBD-873E-25DB5C034703} => C:\Program Files\1602.exe
Task: {C7223C8C-9A82-447A-92F3-FE1F5D6442D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-17] (Adobe Systems Incorporated)
Task: {D3D5D37B-2EB5-45C2-B3CD-A983499E380D} - System32\Tasks\{0E5448D0-541C-4220-80AE-5F9F5445DE60} => pcalua.exe -a C:\BlueByte\Siedler3\siedler-3-urversion-160\s3old160.exe -d C:\BlueByte\Siedler3\siedler-3-urversion-160
Task: {DC429F0F-863B-4D4E-B945-432FC9A13C87} - System32\Tasks\{A9DED861-AFD3-43E1-A59B-90428AE26238} => G:\_setup\Setup.exe
Task: {E2D86434-606D-4B9A-85E1-6EC9B984ACA3} - System32\Tasks\{7268DC39-C6B1-4D2A-B9BA-EBE36791C299} => C:\Westwood\AR2\Ra2.exe
Task: {E30659E5-0D2D-42CF-981A-F690A013C51E} - System32\Tasks\{218CE1E3-9A9F-44F9-BD29-20A42E735F13} => C:\Program Files\1602.exe
Task: {ECAA8B98-9BAF-46CE-AF08-1521C5A68C33} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4B2680C8-6825-4582-ACD4-68569385F09F}.exe
Task: {F0335FB9-37EB-4D30-906B-829286C930AC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core => C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-28] (Facebook Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4B2680C8-6825-4582-ACD4-68569385F09F}.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core.job => C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA.job => C:\Users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-18 14:50 - 2014-12-18 14:50 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121800\algo.dll
2012-10-31 20:07 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2012-11-16 19:25 - 2014-09-07 21:36 - 02640408 _____ () C:\Program Files\AVG Secure Search\vprot.exe
2014-09-07 21:40 - 2014-09-07 21:36 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2014-11-26 15:13 - 2014-11-26 15:13 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-18 17:05 - 2014-12-18 17:05 - 00043008 _____ () c:\Users\Der Peter\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjzjdht.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00118784 _____ () C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
2014-09-07 21:40 - 2014-09-07 21:35 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-12-10 15:35 - 2014-12-10 15:35 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-03-31 20:35 - 2014-03-31 20:35 - 00282304 _____ () C:\Program Files\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C64BF02A

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3580812390-2972974327-1728687882-500 - Administrator - Disabled)
Der Peter (S-1-5-21-3580812390-2972974327-1728687882-1001 - Administrator - Enabled) => C:\Users\Der Peter
Gast (S-1-5-21-3580812390-2972974327-1728687882-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3580812390-2972974327-1728687882-1185 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Microsoft-Adapter für Miniports virtueller WiFis
Description: Microsoft-Adapter für Miniports virtueller WiFis
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/18/2014 05:06:12 PM) (Source: MsiInstaller) (EventID: 11705) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 15 Plugin -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (12/17/2014 06:27:30 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/17/2014 06:27:15 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/17/2014 02:38:22 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/16/2014 07:47:34 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/16/2014 07:29:34 PM) (Source: MsiInstaller) (EventID: 11705) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 15 Plugin -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (12/15/2014 09:26:35 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/14/2014 05:35:43 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/14/2014 09:32:46 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start

Error: (12/12/2014 02:29:26 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start


System errors:
=============
Error: (12/18/2014 05:02:27 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/18/2014 05:02:27 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/18/2014 05:02:26 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/18/2014 05:02:26 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/18/2014 02:57:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (12/18/2014 02:49:41 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/18/2014 02:49:41 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/18/2014 02:49:39 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (12/18/2014 02:49:39 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/17/2014 06:27:39 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (12/18/2014 05:06:12 PM) (Source: MsiInstaller) (EventID: 11705) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 15 Plugin -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/17/2014 06:27:30 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/17/2014 06:27:15 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/17/2014 02:38:22 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/16/2014 07:47:34 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/16/2014 07:29:34 PM) (Source: MsiInstaller) (EventID: 11705) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 15 Plugin -- Error 1705.A previous installation for this product is in progress.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/15/2014 09:26:35 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/14/2014 05:35:43 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/14/2014 09:32:46 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:

Error: (12/12/2014 02:29:26 PM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Percentage of memory in use: 60%
Total physical RAM: 3071.27 MB
Available physical RAM: 1207.68 MB
Total Pagefile: 6140.84 MB
Available Pagefile: 4415.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:37.02 GB) NTFS
Drive e: (Klick! Mathe 1) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS
Drive i: (SEBPETRICH) (Removable) (Total:7.45 GB) (Free:4.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 552D552D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 6E652072)
No partition Table on disk 1.

==================== End Of Log ============================

Ich hoffe ihr könnt mir weiterhelfen...

Danke schonmal

Sir Peter

schrauber 18.12.2014 19:24
hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

sir peter 18.12.2014 21:10
Hier die logs:


Code:
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2014.12.18.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
Der Peter :: DERPETER-PC [administrator]

18.12.2014 20:18:26
mbar-log-2014-12-18 (20-18-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 299175
Time elapsed: 29 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
TDSSKiller

Code:

21:01:14.0326 0x107c  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
21:01:27.0312 0x107c  ============================================================
21:01:27.0312 0x107c  Current date / time: 2014/12/18 21:01:27.0312
21:01:27.0312 0x107c  SystemInfo:
21:01:27.0312 0x107c 
21:01:27.0313 0x107c  OS Version: 6.1.7601 ServicePack: 1.0
21:01:27.0313 0x107c  Product type: Workstation
21:01:27.0313 0x107c  ComputerName: DERPETER-PC
21:01:27.0314 0x107c  UserName: Der Peter
21:01:27.0314 0x107c  Windows directory: C:\Windows
21:01:27.0314 0x107c  System windows directory: C:\Windows
21:01:27.0315 0x107c  Processor architecture: Intel x86
21:01:27.0315 0x107c  Number of processors: 2
21:01:27.0315 0x107c  Page size: 0x1000
21:01:27.0315 0x107c  Boot type: Normal boot
21:01:27.0315 0x107c  ============================================================
21:01:30.0260 0x107c  KLMD registered as C:\Windows\system32\drivers\81631355.sys
21:01:30.0939 0x107c  System UUID: {C5F002DE-C5F6-E0AE-D8E3-CAA5BC32923C}
21:01:32.0606 0x107c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x1C042, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
21:01:32.0610 0x107c  Drive \Device\Harddisk1\DR1 - Size: 0x1DDD00000 ( 7.47 Gb ), SectorSize: 0x200, Cylinders: 0x3CE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:01:32.0621 0x107c  ============================================================
21:01:32.0621 0x107c  \Device\Harddisk0\DR0:
21:01:32.0625 0x107c  MBR partitions:
21:01:32.0625 0x107c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:01:32.0625 0x107c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
21:01:32.0625 0x107c  \Device\Harddisk1\DR1:
21:01:32.0625 0x107c  MBR partitions:
21:01:32.0625 0x107c  ============================================================
21:01:32.0671 0x107c  C: <-> \Device\Harddisk0\DR0\Partition2
21:01:32.0672 0x107c  ============================================================
21:01:32.0672 0x107c  Initialize success
21:01:32.0672 0x107c  ============================================================
21:01:50.0006 0x0e54  ============================================================
21:01:50.0006 0x0e54  Scan started
21:01:50.0006 0x0e54  Mode: Manual; SigCheck; TDLFS;
21:01:50.0006 0x0e54  ============================================================
21:01:50.0006 0x0e54  KSN ping started
21:01:52.0446 0x0e54  KSN ping finished: true
21:01:54.0751 0x0e54  ================ Scan system memory ========================
21:01:54.0751 0x0e54  System memory - ok
21:01:54.0753 0x0e54  ================ Scan services =============================
21:01:54.0999 0x0e54  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:01:55.0495 0x0e54  1394ohci - ok
21:01:55.0616 0x0e54  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:01:55.0813 0x0e54  ACPI - ok
21:01:55.0882 0x0e54  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
21:01:56.0121 0x0e54  AcpiPmi - ok
21:01:56.0220 0x0e54  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:01:56.0315 0x0e54  AdobeARMservice - ok
21:01:56.0404 0x0e54  [ 4E48A7DF7ECACB38C686B2BEBAA687A3, D4DEE6BD464855B24A6D40BC6A9279B2041099615C6A319D869DA113AD896EA3 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:01:56.0572 0x0e54  AdobeFlashPlayerUpdateSvc - ok
21:01:56.0665 0x0e54  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
21:01:56.0784 0x0e54  adp94xx - ok
21:01:56.0828 0x0e54  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
21:01:56.0957 0x0e54  adpahci - ok
21:01:57.0013 0x0e54  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
21:01:57.0079 0x0e54  adpu320 - ok
21:01:57.0128 0x0e54  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
21:01:57.0386 0x0e54  AeLookupSvc - ok
21:01:57.0482 0x0e54  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD            C:\Windows\system32\drivers\afd.sys
21:01:57.0721 0x0e54  AFD - ok
21:01:57.0783 0x0e54  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:01:57.0859 0x0e54  agp440 - ok
21:01:57.0918 0x0e54  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
21:01:58.0073 0x0e54  aic78xx - ok
21:01:58.0138 0x0e54  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG            C:\Windows\System32\alg.exe
21:01:58.0319 0x0e54  ALG - ok
21:01:58.0395 0x0e54  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:01:58.0529 0x0e54  aliide - ok
21:01:58.0614 0x0e54  [ B19505648F033393E907E2E419FDE8B3, BEF76AAD61FE0CA1F2B91C491FD94DE1BE67E776BBB7972D57ADFBE0333E9615 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:01:58.0819 0x0e54  AMD External Events Utility - ok
21:01:58.0875 0x0e54  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:01:58.0979 0x0e54  amdagp - ok
21:01:59.0055 0x0e54  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:01:59.0116 0x0e54  amdide - ok
21:01:59.0177 0x0e54  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
21:01:59.0345 0x0e54  AmdK8 - ok
21:01:59.0390 0x0e54  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:01:59.0494 0x0e54  AmdPPM - ok
21:01:59.0547 0x0e54  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
21:01:59.0685 0x0e54  amdsata - ok
21:01:59.0754 0x0e54  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:01:59.0887 0x0e54  amdsbs - ok
21:01:59.0919 0x0e54  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
21:01:59.0991 0x0e54  amdxata - ok
21:02:00.0045 0x0e54  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID          C:\Windows\system32\drivers\appid.sys
21:02:00.0256 0x0e54  AppID - ok
21:02:00.0311 0x0e54  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:02:00.0509 0x0e54  AppIDSvc - ok
21:02:00.0576 0x0e54  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo        C:\Windows\System32\appinfo.dll
21:02:00.0779 0x0e54  Appinfo - ok
21:02:00.0831 0x0e54  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt        C:\Windows\System32\appmgmts.dll
21:02:01.0038 0x0e54  AppMgmt - ok
21:02:01.0159 0x0e54  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc            C:\Windows\system32\DRIVERS\arc.sys
21:02:01.0280 0x0e54  arc - ok
21:02:01.0344 0x0e54  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:02:01.0459 0x0e54  arcsas - ok
21:02:01.0578 0x0e54  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:02:01.0658 0x0e54  aspnet_state - ok
21:02:01.0732 0x0e54  [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid        C:\Windows\system32\drivers\aswHwid.sys
21:02:01.0896 0x0e54  aswHwid - ok
21:02:02.0011 0x0e54  [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
21:02:02.0123 0x0e54  aswMonFlt - ok
21:02:02.0197 0x0e54  [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
21:02:02.0317 0x0e54  aswRdr - ok
21:02:02.0400 0x0e54  [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt        C:\Windows\system32\drivers\aswRvrt.sys
21:02:02.0524 0x0e54  aswRvrt - ok
21:02:02.0637 0x0e54  [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:02:02.0884 0x0e54  aswSnx - ok
21:02:02.0993 0x0e54  [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP          C:\Windows\system32\drivers\aswSP.sys
21:02:03.0157 0x0e54  aswSP - ok
21:02:03.0273 0x0e54  [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
21:02:03.0352 0x0e54  aswStm - ok
21:02:03.0426 0x0e54  [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
21:02:03.0526 0x0e54  aswVmm - ok
21:02:03.0567 0x0e54  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:02:03.0796 0x0e54  AsyncMac - ok
21:02:03.0866 0x0e54  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi          C:\Windows\system32\drivers\atapi.sys
21:02:03.0933 0x0e54  atapi - ok
21:02:04.0053 0x0e54  [ B01751CC563AECAC09BBE36AAA21FBEF, 453CAED322CC13155D3BD1F5BF9ABC9FA7F74D9C17E712DAEC63E9518F0E9229 ] athr            C:\Windows\system32\DRIVERS\athr.sys
21:02:04.0355 0x0e54  athr - ok
21:02:04.0970 0x0e54  [ 04F09923A393E4E0E8453A8F78361E73, B5C0B9D1195B87AF823887AD9355CD2B4C4F4DDF34103891EE48EA86F0F544E7 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:02:05.0631 0x0e54  atikmdag - ok
21:02:05.0766 0x0e54  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:02:05.0921 0x0e54  AudioEndpointBuilder - ok
21:02:05.0968 0x0e54  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:02:06.0078 0x0e54  Audiosrv - ok
21:02:06.0187 0x0e54  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:02:06.0263 0x0e54  avast! Antivirus - ok
21:02:06.0309 0x0e54  [ D15D2E9F5567075740B88F16F01810D6, 09086182352B0901D886B1F588F141DFC1E68CF0CA62BA399F841E1C96DFDFEF ] avgtp          C:\Windows\system32\drivers\avgtpx86.sys
21:02:06.0396 0x0e54  avgtp - ok
21:02:06.0460 0x0e54  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:02:06.0637 0x0e54  AxInstSV - ok
21:02:06.0721 0x0e54  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
21:02:06.0967 0x0e54  b06bdrv - ok
21:02:07.0028 0x0e54  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:02:07.0134 0x0e54  b57nd60x - ok
21:02:07.0222 0x0e54  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
21:02:07.0354 0x0e54  BDESVC - ok
21:02:07.0401 0x0e54  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:02:07.0519 0x0e54  Beep - ok
21:02:07.0589 0x0e54  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE            C:\Windows\System32\bfe.dll
21:02:07.0833 0x0e54  BFE - ok
21:02:07.0904 0x0e54  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
21:02:08.0104 0x0e54  BITS - ok
21:02:08.0143 0x0e54  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:02:08.0244 0x0e54  blbdrive - ok
21:02:08.0306 0x0e54  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:02:08.0467 0x0e54  bowser - ok
21:02:08.0500 0x0e54  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:02:08.0666 0x0e54  BrFiltLo - ok
21:02:08.0702 0x0e54  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:02:08.0809 0x0e54  BrFiltUp - ok
21:02:08.0870 0x0e54  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser        C:\Windows\System32\browser.dll
21:02:09.0005 0x0e54  Browser - ok
21:02:09.0061 0x0e54  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
21:02:09.0237 0x0e54  Brserid - ok
21:02:09.0282 0x0e54  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:02:09.0405 0x0e54  BrSerWdm - ok
21:02:09.0437 0x0e54  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:02:09.0561 0x0e54  BrUsbMdm - ok
21:02:09.0608 0x0e54  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:02:09.0735 0x0e54  BrUsbSer - ok
21:02:09.0773 0x0e54  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:02:09.0919 0x0e54  BTHMODEM - ok
21:02:09.0997 0x0e54  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv        C:\Windows\system32\bthserv.dll
21:02:10.0108 0x0e54  bthserv - ok
21:02:10.0139 0x0e54  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:02:10.0278 0x0e54  cdfs - ok
21:02:10.0330 0x0e54  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
21:02:10.0469 0x0e54  cdrom - ok
21:02:10.0505 0x0e54  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc    C:\Windows\System32\certprop.dll
21:02:10.0667 0x0e54  CertPropSvc - ok
21:02:10.0703 0x0e54  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:02:10.0833 0x0e54  circlass - ok
21:02:10.0898 0x0e54  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
21:02:11.0036 0x0e54  CLFS - ok
21:02:11.0138 0x0e54  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:02:11.0206 0x0e54  clr_optimization_v2.0.50727_32 - ok
21:02:11.0245 0x0e54  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:02:11.0331 0x0e54  clr_optimization_v4.0.30319_32 - ok
21:02:11.0369 0x0e54  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:02:11.0447 0x0e54  CmBatt - ok
21:02:11.0497 0x0e54  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:02:11.0568 0x0e54  cmdide - ok
21:02:11.0645 0x0e54  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG            C:\Windows\system32\Drivers\cng.sys
21:02:11.0753 0x0e54  CNG - ok
21:02:11.0822 0x0e54  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:02:11.0905 0x0e54  Compbatt - ok
21:02:11.0952 0x0e54  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:02:12.0147 0x0e54  CompositeBus - ok
21:02:12.0175 0x0e54  COMSysApp - ok
21:02:12.0214 0x0e54  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
21:02:12.0288 0x0e54  crcdisk - ok
21:02:12.0375 0x0e54  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:02:12.0516 0x0e54  CryptSvc - ok
21:02:12.0580 0x0e54  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC            C:\Windows\system32\drivers\csc.sys
21:02:12.0793 0x0e54  CSC - ok
21:02:12.0881 0x0e54  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
21:02:13.0076 0x0e54  CscService - ok
21:02:13.0123 0x0e54  [ B5ECADF7708960F1818C7FA015F4C239, A58BA71B08A9D46EB79EB3DF0858F553A11DE3461E13B6D926E25D21D4CBB2D8 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
21:02:13.0268 0x0e54  CVirtA - ok
21:02:13.0450 0x0e54  [ 30443EEF52F5FB043654859EAA8E5247, 887ED8C4FE2259542E05A17973FE1549B636DA2C6888CC3A66F97D7D2600DC49 ] CVPND          C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
21:02:13.0727 0x0e54  CVPND - ok
21:02:13.0821 0x0e54  [ CB90B2762B1A1D0B40496400C55B6ADE, 7A8D86B223FD8A2C4A75AD0849041D56255277D491387C613E62BC76E6730F06 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
21:02:13.0957 0x0e54  CVPNDRVA - detected UnsignedFile.Multi.Generic ( 1 )
21:02:16.0512 0x0e54  Detect skipped due to KSN trusted
21:02:16.0512 0x0e54  CVPNDRVA - ok
21:02:16.0637 0x0e54  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:02:16.0985 0x0e54  DcomLaunch - ok
21:02:17.0054 0x0e54  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc      C:\Windows\System32\defragsvc.dll
21:02:17.0343 0x0e54  defragsvc - ok
21:02:17.0399 0x0e54  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:02:17.0623 0x0e54  DfsC - ok
21:02:17.0717 0x0e54  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:02:17.0987 0x0e54  Dhcp - ok
21:02:18.0058 0x0e54  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
21:02:18.0208 0x0e54  discache - ok
21:02:18.0266 0x0e54  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:02:18.0333 0x0e54  Disk - ok
21:02:18.0386 0x0e54  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144, 14C147B79786C5DCEC54AF191E8815D871906E30DE90B00C7929F0E6CC025E6A ] DNE            C:\Windows\system32\DRIVERS\dne2000.sys
21:02:18.0509 0x0e54  DNE - ok
21:02:18.0587 0x0e54  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:02:18.0746 0x0e54  Dnscache - ok
21:02:18.0805 0x0e54  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc        C:\Windows\System32\dot3svc.dll
21:02:19.0006 0x0e54  dot3svc - ok
21:02:19.0070 0x0e54  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS            C:\Windows\system32\dps.dll
21:02:19.0213 0x0e54  DPS - ok
21:02:19.0254 0x0e54  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
21:02:19.0386 0x0e54  drmkaud - ok
21:02:19.0449 0x0e54  [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:02:19.0544 0x0e54  dtsoftbus01 - ok
21:02:19.0641 0x0e54  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
21:02:19.0789 0x0e54  DXGKrnl - ok
21:02:19.0887 0x0e54  [ 22EF8965101685ADD128F03A2B03CE16, 677F7B32C7A45C26F2F0DB67FFB526E9742E4B3A8BEAEA7B814CBCA2F56D6D5A ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
21:02:20.0056 0x0e54  E1G60 - ok
21:02:20.0121 0x0e54  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost        C:\Windows\System32\eapsvc.dll
21:02:20.0266 0x0e54  EapHost - ok
21:02:20.0555 0x0e54  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
21:02:21.0136 0x0e54  ebdrv - ok
21:02:21.0231 0x0e54  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS            C:\Windows\System32\lsass.exe
21:02:21.0353 0x0e54  EFS - ok
21:02:21.0480 0x0e54  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
21:02:21.0723 0x0e54  ehRecvr - ok
21:02:21.0780 0x0e54  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched        C:\Windows\ehome\ehsched.exe
21:02:21.0937 0x0e54  ehSched - ok
21:02:22.0013 0x0e54  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
21:02:22.0152 0x0e54  elxstor - ok
21:02:22.0218 0x0e54  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:02:22.0350 0x0e54  ErrDev - ok
21:02:22.0422 0x0e54  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem    C:\Windows\system32\es.dll
21:02:22.0674 0x0e54  EventSystem - ok
21:02:22.0715 0x0e54  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat          C:\Windows\system32\drivers\exfat.sys
21:02:22.0884 0x0e54  exfat - ok
21:02:22.0911 0x0e54  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
21:02:23.0198 0x0e54  fastfat - ok
21:02:23.0327 0x0e54  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax            C:\Windows\system32\fxssvc.exe
21:02:23.0527 0x0e54  Fax - ok
21:02:23.0570 0x0e54  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
21:02:23.0694 0x0e54  fdc - ok
21:02:23.0735 0x0e54  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost        C:\Windows\system32\fdPHost.dll
21:02:23.0921 0x0e54  fdPHost - ok
21:02:23.0972 0x0e54  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:02:24.0096 0x0e54  FDResPub - ok
21:02:24.0130 0x0e54  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:02:24.0197 0x0e54  FileInfo - ok
21:02:24.0230 0x0e54  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
21:02:24.0363 0x0e54  Filetrace - ok
21:02:24.0385 0x0e54  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:02:24.0497 0x0e54  flpydisk - ok
21:02:24.0562 0x0e54  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:02:24.0637 0x0e54  FltMgr - ok
21:02:24.0761 0x0e54  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache      C:\Windows\system32\FntCache.dll
21:02:25.0005 0x0e54  FontCache - ok
21:02:25.0083 0x0e54  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:02:25.0189 0x0e54  FontCache3.0.0.0 - ok
21:02:25.0231 0x0e54  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
21:02:25.0293 0x0e54  FsDepends - ok
21:02:25.0328 0x0e54  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:02:25.0370 0x0e54  Fs_Rec - ok
21:02:25.0429 0x0e54  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:02:25.0518 0x0e54  fvevol - ok
21:02:25.0568 0x0e54  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:02:25.0629 0x0e54  gagp30kx - ok
21:02:25.0702 0x0e54  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc          C:\Windows\System32\gpsvc.dll
21:02:25.0916 0x0e54  gpsvc - ok
21:02:26.0009 0x0e54  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:02:26.0163 0x0e54  gusvc - ok
21:02:26.0197 0x0e54  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:02:26.0329 0x0e54  hcw85cir - ok
21:02:26.0395 0x0e54  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:02:26.0560 0x0e54  HdAudAddService - ok
21:02:26.0640 0x0e54  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:02:26.0778 0x0e54  HDAudBus - ok
21:02:26.0841 0x0e54  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
21:02:26.0992 0x0e54  HidBatt - ok
21:02:27.0035 0x0e54  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:02:27.0263 0x0e54  HidBth - ok
21:02:27.0330 0x0e54  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
21:02:27.0470 0x0e54  HidIr - ok
21:02:27.0597 0x0e54  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv        C:\Windows\system32\hidserv.dll
21:02:27.0717 0x0e54  hidserv - ok
21:02:27.0870 0x0e54  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:02:27.0960 0x0e54  HidUsb - ok
21:02:28.0015 0x0e54  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:02:28.0238 0x0e54  hkmsvc - ok
21:02:28.0297 0x0e54  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:02:28.0620 0x0e54  HomeGroupListener - ok
21:02:28.0663 0x0e54  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:02:28.0950 0x0e54  HomeGroupProvider - ok
21:02:29.0117 0x0e54  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:02:29.0201 0x0e54  HpSAMD - ok
21:02:29.0342 0x0e54  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:02:29.0635 0x0e54  HTTP - ok
21:02:29.0707 0x0e54  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:02:29.0788 0x0e54  hwpolicy - ok
21:02:29.0851 0x0e54  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:02:29.0961 0x0e54  i8042prt - ok
21:02:30.0032 0x0e54  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
21:02:30.0166 0x0e54  iaStorV - ok
21:02:30.0449 0x0e54  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:02:30.0712 0x0e54  idsvc - ok
21:02:30.0764 0x0e54  IEEtwCollectorService - ok
21:02:30.0804 0x0e54  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
21:02:30.0874 0x0e54  iirsp - ok
21:02:30.0969 0x0e54  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:02:31.0216 0x0e54  IKEEXT - ok
21:02:31.0289 0x0e54  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:02:31.0453 0x0e54  intelide - ok
21:02:31.0557 0x0e54  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:02:31.0740 0x0e54  intelppm - ok
21:02:31.0790 0x0e54  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
21:02:31.0938 0x0e54  IPBusEnum - ok
21:02:31.0980 0x0e54  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:02:32.0111 0x0e54  IpFilterDriver - ok
21:02:32.0191 0x0e54  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:02:32.0412 0x0e54  iphlpsvc - ok
21:02:32.0455 0x0e54  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
21:02:32.0541 0x0e54  IPMIDRV - ok
21:02:32.0589 0x0e54  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
21:02:32.0718 0x0e54  IPNAT - ok
21:02:32.0757 0x0e54  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:02:32.0847 0x0e54  IRENUM - ok
21:02:32.0875 0x0e54  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:02:32.0920 0x0e54  isapnp - ok
21:02:32.0986 0x0e54  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:02:33.0084 0x0e54  iScsiPrt - ok
21:02:33.0255 0x0e54  [ 5645290B24D23612D8AE10BBE8BF03CE, 21DC0FFF80748CE3115658BD6CDFF9FC13711ED9E686D25233C3A73535157D0F ] ISODrive        C:\Program Files\UltraISO\drivers\ISODrive.sys
21:02:33.0335 0x0e54  ISODrive - ok
21:02:33.0394 0x0e54  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:02:33.0458 0x0e54  kbdclass - ok
21:02:33.0506 0x0e54  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:02:33.0603 0x0e54  kbdhid - ok
21:02:33.0633 0x0e54  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
21:02:33.0717 0x0e54  KeyIso - ok
21:02:33.0757 0x0e54  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:02:33.0818 0x0e54  KSecDD - ok
21:02:33.0875 0x0e54  [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
21:02:33.0958 0x0e54  KSecPkg - ok
21:02:34.0020 0x0e54  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm          C:\Windows\system32\msdtckrm.dll
21:02:34.0173 0x0e54  KtmRm - ok
21:02:34.0262 0x0e54  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:02:34.0413 0x0e54  LanmanServer - ok
21:02:34.0463 0x0e54  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:02:34.0587 0x0e54  LanmanWorkstation - ok
21:02:34.0660 0x0e54  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:02:34.0753 0x0e54  lltdio - ok
21:02:34.0807 0x0e54  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
21:02:34.0958 0x0e54  lltdsvc - ok
21:02:34.0982 0x0e54  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts        C:\Windows\System32\lmhsvc.dll
21:02:35.0111 0x0e54  lmhosts - ok
21:02:35.0181 0x0e54  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:02:35.0251 0x0e54  LSI_FC - ok
21:02:35.0294 0x0e54  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
21:02:35.0362 0x0e54  LSI_SAS - ok
21:02:35.0409 0x0e54  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:02:35.0478 0x0e54  LSI_SAS2 - ok
21:02:35.0535 0x0e54  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:02:35.0619 0x0e54  LSI_SCSI - ok
21:02:35.0665 0x0e54  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv          C:\Windows\system32\drivers\luafv.sys
21:02:35.0753 0x0e54  luafv - ok
21:02:35.0791 0x0e54  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
21:02:35.0867 0x0e54  Mcx2Svc - ok
21:02:35.0909 0x0e54  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
21:02:35.0982 0x0e54  megasas - ok
21:02:36.0034 0x0e54  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:02:36.0119 0x0e54  MegaSR - ok
21:02:36.0172 0x0e54  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS          C:\Windows\system32\mmcss.dll
21:02:36.0295 0x0e54  MMCSS - ok
21:02:36.0345 0x0e54  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem          C:\Windows\system32\drivers\modem.sys
21:02:36.0459 0x0e54  Modem - ok
21:02:36.0649 0x0e54  [ 25483F9D590D5F00BD951E1181453EC2, 9C88A246B1DF44DA19265CFDEEE7F162B7B11FA1A2C127403D02D0A79BFEC494 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
21:02:36.0750 0x0e54  MODEMCSA - ok
21:02:36.0806 0x0e54  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
21:02:36.0893 0x0e54  monitor - ok
21:02:36.0962 0x0e54  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:02:37.0069 0x0e54  mouclass - ok
21:02:37.0140 0x0e54  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:02:37.0195 0x0e54  mouhid - ok
21:02:37.0246 0x0e54  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:02:37.0319 0x0e54  mountmgr - ok
21:02:37.0379 0x0e54  [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:02:37.0464 0x0e54  MozillaMaintenance - ok
21:02:37.0508 0x0e54  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:02:37.0585 0x0e54  mpio - ok
21:02:37.0633 0x0e54  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:02:37.0760 0x0e54  mpsdrv - ok
21:02:37.0916 0x0e54  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:02:38.0162 0x0e54  MpsSvc - ok
21:02:38.0218 0x0e54  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:02:38.0360 0x0e54  MRxDAV - ok
21:02:38.0428 0x0e54  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:02:38.0545 0x0e54  mrxsmb - ok
21:02:38.0584 0x0e54  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:02:38.0724 0x0e54  mrxsmb10 - ok
21:02:38.0796 0x0e54  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:02:38.0914 0x0e54  mrxsmb20 - ok
21:02:38.0984 0x0e54  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:02:39.0060 0x0e54  msahci - ok
21:02:39.0113 0x0e54  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
21:02:39.0186 0x0e54  msdsm - ok
21:02:39.0209 0x0e54  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC          C:\Windows\System32\msdtc.exe
21:02:39.0488 0x0e54  MSDTC - ok
21:02:39.0567 0x0e54  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:02:39.0757 0x0e54  Msfs - ok
21:02:39.0793 0x0e54  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
21:02:39.0926 0x0e54  mshidkmdf - ok
21:02:39.0967 0x0e54  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:02:40.0027 0x0e54  msisadrv - ok
21:02:40.0094 0x0e54  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
21:02:40.0264 0x0e54  MSiSCSI - ok
21:02:40.0279 0x0e54  msiserver - ok
21:02:40.0320 0x0e54  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
21:02:40.0431 0x0e54  MSKSSRV - ok
21:02:40.0473 0x0e54  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:02:40.0627 0x0e54  MSPCLOCK - ok
21:02:40.0664 0x0e54  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
21:02:40.0818 0x0e54  MSPQM - ok
21:02:40.0868 0x0e54  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
21:02:40.0962 0x0e54  MsRPC - ok
21:02:41.0015 0x0e54  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:02:41.0090 0x0e54  mssmbios - ok
21:02:41.0121 0x0e54  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
21:02:41.0225 0x0e54  MSTEE - ok
21:02:41.0267 0x0e54  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:02:41.0391 0x0e54  MTConfig - ok
21:02:41.0437 0x0e54  [ 97AFFA9D95FFE20EEE6229BC6BE166CF, 6E13230AF96A3A5C518EFA21B9B1833E3DE9D6DA05A6E664E305EF18B162E1B9 ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
21:02:41.0563 0x0e54  MTsensor - ok
21:02:41.0588 0x0e54  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup            C:\Windows\system32\Drivers\mup.sys
21:02:41.0664 0x0e54  Mup - ok
21:02:41.0727 0x0e54  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
21:02:41.0912 0x0e54  napagent - ok
21:02:42.0009 0x0e54  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
21:02:42.0126 0x0e54  NativeWifiP - ok
21:02:42.0241 0x0e54  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:02:42.0465 0x0e54  NDIS - ok
21:02:42.0533 0x0e54  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
21:02:42.0643 0x0e54  NdisCap - ok
21:02:42.0682 0x0e54  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:02:42.0818 0x0e54  NdisTapi - ok
21:02:42.0885 0x0e54  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
21:02:43.0031 0x0e54  Ndisuio - ok
21:02:43.0086 0x0e54  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
21:02:43.0245 0x0e54  NdisWan - ok
21:02:43.0287 0x0e54  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
21:02:43.0434 0x0e54  NDProxy - ok
21:02:43.0494 0x0e54  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
21:02:43.0599 0x0e54  NetBIOS - ok
21:02:43.0657 0x0e54  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
21:02:43.0803 0x0e54  NetBT - ok
21:02:43.0844 0x0e54  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
21:02:43.0907 0x0e54  Netlogon - ok
21:02:43.0960 0x0e54  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
21:02:44.0131 0x0e54  Netman - ok
21:02:44.0207 0x0e54  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:02:44.0331 0x0e54  NetMsmqActivator - ok
21:02:44.0390 0x0e54  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:02:44.0461 0x0e54  NetPipeActivator - ok
21:02:44.0521 0x0e54  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
21:02:44.0711 0x0e54  netprofm - ok
21:02:44.0806 0x0e54  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:02:44.0899 0x0e54  NetTcpActivator - ok
21:02:44.0971 0x0e54  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:02:45.0076 0x0e54  NetTcpPortSharing - ok
21:02:45.0190 0x0e54  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
21:02:45.0248 0x0e54  nfrd960 - ok
21:02:45.0306 0x0e54  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:02:45.0451 0x0e54  NlaSvc - ok
21:02:45.0498 0x0e54  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:02:45.0609 0x0e54  Npfs - ok
21:02:45.0650 0x0e54  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi            C:\Windows\system32\nsisvc.dll
21:02:45.0791 0x0e54  nsi - ok
21:02:45.0819 0x0e54  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:02:45.0954 0x0e54  nsiproxy - ok
21:02:46.0101 0x0e54  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:02:46.0373 0x0e54  Ntfs - ok
21:02:46.0440 0x0e54  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
21:02:46.0564 0x0e54  Null - ok
21:02:46.0637 0x0e54  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:02:46.0696 0x0e54  nvraid - ok
21:02:46.0743 0x0e54  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:02:46.0813 0x0e54  nvstor - ok
21:02:46.0851 0x0e54  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:02:46.0912 0x0e54  nv_agp - ok
21:02:46.0948 0x0e54  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:02:47.0105 0x0e54  ohci1394 - ok
21:02:47.0166 0x0e54  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:02:47.0332 0x0e54  p2pimsvc - ok
21:02:47.0402 0x0e54  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:02:47.0551 0x0e54  p2psvc - ok
21:02:47.0639 0x0e54  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport        C:\Windows\system32\DRIVERS\parport.sys
21:02:47.0760 0x0e54  Parport - ok
21:02:47.0800 0x0e54  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr        C:\Windows\system32\drivers\partmgr.sys
21:02:47.0871 0x0e54  partmgr - ok
21:02:47.0902 0x0e54  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:02:47.0990 0x0e54  Parvdm - ok
21:02:48.0059 0x0e54  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:02:48.0182 0x0e54  PcaSvc - ok
21:02:48.0243 0x0e54  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci            C:\Windows\system32\drivers\pci.sys
21:02:48.0318 0x0e54  pci - ok
21:02:48.0376 0x0e54  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:02:48.0438 0x0e54  pciide - ok
21:02:48.0492 0x0e54  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:02:48.0577 0x0e54  pcmcia - ok
21:02:48.0611 0x0e54  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw            C:\Windows\system32\drivers\pcw.sys
21:02:48.0702 0x0e54  pcw - ok
21:02:48.0779 0x0e54  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:02:48.0986 0x0e54  PEAUTH - ok
21:02:49.0112 0x0e54  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
21:02:49.0371 0x0e54  PeerDistSvc - ok
21:02:49.0595 0x0e54  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla            C:\Windows\system32\pla.dll
21:02:49.0989 0x0e54  pla - ok
21:02:50.0083 0x0e54  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:02:50.0296 0x0e54  PlugPlay - ok
21:02:50.0333 0x0e54  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
21:02:50.0550 0x0e54  PNRPAutoReg - ok
21:02:50.0601 0x0e54  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
21:02:50.0729 0x0e54  PNRPsvc - ok
21:02:50.0857 0x0e54  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
21:02:51.0041 0x0e54  PolicyAgent - ok
21:02:51.0133 0x0e54  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power          C:\Windows\system32\umpo.dll
21:02:51.0342 0x0e54  Power - ok
21:02:51.0409 0x0e54  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:02:51.0527 0x0e54  PptpMiniport - ok
21:02:51.0571 0x0e54  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
21:02:51.0682 0x0e54  Processor - ok
21:02:51.0751 0x0e54  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc        C:\Windows\system32\profsvc.dll
21:02:51.0895 0x0e54  ProfSvc - ok
21:02:51.0926 0x0e54  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:02:52.0018 0x0e54  ProtectedStorage - ok
21:02:52.0083 0x0e54  [ 64E413BA0C529AA40C3924BBCC4153DB, 9E0EB02078EE250AC618D4A4537D54BACDD7E2B67349162CA61F35EAF91601EE ] ProtexisLicensing C:\Windows\system32\PSIService.exe
21:02:52.0218 0x0e54  ProtexisLicensing - detected UnsignedFile.Multi.Generic ( 1 )
21:02:54.0764 0x0e54  Detect skipped due to KSN trusted
21:02:54.0765 0x0e54  ProtexisLicensing - ok
21:02:54.0885 0x0e54  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:02:55.0094 0x0e54  Psched - ok
21:02:55.0209 0x0e54  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI            C:\Windows\system32\DRIVERS\psi_mf_x86.sys
21:02:55.0298 0x0e54  PSI - ok
21:02:55.0387 0x0e54  [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2      C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
21:02:55.0480 0x0e54  PSI_SVC_2 - ok
21:02:55.0659 0x0e54  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:02:55.0921 0x0e54  ql2300 - ok
21:02:56.0079 0x0e54  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:02:56.0161 0x0e54  ql40xx - ok
21:02:56.0210 0x0e54  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE          C:\Windows\system32\qwave.dll
21:02:56.0388 0x0e54  QWAVE - ok
21:02:56.0406 0x0e54  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:02:56.0523 0x0e54  QWAVEdrv - ok
21:02:56.0563 0x0e54  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:02:56.0690 0x0e54  RasAcd - ok
21:02:56.0749 0x0e54  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
21:02:56.0865 0x0e54  RasAgileVpn - ok
21:02:56.0929 0x0e54  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto        C:\Windows\System32\rasauto.dll
21:02:57.0092 0x0e54  RasAuto - ok
21:02:57.0128 0x0e54  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
21:02:57.0243 0x0e54  Rasl2tp - ok
21:02:57.0355 0x0e54  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
21:02:57.0555 0x0e54  RasMan - ok
21:02:57.0606 0x0e54  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:02:57.0724 0x0e54  RasPppoe - ok
21:02:57.0786 0x0e54  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
21:02:57.0904 0x0e54  RasSstp - ok
21:02:57.0959 0x0e54  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
21:02:58.0109 0x0e54  rdbss - ok
21:02:58.0194 0x0e54  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:02:58.0268 0x0e54  rdpbus - ok
21:02:58.0330 0x0e54  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:02:58.0461 0x0e54  RDPCDD - ok
21:02:58.0519 0x0e54  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
21:02:58.0676 0x0e54  RDPDR - ok
21:02:58.0726 0x0e54  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:02:58.0836 0x0e54  RDPENCDD - ok
21:02:58.0872 0x0e54  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:02:58.0997 0x0e54  RDPREFMP - ok
21:02:59.0125 0x0e54  [ 68A0387F58E226DEEE23D9715955572A, F95BB1D2BB3E79AF47B1C715BB5E3003EEF888AAA963F46F4A2FE8AFBD4F37A4 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:02:59.0264 0x0e54  RdpVideoMiniport - ok
21:02:59.0316 0x0e54  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
21:02:59.0456 0x0e54  RDPWD - ok
21:02:59.0507 0x0e54  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:02:59.0596 0x0e54  rdyboost - ok
21:02:59.0656 0x0e54  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:02:59.0790 0x0e54  RemoteAccess - ok
21:02:59.0835 0x0e54  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:02:59.0964 0x0e54  RemoteRegistry - ok
21:03:00.0004 0x0e54  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:03:00.0126 0x0e54  RpcEptMapper - ok
21:03:00.0198 0x0e54  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
21:03:00.0292 0x0e54  RpcLocator - ok
21:03:00.0336 0x0e54  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs          C:\Windows\system32\rpcss.dll
21:03:00.0486 0x0e54  RpcSs - ok
21:03:00.0557 0x0e54  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:03:00.0670 0x0e54  rspndr - ok
21:03:00.0711 0x0e54  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap          C:\Windows\system32\drivers\vms3cap.sys
21:03:00.0828 0x0e54  s3cap - ok
21:03:00.0862 0x0e54  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs          C:\Windows\system32\lsass.exe
21:03:00.0924 0x0e54  SamSs - ok
21:03:00.0961 0x0e54  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:03:01.0014 0x0e54  sbp2port - ok
21:03:01.0076 0x0e54  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:03:01.0212 0x0e54  SCardSvr - ok
21:03:01.0300 0x0e54  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:03:01.0459 0x0e54  scfilter - ok
21:03:01.0541 0x0e54  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
21:03:01.0765 0x0e54  Schedule - ok
21:03:01.0829 0x0e54  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc    C:\Windows\System32\certprop.dll
21:03:01.0909 0x0e54  SCPolicySvc - ok
21:03:01.0988 0x0e54  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:03:02.0107 0x0e54  SDRSVC - ok
21:03:02.0166 0x0e54  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:03:02.0266 0x0e54  secdrv - ok
21:03:02.0308 0x0e54  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
21:03:02.0448 0x0e54  seclogon - ok
21:03:02.0654 0x0e54  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
21:03:02.0890 0x0e54  Secunia PSI Agent - ok
21:03:02.0978 0x0e54  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
21:03:03.0172 0x0e54  Secunia Update Agent - ok
21:03:03.0238 0x0e54  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
21:03:03.0401 0x0e54  SENS - ok
21:03:03.0438 0x0e54  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:03:03.0564 0x0e54  SensrSvc - ok
21:03:03.0596 0x0e54  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
21:03:03.0668 0x0e54  Serenum - ok
21:03:03.0692 0x0e54  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:03:03.0805 0x0e54  Serial - ok
21:03:03.0856 0x0e54  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:03:03.0923 0x0e54  sermouse - ok
21:03:04.0011 0x0e54  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:03:04.0171 0x0e54  SessionEnv - ok
21:03:04.0217 0x0e54  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
21:03:04.0308 0x0e54  sffdisk - ok
21:03:04.0320 0x0e54  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:03:04.0433 0x0e54  sffp_mmc - ok
21:03:04.0469 0x0e54  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
21:03:04.0575 0x0e54  sffp_sd - ok
21:03:04.0606 0x0e54  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
21:03:04.0707 0x0e54  sfloppy - ok
21:03:04.0772 0x0e54  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:03:04.0952 0x0e54  SharedAccess - ok
21:03:05.0013 0x0e54  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:03:05.0195 0x0e54  ShellHWDetection - ok
21:03:05.0256 0x0e54  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:03:05.0313 0x0e54  sisagp - ok
21:03:05.0364 0x0e54  [ 6F0C643C7F49F2091B01D014EAE72E1A, 5B81BDE24DB0F796999B97753580C5D53BA16AAE62EA310DF529EE6D1B0F43C6 ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSGB6.sys
21:03:05.0471 0x0e54  SiSGbeLH - ok
21:03:05.0517 0x0e54  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:03:05.0597 0x0e54  SiSRaid2 - ok
21:03:05.0647 0x0e54  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:03:05.0708 0x0e54  SiSRaid4 - ok
21:03:05.0782 0x0e54  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
21:03:05.0882 0x0e54  SkypeUpdate - ok
21:03:05.0942 0x0e54  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
21:03:06.0050 0x0e54  Smb - ok
21:03:06.0202 0x0e54  [ 859E3ADC59D1C89A66AA6492C14D379E, 392F0AC179294F8416B2937EE149DE9C1062A757F6686B4AF3F3984A68D2929D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
21:03:06.0500 0x0e54  smserial - ok
21:03:06.0619 0x0e54  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:03:06.0727 0x0e54  SNMPTRAP - ok
21:03:06.0776 0x0e54  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr          C:\Windows\system32\drivers\spldr.sys
21:03:06.0871 0x0e54  spldr - ok
21:03:06.0951 0x0e54  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler        C:\Windows\System32\spoolsv.exe
21:03:07.0136 0x0e54  Spooler - ok
21:03:07.0477 0x0e54  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
21:03:08.0095 0x0e54  sppsvc - ok
21:03:08.0197 0x0e54  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify    C:\Windows\system32\sppuinotify.dll
21:03:08.0321 0x0e54  sppuinotify - ok
21:03:08.0385 0x0e54  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv            C:\Windows\system32\DRIVERS\srv.sys
21:03:08.0613 0x0e54  srv - ok
21:03:08.0711 0x0e54  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:03:08.0857 0x0e54  srv2 - ok
21:03:08.0895 0x0e54  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:03:08.0970 0x0e54  srvnet - ok
21:03:09.0014 0x0e54  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
21:03:09.0174 0x0e54  SSDPSRV - ok
21:03:09.0208 0x0e54  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
21:03:09.0358 0x0e54  SstpSvc - ok
21:03:09.0402 0x0e54  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:03:09.0479 0x0e54  stexstor - ok
21:03:09.0539 0x0e54  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:03:09.0713 0x0e54  StiSvc - ok
21:03:09.0749 0x0e54  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
21:03:09.0814 0x0e54  storflt - ok
21:03:09.0857 0x0e54  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc        C:\Windows\system32\storsvc.dll
21:03:09.0947 0x0e54  StorSvc - ok
21:03:09.0988 0x0e54  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc        C:\Windows\system32\drivers\storvsc.sys
21:03:10.0034 0x0e54  storvsc - ok
21:03:10.0074 0x0e54  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:03:10.0146 0x0e54  swenum - ok
21:03:10.0194 0x0e54  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv          C:\Windows\System32\swprv.dll
21:03:10.0447 0x0e54  swprv - ok
21:03:10.0482 0x0e54  Synth3dVsc - ok
21:03:10.0583 0x0e54  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain        C:\Windows\system32\sysmain.dll
21:03:10.0887 0x0e54  SysMain - ok
21:03:10.0941 0x0e54  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
21:03:11.0056 0x0e54  TabletInputService - ok
21:03:11.0105 0x0e54  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv        C:\Windows\System32\tapisrv.dll
21:03:11.0222 0x0e54  TapiSrv - ok
21:03:11.0322 0x0e54  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS            C:\Windows\System32\tbssvc.dll
21:03:11.0419 0x0e54  TBS - ok
21:03:11.0561 0x0e54  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
21:03:11.0833 0x0e54  Tcpip - ok
21:03:11.0986 0x0e54  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:03:12.0190 0x0e54  TCPIP6 - ok
21:03:12.0244 0x0e54  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:03:12.0324 0x0e54  tcpipreg - ok
21:03:12.0389 0x0e54  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:03:12.0520 0x0e54  TDPIPE - ok
21:03:12.0562 0x0e54  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
21:03:12.0635 0x0e54  TDTCP - ok
21:03:12.0689 0x0e54  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
21:03:12.0824 0x0e54  tdx - ok
21:03:12.0867 0x0e54  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:03:12.0920 0x0e54  TermDD - ok
21:03:12.0985 0x0e54  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService    C:\Windows\System32\termsrv.dll
21:03:13.0165 0x0e54  TermService - ok
21:03:13.0222 0x0e54  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
21:03:13.0330 0x0e54  Themes - ok
21:03:13.0366 0x0e54  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER    C:\Windows\system32\mmcss.dll
21:03:13.0480 0x0e54  THREADORDER - ok
21:03:13.0522 0x0e54  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
21:03:13.0690 0x0e54  TrkWks - ok
21:03:13.0753 0x0e54  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:03:13.0892 0x0e54  TrustedInstaller - ok
21:03:13.0938 0x0e54  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:03:14.0027 0x0e54  tssecsrv - ok
21:03:14.0116 0x0e54  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:03:14.0223 0x0e54  TsUsbFlt - ok
21:03:14.0255 0x0e54  tsusbhub - ok
21:03:14.0310 0x0e54  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:03:14.0462 0x0e54  tunnel - ok
21:03:14.0540 0x0e54  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:03:14.0644 0x0e54  uagp35 - ok
21:03:14.0721 0x0e54  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:03:14.0875 0x0e54  udfs - ok
21:03:14.0941 0x0e54  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect      C:\Windows\system32\UI0Detect.exe
21:03:15.0036 0x0e54  UI0Detect - ok
21:03:15.0089 0x0e54  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:03:15.0175 0x0e54  uliagpkx - ok
21:03:15.0235 0x0e54  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus          C:\Windows\system32\drivers\umbus.sys
21:03:15.0359 0x0e54  umbus - ok
21:03:15.0416 0x0e54  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:03:15.0561 0x0e54  UmPass - ok
21:03:15.0631 0x0e54  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:03:15.0766 0x0e54  UmRdpService - ok
21:03:15.0810 0x0e54  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
21:03:15.0997 0x0e54  upnphost - ok
21:03:16.0029 0x0e54  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
21:03:16.0162 0x0e54  usbccgp - ok
21:03:16.0220 0x0e54  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:03:16.0333 0x0e54  usbcir - ok
21:03:16.0367 0x0e54  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
21:03:16.0477 0x0e54  usbehci - ok
21:03:16.0559 0x0e54  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:03:16.0711 0x0e54  usbhub - ok
21:03:16.0771 0x0e54  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
21:03:16.0861 0x0e54  usbohci - ok
21:03:16.0920 0x0e54  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:03:17.0026 0x0e54  usbprint - ok
21:03:17.0075 0x0e54  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
21:03:17.0191 0x0e54  usbscan - ok
21:03:17.0240 0x0e54  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:03:17.0387 0x0e54  USBSTOR - ok
21:03:17.0442 0x0e54  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
21:03:17.0521 0x0e54  usbuhci - ok
21:03:17.0586 0x0e54  [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:03:17.0767 0x0e54  usbvideo - ok
21:03:17.0816 0x0e54  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms          C:\Windows\System32\uxsms.dll
21:03:17.0982 0x0e54  UxSms - ok
21:03:18.0012 0x0e54  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
21:03:18.0085 0x0e54  VaultSvc - ok
21:03:18.0109 0x0e54  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:03:18.0181 0x0e54  vdrvroot - ok
21:03:18.0254 0x0e54  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds            C:\Windows\System32\vds.exe
21:03:18.0472 0x0e54  vds - ok
21:03:18.0514 0x0e54  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
21:03:18.0587 0x0e54  vga - ok
21:03:18.0625 0x0e54  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave        C:\Windows\System32\drivers\vga.sys
21:03:18.0718 0x0e54  VgaSave - ok
21:03:18.0728 0x0e54  VGPU - ok
21:03:18.0776 0x0e54  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
21:03:18.0871 0x0e54  vhdmp - ok
21:03:18.0904 0x0e54  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:03:18.0954 0x0e54  viaagp - ok
21:03:18.0995 0x0e54  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
21:03:19.0097 0x0e54  ViaC7 - ok
21:03:19.0147 0x0e54  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:03:19.0203 0x0e54  viaide - ok
21:03:19.0250 0x0e54  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus          C:\Windows\system32\drivers\vmbus.sys
21:03:19.0353 0x0e54  vmbus - ok
21:03:19.0427 0x0e54  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:03:19.0511 0x0e54  VMBusHID - ok
21:03:19.0551 0x0e54  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:03:19.0603 0x0e54  volmgr - ok
21:03:19.0672 0x0e54  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
21:03:19.0777 0x0e54  volmgrx - ok
21:03:19.0824 0x0e54  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
21:03:19.0914 0x0e54  volsnap - ok
21:03:19.0988 0x0e54  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
21:03:20.0071 0x0e54  vsmraid - ok
21:03:20.0175 0x0e54  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS            C:\Windows\system32\vssvc.exe
21:03:20.0453 0x0e54  VSS - ok
21:03:20.0785 0x0e54  [ BAD9F0DB9293875E39E5A2403A8C22DC, 54A15E9F55472C22F359CCE120BA6A409F513217A19BBFBC5752EFCEA3ABA5F2 ] vToolbarUpdater18.1.9 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
21:03:21.0025 0x0e54  vToolbarUpdater18.1.9 - ok
21:03:21.0103 0x0e54  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:03:21.0184 0x0e54  vwifibus - ok
21:03:21.0245 0x0e54  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:03:21.0322 0x0e54  vwififlt - ok
21:03:21.0371 0x0e54  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
21:03:21.0426 0x0e54  vwifimp - ok
21:03:21.0470 0x0e54  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time        C:\Windows\system32\w32time.dll
21:03:21.0609 0x0e54  W32Time - ok
21:03:21.0698 0x0e54  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:03:21.0802 0x0e54  WacomPen - ok
21:03:21.0841 0x0e54  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:03:21.0969 0x0e54  WANARP - ok
21:03:22.0005 0x0e54  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:03:22.0083 0x0e54  Wanarpv6 - ok
21:03:22.0248 0x0e54  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
21:03:22.0456 0x0e54  WatAdminSvc - ok
21:03:22.0581 0x0e54  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
21:03:22.0885 0x0e54  wbengine - ok
21:03:22.0931 0x0e54  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:03:23.0104 0x0e54  WbioSrvc - ok
21:03:23.0156 0x0e54  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc        C:\Windows\System32\wcncsvc.dll
21:03:23.0294 0x0e54  wcncsvc - ok
21:03:23.0343 0x0e54  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:03:23.0462 0x0e54  WcsPlugInService - ok
21:03:23.0501 0x0e54  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:03:23.0544 0x0e54  Wd - ok
21:03:23.0616 0x0e54  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:03:23.0736 0x0e54  Wdf01000 - ok
21:03:23.0779 0x0e54  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:03:23.0931 0x0e54  WdiServiceHost - ok
21:03:23.0958 0x0e54  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost  C:\Windows\system32\wdi.dll
21:03:24.0029 0x0e54  WdiSystemHost - ok
21:03:24.0083 0x0e54  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient      C:\Windows\System32\webclnt.dll
21:03:24.0239 0x0e54  WebClient - ok
21:03:24.0296 0x0e54  [ F56A25B240391620B6E31ACF656F2018, 38FEF5616E68FCAFF7B573611EEFEC1B330424BD39D88364E44C4C125FF7E235 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:03:24.0416 0x0e54  Wecsvc - ok
21:03:24.0468 0x0e54  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
21:03:24.0589 0x0e54  wercplsupport - ok
21:03:24.0646 0x0e54  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
21:03:24.0762 0x0e54  WerSvc - ok
21:03:24.0794 0x0e54  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:03:24.0873 0x0e54  WfpLwf - ok
21:03:24.0902 0x0e54  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:03:24.0957 0x0e54  WIMMount - ok
21:03:25.0085 0x0e54  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
21:03:25.0306 0x0e54  WinDefend - ok
21:03:25.0352 0x0e54  WinHttpAutoProxySvc - ok
21:03:25.0445 0x0e54  [ 320B13F43726EB73B2D7AE8869AFAACE, 56E882AA2749F401C28EE3DE2D23088C479CDE54E4CD4FBCC18374F348332607 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
21:03:25.0616 0x0e54  Winmgmt - ok
21:03:25.0771 0x0e54  [ 895AD0D039FAAE12D4C25E028051344C, 49FCB06EF59846CAC665BCFA1D0B0CCB7A52B414FA80FE97438B5CE2AD60C31D ] WinRM          C:\Windows\system32\WsmSvc.dll
21:03:26.0143 0x0e54  WinRM - ok
21:03:26.0287 0x0e54  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:03:26.0385 0x0e54  WinUsb - ok
21:03:26.0473 0x0e54  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc        C:\Windows\System32\wlansvc.dll
21:03:26.0911 0x0e54  Wlansvc - ok
21:03:27.0121 0x0e54  [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:03:27.0415 0x0e54  wlidsvc - ok
21:03:27.0481 0x0e54  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
21:03:27.0584 0x0e54  WmiAcpi - ok
21:03:27.0650 0x0e54  [ A1BCA34F741D285E8A7CD3F3E734BBBD, 0BD51632576ECDBF99560AD3F57B1A819C7216840818328C44C471471009AA8B ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:03:27.0779 0x0e54  wmiApSrv - ok
21:03:27.0950 0x0e54  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
21:03:28.0159 0x0e54  WMPNetworkSvc - ok
21:03:28.0277 0x0e54  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:03:28.0408 0x0e54  WPCSvc - ok
21:03:28.0458 0x0e54  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:03:28.0652 0x0e54  WPDBusEnum - ok
21:03:28.0705 0x0e54  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
21:03:28.0815 0x0e54  ws2ifsl - ok
21:03:28.0887 0x0e54  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:03:28.0993 0x0e54  wscsvc - ok
21:03:29.0012 0x0e54  WSearch - ok
21:03:29.0206 0x0e54  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
21:03:29.0542 0x0e54  wuauserv - ok
21:03:29.0617 0x0e54  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:03:29.0736 0x0e54  WudfPf - ok
21:03:29.0793 0x0e54  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:03:29.0897 0x0e54  WUDFRd - ok
21:03:29.0957 0x0e54  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
21:03:30.0086 0x0e54  wudfsvc - ok
21:03:30.0153 0x0e54  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc        C:\Windows\System32\wwansvc.dll
21:03:30.0292 0x0e54  WwanSvc - ok
21:03:30.0362 0x0e54  ================ Scan global ===============================
21:03:30.0415 0x0e54  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
21:03:30.0480 0x0e54  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
21:03:30.0544 0x0e54  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
21:03:30.0597 0x0e54  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
21:03:30.0665 0x0e54  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
21:03:30.0697 0x0e54  [ Global ] - ok
21:03:30.0698 0x0e54  ================ Scan MBR ==================================
21:03:30.0731 0x0e54  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:03:31.0195 0x0e54  \Device\Harddisk0\DR0 - ok
21:03:31.0214 0x0e54  [ DC08D6B42883CBAF721687489B23D577 ] \Device\Harddisk1\DR1
21:03:31.0500 0x0e54  \Device\Harddisk1\DR1 - ok
21:03:31.0500 0x0e54  ================ Scan VBR ==================================
21:03:31.0565 0x0e54  [ 93A3A664935E5C5B662F78EC714E2F28 ] \Device\Harddisk0\DR0\Partition1
21:03:31.0567 0x0e54  \Device\Harddisk0\DR0\Partition1 - ok
21:03:31.0590 0x0e54  [ F5BFC53F457FF3632BA9E829E97B7F54 ] \Device\Harddisk0\DR0\Partition2
21:03:31.0593 0x0e54  \Device\Harddisk0\DR0\Partition2 - ok
21:03:31.0594 0x0e54  ================ Scan generic autorun ======================
21:03:31.0685 0x0e54  [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:03:31.0877 0x0e54  Adobe ARM - ok
21:03:32.0101 0x0e54  [ E0A06707C91A18859AEBDD4FCEA734F7, BB0CF2847C8BCF696830BF5157A4AE7AB9AC4CC0978E64955F674BD10B556879 ] C:\Program Files\AVG Secure Search\vprot.exe
21:03:32.0433 0x0e54  vProt - ok
21:03:32.0569 0x0e54  [ 0AE3673E1C450359490CF47D6AA3AF7F, 52E99FC537E47E749AEEC0CEAB9170D8EA54C31011C038D02E6EA53E9F192067 ] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
21:03:32.0869 0x0e54  SMSERIAL - ok
21:03:33.0322 0x0e54  [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
21:03:33.0886 0x0e54  AvastUI.exe - ok
21:03:34.0162 0x0e54  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:03:34.0432 0x0e54  Sidebar - ok
21:03:34.0512 0x0e54  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:03:34.0619 0x0e54  mctadmin - ok
21:03:34.0720 0x0e54  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
21:03:34.0928 0x0e54  Sidebar - ok
21:03:35.0025 0x0e54  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
21:03:35.0108 0x0e54  mctadmin - ok
21:03:35.0242 0x0e54  [ 059C2F55E82C8EDB20E8F26B2A7D2B19, BC323A8B8E0C3A5C2ABF23EDA0314A6117B9C2BC417A66CA5D6B25773E84E8F1 ] C:\Program Files\Ruiware\WinPatrol\winpatrol.exe
21:03:35.0461 0x0e54  WinPatrol - ok
21:03:35.0470 0x0e54  Waiting for KSN requests completion. In queue: 93
21:03:36.0470 0x0e54  Waiting for KSN requests completion. In queue: 93
21:03:37.0470 0x0e54  Waiting for KSN requests completion. In queue: 93
21:03:38.0672 0x0e54  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
21:03:38.0701 0x0e54  Win FW state via NFP2: enabled
21:03:41.0243 0x0e54  ============================================================
21:03:41.0243 0x0e54  Scan finished
21:03:41.0244 0x0e54  ============================================================
21:03:41.0299 0x05ac  Detected object count: 0
21:03:41.0299 0x05ac  Actual detected object count: 0

schrauber 19.12.2014 19:38
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

sir peter 22.12.2014 18:48
Code:
ComboFix 14-12-14.01 - Der Peter 21.12.2014  22:43:33.1.2 - x86
Microsoft Windows 7 Enterprise  6.1.7601.1.1252.49.1031.18.3071.1679 [GMT 1:00]
ausgeführt von:: c:\users\Der Peter\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\start.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-11-21 bis 2014-12-21  ))))))))))))))))))))))))))))))
.
.
2014-12-21 22:00 . 2014-12-21 22:23        --------        d-----w-        c:\users\Der Peter\AppData\Local\temp
2014-12-21 22:00 . 2014-12-21 22:00        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-12-21 21:52 . 2014-12-21 21:52        62576        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B593D12-CF17-48CB-9CF8-DEB0E0485B97}\offreg.dll
2014-12-19 13:22 . 2014-12-02 11:01        9054624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B593D12-CF17-48CB-9CF8-DEB0E0485B97}\mpengine.dll
2014-12-18 19:18 . 2014-12-18 19:55        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-12-18 16:53 . 2014-12-18 16:56        --------        d-----w-        C:\FRST
2014-12-18 16:15 . 2014-12-13 03:33        115712        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-14 17:11 . 2014-12-14 17:11        --------        d-----w-        c:\program files\Common Files\EZB Systems
2014-12-14 17:11 . 2014-12-14 17:11        --------        d-----w-        c:\program files\UltraISO
2014-12-12 13:12 . 2014-12-12 13:12        --------        d-----w-        c:\windows\system32\appraiser
2014-12-11 23:26 . 2014-07-07 01:37        2048        ----a-w-        c:\windows\system32\mferror.dll
2014-12-11 23:26 . 2014-07-07 01:40        103424        ----a-w-        c:\windows\system32\mfps.dll
2014-12-11 23:26 . 2014-07-07 01:39        23040        ----a-w-        c:\windows\system32\mfpmp.exe
2014-12-11 23:26 . 2014-10-18 01:33        3209728        ----a-w-        c:\windows\system32\mf.dll
2014-12-11 23:26 . 2014-07-07 01:39        50176        ----a-w-        c:\windows\system32\rrinstaller.exe
2014-12-11 21:34 . 2014-11-11 01:32        74752        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-12-11 21:34 . 2014-11-11 02:44        1230336        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-12-11 21:31 . 2014-11-08 02:45        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-12-11 21:31 . 2014-10-30 01:45        155136        ----a-w-        c:\windows\system32\charmap.exe
2014-11-26 14:13 . 2014-11-26 14:13        291352        ----a-w-        c:\windows\system32\aswBoot.exe
2014-11-26 14:13 . 2014-11-26 14:13        43152        ----a-w-        c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-18 19:18 . 2014-07-14 20:08        119000        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-18 19:17 . 2014-07-14 19:33        79576        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2014-12-17 18:44 . 2012-10-31 18:46        701616        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-12-17 18:44 . 2012-10-31 18:46        71344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-26 14:14 . 2012-10-31 17:53        787800        ----a-w-        c:\windows\system32\drivers\aswsnx.sys
2014-11-26 14:14 . 2012-10-31 17:53        423784        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-11-26 14:13 . 2014-01-06 10:44        91496        ----a-w-        c:\windows\system32\drivers\aswstm.sys
2014-11-26 14:13 . 2013-03-18 23:02        206248        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2014-11-26 14:13 . 2013-03-18 23:02        49944        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2014-11-26 14:13 . 2014-05-12 11:05        24184        ----a-w-        c:\windows\system32\drivers\aswHwid.sys
2014-11-26 14:13 . 2012-10-31 17:53        81768        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2014-11-26 14:13 . 2012-10-31 17:53        70384        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2014-11-24 13:04 . 2012-10-31 17:58        229000        ------w-        c:\windows\system32\MpSigStub.exe
2014-11-11 02:44 . 2014-11-19 10:22        186880        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 10:22        550912        ----a-w-        c:\windows\system32\kerberos.dll
2014-10-25 01:32 . 2014-11-12 09:03        67584        ----a-w-        c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-12 09:04        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2014-10-17 12:50 . 2014-10-17 12:50        96680        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-10-14 01:56 . 2014-11-12 09:03        136632        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-12 09:03        523776        ----a-w-        c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-12 09:04        2363904        ----a-w-        c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-12 09:03        1059840        ----a-w-        c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-12 09:03        146432        ----a-w-        c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-12 09:03        681984        ----a-w-        c:\windows\system32\adtschema.dll
2014-10-10 00:45 . 2014-11-12 09:04        2379264        ----a-w-        c:\windows\system32\win32k.sys
2014-10-03 01:44 . 2014-11-12 09:04        442880        ----a-w-        c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44 . 2014-11-12 09:04        275968        ----a-w-        c:\windows\system32\EncDump.dll
2014-10-03 01:44 . 2014-11-12 09:04        475136        ----a-w-        c:\windows\system32\audiosrv.dll
2014-10-03 01:44 . 2014-11-12 09:04        374784        ----a-w-        c:\windows\system32\AudioEng.dll
2014-10-03 01:44 . 2014-11-12 09:04        195584        ----a-w-        c:\windows\system32\AudioSes.dll
2014-09-25 01:40 . 2014-10-01 14:39        519680        ----a-w-        c:\windows\system32\qdvd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-09-07 20:36        3627032        ----a-w-        c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll" [2014-09-07 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-26 14:13        723976        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04        131480        ----a-w-        c:\users\Der Peter\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\Ruiware\WinPatrol\winpatrol.exe" [2014-07-21 1154112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2014-09-07 2640408]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-12-12 5227112]
.
c:\users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-9 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2012-12-20 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-11-26 91496]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-02 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-26 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-26 423784]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-09-07 42784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-01 242240]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-26 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-26 70384]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-09-07 1820184]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
S3 SiSGbeLH;NDIS 6.0-Treiber für SiS191/SiS190-Ethernet-Gerät;c:\windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 48128]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-31 18:44]
.
2014-12-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core.job
- c:\users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-28 19:20]
.
2014-12-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA.job
- c:\users\Der Peter\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-05-28 19:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.startfenster.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\
FF - prefs.js: browser.search.selectedEngine - Ecosia
FF - prefs.js: browser.startup.homepage - about:home
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*jr3u`^:^£%<’]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
  00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*jr£u`^¸RŒ[Q]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
  00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\png*jrÕu`^áalrEó]
"0"=hex:14,00,1f,50,e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,
  43,3a,5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,74,00,31,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*jr[u`^×cÙ¨’]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
  00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*jr[u`^âd$¨]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
  00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
  00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\jpg*þÿÿÿjr[ujr[u`^âd—$¨]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
  00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\psp*jr–u`^ìô^°(]
"0"=hex:14,00,1f,44,47,1a,03,59,72,3f,a7,44,89,c5,55,95,fe,6b,30,ee,20,00,00,
  00,1a,00,ee,bb,fe,23,00,00,10,00,30,81,e2,33,1e,4e,76,46,83,5a,98,39,5c,3b,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*jr3u`^:^£%<’]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*jr3u`^:^£%<’\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*jr£u`^¸RŒ[Q]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*jr£u`^¸RŒ[Q\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*jrÕu`^áalrEó]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*png*jrÕu`^áalrEó\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*jr[u`^×cÙ¨’]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*jr[u`^×cÙ¨’\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*jr[u`^âd$¨]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*jr[u`^âd$¨\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿjr[ujr[u`^âd—$¨]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*jpg*þÿÿÿjr[ujr[u`^âd—$¨\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*psp*jr–u`^ìô^°(]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*psp*jr–u`^ìô^°(\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*png*jr3u`^:^£%<’]
"0"=hex:4c,00,61,00,20,00,52,00,69,00,63,00,69,00,20,00,7e,00,20,00,50,00,68,
  00,6f,00,74,00,6f,00,67,00,72,00,61,00,70,00,68,00,79,00,20,00,7e,00,20,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*png*jr£u`^¸RŒ[Q]
"0"=hex:48,00,6f,00,63,00,68,00,7a,00,65,00,69,00,74,00,73,00,62,00,69,00,6c,
  00,64,00,20,00,6d,00,69,00,74,00,20,00,52,00,75,00,74,00,6b,00,61,00,74,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*png*jrÕu`^áalrEó]
"0"=hex:47,00,72,00,75,00,70,00,70,00,65,00,6e,00,62,00,69,00,6c,00,64,00,2e,
  00,70,6e,67,00,6a,72,d5,75,60,5e,e1,61,6c,72,45,f3,10,01,00,00,a2,00,36,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*jr[u`^×cÙ¨’]
"0"=hex:49,00,4d,00,47,00,5f,00,37,00,39,00,38,00,32,00,20,00,2d,00,33,00,2e,
  00,6a,70,67,00,6a,72,5b,75,60,5e,d7,63,d9,a8,92,0f,10,01,00,00,a2,00,36,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*jr[u`^âd$¨]
"0"=hex:49,00,4d,00,47,00,5f,00,37,00,39,00,39,00,31,00,62,00,2e,00,6a,70,67,
  00,6a,72,5b,75,60,5e,e2,64,1f,05,24,a8,10,01,00,00,9a,00,36,00,00,00,00,00,\
"MRUListEx"=hex:01,00,00,00,00,00,00,00,ff,ff,ff,ff
"1"=hex:49,00,4d,00,47,00,5f,00,37,00,39,00,39,00,31,00,63,00,2e,00,6a,70,67,
  00,6a,72,5b,75,60,5e,e2,64,1f,05,24,a8,10,01,00,00,9a,00,36,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*jpg*þÿÿÿjr[ujr[u`^âd—$¨]
"0"=hex:49,00,4d,00,47,00,5f,00,37,00,39,00,37,00,37,00,62,00,2e,00,6a,70,67,
  00,fe,ff,ff,ff,6a,72,5b,75,6a,72,5b,75,60,5e,e2,64,97,1b,24,a8,10,01,00,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*psp*jr–u`^ìô^°(]
"0"=hex:72,00,6f,00,79,00,61,00,6c,00,72,00,61,00,6e,00,67,00,65,00,72,00,73,
  00,62,00,61,00,63,00,6b,00,2e,00,70,73,70,00,6a,72,96,75,60,5e,ec,1d,f4,5e,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-12-21  23:27:09
ComboFix-quarantined-files.txt  2014-12-21 22:27
.
Vor Suchlauf: 10 Verzeichnis(se), 40.684.396.544 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 41.868.652.544 Bytes frei
.
- - End Of File - - 7C5FFEFE864EFB77A936314BBCC2BDB5
A36C5E4F47E84449FF07ED3517B43A31
Was ich zusätzlich beobachte ist, dass ich die Suchmaschiene ecosia nicht aus meiner firefox suchmaschienen-toolbar löschen kann, sie ist immer wieder neu da und Scotty win patrol gibt mir bei Systemstart immer eine Meldung, die kommt immer wieder, egal ob ich sie annehme oder blcokiere...

WinPatrol ALERT: New or Changed Program - Startup Program

A new automatic Startup Program has been detected.

Type: Run Once

Often required for software upates and new installations.
This program could slow your computer by running in the background.
Was this program expected and something you want active all the time?

NO ICON

No Discription found

Company name not included in this program.

1419270206

schrauber 23.12.2014 17:08
Der Eintrag kommt von Adobe Reader.


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

sir peter 06.01.2015 19:02
Hat etwas länger gedauert...
Euch an dieser Stelle noch ein gesundes neues Jahr!!

Hier die logs:

mbam

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 06.01.2015
Suchlauf-Zeit: 17:54:51
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.06.07
Rootkit Datenbank: v2015.01.06.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Der Peter

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 313588
Verstrichene Zeit: 22 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-3580812390-2972974327-1728687882-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [82ad797bacddd85ed29fef7ab94a01ff],

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
AdwCleaner

Code:
# AdwCleaner v4.106 - Bericht erstellt am 06/01/2015 um 18:24:59
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzername : Der Peter - DERPETER-PC
# Gestartet von : C:\Users\Der Peter\Desktop\AdwCleaner_4.106.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : vToolbarUpdater18.1.9

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\Program Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Users\Der Peter\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Der Peter\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Der Peter\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\Der Peter\AppData\Roaming\OCS
Datei Gelöscht : C:\Users\Der Peter\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Der Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Der Peter\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v34.0.5 (x86 de)


*************************

AdwCleaner[R0].txt - [6507 octets] - [06/01/2015 18:21:12]
AdwCleaner[S0].txt - [6343 octets] - [06/01/2015 18:24:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6403 octets] ##########
JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Enterprise x86
Ran by Der Peter on 06.01.2015 at 18:40:52,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Der Peter\favorites\links\startfenster.lnk"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Der Peter\AppData\Roaming\mozilla\firefox\profiles\ygnql2wg.default\minidumps [211 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.01.2015 at 18:49:20,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-01-2015
Ran by Der Peter (administrator) on DERPETER-PC on 06-01-2015 18:56:29
Running from C:\Users\Der Peter\Desktop
Loaded Profile: Der Peter (Available profiles: Der Peter)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PSIService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default
FF SelectedSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program File\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3580812390-2972974327-1728687882-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Der Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\searchplugins\benefind.xml
FF SearchPlugin: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\searchplugins\gutscheinsuche.xml
FF Extension: NoScript - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-14]
FF Extension: Adblock Plus - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-31]
FF Extension: Adblock Edge - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-31]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-07] (AVG Technologies)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-01] (DT Soft Ltd)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 catchme; \??\C:\Users\DERPET~1\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 18:56 - 2015-01-06 18:56 - 00000000 ____D () C:\Users\Der Peter\Desktop\FRST-OlderVersion
2015-01-06 18:49 - 2015-01-06 18:49 - 00000850 _____ () C:\Users\Der Peter\Desktop\JRT.txt
2015-01-06 18:40 - 2015-01-06 18:40 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 18:39 - 2015-01-06 18:39 - 01707939 _____ (Thisisu) C:\Users\Der Peter\Desktop\JRT.exe
2015-01-06 18:34 - 2015-01-06 18:34 - 00006483 _____ () C:\Users\Der Peter\Desktop\AdwCleaner[S0].txt
2015-01-06 18:21 - 2015-01-06 18:25 - 00000000 ____D () C:\AdwCleaner
2015-01-06 18:19 - 2015-01-06 18:19 - 02173952 _____ () C:\Users\Der Peter\Desktop\AdwCleaner_4.106.exe
2015-01-06 18:19 - 2015-01-06 18:19 - 00001357 _____ () C:\Users\Der Peter\Desktop\mbam.txt
2015-01-06 17:30 - 2015-01-06 17:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Der Peter\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 22:33 - 2014-12-22 22:33 - 00001133 _____ () C:\Users\Public\Desktop\ALDI NORD Bestellsoftware.lnk
2014-12-22 22:26 - 2014-12-22 22:59 - 00000000 ____D () C:\Program Files\ALDI NORD Bestellsoftware
2014-12-22 22:16 - 2014-12-22 22:20 - 261829832 _____ () C:\Users\Der Peter\Downloads\ALDI_NORD_Bestellsoftware_Setup.exe
2014-12-21 23:27 - 2014-12-21 23:27 - 00021152 _____ () C:\ComboFix.txt
2014-12-21 22:40 - 2014-12-21 23:27 - 00000000 ____D () C:\Qoobox
2014-12-21 22:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-21 22:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-21 22:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-21 22:39 - 2014-12-21 23:24 - 00000000 ____D () C:\Windows\erdnt
2014-12-21 22:38 - 2014-12-21 22:38 - 05601641 ____R (Swearware) C:\Users\Der Peter\Desktop\ComboFix.exe
2014-12-18 20:58 - 2014-12-18 20:58 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Der Peter\Desktop\tdsskiller.exe
2014-12-18 20:18 - 2014-12-18 20:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-18 20:16 - 2014-12-18 20:55 - 00000000 ____D () C:\Users\Der Peter\Desktop\mbar
2014-12-18 20:05 - 2014-12-18 20:06 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Der Peter\Desktop\mbar-1.08.2.1001.exe
2014-12-18 18:40 - 2014-12-18 18:40 - 00014042 _____ () C:\Users\Der Peter\Desktop\gmer.txt
2014-12-18 17:57 - 2014-12-18 17:57 - 00380416 _____ () C:\Users\Der Peter\Desktop\Gmer-19357.exe
2014-12-18 17:55 - 2014-12-18 17:56 - 00026292 _____ () C:\Users\Der Peter\Desktop\Addition.txt
2014-12-18 17:53 - 2015-01-06 18:56 - 00012134 _____ () C:\Users\Der Peter\Desktop\FRST.txt
2014-12-18 17:53 - 2015-01-06 18:56 - 00000000 ____D () C:\FRST
2014-12-18 17:52 - 2015-01-06 18:56 - 01115136 _____ (Farbar) C:\Users\Der Peter\Desktop\FRST.exe
2014-12-18 17:45 - 2014-12-18 17:46 - 00000550 _____ () C:\Users\Der Peter\Desktop\defogger_disable.log
2014-12-18 17:45 - 2014-12-18 17:45 - 00000156 _____ () C:\Users\Der Peter\defogger_reenable
2014-12-18 17:44 - 2014-12-18 17:44 - 00050477 _____ () C:\Users\Der Peter\Desktop\Defogger.exe
2014-12-18 17:15 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 21:18 - 2014-12-22 22:47 - 00000000 ____D () C:\Users\Der Peter\Desktop\Bilder für Fotoshow
2014-12-14 18:25 - 2014-12-14 18:25 - 01156136 _____ (Ruiware) C:\Users\Der Peter\Downloads\wpsetup.exe
2014-12-14 18:11 - 2014-12-14 18:13 - 00000000 ____D () C:\Users\Der Peter\Documents\My ISO Files
2014-12-14 18:11 - 2014-12-14 18:11 - 00000929 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Program Files\UltraISO
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Program Files\Common Files\EZB Systems
2014-12-14 18:05 - 2014-12-14 18:05 - 04348103 _____ (EZB Systems, Inc. ) C:\Users\Der Peter\Downloads\uiso962_pe_DE.exe
2014-12-12 14:12 - 2014-12-12 14:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 00:26 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 00:26 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 00:26 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 00:26 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 00:26 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 22:34 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 22:34 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 22:33 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 22:33 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 22:33 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 22:33 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 22:33 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 22:33 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 22:33 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 22:33 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 22:33 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 22:33 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 22:33 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 22:33 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 22:33 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 22:33 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 22:33 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 22:33 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 22:33 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 22:33 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 22:33 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 22:33 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 22:32 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 22:32 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 22:32 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 22:32 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 22:32 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 22:32 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 22:32 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 22:32 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 22:32 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 22:32 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 22:32 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 22:32 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 22:31 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 22:31 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 15:35 - 2014-12-10 15:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-06 18:41 - 2012-10-31 19:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 18:36 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-06 18:36 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-06 18:35 - 2012-10-31 18:37 - 01300474 _____ () C:\Windows\WindowsUpdate.log
2015-01-06 18:31 - 2014-07-14 21:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-06 18:29 - 2012-11-01 13:47 - 00000000 ___RD () C:\Users\Der Peter\Dropbox
2015-01-06 18:28 - 2012-11-01 13:24 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Dropbox
2015-01-06 18:27 - 2012-11-01 14:38 - 00191962 _____ () C:\Windows\PFRO.log
2015-01-06 18:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-06 18:27 - 2009-07-14 05:39 - 00103280 _____ () C:\Windows\setupact.log
2015-01-06 18:26 - 2014-05-28 20:21 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA.job
2015-01-06 17:31 - 2014-07-14 20:33 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 17:31 - 2014-07-14 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 17:31 - 2014-07-14 20:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-26 22:19 - 2013-07-03 23:29 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Aquamarin Haushaltsbuch
2014-12-26 21:26 - 2014-05-28 20:21 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core.job
2014-12-21 23:54 - 2012-10-31 18:40 - 00000000 ____D () C:\Windows\rescache
2014-12-21 23:27 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-21 23:27 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-21 23:23 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-21 00:40 - 2009-10-15 10:59 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 14:45 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-18 18:08 - 2012-11-06 13:15 - 00000000 ____D () C:\Users\Der Peter\AppData\Local\CrashDumps
2014-12-18 18:05 - 2014-07-14 20:42 - 00010062 _____ () C:\Windows\SecuniaPackage.log
2014-12-18 17:45 - 2012-10-31 18:44 - 00000000 ____D () C:\Users\Der Peter
2014-12-17 19:44 - 2012-11-01 19:32 - 00000000 ____D () C:\Users\Der Peter\AppData\Local\Adobe
2014-12-17 19:44 - 2012-10-31 19:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-17 19:44 - 2012-10-31 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-16 22:12 - 2014-11-20 14:57 - 00004608 _____ () C:\Users\Der Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 18:26 - 2014-07-14 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-12-14 18:26 - 2014-07-14 20:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-14 09:26 - 2012-11-01 13:47 - 00001032 _____ () C:\Users\Der Peter\Desktop\Dropbox.lnk
2014-12-14 09:26 - 2012-11-01 13:25 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 15:19 - 2014-10-06 09:17 - 00001432 _____ () C:\Users\Der Peter\Desktop\Seppel Praxis.lnk
2014-12-12 14:12 - 2014-05-12 13:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 14:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-12 14:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 00:24 - 2013-08-29 10:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 00:19 - 2012-10-31 20:07 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 22:20 - 2012-11-01 15:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 22:08 - 2012-10-31 19:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Der Peter\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqhfgxw.dll
C:\Users\Der Peter\AppData\Local\temp\Quarantine.exe
C:\Users\Der Peter\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 17:14

==================== End Of Log ============================
--- --- ---

schrauber 06.01.2015 19:51

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

sir peter 07.01.2015 17:22
ESET

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=2c91e948ae2de74a957dde1c5010496d
# engine=21842
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-06 10:18:54
# local_time=2015-01-06 11:18:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 1764108 185003224 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 104542 172213925 0 0
# scanned=203742
# found=0
# cleaned=0
# scan_time=10344

Security Check

Code:
Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus 
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 WinPatrol
 Secunia PSI (3.0.0.9016) 
 Java 7 Update 71 
 Adobe Flash Player        16.0.0.235 
 Adobe Reader XI 
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent```````` 
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastui.exe 
 Ruiware WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Der Peter (administrator) on DERPETER-PC on 07-01-2015 17:15:58
Running from C:\Users\Der Peter\Desktop
Loaded Profile: Der Peter (Available profiles: Der Peter)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\System32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default
FF SelectedSearchEngine: Ecosia
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program File\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3580812390-2972974327-1728687882-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Der Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\searchplugins\benefind.xml
FF SearchPlugin: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\searchplugins\gutscheinsuche.xml
FF Extension: NoScript - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-14]
FF Extension: Adblock Plus - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-31]
FF Extension: Adblock Edge - C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ygnql2wg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-07-14]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-10]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-31]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-07] (AVG Technologies)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-01] (DT Soft Ltd)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 catchme; \??\C:\Users\DERPET~1\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 17:14 - 2015-01-07 17:14 - 00000986 _____ () C:\Users\Der Peter\Desktop\checkup.txt
2015-01-07 17:06 - 2015-01-07 17:06 - 00852505 _____ () C:\Users\Der Peter\Desktop\SecurityCheck.exe
2015-01-06 20:19 - 2015-01-06 20:19 - 02347384 _____ (ESET) C:\Users\Der Peter\Desktop\esetsmartinstaller_deu.exe
2015-01-06 18:58 - 2015-01-06 18:58 - 00027422 _____ () C:\Users\Der Peter\Desktop\FRST2.txt
2015-01-06 18:56 - 2015-01-07 17:14 - 00000000 ____D () C:\Users\Der Peter\Desktop\FRST-OlderVersion
2015-01-06 18:49 - 2015-01-06 18:49 - 00000850 _____ () C:\Users\Der Peter\Desktop\JRT.txt
2015-01-06 18:40 - 2015-01-06 18:40 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 18:39 - 2015-01-06 18:39 - 01707939 _____ (Thisisu) C:\Users\Der Peter\Desktop\JRT.exe
2015-01-06 18:34 - 2015-01-06 18:34 - 00006483 _____ () C:\Users\Der Peter\Desktop\AdwCleaner[S0].txt
2015-01-06 18:21 - 2015-01-06 18:25 - 00000000 ____D () C:\AdwCleaner
2015-01-06 18:19 - 2015-01-06 18:19 - 02173952 _____ () C:\Users\Der Peter\Desktop\AdwCleaner_4.106.exe
2015-01-06 18:19 - 2015-01-06 18:19 - 00001357 _____ () C:\Users\Der Peter\Desktop\mbam.txt
2015-01-06 17:30 - 2015-01-06 17:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Der Peter\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 22:33 - 2014-12-22 22:33 - 00001133 _____ () C:\Users\Public\Desktop\ALDI NORD Bestellsoftware.lnk
2014-12-22 22:26 - 2014-12-22 22:59 - 00000000 ____D () C:\Program Files\ALDI NORD Bestellsoftware
2014-12-22 22:16 - 2014-12-22 22:20 - 261829832 _____ () C:\Users\Der Peter\Downloads\ALDI_NORD_Bestellsoftware_Setup.exe
2014-12-21 23:27 - 2014-12-21 23:27 - 00021152 _____ () C:\ComboFix.txt
2014-12-21 22:40 - 2014-12-21 23:27 - 00000000 ____D () C:\Qoobox
2014-12-21 22:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-21 22:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-21 22:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-21 22:39 - 2014-12-21 23:24 - 00000000 ____D () C:\Windows\erdnt
2014-12-21 22:38 - 2014-12-21 22:38 - 05601641 ____R (Swearware) C:\Users\Der Peter\Desktop\ComboFix.exe
2014-12-18 20:58 - 2014-12-18 20:58 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Der Peter\Desktop\tdsskiller.exe
2014-12-18 20:18 - 2014-12-18 20:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-18 20:16 - 2014-12-18 20:55 - 00000000 ____D () C:\Users\Der Peter\Desktop\mbar
2014-12-18 20:05 - 2014-12-18 20:06 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Der Peter\Desktop\mbar-1.08.2.1001.exe
2014-12-18 18:40 - 2014-12-18 18:40 - 00014042 _____ () C:\Users\Der Peter\Desktop\gmer.txt
2014-12-18 17:57 - 2014-12-18 17:57 - 00380416 _____ () C:\Users\Der Peter\Desktop\Gmer-19357.exe
2014-12-18 17:55 - 2014-12-18 17:56 - 00026292 _____ () C:\Users\Der Peter\Desktop\Addition.txt
2014-12-18 17:53 - 2015-01-07 17:16 - 00000000 ____D () C:\FRST
2014-12-18 17:53 - 2015-01-07 17:15 - 00012230 _____ () C:\Users\Der Peter\Desktop\FRST.txt
2014-12-18 17:52 - 2015-01-07 17:14 - 01115648 _____ (Farbar) C:\Users\Der Peter\Desktop\FRST.exe
2014-12-18 17:45 - 2014-12-18 17:46 - 00000550 _____ () C:\Users\Der Peter\Desktop\defogger_disable.log
2014-12-18 17:45 - 2014-12-18 17:45 - 00000156 _____ () C:\Users\Der Peter\defogger_reenable
2014-12-18 17:44 - 2014-12-18 17:44 - 00050477 _____ () C:\Users\Der Peter\Desktop\Defogger.exe
2014-12-18 17:15 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 21:18 - 2014-12-22 22:47 - 00000000 ____D () C:\Users\Der Peter\Desktop\Bilder für Fotoshow
2014-12-14 18:25 - 2014-12-14 18:25 - 01156136 _____ (Ruiware) C:\Users\Der Peter\Downloads\wpsetup.exe
2014-12-14 18:11 - 2014-12-14 18:13 - 00000000 ____D () C:\Users\Der Peter\Documents\My ISO Files
2014-12-14 18:11 - 2014-12-14 18:11 - 00000929 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Program Files\UltraISO
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Program Files\Common Files\EZB Systems
2014-12-14 18:05 - 2014-12-14 18:05 - 04348103 _____ (EZB Systems, Inc. ) C:\Users\Der Peter\Downloads\uiso962_pe_DE.exe
2014-12-12 14:12 - 2014-12-12 14:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 00:26 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 00:26 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 00:26 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 00:26 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 00:26 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 22:34 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 22:34 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 22:33 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 22:33 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 22:33 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 22:33 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 22:33 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 22:33 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 22:33 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 22:33 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 22:33 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 22:33 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 22:33 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 22:33 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 22:33 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 22:33 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 22:33 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 22:33 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 22:33 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 22:33 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 22:33 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 22:33 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 22:32 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 22:32 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 22:32 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 22:32 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 22:32 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 22:32 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 22:32 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 22:32 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 22:32 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 22:32 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 22:32 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 22:32 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 22:31 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 22:31 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 15:35 - 2014-12-10 15:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-07 17:13 - 2012-11-01 13:47 - 00000000 ___RD () C:\Users\Der Peter\Dropbox
2015-01-07 17:03 - 2012-10-31 18:37 - 01361871 _____ () C:\Windows\WindowsUpdate.log
2015-01-07 16:57 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-07 16:57 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-07 16:51 - 2014-07-14 21:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 16:51 - 2012-11-01 13:24 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Dropbox
2015-01-07 16:48 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-07 16:48 - 2009-07-14 05:39 - 00103336 _____ () C:\Windows\setupact.log
2015-01-06 22:41 - 2012-10-31 19:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-06 21:34 - 2014-05-28 20:21 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core.job
2015-01-06 21:26 - 2014-05-28 20:21 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA.job
2015-01-06 19:57 - 2012-11-06 13:15 - 00000000 ____D () C:\Users\Der Peter\AppData\Local\CrashDumps
2015-01-06 18:27 - 2012-11-01 14:38 - 00191962 _____ () C:\Windows\PFRO.log
2015-01-06 17:31 - 2014-07-14 20:33 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 17:31 - 2014-07-14 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 17:31 - 2014-07-14 20:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-26 22:19 - 2013-07-03 23:29 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Aquamarin Haushaltsbuch
2014-12-21 23:54 - 2012-10-31 18:40 - 00000000 ____D () C:\Windows\rescache
2014-12-21 23:27 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-21 23:27 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-21 23:23 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-21 00:40 - 2009-10-15 10:59 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-19 14:45 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-18 18:05 - 2014-07-14 20:42 - 00010062 _____ () C:\Windows\SecuniaPackage.log
2014-12-18 17:45 - 2012-10-31 18:44 - 00000000 ____D () C:\Users\Der Peter
2014-12-17 19:44 - 2012-11-01 19:32 - 00000000 ____D () C:\Users\Der Peter\AppData\Local\Adobe
2014-12-17 19:44 - 2012-10-31 19:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-17 19:44 - 2012-10-31 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-16 22:12 - 2014-11-20 14:57 - 00004608 _____ () C:\Users\Der Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 18:26 - 2014-07-14 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-12-14 18:26 - 2014-07-14 20:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-14 09:26 - 2012-11-01 13:47 - 00001032 _____ () C:\Users\Der Peter\Desktop\Dropbox.lnk
2014-12-14 09:26 - 2012-11-01 13:25 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 15:19 - 2014-10-06 09:17 - 00001432 _____ () C:\Users\Der Peter\Desktop\Seppel Praxis.lnk
2014-12-12 14:12 - 2014-05-12 13:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 14:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-12 14:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 00:24 - 2013-08-29 10:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 00:19 - 2012-10-31 20:07 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 22:20 - 2012-11-01 15:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-11 22:08 - 2012-10-31 19:51 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Der Peter\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkkjbws.dll
C:\Users\Der Peter\AppData\Local\temp\Quarantine.exe
C:\Users\Der Peter\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 17:14

==================== End Of Log ============================
--- --- ---



bei web komm ich immer noch nicht wieder rein...

schrauber 07.01.2015 18:15
Egal mit welchem Browser? Kommt ne Fehlermeldung?

sir peter 08.01.2015 17:14
Die Meldung (siehe erste Post) kommt nur bei Mozilla Firefox.

schrauber 08.01.2015 18:54
Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen


Dann bitte nochmal ein frisches FRST Log. Login bei web.de mit anderm Browser geht?

sir peter 10.01.2015 13:37
Ich habe firefox gelöscht, auch die registry Einträge, dann alles wie beschrieben durchgeführt, Fehlermeldung bei firefox bleibt jedoch die gleiche...

Hier der FRST log


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Der Peter (administrator) on DERPETER-PC on 10-01-2015 12:08:32
Running from C:\Users\Der Peter\Desktop
Loaded Profile: Der Peter (Available profiles: Der Peter)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Windows\System32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1458176 2009-10-26] (Motorola Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Der Peter\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3580812390-2972974327-1728687882-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startfenster.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Der Peter\AppData\Roaming\Mozilla\Firefox\Profiles\j58twde5.default-1420887990363
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program File\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3580812390-2972974327-1728687882-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Der Peter\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-31]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-26] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-09-07] (AVG Technologies)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-11-01] (DT Soft Ltd)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82168 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 catchme; \??\C:\Users\DERPET~1\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 11:59 - 2015-01-10 11:59 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-10 11:59 - 2015-01-10 11:59 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-10 11:59 - 2015-01-10 11:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-10 11:59 - 2015-01-10 11:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-10 11:57 - 2015-01-10 11:57 - 00244264 _____ () C:\Users\Der Peter\Downloads\Firefox Setup Stub 34.0.5.exe
2015-01-10 11:34 - 2015-01-10 11:34 - 00001186 _____ () C:\Users\Der Peter\Desktop\Revo Uninstaller.lnk
2015-01-10 11:34 - 2015-01-10 11:34 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-10 11:32 - 2015-01-10 11:32 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Der Peter\Desktop\revosetup95.exe
2015-01-07 18:47 - 2015-01-07 18:47 - 00000000 __SHD () C:\Users\Der Peter\AppData\Local\EmieBrowserModeList
2015-01-07 17:18 - 2015-01-07 17:18 - 00027925 _____ () C:\Users\Der Peter\Desktop\FRST3.txt
2015-01-07 17:14 - 2015-01-07 17:14 - 00000986 _____ () C:\Users\Der Peter\Desktop\checkup.txt
2015-01-07 17:06 - 2015-01-07 17:06 - 00852505 _____ () C:\Users\Der Peter\Desktop\SecurityCheck.exe
2015-01-06 20:19 - 2015-01-06 20:19 - 02347384 _____ (ESET) C:\Users\Der Peter\Desktop\esetsmartinstaller_deu.exe
2015-01-06 18:58 - 2015-01-06 18:58 - 00027422 _____ () C:\Users\Der Peter\Desktop\FRST2.txt
2015-01-06 18:56 - 2015-01-07 17:14 - 00000000 ____D () C:\Users\Der Peter\Desktop\FRST-OlderVersion
2015-01-06 18:49 - 2015-01-06 18:49 - 00000850 _____ () C:\Users\Der Peter\Desktop\JRT.txt
2015-01-06 18:40 - 2015-01-06 18:40 - 00000000 ____D () C:\Windows\ERUNT
2015-01-06 18:39 - 2015-01-06 18:39 - 01707939 _____ (Thisisu) C:\Users\Der Peter\Desktop\JRT.exe
2015-01-06 18:34 - 2015-01-06 18:34 - 00006483 _____ () C:\Users\Der Peter\Desktop\AdwCleaner[S0].txt
2015-01-06 18:21 - 2015-01-06 18:25 - 00000000 ____D () C:\AdwCleaner
2015-01-06 18:19 - 2015-01-06 18:19 - 02173952 _____ () C:\Users\Der Peter\Desktop\AdwCleaner_4.106.exe
2015-01-06 18:19 - 2015-01-06 18:19 - 00001357 _____ () C:\Users\Der Peter\Desktop\mbam.txt
2015-01-06 17:30 - 2015-01-06 17:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Der Peter\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-22 22:33 - 2014-12-22 22:33 - 00001133 _____ () C:\Users\Public\Desktop\ALDI NORD Bestellsoftware.lnk
2014-12-22 22:26 - 2014-12-22 22:59 - 00000000 ____D () C:\Program Files\ALDI NORD Bestellsoftware
2014-12-22 22:16 - 2014-12-22 22:20 - 261829832 _____ () C:\Users\Der Peter\Downloads\ALDI_NORD_Bestellsoftware_Setup.exe
2014-12-21 23:27 - 2014-12-21 23:27 - 00021152 _____ () C:\ComboFix.txt
2014-12-21 22:40 - 2014-12-21 23:27 - 00000000 ____D () C:\Qoobox
2014-12-21 22:40 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-21 22:40 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-21 22:40 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-21 22:40 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-21 22:39 - 2014-12-21 23:24 - 00000000 ____D () C:\Windows\erdnt
2014-12-21 22:38 - 2014-12-21 22:38 - 05601641 ____R (Swearware) C:\Users\Der Peter\Desktop\ComboFix.exe
2014-12-18 20:58 - 2014-12-18 20:58 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Der Peter\Desktop\tdsskiller.exe
2014-12-18 20:18 - 2014-12-18 20:55 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-18 20:16 - 2014-12-18 20:55 - 00000000 ____D () C:\Users\Der Peter\Desktop\mbar
2014-12-18 20:05 - 2014-12-18 20:06 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Der Peter\Desktop\mbar-1.08.2.1001.exe
2014-12-18 18:40 - 2014-12-18 18:40 - 00014042 _____ () C:\Users\Der Peter\Desktop\gmer.txt
2014-12-18 17:57 - 2014-12-18 17:57 - 00380416 _____ () C:\Users\Der Peter\Desktop\Gmer-19357.exe
2014-12-18 17:55 - 2014-12-18 17:56 - 00026292 _____ () C:\Users\Der Peter\Desktop\Addition.txt
2014-12-18 17:53 - 2015-01-10 12:08 - 00010772 _____ () C:\Users\Der Peter\Desktop\FRST.txt
2014-12-18 17:53 - 2015-01-10 12:08 - 00000000 ____D () C:\FRST
2014-12-18 17:52 - 2015-01-07 17:14 - 01115648 _____ (Farbar) C:\Users\Der Peter\Desktop\FRST.exe
2014-12-18 17:45 - 2014-12-18 17:46 - 00000550 _____ () C:\Users\Der Peter\Desktop\defogger_disable.log
2014-12-18 17:45 - 2014-12-18 17:45 - 00000156 _____ () C:\Users\Der Peter\defogger_reenable
2014-12-18 17:44 - 2014-12-18 17:44 - 00050477 _____ () C:\Users\Der Peter\Desktop\Defogger.exe
2014-12-18 17:15 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 21:18 - 2014-12-22 22:47 - 00000000 ____D () C:\Users\Der Peter\Desktop\Bilder für Fotoshow
2014-12-14 18:25 - 2014-12-14 18:25 - 01156136 _____ (Ruiware) C:\Users\Der Peter\Downloads\wpsetup.exe
2014-12-14 18:11 - 2014-12-14 18:13 - 00000000 ____D () C:\Users\Der Peter\Documents\My ISO Files
2014-12-14 18:11 - 2014-12-14 18:11 - 00000929 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Program Files\UltraISO
2014-12-14 18:11 - 2014-12-14 18:11 - 00000000 ____D () C:\Program Files\Common Files\EZB Systems
2014-12-14 18:05 - 2014-12-14 18:05 - 04348103 _____ (EZB Systems, Inc. ) C:\Users\Der Peter\Downloads\uiso962_pe_DE.exe
2014-12-12 14:12 - 2014-12-12 14:12 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-12 00:26 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-12 00:26 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-12 00:26 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-12 00:26 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-12 00:26 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 22:34 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-11 22:34 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 22:33 - 2014-12-04 05:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-11 22:33 - 2014-12-04 05:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-11 22:33 - 2014-12-04 05:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-11 22:33 - 2014-12-02 00:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-11 22:33 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-11 22:33 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-11 22:33 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-11 22:33 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-11 22:33 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-11 22:33 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-11 22:33 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-11 22:33 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-11 22:33 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-11 22:33 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-11 22:33 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-11 22:33 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-11 22:33 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-11 22:33 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-11 22:33 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-11 22:33 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-11 22:33 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-11 22:32 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-11 22:32 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-11 22:32 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-11 22:32 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-11 22:32 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-11 22:32 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-11 22:32 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-11 22:32 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-11 22:32 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-11 22:32 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-11 22:32 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-11 22:32 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-11 22:31 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 22:31 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 11:57 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:57 - 2009-07-14 05:34 - 00023568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 11:52 - 2014-07-14 21:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-10 11:52 - 2012-10-31 18:37 - 01523999 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 11:49 - 2012-11-01 13:47 - 00000000 ___RD () C:\Users\Der Peter\Dropbox
2015-01-10 11:49 - 2012-11-01 13:24 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Dropbox
2015-01-10 11:48 - 2012-11-01 14:38 - 00193562 _____ () C:\Windows\PFRO.log
2015-01-10 11:48 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 11:48 - 2009-07-14 05:39 - 00103560 _____ () C:\Windows\setupact.log
2015-01-10 11:41 - 2012-10-31 19:46 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-09 15:26 - 2014-05-28 20:21 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001UA.job
2015-01-09 15:23 - 2009-10-15 10:59 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-08 21:26 - 2014-05-28 20:21 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3580812390-2972974327-1728687882-1001Core.job
2015-01-06 19:57 - 2012-11-06 13:15 - 00000000 ____D () C:\Users\Der Peter\AppData\Local\CrashDumps
2015-01-06 17:31 - 2014-07-14 20:33 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-06 17:31 - 2014-07-14 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-06 17:31 - 2014-07-14 20:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-06 04:36 - 2012-10-31 18:58 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-26 22:19 - 2013-07-03 23:29 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Aquamarin Haushaltsbuch
2014-12-21 23:54 - 2012-10-31 18:40 - 00000000 ____D () C:\Windows\rescache
2014-12-21 23:27 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-12-21 23:27 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-12-21 23:23 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-12-19 14:45 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-18 18:05 - 2014-07-14 20:42 - 00010062 _____ () C:\Windows\SecuniaPackage.log
2014-12-18 17:45 - 2012-10-31 18:44 - 00000000 ____D () C:\Users\Der Peter
2014-12-17 19:44 - 2012-11-01 19:32 - 00000000 ____D () C:\Users\Der Peter\AppData\Local\Adobe
2014-12-17 19:44 - 2012-10-31 19:46 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-17 19:44 - 2012-10-31 19:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-16 22:12 - 2014-11-20 14:57 - 00004608 _____ () C:\Users\Der Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 18:26 - 2014-07-14 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-12-14 18:26 - 2014-07-14 20:34 - 00000000 ____D () C:\ProgramData\InstallMate
2014-12-14 09:26 - 2012-11-01 13:47 - 00001032 _____ () C:\Users\Der Peter\Desktop\Dropbox.lnk
2014-12-14 09:26 - 2012-11-01 13:25 - 00000000 ____D () C:\Users\Der Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 15:19 - 2014-10-06 09:17 - 00001432 _____ () C:\Users\Der Peter\Desktop\Seppel Praxis.lnk
2014-12-12 14:12 - 2014-05-12 13:51 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-12 14:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-12 14:12 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-12 00:24 - 2013-08-29 10:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-12 00:19 - 2012-10-31 20:07 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-11 22:20 - 2012-11-01 15:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Der Peter\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmporswxj.dll
C:\Users\Der Peter\AppData\Local\temp\Quarantine.exe
C:\Users\Der Peter\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-05 17:14

==================== End Of Log ============================
--- --- ---

schrauber 10.01.2015 14:34
meine Frage zu den anderen Browsern? Firefox nach Neuinstallation auch zurückgesetzt?

sir peter 10.01.2015 14:46
Beim InternetExplorer funktioniert die Anmeldung.
Firefox nach Neuinstallation auch zurückgesetzt?
Ja.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:24 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24