RKIT/13850.A + JS/Redirector.EB.157 - Backdoor/Trojaner? - Ist mein System infiziert?

UltraM · 04.07.2014, 02:33

Hallo Leute,

entschuldigt bitte den nicht unbedingt aussagekräftigen Titel im Topic. Ich weiß nicht ob mein System infiziert ist oder nicht, würde dies aber gerne checken.

Ich surfe seit ca. 6 Monaten nur noch mit der normalen Free Version von AntiVir, da meine Lizenz ausgelaufen ist, dazu verwenden ich die Windows 7 Firewall (OS also Win7).

Ich habe nun nach eurem Tutorial nach AVZ durchlaufen lassen und die logs erstellen können:
virusinfo_syscure.zip
virusinfo_syscheck.zip

Wenn ich AVIRA durchlaufen lasse bekomme ich folgende "Funde":
RKIT/13850.A
JS/Redirector.EB.157

Die befallenen Dateien konnten ins Quarantäneverzeichnis verschoben werden.

Außerdem poppte der Hinweis auf "versteckte Dateien" auf, die AVIRA wohl nicht durchscannen kann?!

Sorry für dei DAU-heit!

Vielen Vielen Dank im vorraus!

schrauber · 04.07.2014, 06:54

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

UltraM · 04.07.2014, 14:56

Hey,

sorry - hier die Logs:

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by user (administrator) on TOWER on 04-07-2014 15:54:13
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Windows\DAODx.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Miranda IM) C:\Program Files (x86)\Miranda IM\miranda32.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Razer USA Ltd.) C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Razer\Tarantula\razertra.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Copy Handler] => [X]
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Tarantula] => C:\Program Files (x86)\Razer\Tarantula\razerhid.exe [159744 2007-05-07] (Razer USA Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [Thunderbird] => "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird" -turbo
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\MountPoints2: {8eda9c35-4642-11e3-ac4d-485b39caa82b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\MountPoints2: {fb60f386-d128-11df-9a4e-eb57c079cb76} - Z:\Startup.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.lnk
ShortcutTarget: miranda32.lnk -> C:\Program Files (x86)\Miranda IM\miranda32.exe (Miranda IM)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFA9B49F8FE58CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d2601b24-efad-b3ca-0773-a67b5a7b3a40&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/01/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d2601b24-efad-b3ca-0773-a67b5a7b3a40&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/01/2014&type=hp1000
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{92BBF8D9-3F18-4086-AEF0-FAE6E99FE04A}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___
FF Homepage: hxxp://forum.suchathing.net/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\user.js
FF user.js: detected! => C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCrochetPLUG.dll ( Voyager Japan,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\staged [2013-01-02]
FF Extension: ChatZilla - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011-06-01]
FF Extension: Test Pilot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-10]
FF Extension: WinToFlash Suggestor - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: ChatZilla - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-07-14]
FF Extension: YouTube Video and Audio Downloader - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-12-23]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\guiconfig@slosd.net.xpi [2013-06-14]
FF Extension: WinToFlash Suggestor - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-27]

Chrome: 
=======
CHR StartupUrls: "hxxp://start.qone8.com/?type=hp&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267"
CHR NewTab: "chrome-extension://amfclgbdpgndipgoegfpkkgobahigbcl/redirect.html", "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR Extension: (New Tab Page) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-01-10]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-22]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-22]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-22]
CHR Extension: (FoxyProxy Standard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-12-22]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-22]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-03] (SurfRight B.V.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4714888 2012-06-29] (RealVNC Ltd)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-05-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-03] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-05-08] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 MRV6X64P; C:\Windows\System32\DRIVERS\MRVW13C.sys [245248 2007-10-16] (Marvell Semiconductor, Inc) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-06] () [File not signed]
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.)
U3 a1xai52r; C:\Windows\System32\Drivers\a1xai52r.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\user\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 15:54 - 2014-07-04 15:54 - 00000000 ____D () C:\FRST
2014-07-04 03:33 - 2014-07-04 03:33 - 00062908 _____ () C:\Users\user\Desktop\AVSCAN-20140703-181151-CB22AA0D.LOG
2014-07-03 18:00 - 2014-07-04 15:53 - 00003528 _____ () C:\Windows\setupact.log
2014-07-03 18:00 - 2014-07-03 18:00 - 00130880 _____ () C:\Windows\PFRO.log
2014-07-03 18:00 - 2014-07-03 18:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\AVZ
2014-07-03 17:50 - 2014-07-03 17:50 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:48 - 2014-07-03 17:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-03 17:40 - 2014-07-04 15:53 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-03 17:40 - 2014-07-03 18:00 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:52 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-03 17:40 - 2014-07-03 17:52 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-03 17:40 - 2014-07-03 17:52 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 17:38 - 2014-07-03 17:38 - 00001100 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-03 17:38 - 2014-07-03 17:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-26 21:53 - 2014-07-03 17:51 - 00000000 ____D () C:\Users\user\AppData\Roaming\Azureus
2014-06-26 21:53 - 2014-06-26 21:53 - 00001801 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\.swt
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Program Files\Vuze
2014-06-21 21:51 - 2014-06-21 21:51 - 00000958 _____ () C:\Users\user\Desktop\TinyPic.lnk
2014-06-21 21:51 - 2014-06-21 21:51 - 00000000 ____D () C:\Program Files (x86)\Tinypic
2014-06-21 21:42 - 2014-06-21 21:51 - 00000000 ____D () C:\Users\user\Desktop\kaputtes_paket
2014-06-19 17:30 - 2014-06-19 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 23:44 - 2014-06-13 23:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-06-11 20:53 - 2014-06-12 18:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 17:37 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 17:37 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 17:37 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 17:37 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 17:37 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 17:37 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 17:37 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 17:37 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 17:37 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 17:37 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 17:37 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 17:37 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 17:37 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 17:37 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 17:37 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 17:37 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 17:37 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 17:37 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 17:37 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 17:37 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 17:37 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 17:37 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 17:37 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 17:37 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 17:37 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 17:37 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 17:37 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 17:37 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 17:37 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 17:37 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 17:37 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 17:37 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 17:37 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 17:37 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 17:37 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 17:37 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 17:37 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 17:37 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 17:37 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 17:37 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 17:37 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 17:37 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 17:37 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 17:37 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 17:37 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 17:37 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 17:37 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 17:37 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 17:37 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 17:37 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 17:37 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 17:37 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 17:32 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 17:32 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 17:32 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 17:32 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 17:32 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 17:32 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 17:32 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 17:32 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 17:32 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 17:32 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 17:32 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 17:32 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 17:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 17:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 17:26 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 17:26 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-07-04 15:54 - 2014-07-04 15:54 - 00000000 ____D () C:\FRST
2014-07-04 15:53 - 2014-07-03 18:00 - 00003528 _____ () C:\Windows\setupact.log
2014-07-04 15:53 - 2014-07-03 17:40 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-04 15:53 - 2013-12-22 12:03 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 15:53 - 2013-05-22 11:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\NetSpeedMonitor
2014-07-04 15:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 15:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-04 03:37 - 2013-02-26 03:57 - 00000000 ____D () C:\Program Files\JDownloader 2
2014-07-04 03:37 - 2010-07-26 16:13 - 01421040 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 03:36 - 2013-11-16 15:43 - 00000000 ____D () C:\Users\user\AppData\Local\Battle.net
2014-07-04 03:33 - 2014-07-04 03:33 - 00062908 _____ () C:\Users\user\Desktop\AVSCAN-20140703-181151-CB22AA0D.LOG
2014-07-04 03:32 - 2012-04-11 20:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 03:27 - 2014-05-16 21:52 - 00000000 ____D () C:\ProgramData\WPM
2014-07-04 02:46 - 2013-12-22 12:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-03 18:10 - 2009-07-14 06:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-03 18:10 - 2009-07-14 06:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 18:07 - 2009-07-14 19:58 - 00774832 _____ () C:\Windows\system32\perfh007.dat
2014-07-03 18:07 - 2009-07-14 19:58 - 00175800 _____ () C:\Windows\system32\perfc007.dat
2014-07-03 18:07 - 2009-07-14 07:13 - 01809378 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-03 18:00 - 2014-07-03 18:00 - 00130880 _____ () C:\Windows\PFRO.log
2014-07-03 18:00 - 2014-07-03 18:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 18:00 - 2014-07-03 17:40 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\AVZ
2014-07-03 17:52 - 2014-07-03 17:40 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-03 17:52 - 2014-07-03 17:40 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-03 17:52 - 2014-07-03 17:40 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-03 17:51 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Azureus
2014-07-03 17:51 - 2013-04-29 20:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\inkscape
2014-07-03 17:51 - 2012-03-03 22:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\AIMP3
2014-07-03 17:51 - 2010-10-06 11:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2014-07-03 17:51 - 2010-09-01 00:40 - 00000000 ____D () C:\Windows\Minidump
2014-07-03 17:51 - 2010-08-01 01:58 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2014-07-03 17:51 - 2010-07-26 17:08 - 00000000 ____D () C:\Windows\Panther
2014-07-03 17:50 - 2014-07-03 17:50 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:50 - 2012-05-12 22:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:47 - 2014-07-03 17:48 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-03 17:47 - 2013-01-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-03 17:46 - 2013-01-02 15:38 - 00000000 ____D () C:\ProgramData\Avira
2014-07-03 17:46 - 2013-01-02 15:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 17:38 - 2014-07-03 17:38 - 00001100 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-03 17:38 - 2014-07-03 17:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 17:32 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\user\AppData\Local\Akamai
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ___HD () C:\Program Files (x86)\Dr.Fone_Temp
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-07-03 17:32 - 2013-11-16 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\Battle.net
2014-07-03 17:32 - 2012-12-26 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-07-03 17:32 - 2011-04-02 13:39 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-03 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-02 22:31 - 2011-02-07 20:35 - 00000000 ____D () C:\Users\user\.gimp-2.6
2014-06-28 17:50 - 2010-07-28 16:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client
2014-06-27 21:18 - 2011-06-15 19:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Aegisub
2014-06-26 21:53 - 2014-06-26 21:53 - 00001801 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\.swt
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Program Files\Vuze
2014-06-26 21:53 - 2010-09-05 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-06-25 17:35 - 2010-07-28 16:51 - 00000000 ____D () C:\Users\user\AppData\Local\TeamSpeak 3 Client
2014-06-24 20:39 - 2014-07-03 17:46 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-03 17:46 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-03 17:46 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-24 07:50 - 2010-12-23 05:26 - 00000000 ____D () C:\Program Files (x86)\AIMP2
2014-06-21 21:51 - 2014-06-21 21:51 - 00000958 _____ () C:\Users\user\Desktop\TinyPic.lnk
2014-06-21 21:51 - 2014-06-21 21:51 - 00000000 ____D () C:\Program Files (x86)\Tinypic
2014-06-21 21:51 - 2014-06-21 21:42 - 00000000 ____D () C:\Users\user\Desktop\kaputtes_paket
2014-06-21 08:41 - 2013-12-22 12:03 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 08:41 - 2013-12-22 12:03 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:21 - 2012-04-25 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:30 - 2014-06-19 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 20:52 - 2013-11-23 22:41 - 00000000 ____D () C:\Users\user\Desktop\tatt
2014-06-14 09:44 - 2012-04-11 20:38 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-14 09:44 - 2012-04-11 20:38 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-14 09:44 - 2011-06-25 09:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-13 23:44 - 2014-06-13 23:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-06-13 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 18:15 - 2014-06-11 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 18:18 - 2013-08-14 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:16 - 2014-05-28 23:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 18:16 - 2010-07-26 17:10 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 18:15 - 2014-05-06 20:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-09 16:00 - 2010-07-28 20:23 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-06-08 11:13 - 2014-06-11 17:26 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 17:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\hmpalert_update.exe
C:\Users\user\AppData\Local\Temp\proxy_vole6664821570894925615.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 20:07

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by user at 2014-07-04 15:54:48
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
AC3Filter 1.63b (HKLM-x32\...\AC3Filter_is1) (Version: 1.63b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Aegisub 3.0.4 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.0.4 - Aegisub Team)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1350, 16.06.2014 - AIMP DevTeam)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{5E03A267-415E-5383-FA8F-3CE4145663B9}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.04.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Attribute Changer 7.10d (HKLM-x32\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 7.10d - Romain Petges)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avira (HKLM-x32\...\{89ef9b48-b56b-48d8-b5c1-4eb9a5ca50cb}) (Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.16.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4746 - CDBurnerXP)
Combined Community Codec Pack 2014-04-20 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2014.04.20.0 - CCCP Project)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
CoreAAC Audio Decoder (remove only) (HKLM-x32\...\CoreAAC Audio Decoder) (Version:  - )
CPUID HWMonitor 1.18 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation)
Creative Pack Volume 3 - Kids (HKLM-x32\...\{7F2D1105-70ED-4379-8772-3F06E1D23F5A}) (Version: 1.00.0000.01 - Pinnacle Systems)
CrystalDiskInfo 4.0.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 4.0.1 - Crystal Dew World)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{2A16B95F-7377-410A-B961-EFD9394E1AF3}) (Version:  - Microsoft)
DF CrcSfv 1.3 (HKLM-x32\...\DF CrcSfv_is1) (Version:  - Frischalowski EDV-Beratung)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivxToDVD 0.5.2 (HKLM-x32\...\VSO DivxToDVD_is1) (Version: 0.5.2 - VSO-Software SARL)
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dropbox (HKCU\...\Dropbox) (Version: 1.4.7 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fable III (x32 Version: 1.0.0001.131 - Microsoft Game Studios) Hidden
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
ffdshow [rev 3299] [2010-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.0.0.3299 - )
FileBot (HKLM\...\{C171FBBE-E471-4509-AA63-DB2FB61F778E}) (Version: 1.9.6 - rednoah)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{2444562A-A7DC-42B8-A4D8-1BCF704B1480}) (Version: 1.0.1 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.0.1 - Red Giant) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free iPad Video Converter 3.7.2.1 (HKLM-x32\...\Free iPad Video Converter_is1) (Version:  - FreeAudioVideoSoftTech, Inc.)
Free Screen Video Recorder version 2.5.32.213 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.32.213 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Free WMA to MP3 Converter 1.16 (HKLM-x32\...\Free WMA to MP3 Converter_is1) (Version:  - Jodix Technologies Ltd.)
Game Dev Tycoon v1.3.2 (c) Greenheart Games version 1 (HKLM-x32\...\R2FtZURldlR5Y29vbnYxMzI=_is1) (Version: 1 - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HF pAppLoc version 1.1 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.1 - Inquisitor)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 2.6.5.77 - SurfRight B.V.)
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation)
iDevice Manager (HKLM-x32\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 3.2.4.0 - Marx Software)
ILLUSION 2 (HKLM-x32\...\{AF83EF7D-353A-4E0C-9919-C4E4BCB5F742}) (Version: 1.00.0000 - ILLUSION)
ILLUSION 2 (HKLM-x32\...\{A56F495B-7075-4510-AC91-485416140DA2}) (Version: 1.00.0000 - ILLUSION)
ILLUSION (HKLM-x32\...\{185D7718-51F8-4AAD-B65B-90D27058A1E0}) (Version: 1.00.0000 - ILLUSION)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iNFekt NFO Viewer (HKLM\...\{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1) (Version: 0.8.5 - cxxjoe & Contributors)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Japanese Fonts Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-900000000003}) (Version: 9.0.0 - Adobe Systems Incorporated)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020F0}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 2 (HKLM\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
JDownloader 2.0 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMicron Technology Corp.)
LAME v3.98.2 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Logitech SetPoint 6.32 (HKLM\...\SP6) (Version: 6.32.20 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaInfo 0.7.41 (32-bit) (HKLM-x32\...\MediaInfo) (Version: 0.7.41 - MediaArea.net)
MediaInfo 0.7.47 (HKLM\...\MediaInfo) (Version: 0.7.47 - MediaArea.net)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.211 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Miranda IM (HKLM-x32\...\Miranda IM) (Version: 0.10.22 - Miranda IM Project)
MKVToolNix 6.3.0 (HKLM-x32\...\MKVtoolnix) (Version: 6.3.0 - Moritz Bunkus)
Motion Graphics Toolkit for Studio (HKLM-x32\...\InstallShield_{E5C99F9E-E97D-40B6-BAFC-8BCBFF1031E4}) (Version: 1.0.1 - Red Giant)
Motion Graphics Toolkit for Studio (x32 Version: 1.0.1 - Red Giant) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.17.1 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.7 - )
Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 8.3.7.3619 - Electronic Arts, Inc.)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.207.0 - Tracker Software Products Ltd)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Pinnacle Creative Pack Volume 2 (HKLM-x32\...\{0299DF57-FF2E-42C6-A4D7-9480E537D191}) (Version: 1.00.0000.16 - Pinnacle Systems)
Pinnacle Studio 17 - Standard Content Pack (HKLM-x32\...\{BA98BFA8-5EDF-450B-A92E-C096DC135D0E}) (Version: 17.0 - Corel Corporation)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.0.2.137 - Corel Corporation)
Pinnacle Studio 17 Add-Ons (x32 Version: 17.0 - Corel) Hidden
Pinnacle Winter Pack (HKLM-x32\...\{67330878-0617-41A9-A3B0-B5298E89E7BC}) (Version: 1.00.0000.20 - Pinnacle Systems)
Pinnale Systems Software Keys (HKLM-x32\...\{616CD10B-1EC7-41D2-8C14-3ECE93E7AEE9}_is1) (Version:  - VPP TEAM)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation)
QuickSFV (Remove only) (HKLM-x32\...\QuickSFV) (Version:  - )
Razer Tarantula (HKLM-x32\...\{655B9514-3963-490B-9EE1-431E80444889}) (Version: 5.01 - Razer USA Ltd.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.15.209.2010 - Realtek)
Recuva (HKLM\...\Recuva) (Version: 1.45 - Piriform)
RMPrepUSB (HKLM-x32\...\RMPrepUSB) (Version:  - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.0.0 - Rockstar Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation)
SDFormatter (HKLM-x32\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SlimDX Runtime .NET 4.0 x86 (January 2012) (HKLM-x32\...\{7EBD0E43-6AC0-4CA8-9990-00E50069AD29}) (Version: 2.0.13.43 - SlimDX Group)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.6.0 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.6.0 - SmartSound Software Inc.) Hidden
Sparfuchs (HKLM-x32\...\Sparfuchs_is1) (Version: 2013 - Abelssoft)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD Projekt RED)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TV-Browser 2.7.5 (HKLM-x32\...\tvbrowser) (Version: 2.7.5 - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.8.0 (HKLM\...\VNCPrinter_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Server 5.0.1 (HKLM\...\RealVNC_is1) (Version: 5.0.1 - RealVNC Ltd)
VNC Viewer 5.0.1 (HKLM\...\RealVNCViewer_is1) (Version: 5.0.1 - RealVNC Ltd)
VSO CopyToDVD 4 (HKLM-x32\...\{870F1750-BA89-11DA-A94D-0800200C9A66}_is1) (Version: 4.3.1.2 - VSO Software)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
WBFS Manager 4.0 (HKLM\...\{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}) (Version: 4.0 - WBFS)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.08.8317 - Buhl Data Service GmbH)
Wondershare Dr.Fone für iOS(Build 3.1.0.111) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 3.1.0.111 - Wondershare Software Co.,Ltd.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XnView 2.00 (HKLM-x32\...\XnView_is1) (Version: 2.00 - Gougelet Pierre-e)
Xvid 1.2.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
XviD v1.2.0 CVS (HKLM\...\XviD MPEG-4 Video Codec_is1) (Version:  - Celtic Druid)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2012-11-25 15:41 - 00444883 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {09D00A7F-7808-4699-A603-06446F45EEE2} - System32\Tasks\{9E61180E-8980-42D4-ACAB-9915CF30D2FE} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {0A923B2D-5A5D-46DD-855F-B6446FD27CCF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: {1210CD60-F698-4275-9A05-39FB36AFB46B} - System32\Tasks\{65D2DDA7-F5BC-4F89-875C-D1B5AA53D44B} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {123EC70F-FAC7-4AFC-B68C-153089024FE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.)
Task: {13B4ECBE-DC50-486F-90BB-CA4C136DE443} - System32\Tasks\{B2CCF492-19B5-463C-9781-AA9C3FB70C1A} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {1DB9121F-E9FD-440E-AA3A-1C40423876A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {22B596EE-B510-4CCA-A2E5-BB83FE37CB89} - System32\Tasks\{D52FA489-D00C-4703-A112-ECEF52AA5AE6} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {247724C5-30FF-4CBF-95E1-0B61981650B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2A18F7F8-E50A-42D3-90F2-B69A83228E29} - System32\Tasks\{0B2D2FC3-FFD8-4954-8F1A-8569A764DC99} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {2B855A25-6D86-434B-AE02-436DCD19DFB0} - System32\Tasks\{D6D986CC-DD1A-4907-9C9F-7335BF4E2E01} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {4123D41D-15E5-4DD8-A049-B6CDFD130656} - System32\Tasks\{A41E5287-0CBC-47A2-93DC-5A3F2992A8EF} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {516E6598-EAF6-4E8E-A437-564F2F74EFB2} - System32\Tasks\{C79AC32D-D179-48E7-A279-B8861309EC8A} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {548AC663-AF78-4B2C-9428-1779A28BE8D1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-14] (Adobe Systems Incorporated)
Task: {568F66B8-5145-4430-9102-4EE127B85BDA} - System32\Tasks\{3E8A119C-3FFC-44B1-91B1-49F921626CCE} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {75CC9DC9-60BB-4A0E-900A-206538333E49} - System32\Tasks\{D5526747-1B0E-45EF-81A6-45C3DC58CDBE} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {804FA1A6-BFB2-46AD-8D89-1754C4289667} - System32\Tasks\{C8DE22E1-B00C-4C90-83C3-D56C2E5B8242} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {80F484C3-35A0-4B54-B18A-56BBC0C7CCB4} - System32\Tasks\{4C18B735-8A00-4E4C-BCB1-A68F262E3718} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {97207A4D-50C6-4521-ACBE-A226437D7589} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
Task: {A53650D6-3E60-433B-85A0-41BFC32D21A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-22] (Google Inc.)
Task: {A8DCCA4C-5205-4854-AC44-045665CFFE8B} - System32\Tasks\{3CC67A55-9D57-449D-945A-80840E8BAAE2} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BD44246D-2460-46EE-9727-658747F1007E} - System32\Tasks\{6F5B6572-445E-4D6E-86B9-FE448169DE93} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {BE58F6B6-68EB-4619-AF8C-81251664B35B} - System32\Tasks\{17E21170-D225-4745-AD05-EFB86A034651} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {D259BAC5-0695-4D63-8005-E9325E2A9C72} - System32\Tasks\{873C4200-0B44-4EA5-B34B-636273812AF2} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-15] (Skype Technologies S.A.)
Task: {E52A78E6-8063-4E0D-8890-F371C02FFD30} - System32\Tasks\{FF0C6EE7-3671-4F4F-96E7-493CD8325FA9} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: {F8ED5D22-E866-46A1-9845-BD170686CD4C} - System32\Tasks\{F67105A5-4760-4008-A6E9-FB0BBB0C98DF} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/de/go/help.faq.installer?LastError=1603
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2009-03-30 08:32 - 2009-03-30 08:32 - 00032768 ____R () C:\Windows\DAODx.exe
2011-10-07 11:39 - 2011-10-07 11:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2010-07-26 16:28 - 2009-05-07 10:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-07-26 16:28 - 2009-05-07 10:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-07-26 16:28 - 2008-01-18 08:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-07-26 16:28 - 2010-03-02 09:31 - 64105984 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2012-12-19 16:32 - 2012-12-19 16:32 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-12-16 17:41 - 2007-03-05 19:17 - 00143360 _____ () C:\Program Files (x86)\Razer\Tarantula\razertra.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-30 12:08 - 2014-06-30 12:08 - 00137296 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-06-30 12:07 - 2014-06-30 12:07 - 00065616 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-06-11 20:53 - 2014-06-11 20:53 - 03022960 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-06-11 20:53 - 2014-06-11 20:53 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-06-11 20:53 - 2014-06-11 20:53 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-11-22 20:14 - 2012-11-21 07:26 - 00008704 _____ () C:\Users\user\AppData\Roaming\Thunderbird\Profiles\rk6u9wuq.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
2014-04-05 22:33 - 2014-04-05 22:33 - 00057432 _____ () C:\Program Files (x86)\Miranda IM\zlib.dll
2014-04-05 22:32 - 2014-04-05 22:32 - 00036961 _____ () C:\Program Files (x86)\Miranda IM\Plugins\dbx_mmap.dll
2014-04-05 22:32 - 2014-04-05 22:32 - 00061538 _____ () C:\Program Files (x86)\Miranda IM\Plugins\clist_classic.dll
2014-04-05 22:31 - 2014-04-05 22:31 - 00203357 _____ () C:\Program Files (x86)\Miranda IM\Plugins\aim.dll
2014-04-05 22:32 - 2014-04-05 22:32 - 00245848 _____ () C:\Program Files (x86)\Miranda IM\Plugins\chat.dll
2014-04-05 22:32 - 2014-04-05 22:32 - 00339550 _____ () C:\Program Files (x86)\Miranda IM\Plugins\icq.dll
2014-04-05 22:31 - 2014-04-05 22:31 - 00379993 _____ () C:\Program Files (x86)\Miranda IM\Plugins\irc.dll
2010-12-06 14:46 - 2006-06-22 11:10 - 00081920 _____ () C:\Program Files (x86)\Miranda IM\Plugins\keepstatus.dll
2014-04-05 22:35 - 2014-04-05 22:35 - 00090200 _____ () C:\Program Files (x86)\Miranda IM\Plugins\srmm.dll
2014-07-03 17:38 - 2014-06-30 12:08 - 00049744 _____ () C:\Users\user\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-06-19 17:30 - 2014-06-19 17:30 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:4E61AA66371FA622

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.46002456903137134.exe.lnk => C:\Windows\pss\0.46002456903137134.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk => C:\Windows\pss\OpenOffice.org 3.2.lnk.Startup
MSCONFIG\startupfolder: C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "D:\Games\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
MSCONFIG\startupreg: {211D3AE2-8280-05A7-2068-6ACC23F5A029} => C:\Users\user\AppData\Roaming\Ozko\buakust.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2014 05:41:47 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/03/2014 05:41:36 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/03/2014 05:41:18 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/03/2014 05:35:58 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/03/2014 05:35:57 PM) (Source: Avira FireWall) (EventID: 0) (User: )
Description: Ungültige Lizenz

Error: (07/03/2014 05:34:35 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/03/2014 05:34:18 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/03/2014 05:33:13 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (07/03/2014 05:33:12 PM) (Source: Avira FireWall) (EventID: 0) (User: )
Description: Ungültige Lizenz

Error: (07/03/2014 06:36:44 AM) (Source: MSMQ) (EventID: 2170) (User: )
Description: Message Queuing konnte nicht an Port 1801 binden. Möglichweise ist der Port bereits an einen anderen Prozess gebunden. Vergewissern Sie sich, dass der Port nicht belegt ist, und versuchen Sie Message Queuing erneut zu starten. Geben Sie den Port frei, und führen Sie Setup erneut aus, falls dieses Problem während Setup auftritt.


System errors:
=============
Error: (07/04/2014 03:52:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/04/2014 03:52:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/04/2014 03:52:49 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (07/04/2014 03:52:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/03/2014 06:03:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/03/2014 06:03:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/03/2014 06:03:12 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber atksgt.sys konnte nicht geladen werden.

Error: (07/03/2014 06:03:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/03/2014 06:01:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\uti2mje5.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/03/2014 06:01:24 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\Drivers\uti2mje5.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (07/03/2014 05:41:47 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/03/2014 05:41:36 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/03/2014 05:41:18 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/03/2014 05:35:58 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/03/2014 05:35:57 PM) (Source: Avira FireWall) (EventID: 0) (User: )
Description: Ungültige Lizenz

Error: (07/03/2014 05:34:35 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/03/2014 05:34:18 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/03/2014 05:33:13 PM) (Source: Avira Antivirus) (EventID: 4117) (User: NT-AUTORITÄT)
Description: 0x0

Error: (07/03/2014 05:33:12 PM) (Source: Avira FireWall) (EventID: 0) (User: )
Description: Ungültige Lizenz

Error: (07/03/2014 06:36:44 AM) (Source: MSMQ) (EventID: 2170) (User: )
Description: 


CodeIntegrity Errors:
===================================
  Date: 2010-07-28 14:26:59.181
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\MRVW13C.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-07-28 14:26:59.165
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\MRVW13C.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-07-28 14:25:56.413
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\MRVW13C.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-07-28 14:25:56.397
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\MRVW13C.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-07-28 14:04:02.619
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\MRVW13C.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-07-28 14:04:02.619
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\MRVW13C.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-07-28 13:56:26.563
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\MRVW13C.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2010-07-28 13:56:26.563
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\MRVW13C.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 4093.16 MB
Available physical RAM: 2037.81 MB
Total Pagefile: 8184.51 MB
Available Pagefile: 5859.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:74.43 GB) (Free:14.58 GB) NTFS
Drive d: (HDD 1) (Fixed) (Total:931.51 GB) (Free:43.25 GB) NTFS
Drive e: (HDD 2) (Fixed) (Total:931.51 GB) (Free:48.14 GB) NTFS
Drive f: (HDD 3) (Fixed) (Total:1862.89 GB) (Free:174.54 GB) NTFS
Drive g: (HDD 4) (Fixed) (Total:1862.89 GB) (Free:51.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 51390875)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BF47F91D)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: BF47F900)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 05.07.2014, 11:57

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

UltraM · 05.07.2014, 17:02

Hey Schrauber,

vielen Dank!

Also der Killer konnte keine Rootkits finden, hier der Log:

Code:

ATTFilter

17:59:28.0203 0x0b2c  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
17:59:31.0078 0x0b2c  ============================================================
17:59:31.0078 0x0b2c  Current date / time: 2014/07/05 17:59:31.0078
17:59:31.0078 0x0b2c  SystemInfo:
17:59:31.0078 0x0b2c  
17:59:31.0078 0x0b2c  OS Version: 6.1.7601 ServicePack: 1.0
17:59:31.0078 0x0b2c  Product type: Workstation
17:59:31.0078 0x0b2c  ComputerName: TOWER
17:59:31.0078 0x0b2c  UserName: user
17:59:31.0079 0x0b2c  Windows directory: C:\Windows
17:59:31.0079 0x0b2c  System windows directory: C:\Windows
17:59:31.0079 0x0b2c  Running under WOW64
17:59:31.0079 0x0b2c  Processor architecture: Intel x64
17:59:31.0079 0x0b2c  Number of processors: 6
17:59:31.0079 0x0b2c  Page size: 0x1000
17:59:31.0079 0x0b2c  Boot type: Normal boot
17:59:31.0079 0x0b2c  ============================================================
17:59:31.0222 0x0b2c  KLMD registered as C:\Windows\system32\drivers\90314059.sys
17:59:31.0323 0x0b2c  System UUID: {8303FB95-C73A-C24D-727B-619F599B237E}
17:59:32.0055 0x0b2c  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:32.0055 0x0b2c  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:32.0055 0x0b2c  Drive \Device\Harddisk3\DR3 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:32.0055 0x0b2c  Drive \Device\Harddisk4\DR4 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:32.0056 0x0b2c  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:32.0061 0x0b2c  ============================================================
17:59:32.0061 0x0b2c  \Device\Harddisk1\DR1:
17:59:32.0061 0x0b2c  MBR partitions:
17:59:32.0061 0x0b2c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:59:32.0061 0x0b2c  \Device\Harddisk2\DR2:
17:59:32.0062 0x0b2c  MBR partitions:
17:59:32.0062 0x0b2c  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:59:32.0062 0x0b2c  \Device\Harddisk3\DR3:
17:59:32.0062 0x0b2c  MBR partitions:
17:59:32.0062 0x0b2c  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:59:32.0062 0x0b2c  \Device\Harddisk3\DR3\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
17:59:32.0062 0x0b2c  \Device\Harddisk4\DR4:
17:59:32.0062 0x0b2c  GPT partitions:
17:59:32.0062 0x0b2c  \Device\Harddisk4\DR4\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A2CF23CE-9F7B-4132-992C-6415B4F38F63}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
17:59:32.0062 0x0b2c  \Device\Harddisk4\DR4\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {61AFBA1D-1E8D-412F-A4F2-E03F4B9D833D}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
17:59:32.0062 0x0b2c  MBR partitions:
17:59:32.0062 0x0b2c  \Device\Harddisk0\DR0:
17:59:32.0062 0x0b2c  GPT partitions:
17:59:32.0063 0x0b2c  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {F0EF7A31-97A3-447B-9458-73325BF5A97C}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
17:59:32.0063 0x0b2c  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {EC8C5841-855B-4FD6-AACF-28DB9DF66347}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
17:59:32.0063 0x0b2c  MBR partitions:
17:59:32.0063 0x0b2c  ============================================================
17:59:32.0064 0x0b2c  C: <-> \Device\Harddisk3\DR3\Partition2
17:59:32.0091 0x0b2c  D: <-> \Device\Harddisk1\DR1\Partition1
17:59:32.0541 0x0b2c  G: <-> \Device\Harddisk4\DR4\Partition2
17:59:32.0918 0x0b2c  E: <-> \Device\Harddisk2\DR2\Partition1
17:59:32.0930 0x0b2c  F: <-> \Device\Harddisk0\DR0\Partition2
17:59:32.0931 0x0b2c  ============================================================
17:59:32.0931 0x0b2c  Initialize success
17:59:32.0931 0x0b2c  ============================================================
18:00:13.0092 0x0894  ============================================================
18:00:13.0092 0x0894  Scan started
18:00:13.0092 0x0894  Mode: Manual; SigCheck; TDLFS; 
18:00:13.0092 0x0894  ============================================================
18:00:13.0092 0x0894  KSN ping started
18:00:15.0792 0x0894  KSN ping finished: true
18:00:16.0189 0x0894  ================ Scan system memory ========================
18:00:16.0189 0x0894  System memory - ok
18:00:16.0189 0x0894  ================ Scan services =============================
18:00:16.0233 0x0894  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:00:16.0305 0x0894  1394ohci - ok
18:00:16.0322 0x0894  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:00:16.0345 0x0894  ACPI - ok
18:00:16.0349 0x0894  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:00:16.0372 0x0894  AcpiPmi - ok
18:00:16.0379 0x0894  [ 62B7936F9036DD6ED36E6A7EFA805DC0, C58EA1B46CB3595386C9217A7785F2A436916FB1E0BDC0E4BE484292C55AA455 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:00:16.0393 0x0894  AdobeARMservice - ok
18:00:16.0427 0x0894  [ B5D8DE922237CEDDC7992297654A4BE4, 88EF0B5EBFB383C9069A29AEA8D76EDBE1E70DD6F7C18970EE01ECAE9F408B38 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:00:16.0450 0x0894  AdobeFlashPlayerUpdateSvc - ok
18:00:16.0464 0x0894  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
18:00:16.0491 0x0894  adp94xx - ok
18:00:16.0502 0x0894  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
18:00:16.0524 0x0894  adpahci - ok
18:00:16.0532 0x0894  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
18:00:16.0549 0x0894  adpu320 - ok
18:00:16.0557 0x0894  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:00:16.0610 0x0894  AeLookupSvc - ok
18:00:16.0623 0x0894  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
18:00:16.0656 0x0894  AFD - ok
18:00:16.0661 0x0894  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:00:16.0676 0x0894  agp440 - ok
18:00:16.0681 0x0894  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:00:16.0698 0x0894  ALG - ok
18:00:16.0702 0x0894  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:00:16.0714 0x0894  aliide - ok
18:00:16.0747 0x0894  ALSysIO - ok
18:00:16.0755 0x0894  [ 4EAAAAB8759644D572522FBCDD196A13, EF1ECE8073B048C2286F639BA76C523B6B267B64447358383C042BD593194350 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:00:16.0790 0x0894  AMD External Events Utility - ok
18:00:16.0794 0x0894  AMD FUEL Service - ok
18:00:16.0798 0x0894  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:00:16.0811 0x0894  amdide - ok
18:00:16.0816 0x0894  [ 6A2EEB0C4133B20773BB3DD0B7B377B4, E4CB35C6937C70A145A13E5AE5B34A271B49101DA623171ACBFDA8601E5A70EA ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
18:00:16.0840 0x0894  amdiox64 - ok
18:00:16.0845 0x0894  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
18:00:16.0863 0x0894  AmdK8 - ok
18:00:17.0103 0x0894  [ 22A14DF59FB8D0BE918C597988AF4296, 714BD1BB63D732C6D03DFA1C2D81A2E00659C04052E110F0BF1EB74A7CD39B1C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
18:00:17.0448 0x0894  amdkmdag - ok
18:00:17.0481 0x0894  [ EE22D3ED6D55A855E709F811CCCA97ED, 179F34CF6E0C2F821EBC0AECF09AAA0867616CCBB5EA6B17891860B27D56AC66 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
18:00:17.0514 0x0894  amdkmdap - ok
18:00:17.0520 0x0894  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
18:00:17.0536 0x0894  AmdPPM - ok
18:00:17.0542 0x0894  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:00:17.0558 0x0894  amdsata - ok
18:00:17.0565 0x0894  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
18:00:17.0584 0x0894  amdsbs - ok
18:00:17.0588 0x0894  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:00:17.0601 0x0894  amdxata - ok
18:00:17.0606 0x0894  [ F9D46B6B322708BD5AFCC8767EBDC901, BD4872A62516D8326D43FD37A8BECEBADB80C51CD79506FD8A2013358710F774 ] amd_sata        C:\Windows\system32\DRIVERS\amd_sata.sys
18:00:17.0615 0x0894  amd_sata - ok
18:00:17.0619 0x0894  [ 329CC9C7E20DEEBCD4CD10816193EF14, FA217536D56EA0BFC783FC29919F529A9AF8E0F7B2A49AA452B218BC6F1E0366 ] amd_xata        C:\Windows\system32\DRIVERS\amd_xata.sys
18:00:17.0630 0x0894  amd_xata - ok
18:00:17.0651 0x0894  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:00:17.0671 0x0894  AntiVirSchedulerService - ok
18:00:17.0683 0x0894  [ 4C14746BCBF9985BDBF1CD1BEED96DF8, 8EF50FBD98C9AFD85F5D08692E7AEC21812B70074AA0DC6DCDFDBC2FFE34A75D ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:00:17.0703 0x0894  AntiVirService - ok
18:00:17.0707 0x0894  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:00:17.0720 0x0894  AODDriver4.01 - ok
18:00:17.0724 0x0894  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
18:00:17.0731 0x0894  AODDriver4.2 - ok
18:00:17.0737 0x0894  [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
18:00:17.0755 0x0894  AppHostSvc - ok
18:00:17.0761 0x0894  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:00:17.0824 0x0894  AppID - ok
18:00:17.0829 0x0894  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:00:17.0862 0x0894  AppIDSvc - ok
18:00:17.0867 0x0894  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:00:17.0882 0x0894  Appinfo - ok
18:00:17.0888 0x0894  [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:00:17.0900 0x0894  Apple Mobile Device - ok
18:00:17.0906 0x0894  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
18:00:17.0922 0x0894  arc - ok
18:00:17.0927 0x0894  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
18:00:17.0943 0x0894  arcsas - ok
18:00:17.0962 0x0894  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:00:17.0984 0x0894  aspnet_state - ok
18:00:17.0988 0x0894  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:00:18.0018 0x0894  AsyncMac - ok
18:00:18.0022 0x0894  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:00:18.0031 0x0894  atapi - ok
18:00:18.0062 0x0894  [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:00:18.0125 0x0894  athr - ok
18:00:18.0135 0x0894  [ 437F55435623D4D54D36197F5AD8B435, CE004F1E3299E39AFD70C8618253901614C0F3DBD594B6F0E1BA294C7B47FAD6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:00:18.0151 0x0894  AtiHDAudioService - ok
18:00:18.0158 0x0894  [ 2D648572BA9A610952FCAFBA1E119C2D, 4CD7E7D3C878DEF8CC18A925EAB1E0E8E8893BE99DA1E1F78FE9AD12EF1C48BC ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
18:00:18.0173 0x0894  AtiHdmiService - ok
18:00:18.0178 0x0894  [ A6FAD7A5ADA4675BA9C9FEAF4E0542BA, D8A3F40795FE4B6B054909BBE06201DC2DD271F760439C17023BF5FD9AB4BDDC ] ATITool         C:\Windows\system32\DRIVERS\ATITool64.sys
18:00:18.0190 0x0894  ATITool - detected UnsignedFile.Multi.Generic ( 1 )
18:00:20.0827 0x0894  Detect skipped due to KSN trusted
18:00:20.0827 0x0894  ATITool - ok
18:00:20.0837 0x0894  [ 54494B93BB5AD74C807100144EC30D64, 34332E0DDCA5229DA8A0661F74D7FD2F6757CDD37081FE13B3358A7AB59F0AE0 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
18:00:20.0857 0x0894  atksgt - ok
18:00:20.0877 0x0894  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:00:20.0927 0x0894  AudioEndpointBuilder - ok
18:00:20.0947 0x0894  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:00:20.0987 0x0894  AudioSrv - ok
18:00:20.0997 0x0894  [ 4663C5AD76FE8E19592DE808156FA07D, 605827B4A9D6930BC752D124BF75D55D4927B0ABEF881CDE66F3C5CC1DB215FE ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
18:00:21.0007 0x0894  avgntflt - ok
18:00:21.0017 0x0894  [ 8902AEC2382A37E9E99A4E0D52DBD42B, 138F2D7E7430132B2C527D413BC845CC467F084F39C232EC3A17DD2A74EE401E ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
18:00:21.0037 0x0894  avipbb - ok
18:00:21.0047 0x0894  [ BC38AB90A166625BA160941D64906A65, 005E3CBB6F3ED8748B6A69DD5D0A8894973344F603CB6E46B551AB028119D8DC ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
18:00:21.0057 0x0894  Avira.OE.ServiceHost - ok
18:00:21.0067 0x0894  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
18:00:21.0077 0x0894  avkmgr - ok
18:00:21.0087 0x0894  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:00:21.0107 0x0894  AxInstSV - ok
18:00:21.0127 0x0894  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
18:00:21.0157 0x0894  b06bdrv - ok
18:00:21.0167 0x0894  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:00:21.0187 0x0894  b57nd60a - ok
18:00:21.0197 0x0894  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:00:21.0217 0x0894  BDESVC - ok
18:00:21.0217 0x0894  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:00:21.0247 0x0894  Beep - ok
18:00:21.0267 0x0894  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:00:21.0307 0x0894  BFE - ok
18:00:21.0327 0x0894  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:00:21.0387 0x0894  BITS - ok
18:00:21.0387 0x0894  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:00:21.0407 0x0894  blbdrive - ok
18:00:21.0417 0x0894  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:00:21.0437 0x0894  Bonjour Service - ok
18:00:21.0437 0x0894  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:00:21.0457 0x0894  bowser - ok
18:00:21.0457 0x0894  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:00:21.0477 0x0894  BrFiltLo - ok
18:00:21.0477 0x0894  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:00:21.0487 0x0894  BrFiltUp - ok
18:00:21.0497 0x0894  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:00:21.0517 0x0894  Browser - ok
18:00:21.0527 0x0894  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:00:21.0547 0x0894  Brserid - ok
18:00:21.0557 0x0894  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:00:21.0567 0x0894  BrSerWdm - ok
18:00:21.0577 0x0894  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:00:21.0587 0x0894  BrUsbMdm - ok
18:00:21.0587 0x0894  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:00:21.0607 0x0894  BrUsbSer - ok
18:00:21.0607 0x0894  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
18:00:21.0627 0x0894  BTHMODEM - ok
18:00:21.0627 0x0894  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:00:21.0667 0x0894  bthserv - ok
18:00:21.0677 0x0894  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:00:21.0707 0x0894  cdfs - ok
18:00:21.0707 0x0894  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:00:21.0727 0x0894  cdrom - ok
18:00:21.0737 0x0894  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:00:21.0767 0x0894  CertPropSvc - ok
18:00:21.0777 0x0894  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
18:00:21.0787 0x0894  circlass - ok
18:00:21.0797 0x0894  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:00:21.0817 0x0894  CLFS - ok
18:00:21.0827 0x0894  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:00:21.0847 0x0894  clr_optimization_v2.0.50727_32 - ok
18:00:21.0857 0x0894  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:00:21.0867 0x0894  clr_optimization_v2.0.50727_64 - ok
18:00:21.0887 0x0894  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:00:21.0907 0x0894  clr_optimization_v4.0.30319_32 - ok
18:00:21.0917 0x0894  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:00:21.0927 0x0894  clr_optimization_v4.0.30319_64 - ok
18:00:21.0937 0x0894  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:00:21.0947 0x0894  CmBatt - ok
18:00:21.0957 0x0894  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:00:21.0967 0x0894  cmdide - ok
18:00:21.0977 0x0894  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:00:22.0017 0x0894  CNG - ok
18:00:22.0017 0x0894  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:00:22.0037 0x0894  Compbatt - ok
18:00:22.0037 0x0894  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
18:00:22.0057 0x0894  CompositeBus - ok
18:00:22.0057 0x0894  COMSysApp - ok
18:00:22.0067 0x0894  [ 262969A3FAB32B9E17E63E2D17A57744, 1EE59EB28688E73D10838C66E0D8E011C8DF45B6B43A4AC5D0B75795CA3EB512 ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
18:00:22.0077 0x0894  cpuz135 - ok
18:00:22.0077 0x0894  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
18:00:22.0097 0x0894  crcdisk - ok
18:00:22.0107 0x0894  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:00:22.0127 0x0894  CryptSvc - ok
18:00:22.0137 0x0894  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:00:22.0177 0x0894  DcomLaunch - ok
18:00:22.0187 0x0894  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:00:22.0237 0x0894  defragsvc - ok
18:00:22.0237 0x0894  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:00:22.0267 0x0894  DfsC - ok
18:00:22.0277 0x0894  [ 41AC348DBD378F618CB4FDEE54270692, A4080C9FF314F52C52E2207E5F7B745A003E931FA42E67E742D34477B5CC0166 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
18:00:22.0287 0x0894  dg_ssudbus - ok
18:00:22.0297 0x0894  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:00:22.0327 0x0894  Dhcp - ok
18:00:22.0327 0x0894  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:00:22.0357 0x0894  discache - ok
18:00:22.0367 0x0894  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
18:00:22.0377 0x0894  Disk - ok
18:00:22.0387 0x0894  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:00:22.0407 0x0894  Dnscache - ok
18:00:22.0417 0x0894  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:00:22.0457 0x0894  dot3svc - ok
18:00:22.0467 0x0894  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:00:22.0487 0x0894  DPS - ok
18:00:22.0497 0x0894  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:00:22.0507 0x0894  drmkaud - ok
18:00:22.0527 0x0894  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:00:22.0567 0x0894  DXGKrnl - ok
18:00:22.0577 0x0894  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:00:22.0607 0x0894  EapHost - ok
18:00:22.0677 0x0894  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
18:00:22.0777 0x0894  ebdrv - ok
18:00:22.0787 0x0894  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
18:00:22.0807 0x0894  EFS - ok
18:00:22.0817 0x0894  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:00:22.0857 0x0894  ehRecvr - ok
18:00:22.0867 0x0894  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:00:22.0877 0x0894  ehSched - ok
18:00:22.0897 0x0894  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
18:00:22.0927 0x0894  elxstor - ok
18:00:22.0927 0x0894  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:00:22.0937 0x0894  ErrDev - ok
18:00:22.0957 0x0894  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:00:22.0997 0x0894  EventSystem - ok
18:00:23.0007 0x0894  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:00:23.0045 0x0894  exfat - ok
18:00:23.0057 0x0894  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:00:23.0100 0x0894  fastfat - ok
18:00:23.0119 0x0894  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:00:23.0150 0x0894  Fax - ok
18:00:23.0156 0x0894  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
18:00:23.0170 0x0894  fdc - ok
18:00:23.0175 0x0894  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:00:23.0207 0x0894  fdPHost - ok
18:00:23.0212 0x0894  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:00:23.0248 0x0894  FDResPub - ok
18:00:23.0253 0x0894  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:00:23.0270 0x0894  FileInfo - ok
18:00:23.0274 0x0894  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:00:23.0307 0x0894  Filetrace - ok
18:00:23.0311 0x0894  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
18:00:23.0326 0x0894  flpydisk - ok
18:00:23.0336 0x0894  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:00:23.0360 0x0894  FltMgr - ok
18:00:23.0388 0x0894  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:00:23.0440 0x0894  FontCache - ok
18:00:23.0447 0x0894  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:00:23.0461 0x0894  FontCache3.0.0.0 - ok
18:00:23.0467 0x0894  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:00:23.0482 0x0894  FsDepends - ok
18:00:23.0487 0x0894  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:00:23.0501 0x0894  Fs_Rec - ok
18:00:23.0511 0x0894  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:00:23.0537 0x0894  fvevol - ok
18:00:23.0542 0x0894  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
18:00:23.0558 0x0894  gagp30kx - ok
18:00:23.0562 0x0894  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:00:23.0574 0x0894  GEARAspiWDM - ok
18:00:23.0593 0x0894  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:00:23.0647 0x0894  gpsvc - ok
18:00:23.0654 0x0894  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:00:23.0663 0x0894  gupdate - ok
18:00:23.0668 0x0894  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:00:23.0677 0x0894  gupdatem - ok
18:00:23.0681 0x0894  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:00:23.0695 0x0894  hcw85cir - ok
18:00:23.0706 0x0894  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:00:23.0733 0x0894  HdAudAddService - ok
18:00:23.0740 0x0894  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
18:00:23.0760 0x0894  HDAudBus - ok
18:00:23.0764 0x0894  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
18:00:23.0778 0x0894  HidBatt - ok
18:00:23.0784 0x0894  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
18:00:23.0802 0x0894  HidBth - ok
18:00:23.0807 0x0894  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
18:00:23.0825 0x0894  HidIr - ok
18:00:23.0830 0x0894  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:00:23.0867 0x0894  hidserv - ok
18:00:23.0871 0x0894  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
18:00:23.0885 0x0894  HidUsb - ok
18:00:23.0891 0x0894  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:00:23.0928 0x0894  hkmsvc - ok
18:00:23.0934 0x0894  [ CF07C0A9D38A248D036DD9C47E4D0D6E, 6952DA6466DAE2E378F92934E1925887DD122A511BC5D6A0EF2194108E320126 ] hmpalert        C:\Windows\system32\drivers\hmpalert.sys
18:00:23.0950 0x0894  hmpalert - ok
18:00:23.0994 0x0894  [ 2638395F6E61889D75C363A80A0E17F4, D61FD993DA6605F32E6CDAC889285EB67F1A112BB9A294838BB90FCBF5FA11C1 ] hmpalertsvc     C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
18:00:24.0040 0x0894  hmpalertsvc - ok
18:00:24.0053 0x0894  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:00:24.0079 0x0894  HomeGroupListener - ok
18:00:24.0088 0x0894  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:00:24.0108 0x0894  HomeGroupProvider - ok
18:00:24.0114 0x0894  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:00:24.0131 0x0894  HpSAMD - ok
18:00:24.0151 0x0894  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:00:24.0207 0x0894  HTTP - ok
18:00:24.0213 0x0894  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:00:24.0226 0x0894  hwpolicy - ok
18:00:24.0232 0x0894  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:00:24.0249 0x0894  i8042prt - ok
18:00:24.0262 0x0894  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:00:24.0286 0x0894  iaStorV - ok
18:00:24.0308 0x0894  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:00:24.0353 0x0894  idsvc - ok
18:00:24.0358 0x0894  IEEtwCollectorService - ok
18:00:24.0362 0x0894  IePluginServices - ok
18:00:24.0367 0x0894  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
18:00:24.0381 0x0894  iirsp - ok
18:00:24.0385 0x0894  [ AB55B8A9B13130F638546881CE4425F8, 8427E67BE02ECABAA3F0C48BD4205BCBD4C978B48AE4E7336DA5821DFC49029E ] IISADMIN        C:\Windows\system32\inetsrv\inetinfo.exe
18:00:24.0398 0x0894  IISADMIN - ok
18:00:24.0421 0x0894  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:00:24.0464 0x0894  IKEEXT - ok
18:00:24.0474 0x0894  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:00:24.0487 0x0894  intelide - ok
18:00:24.0492 0x0894  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:00:24.0510 0x0894  intelppm - ok
18:00:24.0516 0x0894  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:00:24.0553 0x0894  IPBusEnum - ok
18:00:24.0559 0x0894  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:00:24.0592 0x0894  IpFilterDriver - ok
18:00:24.0607 0x0894  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:00:24.0632 0x0894  iphlpsvc - ok
18:00:24.0639 0x0894  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:00:24.0657 0x0894  IPMIDRV - ok
18:00:24.0664 0x0894  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:00:24.0702 0x0894  IPNAT - ok
18:00:24.0719 0x0894  [ 835FC2EA0631B734BB06C12B0665F01D, B8A8B0148C6C3AFC40835B44E3D6508CB9EEE8AC430A7904711C8B51C2116A8D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
18:00:24.0741 0x0894  iPod Service - ok
18:00:24.0746 0x0894  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:00:24.0770 0x0894  IRENUM - ok
18:00:24.0775 0x0894  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:00:24.0789 0x0894  isapnp - ok
18:00:24.0799 0x0894  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:00:24.0823 0x0894  iScsiPrt - ok
18:00:24.0830 0x0894  [ 4A8A242FDA43765F4F73ECDE2BA0D62A, E76A530A338931CF6A175A080E6E385166293B68F9C90C5E6C1E913BE86C6B7A ] JRAID           C:\Windows\system32\DRIVERS\jraid.sys
18:00:24.0846 0x0894  JRAID - ok
18:00:24.0852 0x0894  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:00:24.0868 0x0894  kbdclass - ok
18:00:24.0873 0x0894  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:00:24.0888 0x0894  kbdhid - ok
18:00:24.0893 0x0894  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
18:00:24.0904 0x0894  KeyIso - ok
18:00:24.0911 0x0894  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:00:24.0928 0x0894  KSecDD - ok
18:00:24.0937 0x0894  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:00:24.0958 0x0894  KSecPkg - ok
18:00:24.0963 0x0894  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:00:24.0995 0x0894  ksthunk - ok
18:00:25.0006 0x0894  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:00:25.0053 0x0894  KtmRm - ok
18:00:25.0062 0x0894  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
18:00:25.0104 0x0894  LanmanServer - ok
18:00:25.0110 0x0894  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:00:25.0147 0x0894  LanmanWorkstation - ok
18:00:25.0160 0x0894  [ 7772DFAB22611050B79504E671B06E6E, 331FE235EDBCF48EE96A5A9D5D0560457CD85FA3FD7BEACD3700055F815D9F13 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:00:25.0186 0x0894  LBTServ - ok
18:00:25.0194 0x0894  [ 241F2648ADF090E2A10095BD6D6F5DCB, D31F50F7A70A62E3CA45071F75C56FFA21464BFAF4CA4A3AD2482D7477D78D4E ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:00:25.0209 0x0894  LHidFilt - ok
18:00:25.0213 0x0894  [ 8E4CA9AFD55EF6B509C80A8715ABF8C6, 45698605D17285D346D2052607AEF492EBD89E9625367C31584C7C84757EEFE0 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
18:00:25.0227 0x0894  lirsgt - ok
18:00:25.0232 0x0894  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:00:25.0268 0x0894  lltdio - ok
18:00:25.0279 0x0894  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:00:25.0325 0x0894  lltdsvc - ok
18:00:25.0329 0x0894  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:00:25.0362 0x0894  lmhosts - ok
18:00:25.0367 0x0894  [ 342ED5A4B3326014438F36D22D803737, 45488402BD919D84729A19E618B3595D615EB1F73FB9BC77675A21E7DB80AB6C ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:00:25.0381 0x0894  LMouFilt - ok
18:00:25.0389 0x0894  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
18:00:25.0406 0x0894  LSI_FC - ok
18:00:25.0412 0x0894  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
18:00:25.0428 0x0894  LSI_SAS - ok
18:00:25.0434 0x0894  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:00:25.0449 0x0894  LSI_SAS2 - ok
18:00:25.0456 0x0894  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:00:25.0472 0x0894  LSI_SCSI - ok
18:00:25.0478 0x0894  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:00:25.0512 0x0894  luafv - ok
18:00:25.0522 0x0894  [ 024DA28053D57E9E32BEE52600576BBB, 8EC636DAB90A835DEBA2EC6176F4547EEF557415FF77C6378EF423569702731E ] MarvinBus       C:\Windows\system32\DRIVERS\MarvinBus64.sys
18:00:25.0538 0x0894  MarvinBus - detected UnsignedFile.Multi.Generic ( 1 )
18:00:28.0730 0x0894  Detect skipped due to KSN trusted
18:00:28.0730 0x0894  MarvinBus - ok
18:00:28.0736 0x0894  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:00:28.0758 0x0894  Mcx2Svc - ok
18:00:28.0763 0x0894  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
18:00:28.0777 0x0894  megasas - ok
18:00:28.0787 0x0894  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
18:00:28.0808 0x0894  MegaSR - ok
18:00:28.0814 0x0894  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:00:28.0849 0x0894  MMCSS - ok
18:00:28.0854 0x0894  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:00:28.0887 0x0894  Modem - ok
18:00:28.0892 0x0894  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:00:28.0909 0x0894  monitor - ok
18:00:28.0914 0x0894  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:00:28.0930 0x0894  mouclass - ok
18:00:28.0935 0x0894  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:00:28.0950 0x0894  mouhid - ok
18:00:28.0956 0x0894  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:00:28.0973 0x0894  mountmgr - ok
18:00:28.0980 0x0894  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:00:29.0000 0x0894  MozillaMaintenance - ok
18:00:29.0014 0x0894  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:00:29.0034 0x0894  mpio - ok
18:00:29.0040 0x0894  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:00:29.0073 0x0894  mpsdrv - ok
18:00:29.0094 0x0894  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:00:29.0154 0x0894  MpsSvc - ok
18:00:29.0163 0x0894  [ CD22D2563039DDA6793F7624719363A7, 82C91467EDCB61B1DD086A1D25925E4D89E43EF6EFAE3C59AFF3D73280119AF6 ] MQAC            C:\Windows\system32\drivers\mqac.sys
18:00:29.0184 0x0894  MQAC - ok
18:00:29.0193 0x0894  [ 6CAC8A8354AB4A0B81941DEB7F25D8B1, 1157DC2847FC89FAF4E8517B7769B0F51FD4CD56495F79848C13254C2AA824BC ] MRV6X64P        C:\Windows\system32\DRIVERS\MRVW13C.sys
18:00:29.0210 0x0894  MRV6X64P - detected UnsignedFile.Multi.Generic ( 1 )
18:00:31.0866 0x0894  Detect skipped due to KSN trusted
18:00:31.0867 0x0894  MRV6X64P - ok
18:00:31.0886 0x0894  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:00:31.0935 0x0894  MRxDAV - ok
18:00:31.0944 0x0894  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:00:31.0968 0x0894  mrxsmb - ok
18:00:31.0981 0x0894  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:00:32.0005 0x0894  mrxsmb10 - ok
18:00:32.0012 0x0894  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:00:32.0029 0x0894  mrxsmb20 - ok
18:00:32.0033 0x0894  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:00:32.0047 0x0894  msahci - ok
18:00:32.0054 0x0894  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:00:32.0071 0x0894  msdsm - ok
18:00:32.0077 0x0894  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:00:32.0096 0x0894  MSDTC - ok
18:00:32.0104 0x0894  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:00:32.0135 0x0894  Msfs - ok
18:00:32.0138 0x0894  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:00:32.0168 0x0894  mshidkmdf - ok
18:00:32.0172 0x0894  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:00:32.0185 0x0894  msisadrv - ok
18:00:32.0191 0x0894  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:00:32.0229 0x0894  MSiSCSI - ok
18:00:32.0232 0x0894  msiserver - ok
18:00:32.0236 0x0894  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:00:32.0266 0x0894  MSKSSRV - ok
18:00:32.0270 0x0894  [ FAAEAEF99E53561BEEE58F946CA56F0D, 78AC692C4B80616E4C44ED20954B8D2FCE2215056C2ED3522123E5B50A7CE67A ] MSMQ            C:\Windows\system32\mqsvc.exe
18:00:32.0282 0x0894  MSMQ - ok
18:00:32.0289 0x0894  [ 59ED174FD4314B0218DC91F9BFA6CD3D, 13B95FA9892D09341CE46FA7EEB01FF9C88AA9DCB8FBF0A73FFAE567AAA4E02A ] MSMQTriggers    C:\Windows\system32\mqtgsvc.exe
18:00:32.0308 0x0894  MSMQTriggers - ok
18:00:32.0311 0x0894  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:00:32.0340 0x0894  MSPCLOCK - ok
18:00:32.0344 0x0894  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:00:32.0374 0x0894  MSPQM - ok
18:00:32.0385 0x0894  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:00:32.0407 0x0894  MsRPC - ok
18:00:32.0414 0x0894  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
18:00:32.0427 0x0894  mssmbios - ok
18:00:32.0431 0x0894  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:00:32.0460 0x0894  MSTEE - ok
18:00:32.0464 0x0894  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
18:00:32.0477 0x0894  MTConfig - ok
18:00:32.0481 0x0894  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
18:00:32.0492 0x0894  MTsensor - ok
18:00:32.0497 0x0894  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:00:32.0511 0x0894  Mup - ok
18:00:32.0525 0x0894  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:00:32.0562 0x0894  napagent - ok
18:00:32.0573 0x0894  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:00:32.0600 0x0894  NativeWifiP - ok
18:00:32.0624 0x0894  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:00:32.0652 0x0894  NDIS - ok
18:00:32.0658 0x0894  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:00:32.0688 0x0894  NdisCap - ok
18:00:32.0692 0x0894  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:00:32.0722 0x0894  NdisTapi - ok
18:00:32.0728 0x0894  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:00:32.0758 0x0894  Ndisuio - ok
18:00:32.0765 0x0894  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:00:32.0801 0x0894  NdisWan - ok
18:00:32.0806 0x0894  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:00:32.0837 0x0894  NDProxy - ok
18:00:32.0841 0x0894  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
18:00:32.0854 0x0894  Netaapl - ok
18:00:32.0859 0x0894  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:00:32.0890 0x0894  NetBIOS - ok
18:00:32.0899 0x0894  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:00:32.0937 0x0894  NetBT - ok
18:00:32.0941 0x0894  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
18:00:32.0951 0x0894  Netlogon - ok
18:00:32.0961 0x0894  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:00:32.0997 0x0894  Netman - ok
18:00:33.0004 0x0894  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:00:33.0024 0x0894  NetMsmqActivator - ok
18:00:33.0030 0x0894  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:00:33.0043 0x0894  NetPipeActivator - ok
18:00:33.0056 0x0894  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:00:33.0101 0x0894  netprofm - ok
18:00:33.0108 0x0894  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:00:33.0121 0x0894  NetTcpActivator - ok
18:00:33.0126 0x0894  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:00:33.0139 0x0894  NetTcpPortSharing - ok
18:00:33.0144 0x0894  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
18:00:33.0158 0x0894  nfrd960 - ok
18:00:33.0168 0x0894  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:00:33.0193 0x0894  NlaSvc - ok
18:00:33.0199 0x0894  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:00:33.0230 0x0894  Npfs - ok
18:00:33.0234 0x0894  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:00:33.0266 0x0894  nsi - ok
18:00:33.0270 0x0894  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:00:33.0300 0x0894  nsiproxy - ok
18:00:33.0340 0x0894  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:00:33.0399 0x0894  Ntfs - ok
18:00:33.0406 0x0894  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:00:33.0435 0x0894  Null - ok
18:00:33.0441 0x0894  [ 8EBCB9165EE7F1571842F4D9D624A74C, 115F46B8391866762AD41B299F0670D8735D124BD518A53EC73DCDBFCA9C28F9 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
18:00:33.0456 0x0894  nusb3hub - ok
18:00:33.0463 0x0894  [ 5D54DBB12BBFE07CC283FD39F2CD6D63, 3DC3F9121F8892EDABD07ACDE45DB025BA2FC4245A8D3EE343F1FDF7189B391F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:00:33.0480 0x0894  nusb3xhc - ok
18:00:33.0487 0x0894  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:00:33.0504 0x0894  nvraid - ok
18:00:33.0511 0x0894  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:00:33.0530 0x0894  nvstor - ok
18:00:33.0536 0x0894  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:00:33.0553 0x0894  nv_agp - ok
18:00:33.0558 0x0894  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:00:33.0575 0x0894  ohci1394 - ok
18:00:33.0582 0x0894  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:00:33.0599 0x0894  ose64 - ok
18:00:33.0706 0x0894  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:00:33.0848 0x0894  osppsvc - ok
18:00:33.0867 0x0894  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:00:33.0886 0x0894  p2pimsvc - ok
18:00:33.0899 0x0894  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:00:33.0927 0x0894  p2psvc - ok
18:00:33.0934 0x0894  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:00:33.0950 0x0894  Parport - ok
18:00:33.0956 0x0894  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:00:33.0971 0x0894  partmgr - ok
18:00:33.0979 0x0894  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:00:34.0003 0x0894  PcaSvc - ok
18:00:34.0010 0x0894  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:00:34.0022 0x0894  pci - ok
18:00:34.0027 0x0894  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:00:34.0039 0x0894  pciide - ok
18:00:34.0047 0x0894  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
18:00:34.0072 0x0894  pcmcia - ok
18:00:34.0078 0x0894  [ AF7CE12C4F3DC8CB2B07685C916BBCFE, 1AF47113778D411BF3CF82ACF428676908121B1F3252133A5F98E188ED1E9C6C ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
18:00:34.0093 0x0894  pcouffin - ok
18:00:34.0098 0x0894  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:00:34.0112 0x0894  pcw - ok
18:00:34.0128 0x0894  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:00:34.0182 0x0894  PEAUTH - ok
18:00:34.0213 0x0894  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:00:34.0228 0x0894  PerfHost - ok
18:00:34.0266 0x0894  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:00:34.0337 0x0894  pla - ok
18:00:34.0352 0x0894  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:00:34.0381 0x0894  PlugPlay - ok
18:00:34.0385 0x0894  [ A010F13D27C1033A8BE09D5FA9BF348B, 5536A233554C469F270046ADEE12A158F70E2D8BE776BAD0925235B015567D46 ] pneteth         C:\Windows\system32\DRIVERS\pneteth.sys
18:00:34.0397 0x0894  pneteth - ok
18:00:34.0402 0x0894  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:00:34.0419 0x0894  PNRPAutoReg - ok
18:00:34.0429 0x0894  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:00:34.0445 0x0894  PNRPsvc - ok
18:00:34.0460 0x0894  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:00:34.0503 0x0894  PolicyAgent - ok
18:00:34.0512 0x0894  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:00:34.0543 0x0894  Power - ok
18:00:34.0549 0x0894  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:00:34.0582 0x0894  PptpMiniport - ok
18:00:34.0587 0x0894  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
18:00:34.0604 0x0894  Processor - ok
18:00:34.0625 0x0894  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:00:34.0648 0x0894  ProfSvc - ok
18:00:34.0652 0x0894  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:00:34.0662 0x0894  ProtectedStorage - ok
18:00:34.0668 0x0894  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:00:34.0696 0x0894  Psched - ok
18:00:34.0731 0x0894  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
18:00:34.0783 0x0894  ql2300 - ok
18:00:34.0792 0x0894  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
18:00:34.0809 0x0894  ql40xx - ok
18:00:34.0818 0x0894  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:00:34.0847 0x0894  QWAVE - ok
18:00:34.0852 0x0894  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:00:34.0869 0x0894  QWAVEdrv - ok
18:00:34.0873 0x0894  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:00:34.0903 0x0894  RasAcd - ok
18:00:34.0908 0x0894  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:00:34.0939 0x0894  RasAgileVpn - ok
18:00:34.0945 0x0894  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:00:34.0981 0x0894  RasAuto - ok
18:00:34.0988 0x0894  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:00:35.0022 0x0894  Rasl2tp - ok
18:00:35.0032 0x0894  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:00:35.0074 0x0894  RasMan - ok
18:00:35.0081 0x0894  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:00:35.0114 0x0894  RasPppoe - ok
18:00:35.0120 0x0894  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:00:35.0153 0x0894  RasSstp - ok
18:00:35.0163 0x0894  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:00:35.0203 0x0894  rdbss - ok
18:00:35.0208 0x0894  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:00:35.0224 0x0894  rdpbus - ok
18:00:35.0227 0x0894  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:00:35.0256 0x0894  RDPCDD - ok
18:00:35.0262 0x0894  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:00:35.0291 0x0894  RDPENCDD - ok
18:00:35.0296 0x0894  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:00:35.0325 0x0894  RDPREFMP - ok
18:00:35.0333 0x0894  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:00:35.0345 0x0894  RdpVideoMiniport - ok
18:00:35.0353 0x0894  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:00:35.0373 0x0894  RDPWD - ok
18:00:35.0381 0x0894  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:00:35.0400 0x0894  rdyboost - ok
18:00:35.0406 0x0894  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:00:35.0443 0x0894  RemoteAccess - ok
18:00:35.0449 0x0894  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:00:35.0486 0x0894  RemoteRegistry - ok
18:00:35.0493 0x0894  [ CAF88D6573D21CD2AA27001DDBFDC74D, 8256B93E586953F1B594BFFA1F005DB08325CAF1729A93820B09F60DAA998C97 ] RMCAST          C:\Windows\system32\DRIVERS\RMCAST.sys
18:00:35.0527 0x0894  RMCAST - ok
18:00:35.0533 0x0894  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:00:35.0566 0x0894  RpcEptMapper - ok
18:00:35.0570 0x0894  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:00:35.0583 0x0894  RpcLocator - ok
18:00:35.0597 0x0894  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:00:35.0635 0x0894  RpcSs - ok
18:00:35.0641 0x0894  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:00:35.0674 0x0894  rspndr - ok
18:00:35.0689 0x0894  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
18:00:35.0714 0x0894  RTL8167 - ok
18:00:35.0719 0x0894  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
18:00:35.0728 0x0894  SamSs - ok
18:00:35.0734 0x0894  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:00:35.0751 0x0894  sbp2port - ok
18:00:35.0759 0x0894  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:00:35.0799 0x0894  SCardSvr - ok
18:00:35.0803 0x0894  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:00:35.0833 0x0894  scfilter - ok
18:00:35.0859 0x0894  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:00:35.0927 0x0894  Schedule - ok
18:00:35.0934 0x0894  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:00:35.0961 0x0894  SCPolicySvc - ok
18:00:35.0966 0x0894  [ 490B0B68BB938D5C628EC4A67277BE75, F1883EED0ECCE43B1AB3A1AF67BCE5AB44F42282D8774D5F5CA71494927A3B91 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
18:00:35.0978 0x0894  ScreamBAudioSvc - ok
18:00:35.0985 0x0894  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:00:36.0009 0x0894  SDRSVC - ok
18:00:36.0014 0x0894  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:00:36.0043 0x0894  secdrv - ok
18:00:36.0048 0x0894  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:00:36.0078 0x0894  seclogon - ok
18:00:36.0083 0x0894  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:00:36.0111 0x0894  SENS - ok
18:00:36.0116 0x0894  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:00:36.0134 0x0894  SensrSvc - ok
18:00:36.0138 0x0894  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:00:36.0151 0x0894  Serenum - ok
18:00:36.0156 0x0894  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:00:36.0173 0x0894  Serial - ok
18:00:36.0177 0x0894  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
18:00:36.0191 0x0894  sermouse - ok
18:00:36.0202 0x0894  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:00:36.0238 0x0894  SessionEnv - ok
18:00:36.0242 0x0894  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:00:36.0254 0x0894  sffdisk - ok
18:00:36.0259 0x0894  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:00:36.0271 0x0894  sffp_mmc - ok
18:00:36.0275 0x0894  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:00:36.0290 0x0894  sffp_sd - ok
18:00:36.0294 0x0894  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
18:00:36.0307 0x0894  sfloppy - ok
18:00:36.0318 0x0894  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:00:36.0364 0x0894  SharedAccess - ok
18:00:36.0375 0x0894  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:00:36.0417 0x0894  ShellHWDetection - ok
18:00:36.0422 0x0894  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:00:36.0436 0x0894  SiSRaid2 - ok
18:00:36.0442 0x0894  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
18:00:36.0457 0x0894  SiSRaid4 - ok
18:00:36.0466 0x0894  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
18:00:36.0517 0x0894  SkypeUpdate - ok
18:00:36.0523 0x0894  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:00:36.0556 0x0894  Smb - ok
18:00:36.0565 0x0894  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:00:36.0579 0x0894  SNMPTRAP - ok
18:00:36.0583 0x0894  [ 5F9785E7535F8F602CB294A54962C9E7, 22BE050955347661685A4343C51F11C7811674E030386D2264CD12ECBF544B7C ] speedfan        C:\Windows\syswow64\speedfan.sys
18:00:36.0595 0x0894  speedfan - ok
18:00:36.0599 0x0894  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:00:36.0612 0x0894  spldr - ok
18:00:36.0627 0x0894  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:00:36.0656 0x0894  Spooler - ok
18:00:36.0734 0x0894  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:00:36.0863 0x0894  sppsvc - ok
18:00:36.0875 0x0894  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:00:36.0913 0x0894  sppuinotify - ok
18:00:36.0936 0x0894  [ 602884696850C86434530790B110E8EB, C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA ] sptd            C:\Windows\system32\Drivers\sptd.sys
18:00:36.0936 0x0894  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB, sha256: C9B734F070E55732B274C70381EA28AB574EF6AD3F606D3DC9B9B0038F3EDEEA
18:00:36.0938 0x0894  sptd - detected LockedFile.Multi.Generic ( 1 )
18:00:39.0694 0x0894  Detect skipped due to KSN trusted
18:00:39.0694 0x0894  sptd - ok
18:00:39.0733 0x0894  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:00:39.0786 0x0894  srv - ok
18:00:39.0809 0x0894  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:00:39.0842 0x0894  srv2 - ok
18:00:39.0850 0x0894  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:00:39.0871 0x0894  srvnet - ok
18:00:39.0879 0x0894  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:00:39.0921 0x0894  SSDPSRV - ok
18:00:39.0927 0x0894  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:00:39.0963 0x0894  SstpSvc - ok
18:00:39.0972 0x0894  [ B4C983DA20E2970E21893BF0E4EE2AD8, 473D0E5339A8914775A03F76A805DAD4727FC045E3984F85F54BB92D5214E06F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
18:00:39.0991 0x0894  ssudmdm - ok
18:00:39.0996 0x0894  [ E57B778208C783D8DEBAB320C16A1B82, D9B0ACAF219D377E91737337466137F1AC78731659C1F0531BA3D9191DADC483 ] StarOpen        C:\Windows\system32\drivers\StarOpen.sys
18:00:40.0004 0x0894  StarOpen - detected UnsignedFile.Multi.Generic ( 1 )
18:00:42.0735 0x0894  Detect skipped due to KSN trusted
18:00:42.0735 0x0894  StarOpen - ok
18:00:42.0771 0x0894  [ 6E1A473DD2A4714EAF7D11E2315DF794, 4460546191072C7DF8B2E5A00577BA8E4FF5A1B2EA399DDF65EBE1AE4A5A5C84 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
18:00:42.0853 0x0894  Steam Client Service - ok
18:00:42.0859 0x0894  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
18:00:42.0872 0x0894  stexstor - ok
18:00:42.0888 0x0894  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:00:42.0926 0x0894  stisvc - ok
18:00:42.0931 0x0894  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
18:00:42.0943 0x0894  swenum - ok
18:00:42.0957 0x0894  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:00:43.0008 0x0894  swprv - ok
18:00:43.0048 0x0894  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:00:43.0119 0x0894  SysMain - ok
18:00:43.0128 0x0894  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:00:43.0152 0x0894  TabletInputService - ok
18:00:43.0162 0x0894  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:00:43.0203 0x0894  TapiSrv - ok
18:00:43.0209 0x0894  [ 827F682E9D2D9B2A49691C3A9697A3BB, 95F9D2804204446EED12716B62D81F2AA991D857B12CD93122A2F7713F4742F8 ] TarFltr         C:\Windows\system32\drivers\UsbFltr.sys
18:00:43.0222 0x0894  TarFltr - ok
18:00:43.0227 0x0894  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:00:43.0256 0x0894  TBS - ok
18:00:43.0298 0x0894  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:00:43.0368 0x0894  Tcpip - ok
18:00:43.0413 0x0894  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:00:43.0460 0x0894  TCPIP6 - ok
18:00:43.0470 0x0894  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:00:43.0484 0x0894  tcpipreg - ok
18:00:43.0490 0x0894  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:00:43.0502 0x0894  TDPIPE - ok
18:00:43.0507 0x0894  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:00:43.0520 0x0894  TDTCP - ok
18:00:43.0526 0x0894  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:00:43.0559 0x0894  tdx - ok
18:00:43.0564 0x0894  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
18:00:43.0579 0x0894  TermDD - ok
18:00:43.0596 0x0894  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
18:00:43.0649 0x0894  TermService - ok
18:00:43.0655 0x0894  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:00:43.0677 0x0894  Themes - ok
18:00:43.0682 0x0894  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:00:43.0711 0x0894  THREADORDER - ok
18:00:43.0718 0x0894  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:00:43.0756 0x0894  TrkWks - ok
18:00:43.0763 0x0894  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:00:43.0794 0x0894  TrustedInstaller - ok
18:00:43.0802 0x0894  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:00:43.0817 0x0894  tssecsrv - ok
18:00:43.0822 0x0894  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:00:43.0838 0x0894  TsUsbFlt - ok
18:00:43.0844 0x0894  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:00:43.0880 0x0894  tunnel - ok
18:00:43.0885 0x0894  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
18:00:43.0901 0x0894  uagp35 - ok
18:00:43.0912 0x0894  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:00:43.0954 0x0894  udfs - ok
18:00:43.0963 0x0894  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:00:43.0980 0x0894  UI0Detect - ok
18:00:43.0986 0x0894  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:00:44.0002 0x0894  uliagpkx - ok
18:00:44.0007 0x0894  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
18:00:44.0023 0x0894  umbus - ok
18:00:44.0028 0x0894  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
18:00:44.0041 0x0894  UmPass - ok
18:00:44.0052 0x0894  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:00:44.0098 0x0894  upnphost - ok
18:00:44.0103 0x0894  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
18:00:44.0117 0x0894  USBAAPL64 - ok
18:00:44.0123 0x0894  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
18:00:44.0140 0x0894  usbaudio - ok
18:00:44.0145 0x0894  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:00:44.0161 0x0894  usbccgp - ok
18:00:44.0167 0x0894  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:00:44.0186 0x0894  usbcir - ok
18:00:44.0191 0x0894  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:00:44.0206 0x0894  usbehci - ok
18:00:44.0217 0x0894  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:00:44.0243 0x0894  usbhub - ok
18:00:44.0248 0x0894  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
18:00:44.0262 0x0894  usbohci - ok
18:00:44.0267 0x0894  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:00:44.0283 0x0894  usbprint - ok
18:00:44.0289 0x0894  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:00:44.0305 0x0894  USBSTOR - ok
18:00:44.0310 0x0894  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
18:00:44.0324 0x0894  usbuhci - ok
18:00:44.0328 0x0894  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:00:44.0362 0x0894  UxSms - ok
18:00:44.0366 0x0894  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
18:00:44.0376 0x0894  VaultSvc - ok
18:00:44.0381 0x0894  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:00:44.0394 0x0894  vdrvroot - ok
18:00:44.0409 0x0894  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:00:44.0456 0x0894  vds - ok
18:00:44.0462 0x0894  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:00:44.0477 0x0894  vga - ok
18:00:44.0481 0x0894  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:00:44.0512 0x0894  VgaSave - ok
18:00:44.0521 0x0894  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:00:44.0542 0x0894  vhdmp - ok
18:00:44.0575 0x0894  [ DFDF7F9CAA50EE72A633EA4BBD65A557, DF25D6F5E599A801D712E5AA69D31B949BACF6C274987F8E8CE8272564D59271 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
18:00:44.0621 0x0894  VIAHdAudAddService - ok
18:00:44.0628 0x0894  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:00:44.0641 0x0894  viaide - ok
18:00:44.0645 0x0894  [ 93F279A2C172562050700A18FA84BE2E, EBFB6C530B4AC714963D31B5D424E7AF2B7D2CA1CF3E455294BE1E56CC8A3A12 ] vncmirror       C:\Windows\system32\DRIVERS\vncmirror.sys
18:00:44.0656 0x0894  vncmirror - ok
18:00:44.0761 0x0894  [ 2ADFBDEFBDB38ACFFA5F05827E7A3FD9, B74504DD1529404CEBF80B1C6B29DBDE089F67E5CCFA141C58AEE4DC7F5F13FF ] vncserver       C:\Program Files\RealVNC\VNC Server\vncserver.exe
18:00:44.0907 0x0894  vncserver - ok
18:00:44.0921 0x0894  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:00:44.0938 0x0894  volmgr - ok
18:00:44.0950 0x0894  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:00:44.0976 0x0894  volmgrx - ok
18:00:44.0987 0x0894  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:00:45.0012 0x0894  volsnap - ok
18:00:45.0019 0x0894  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
18:00:45.0038 0x0894  vsmraid - ok
18:00:45.0080 0x0894  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:00:45.0164 0x0894  VSS - ok
18:00:45.0170 0x0894  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:00:45.0186 0x0894  vwifibus - ok
18:00:45.0191 0x0894  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:00:45.0209 0x0894  vwififlt - ok
18:00:45.0222 0x0894  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:00:45.0271 0x0894  W32Time - ok
18:00:45.0286 0x0894  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
18:00:45.0317 0x0894  W3SVC - ok
18:00:45.0322 0x0894  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
18:00:45.0335 0x0894  WacomPen - ok
18:00:45.0341 0x0894  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:00:45.0373 0x0894  WANARP - ok
18:00:45.0378 0x0894  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:00:45.0406 0x0894  Wanarpv6 - ok
18:00:45.0419 0x0894  [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
18:00:45.0438 0x0894  WAS - ok
18:00:45.0474 0x0894  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:00:45.0532 0x0894  wbengine - ok
18:00:45.0543 0x0894  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:00:45.0570 0x0894  WbioSrvc - ok
18:00:45.0582 0x0894  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:00:45.0612 0x0894  wcncsvc - ok
18:00:45.0618 0x0894  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:00:45.0636 0x0894  WcsPlugInService - ok
18:00:45.0642 0x0894  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
18:00:45.0655 0x0894  Wd - ok
18:00:45.0676 0x0894  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:00:45.0718 0x0894  Wdf01000 - ok
18:00:45.0726 0x0894  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:00:45.0747 0x0894  WdiServiceHost - ok
18:00:45.0753 0x0894  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:00:45.0769 0x0894  WdiSystemHost - ok
18:00:45.0778 0x0894  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:00:45.0803 0x0894  WebClient - ok
18:00:45.0811 0x0894  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:00:45.0856 0x0894  Wecsvc - ok
18:00:45.0862 0x0894  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:00:45.0899 0x0894  wercplsupport - ok
18:00:45.0905 0x0894  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:00:45.0945 0x0894  WerSvc - ok
18:00:45.0949 0x0894  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:00:45.0980 0x0894  WfpLwf - ok
18:00:45.0984 0x0894  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:00:45.0997 0x0894  WIMMount - ok
18:00:46.0001 0x0894  WinDefend - ok
18:00:46.0008 0x0894  WinHttpAutoProxySvc - ok
18:00:46.0021 0x0894  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:00:46.0062 0x0894  Winmgmt - ok
18:00:46.0109 0x0894  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:00:46.0202 0x0894  WinRM - ok
18:00:46.0213 0x0894  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
18:00:46.0230 0x0894  WinUsb - ok
18:00:46.0253 0x0894  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:00:46.0304 0x0894  Wlansvc - ok
18:00:46.0359 0x0894  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:00:46.0428 0x0894  wlidsvc - ok
18:00:46.0437 0x0894  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:00:46.0450 0x0894  WmiAcpi - ok
18:00:46.0460 0x0894  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:00:46.0482 0x0894  wmiApSrv - ok
18:00:46.0485 0x0894  WMPNetworkSvc - ok
18:00:46.0490 0x0894  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:00:46.0507 0x0894  WPCSvc - ok
18:00:46.0514 0x0894  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:00:46.0533 0x0894  WPDBusEnum - ok
18:00:46.0538 0x0894  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:00:46.0569 0x0894  ws2ifsl - ok
18:00:46.0576 0x0894  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
18:00:46.0596 0x0894  wscsvc - ok
18:00:46.0600 0x0894  WSearch - ok
18:00:46.0659 0x0894  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:00:46.0728 0x0894  wuauserv - ok
18:00:46.0739 0x0894  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:00:46.0756 0x0894  WudfPf - ok
18:00:46.0765 0x0894  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:00:46.0786 0x0894  WUDFRd - ok
18:00:46.0793 0x0894  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:00:46.0811 0x0894  wudfsvc - ok
18:00:46.0821 0x0894  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:00:46.0848 0x0894  WwanSvc - ok
18:00:46.0857 0x0894  ================ Scan global ===============================
18:00:46.0861 0x0894  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:00:46.0875 0x0894  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:00:46.0894 0x0894  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:00:46.0902 0x0894  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:00:46.0917 0x0894  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:00:46.0934 0x0894  [ Global ] - ok
18:00:46.0934 0x0894  ================ Scan MBR ==================================
18:00:46.0936 0x0894  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:00:46.0981 0x0894  \Device\Harddisk1\DR1 - ok
18:00:46.0984 0x0894  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
18:00:47.0027 0x0894  \Device\Harddisk2\DR2 - ok
18:00:47.0035 0x0894  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk3\DR3
18:00:47.0105 0x0894  \Device\Harddisk3\DR3 - ok
18:00:47.0108 0x0894  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk4\DR4
18:00:47.0640 0x0894  \Device\Harddisk4\DR4 - ok
18:00:47.0647 0x0894  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:00:47.0738 0x0894  \Device\Harddisk0\DR0 - ok
18:00:47.0739 0x0894  ================ Scan VBR ==================================
18:00:47.0743 0x0894  [ 337BF22D8A4B693432659106972A7BFB ] \Device\Harddisk1\DR1\Partition1
18:00:47.0784 0x0894  \Device\Harddisk1\DR1\Partition1 - ok
18:00:47.0788 0x0894  [ 41FBE27C851697752C8BF1CA41B26A2F ] \Device\Harddisk2\DR2\Partition1
18:00:47.0833 0x0894  \Device\Harddisk2\DR2\Partition1 - ok
18:00:47.0836 0x0894  [ C1D39FE2199F38645E4B1573BA373C89 ] \Device\Harddisk3\DR3\Partition1
18:00:47.0837 0x0894  \Device\Harddisk3\DR3\Partition1 - ok
18:00:47.0840 0x0894  [ 4855F6DA6041FF4A2227197F7C93A896 ] \Device\Harddisk3\DR3\Partition2
18:00:47.0841 0x0894  \Device\Harddisk3\DR3\Partition2 - ok
18:00:47.0844 0x0894  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk4\DR4\Partition1
18:00:47.0844 0x0894  \Device\Harddisk4\DR4\Partition1 - ok
18:00:47.0848 0x0894  [ 4A4BCC3D91350B68D5F20895BEC08DB3 ] \Device\Harddisk4\DR4\Partition2
18:00:47.0908 0x0894  \Device\Harddisk4\DR4\Partition2 - ok
18:00:47.0911 0x0894  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
18:00:47.0911 0x0894  \Device\Harddisk0\DR0\Partition1 - ok
18:00:47.0914 0x0894  [ 4ADD9B3576BE0AE9DC4C9C62D84C3BD0 ] \Device\Harddisk0\DR0\Partition2
18:00:47.0982 0x0894  \Device\Harddisk0\DR0\Partition2 - ok
18:00:47.0983 0x0894  ================ Scan generic autorun ======================
18:00:47.0984 0x0894  MsmqIntCert - ok
18:00:48.0027 0x0894  [ DF72D700CC33611206675B8A2FD4D4F9, AB3AF6FD92140A1432FEAFFF2015CFAD5E9362F0018EA1D859A2DA349E95847D ] C:\Program Files\Logitech\SetPointP\SetPoint.exe
18:00:48.0072 0x0894  EvtMgr6 - ok
18:00:48.0130 0x0894  [ 21B433DC08AA92D6ADC6289C9E493D29, 358E8BDDED24E2EEE08ABF13DE71748F10FC5E65C829ED93D9960F6D3511F1BB ] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
18:00:48.0199 0x0894  HDAudDeck - detected UnsignedFile.Multi.Generic ( 1 )
18:00:51.0047 0x0894  Detect skipped due to KSN trusted
18:00:51.0047 0x0894  HDAudDeck - ok
18:00:51.0051 0x0894  [ 358C81ADA09E0B6906DB82EA75B836D5, B0F0FAB3D6A3541010D3CF810D6C0005E9C5556F226A71AFA2AEB22C981EC0F3 ] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
18:00:51.0058 0x0894  NUSB3MON - detected UnsignedFile.Multi.Generic ( 1 )
18:00:53.0712 0x0894  Detect skipped due to KSN trusted
18:00:53.0712 0x0894  NUSB3MON - ok
18:00:53.0722 0x0894  [ 17D9440D55500418C8FDB8EF1390C5AD, C4C57AE427FB89EFDFC1D111C300BB588E475BE90DD57084C03399557641F948 ] C:\Windows\RaidTool\xInsIDE.exe
18:00:53.0745 0x0894  JMB36X IDE Setup - ok
18:00:53.0751 0x0894  [ EBC0E8C0A4DDA2C32A7D5863462A321A, 2F410138DB66D0219254339F1F098E401CEDAA032596F1F67BC54F394256FC68 ] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
18:00:53.0758 0x0894  amd_dc_opt - detected UnsignedFile.Multi.Generic ( 1 )
18:00:56.0409 0x0894  Detect skipped due to KSN trusted
18:00:56.0409 0x0894  amd_dc_opt - ok
18:00:56.0431 0x0894  [ A50A181B454A821520C8BB1FD19FC7D2, 5EA9B01313ABFB1E077E38F8BD72D3BAFA6EB15EB458DF90C66CCF84C68E1768 ] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
18:00:56.0449 0x0894  Tarantula - detected UnsignedFile.Multi.Generic ( 1 )
18:00:59.0750 0x0894  Detect skipped due to KSN trusted
18:00:59.0750 0x0894  Tarantula - ok
18:00:59.0805 0x0894  [ 4CB7CEE3F7540B0BEDBD158D75F06509, 73348467A976AF06928B402E12A622BB1B5BD8BB2AC6446117E1FD1EEAFED217 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
18:00:59.0833 0x0894  StartCCC - ok
18:00:59.0838 0x0894  [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
18:00:59.0845 0x0894  APSDaemon - ok
18:00:59.0846 0x0894  KiesTrayAgent - ok
18:00:59.0855 0x0894  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:00:59.0867 0x0894  SunJavaUpdateSched - ok
18:00:59.0874 0x0894  [ D2E3E6D94A9E1CFA1561D9C748136FD0, C8CD851F1872086D18A329B47C7DEFAD2CE2E3A8F4321411247D06D07B2DB1D3 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
18:00:59.0884 0x0894  iTunesHelper - ok
18:00:59.0891 0x0894  [ CA1F035A177457B47F9B7D669FE3E91A, ACA93529F3AFD1F9B51B51A192D69321095465321E4382DD857138F45F37C5F7 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
18:00:59.0899 0x0894  Avira Systray - ok
18:00:59.0925 0x0894  [ 1E9B225DE829A6F666A0BA9B8A7984BF, 89D1222D72E23D21E6388B068CE7C415A9857ABB37D7A3AAD549B949A87E61FC ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
18:00:59.0944 0x0894  avgnt - ok
18:00:59.0972 0x0894  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:01:00.0030 0x0894  Sidebar - ok
18:01:00.0037 0x0894  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:01:00.0057 0x0894  mctadmin - ok
18:01:00.0085 0x0894  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:01:00.0120 0x0894  Sidebar - ok
18:01:00.0126 0x0894  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:01:00.0141 0x0894  mctadmin - ok
18:01:00.0143 0x0894  Thunderbird - ok
18:01:00.0170 0x0894  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
18:01:00.0205 0x0894  Sidebar - ok
18:01:00.0212 0x0894  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
18:01:00.0226 0x0894  mctadmin - ok
18:01:00.0227 0x0894  Waiting for KSN requests completion. In queue: 12
18:01:01.0227 0x0894  Waiting for KSN requests completion. In queue: 12
18:01:02.0227 0x0894  Waiting for KSN requests completion. In queue: 12
18:01:03.0280 0x0894  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 14.0.5.376 ), 0x41000 ( enabled : updated )
18:01:03.0296 0x0894  Win FW state via NFP2: enabled
18:01:05.0962 0x0894  ============================================================
18:01:05.0962 0x0894  Scan finished
18:01:05.0962 0x0894  ============================================================
18:01:05.0984 0x04d4  Detected object count: 0
18:01:05.0984 0x04d4  Actual detected object count: 0

schrauber · 06.07.2014, 11:09

LOgfile von Avira mit den Funden?

UltraM · 06.07.2014, 15:36

sorry,

hier natürlich noch der AVIRA scan:

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 3. Juli 2014  18:11


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Antivirus Free
Seriennummer   : 0000149996-AVHOE-0000001
Plattform      : Windows 7 Home Premium
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : user
Computername   : TOWER

Versionsinformationen:
BUILD.DAT      : 14.0.5.450     91868 Bytes  24.06.2014 20:39:00
AVSCAN.EXE     : 14.0.5.396   1042512 Bytes  24.06.2014 18:39:06
AVSCANRC.DLL   : 14.0.5.364     62544 Bytes  24.06.2014 18:39:06
LUKE.DLL       : 14.0.5.336     57936 Bytes  24.06.2014 18:39:35
AVSCPLR.DLL    : 14.0.5.376     89680 Bytes  24.06.2014 18:39:07
AVREG.DLL      : 14.0.5.356    261200 Bytes  24.06.2014 18:39:06
avlode.dll     : 14.0.5.396    588368 Bytes  24.06.2014 18:39:06
avlode.rdf     : 14.0.4.30      65097 Bytes  03.07.2014 15:47:25
XBV00008.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00009.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00010.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00011.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00012.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00013.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00014.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00015.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00016.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00017.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00018.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00019.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00020.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00021.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00022.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00023.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00024.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00025.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00026.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00027.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00028.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00029.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00030.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00031.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00032.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00033.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00034.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00035.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00036.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00037.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00038.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00039.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00040.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00041.VDF   : 8.11.153.142     2048 Bytes  06.06.2014 18:39:37
XBV00206.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00207.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00208.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00209.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00210.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00211.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00212.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00213.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00214.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00215.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00216.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00217.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00218.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00219.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00220.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00221.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00222.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00223.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00224.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00225.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00226.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00227.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00228.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00229.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00230.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00231.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00232.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00233.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00234.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00235.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00236.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00237.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00238.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00239.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00240.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00241.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00242.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00243.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00244.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00245.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00246.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00247.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00248.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00249.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00250.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00251.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00252.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00253.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00254.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00255.VDF   : 8.11.155.44     2048 Bytes  16.06.2014 18:39:37
XBV00000.VDF   : 7.11.70.0   66736640 Bytes  04.04.2013 18:39:37
XBV00001.VDF   : 7.11.74.226  2201600 Bytes  30.04.2013 18:39:37
XBV00002.VDF   : 7.11.80.60   2751488 Bytes  28.05.2013 18:39:37
XBV00003.VDF   : 7.11.85.214  2162688 Bytes  21.06.2013 18:39:37
XBV00004.VDF   : 7.11.91.176  3903488 Bytes  23.07.2013 18:39:37
XBV00005.VDF   : 7.11.98.186  6822912 Bytes  29.08.2013 18:39:37
XBV00006.VDF   : 7.11.139.38 15708672 Bytes  27.03.2014 18:39:37
XBV00007.VDF   : 7.11.152.100  4193792 Bytes  02.06.2014 18:39:37
XBV00042.VDF   : 8.11.153.142   710656 Bytes  06.06.2014 18:39:37
XBV00043.VDF   : 8.11.155.44  1013760 Bytes  16.06.2014 18:39:37
XBV00044.VDF   : 8.11.155.46     3072 Bytes  16.06.2014 18:39:37
XBV00045.VDF   : 8.11.155.52    38912 Bytes  16.06.2014 18:39:37
XBV00046.VDF   : 8.11.155.54    29696 Bytes  16.06.2014 18:39:37
XBV00047.VDF   : 8.11.155.58    13824 Bytes  16.06.2014 18:39:37
XBV00048.VDF   : 8.11.155.62    20480 Bytes  17.06.2014 18:39:37
XBV00049.VDF   : 8.11.155.64     5632 Bytes  17.06.2014 18:39:37
XBV00050.VDF   : 8.11.155.66   139264 Bytes  17.06.2014 18:39:37
XBV00051.VDF   : 8.11.155.68     2048 Bytes  17.06.2014 18:39:37
XBV00052.VDF   : 8.11.155.70     6144 Bytes  17.06.2014 18:39:37
XBV00053.VDF   : 8.11.155.74   180224 Bytes  17.06.2014 18:39:37
XBV00054.VDF   : 8.11.155.78    18432 Bytes  17.06.2014 18:39:37
XBV00055.VDF   : 8.11.155.80     6144 Bytes  17.06.2014 18:39:37
XBV00056.VDF   : 8.11.155.82     4608 Bytes  18.06.2014 18:39:37
XBV00057.VDF   : 8.11.155.86    17408 Bytes  18.06.2014 18:39:37
XBV00058.VDF   : 8.11.155.100   144896 Bytes  18.06.2014 18:39:37
XBV00059.VDF   : 8.11.155.114    25088 Bytes  18.06.2014 18:39:37
XBV00060.VDF   : 8.11.155.128     2048 Bytes  18.06.2014 18:39:37
XBV00061.VDF   : 8.11.155.146    27648 Bytes  18.06.2014 18:39:37
XBV00062.VDF   : 8.11.155.148     2048 Bytes  18.06.2014 18:39:37
XBV00063.VDF   : 8.11.155.150   148992 Bytes  18.06.2014 18:39:37
XBV00064.VDF   : 8.11.155.152     5120 Bytes  18.06.2014 18:39:37
XBV00065.VDF   : 8.11.155.156    12800 Bytes  18.06.2014 18:39:37
XBV00066.VDF   : 8.11.155.158     2048 Bytes  18.06.2014 18:39:37
XBV00067.VDF   : 8.11.155.160     2048 Bytes  18.06.2014 18:39:37
XBV00068.VDF   : 8.11.155.164     7680 Bytes  18.06.2014 18:39:37
XBV00069.VDF   : 8.11.155.168    18432 Bytes  19.06.2014 18:39:37
XBV00070.VDF   : 8.11.155.172     2048 Bytes  19.06.2014 18:39:37
XBV00071.VDF   : 8.11.155.174     7680 Bytes  19.06.2014 18:39:37
XBV00072.VDF   : 8.11.155.176     2048 Bytes  19.06.2014 18:39:37
XBV00073.VDF   : 8.11.155.178     7680 Bytes  19.06.2014 18:39:37
XBV00074.VDF   : 8.11.155.180     5120 Bytes  19.06.2014 18:39:37
XBV00075.VDF   : 8.11.155.182     4608 Bytes  19.06.2014 18:39:37
XBV00076.VDF   : 8.11.155.184     6144 Bytes  19.06.2014 18:39:37
XBV00077.VDF   : 8.11.155.186     4608 Bytes  19.06.2014 18:39:37
XBV00078.VDF   : 8.11.155.188     5632 Bytes  19.06.2014 18:39:37
XBV00079.VDF   : 8.11.155.190     5120 Bytes  19.06.2014 18:39:37
XBV00080.VDF   : 8.11.155.192     2048 Bytes  19.06.2014 18:39:37
XBV00081.VDF   : 8.11.155.196    17408 Bytes  19.06.2014 18:39:37
XBV00082.VDF   : 8.11.155.200     2048 Bytes  19.06.2014 18:39:37
XBV00083.VDF   : 8.11.155.202     5632 Bytes  20.06.2014 18:39:37
XBV00084.VDF   : 8.11.155.204    14848 Bytes  20.06.2014 18:39:37
XBV00085.VDF   : 8.11.155.206     3072 Bytes  20.06.2014 18:39:37
XBV00086.VDF   : 8.11.155.208     2048 Bytes  20.06.2014 18:39:37
XBV00087.VDF   : 8.11.155.210    11264 Bytes  20.06.2014 18:39:37
XBV00088.VDF   : 8.11.155.214     4608 Bytes  20.06.2014 18:39:37
XBV00089.VDF   : 8.11.155.218     8704 Bytes  20.06.2014 18:39:37
XBV00090.VDF   : 8.11.155.222     2048 Bytes  20.06.2014 18:39:37
XBV00091.VDF   : 8.11.155.224     2048 Bytes  20.06.2014 18:39:37
XBV00092.VDF   : 8.11.155.228   151552 Bytes  20.06.2014 18:39:37
XBV00093.VDF   : 8.11.155.242    13312 Bytes  21.06.2014 18:39:37
XBV00094.VDF   : 8.11.156.2     12800 Bytes  21.06.2014 18:39:37
XBV00095.VDF   : 8.11.156.4     58368 Bytes  21.06.2014 18:39:37
XBV00096.VDF   : 8.11.156.18   146944 Bytes  21.06.2014 18:39:37
XBV00097.VDF   : 8.11.156.20     2048 Bytes  21.06.2014 18:39:37
XBV00098.VDF   : 8.11.156.22    49152 Bytes  22.06.2014 18:39:37
XBV00099.VDF   : 8.11.156.24     2048 Bytes  22.06.2014 18:39:37
XBV00100.VDF   : 8.11.156.26     9216 Bytes  22.06.2014 18:39:37
XBV00101.VDF   : 8.11.156.30     2048 Bytes  22.06.2014 18:39:37
XBV00102.VDF   : 8.11.156.32    12800 Bytes  22.06.2014 18:39:37
XBV00103.VDF   : 8.11.156.34    36352 Bytes  23.06.2014 18:39:37
XBV00104.VDF   : 8.11.156.36     2560 Bytes  23.06.2014 18:39:37
XBV00105.VDF   : 8.11.156.38     2048 Bytes  23.06.2014 18:39:37
XBV00106.VDF   : 8.11.156.40     7168 Bytes  23.06.2014 18:39:37
XBV00107.VDF   : 8.11.156.52     8704 Bytes  23.06.2014 18:39:37
XBV00108.VDF   : 8.11.156.72   204288 Bytes  23.06.2014 18:39:37
XBV00109.VDF   : 8.11.156.76     2048 Bytes  23.06.2014 18:39:37
XBV00110.VDF   : 8.11.156.88     2048 Bytes  23.06.2014 18:39:37
XBV00111.VDF   : 8.11.156.100     2048 Bytes  23.06.2014 18:39:37
XBV00112.VDF   : 8.11.156.114    37376 Bytes  24.06.2014 18:39:37
XBV00113.VDF   : 8.11.156.126     2048 Bytes  24.06.2014 18:39:37
XBV00114.VDF   : 8.11.156.144    28160 Bytes  24.06.2014 15:47:25
XBV00115.VDF   : 8.11.156.146     2048 Bytes  24.06.2014 15:47:25
XBV00116.VDF   : 8.11.156.150   145408 Bytes  24.06.2014 15:47:25
XBV00117.VDF   : 8.11.156.152    13824 Bytes  24.06.2014 15:47:25
XBV00118.VDF   : 8.11.156.154     2048 Bytes  24.06.2014 15:47:25
XBV00119.VDF   : 8.11.156.158    35328 Bytes  24.06.2014 15:47:25
XBV00120.VDF   : 8.11.156.160    18432 Bytes  24.06.2014 15:47:25
XBV00121.VDF   : 8.11.156.162     5632 Bytes  24.06.2014 15:47:25
XBV00122.VDF   : 8.11.156.166    10240 Bytes  24.06.2014 15:47:25
XBV00123.VDF   : 8.11.156.180    21504 Bytes  25.06.2014 15:47:25
XBV00124.VDF   : 8.11.156.190     3072 Bytes  25.06.2014 15:47:25
XBV00125.VDF   : 8.11.156.206   147968 Bytes  25.06.2014 15:47:25
XBV00126.VDF   : 8.11.156.208     2048 Bytes  25.06.2014 15:47:25
XBV00127.VDF   : 8.11.156.220     2048 Bytes  25.06.2014 15:47:25
XBV00128.VDF   : 8.11.156.232    29696 Bytes  25.06.2014 15:47:25
XBV00129.VDF   : 8.11.156.242     2048 Bytes  25.06.2014 15:47:25
XBV00130.VDF   : 8.11.157.0    181248 Bytes  26.06.2014 15:47:26
XBV00131.VDF   : 8.11.157.4     15872 Bytes  26.06.2014 15:47:26
XBV00132.VDF   : 8.11.157.6      2560 Bytes  26.06.2014 15:47:26
XBV00133.VDF   : 8.11.157.24   151552 Bytes  26.06.2014 15:47:26
XBV00134.VDF   : 8.11.157.26     9728 Bytes  26.06.2014 15:47:26
XBV00135.VDF   : 8.11.157.28     5632 Bytes  26.06.2014 15:47:26
XBV00136.VDF   : 8.11.157.30     2048 Bytes  26.06.2014 15:47:26
XBV00137.VDF   : 8.11.157.32    25600 Bytes  26.06.2014 15:47:26
XBV00138.VDF   : 8.11.157.38    42496 Bytes  26.06.2014 15:47:26
XBV00139.VDF   : 8.11.157.46     2048 Bytes  27.06.2014 15:47:26
XBV00140.VDF   : 8.11.157.50    15360 Bytes  27.06.2014 15:47:26
XBV00141.VDF   : 8.11.157.76     2048 Bytes  27.06.2014 15:47:26
XBV00142.VDF   : 8.11.157.78   166400 Bytes  27.06.2014 15:47:26
XBV00143.VDF   : 8.11.157.88     2048 Bytes  27.06.2014 15:47:26
XBV00144.VDF   : 8.11.157.98    17408 Bytes  27.06.2014 15:47:26
XBV00145.VDF   : 8.11.157.100     2048 Bytes  27.06.2014 15:47:26
XBV00146.VDF   : 8.11.157.110   158208 Bytes  27.06.2014 15:47:26
XBV00147.VDF   : 8.11.157.112   166912 Bytes  27.06.2014 15:47:26
XBV00148.VDF   : 8.11.157.114     2048 Bytes  27.06.2014 15:47:26
XBV00149.VDF   : 8.11.157.118    11264 Bytes  27.06.2014 15:47:26
XBV00150.VDF   : 8.11.157.120     2048 Bytes  27.06.2014 15:47:26
XBV00151.VDF   : 8.11.157.126   156160 Bytes  28.06.2014 15:47:26
XBV00152.VDF   : 8.11.157.128     2048 Bytes  28.06.2014 15:47:26
XBV00153.VDF   : 8.11.157.130     6144 Bytes  28.06.2014 15:47:26
XBV00154.VDF   : 8.11.157.132    14336 Bytes  28.06.2014 15:47:26
XBV00155.VDF   : 8.11.157.134     2048 Bytes  28.06.2014 15:47:26
XBV00156.VDF   : 8.11.157.138     3584 Bytes  29.06.2014 15:47:26
XBV00157.VDF   : 8.11.157.140     2048 Bytes  29.06.2014 15:47:26
XBV00158.VDF   : 8.11.157.142    26624 Bytes  29.06.2014 15:47:26
XBV00159.VDF   : 8.11.157.144     2048 Bytes  29.06.2014 15:47:26
XBV00160.VDF   : 8.11.157.146     2048 Bytes  29.06.2014 15:47:26
XBV00161.VDF   : 8.11.157.148    12800 Bytes  29.06.2014 15:47:26
XBV00162.VDF   : 8.11.157.150    55808 Bytes  30.06.2014 15:47:27
XBV00163.VDF   : 8.11.157.152     2048 Bytes  30.06.2014 15:47:27
XBV00164.VDF   : 8.11.157.162    10240 Bytes  30.06.2014 15:47:27
XBV00165.VDF   : 8.11.157.170     2048 Bytes  30.06.2014 15:47:27
XBV00166.VDF   : 8.11.157.178     5632 Bytes  30.06.2014 15:47:27
XBV00167.VDF   : 8.11.157.186     2048 Bytes  30.06.2014 15:47:27
XBV00168.VDF   : 8.11.157.196    37888 Bytes  30.06.2014 15:47:27
XBV00169.VDF   : 8.11.157.202     8192 Bytes  30.06.2014 15:47:27
XBV00170.VDF   : 8.11.157.204     2048 Bytes  30.06.2014 15:47:27
XBV00171.VDF   : 8.11.157.208     7168 Bytes  30.06.2014 15:47:27
XBV00172.VDF   : 8.11.157.210    16384 Bytes  30.06.2014 15:47:27
XBV00173.VDF   : 8.11.157.214     2048 Bytes  30.06.2014 15:47:27
XBV00174.VDF   : 8.11.157.218   162304 Bytes  01.07.2014 15:47:27
XBV00175.VDF   : 8.11.157.220     2048 Bytes  01.07.2014 15:47:27
XBV00176.VDF   : 8.11.157.222    18432 Bytes  01.07.2014 15:47:27
XBV00177.VDF   : 8.11.157.224     2048 Bytes  01.07.2014 15:47:27
XBV00178.VDF   : 8.11.157.226     2048 Bytes  01.07.2014 15:47:27
XBV00179.VDF   : 8.11.157.228    23040 Bytes  01.07.2014 15:47:27
XBV00180.VDF   : 8.11.157.234   152064 Bytes  01.07.2014 15:47:27
XBV00181.VDF   : 8.11.157.236     6656 Bytes  01.07.2014 15:47:27
XBV00182.VDF   : 8.11.157.238     2048 Bytes  01.07.2014 15:47:27
XBV00183.VDF   : 8.11.157.240     6144 Bytes  01.07.2014 15:47:27
XBV00184.VDF   : 8.11.157.242     2048 Bytes  01.07.2014 15:47:27
XBV00185.VDF   : 8.11.157.246     5632 Bytes  01.07.2014 15:47:27
XBV00186.VDF   : 8.11.157.248     2048 Bytes  01.07.2014 15:47:27
XBV00187.VDF   : 8.11.157.250     2560 Bytes  02.07.2014 15:47:27
XBV00188.VDF   : 8.11.157.254     3072 Bytes  02.07.2014 15:47:27
XBV00189.VDF   : 8.11.158.2    153600 Bytes  02.07.2014 15:47:27
XBV00190.VDF   : 8.11.158.4    178176 Bytes  02.07.2014 15:47:27
XBV00191.VDF   : 8.11.158.6     17920 Bytes  02.07.2014 15:47:27
XBV00192.VDF   : 8.11.158.14     2048 Bytes  02.07.2014 15:47:27
XBV00193.VDF   : 8.11.158.22     7680 Bytes  02.07.2014 15:47:27
XBV00194.VDF   : 8.11.158.30     2048 Bytes  02.07.2014 15:47:27
XBV00195.VDF   : 8.11.158.38     2560 Bytes  02.07.2014 15:47:27
XBV00196.VDF   : 8.11.158.50   166912 Bytes  02.07.2014 15:47:28
XBV00197.VDF   : 8.11.158.56     2560 Bytes  02.07.2014 15:47:28
XBV00198.VDF   : 8.11.158.62    38912 Bytes  03.07.2014 15:47:28
XBV00199.VDF   : 8.11.158.64     2048 Bytes  03.07.2014 15:47:28
XBV00200.VDF   : 8.11.158.68   174592 Bytes  03.07.2014 15:47:28
XBV00201.VDF   : 8.11.158.72     2048 Bytes  03.07.2014 15:47:28
XBV00202.VDF   : 8.11.158.74    12288 Bytes  03.07.2014 15:47:28
XBV00203.VDF   : 8.11.158.76     2048 Bytes  03.07.2014 15:47:28
XBV00204.VDF   : 8.11.158.78    14848 Bytes  03.07.2014 15:47:28
XBV00205.VDF   : 8.11.158.80    11264 Bytes  03.07.2014 15:47:28
LOCAL001.VDF   : 8.11.158.80 107920384 Bytes  03.07.2014 15:47:53
Engineversion  : 8.3.20.28 
AEVDF.DLL      : 8.3.0.4       118976 Bytes  24.06.2014 18:39:06
AESCRIPT.DLL   : 8.1.4.216     528584 Bytes  03.07.2014 15:47:25
AESCN.DLL      : 8.3.1.2       135360 Bytes  24.06.2014 18:39:06
AESBX.DLL      : 8.2.20.24    1409224 Bytes  24.06.2014 18:39:05
AERDL.DLL      : 8.2.0.138     704888 Bytes  24.06.2014 18:39:05
AEPACK.DLL     : 8.4.0.42      786632 Bytes  03.07.2014 15:47:25
AEOFFICE.DLL   : 8.3.0.8       205000 Bytes  03.07.2014 15:47:25
AEHEUR.DLL     : 8.1.4.1132   6820040 Bytes  03.07.2014 15:47:25
AEHELP.DLL     : 8.3.1.0       278728 Bytes  24.06.2014 18:39:05
AEGEN.DLL      : 8.1.7.28      450752 Bytes  24.06.2014 18:39:05
AEEXP.DLL      : 8.4.2.6       237760 Bytes  03.07.2014 15:47:25
AEEMU.DLL      : 8.1.3.2       393587 Bytes  24.06.2014 18:39:05
AEDROID.DLL    : 8.4.2.24      442568 Bytes  24.06.2014 18:39:05
AECORE.DLL     : 8.3.1.4       241864 Bytes  24.06.2014 18:39:05
AEBB.DLL       : 8.1.1.4        53619 Bytes  24.06.2014 18:39:05
AVWINLL.DLL    : 14.0.5.320     24144 Bytes  24.06.2014 18:39:17
AVPREF.DLL     : 14.0.5.320     50256 Bytes  24.06.2014 18:39:06
AVREP.DLL      : 14.0.5.320    219216 Bytes  24.06.2014 18:39:06
AVARKT.DLL     : 14.0.5.368    226384 Bytes  24.06.2014 18:39:06
AVEVTLOG.DLL   : 14.0.5.320    182352 Bytes  24.06.2014 18:39:06
SQLITE3.DLL    : 14.0.5.320    452176 Bytes  24.06.2014 18:39:36
AVSMTP.DLL     : 14.0.5.320     76368 Bytes  24.06.2014 18:39:09
NETNT.DLL      : 14.0.5.320     13392 Bytes  24.06.2014 18:39:36
RCIMAGE.DLL    : 14.0.5.320   4998224 Bytes  24.06.2014 18:39:36
RCTEXT.DLL     : 14.0.5.322     73808 Bytes  24.06.2014 18:39:36

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:, G:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 3. Juli 2014  18:11

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD3(C:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD1(D:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD2(E:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD0(F:)'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'HDD4(G:)'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'hmpalert.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '84' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '165' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'PluginService.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'Fuel.Service.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '108' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'inetinfo.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'mqsvc.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSVC.EXE' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'mqtgsvc.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLIDSvcM.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '193' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'DAODx.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPoint.exe' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'thunderbird.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'miranda32.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'VDeck.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'nusb3mon.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'KHALMNPR.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'razerhid.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '137' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '257' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '177' Modul(e) wurden durchsucht
Durchsuche Prozess 'razertra.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'SetPointII.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '146' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AUDIODG.EXE' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '118' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '3404' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <SSD>
C:\ProgramData\WPM\wprotectmanager.exe
  [FUND]      Enthält Erkennungsmuster des Rootkits RKIT/13850.A
Beginne mit der Suche in 'D:\' <HDD 1>
Beginne mit der Suche in 'E:\' <HDD 2>
    [0] Archivtyp: RSRC
    --> C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\winusbcoinstaller2.dll
        [1] Archivtyp: RSRC
      --> C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\amd64\WUDFUpdate_01009.dll
          [2] Archivtyp: RSRC
        --> C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\winusbcoinstaller2.dll
            [3] Archivtyp: RSRC
          --> C:\Program Files (x86)\ClockworkMod\Universal Adb Driver\usb_driver\i386\WUDFUpdate_01009.dll
              [4] Archivtyp: RSRC
            --> C:\Users\user\AppData\LocalLow\Sun\Java\JRERunOnce.exe
                [5] Archivtyp: Runtime Packed
              --> C:\Users\user\AppData\Roaming\AdbDriverInstaller\usb_driver\amd64\winusbcoinstaller2.dll
                  [6] Archivtyp: RSRC
                --> C:\Users\user\AppData\Roaming\AdbDriverInstaller\usb_driver\amd64\WUDFUpdate_01009.dll
                    [7] Archivtyp: RSRC
                  --> C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
                      [8] Archivtyp: RSRC
                    --> C:\Windows\System32\WinUSBCoInstaller2.dll
                        [9] Archivtyp: RSRC
                      --> C:\Windows\System32\DriverStore\FileRepository\android_winusb.inf_amd64_neutral_fa566a76aa7fb363\amd64\WinUSBCoInstaller2.dll
                          [10] Archivtyp: RSRC
                        --> E:\theendowordm.info.zip
                            [11] Archivtyp: ZIP
                          --> MUCC - THE END OF THE WORLD (Album)/Vocaloid.htm
                              [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Redirector.EB.157
                              [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
E:\theendowordm.info.zip
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Redirector.EB.157
E:\TABOO\MUCC - THE END OF THE WORLD (Album)\Vocaloid.htm
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Redirector.EB.157
Beginne mit der Suche in 'F:\' <HDD 3>
Beginne mit der Suche in 'G:\' <HDD 4>

Beginne mit der Desinfektion:
E:\TABOO\MUCC - THE END OF THE WORLD (Album)\Vocaloid.htm
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Redirector.EB.157
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51eeac08.qua' verschoben!
E:\theendowordm.info.zip
  [FUND]      Enthält Erkennungsmuster des Java-Scriptvirus JS/Redirector.EB.157
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '494383a7.qua' verschoben!
C:\ProgramData\WPM\wprotectmanager.exe
  [FUND]      Enthält Erkennungsmuster des Rootkits RKIT/13850.A
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1b2fd950.qua' verschoben!


Ende des Suchlaufs: Freitag, 4. Juli 2014  03:27
Benötigte Zeit:  5:09:57 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  56513 Verzeichnisse wurden überprüft
 1736945 Dateien wurden geprüft
      4 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      3 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 1736941 Dateien ohne Befall
  19336 Archive wurden durchsucht
      1 Warnungen
      4 Hinweise
 1372292 Objekte wurden beim Rootkitscan durchsucht
      1 Versteckte Objekte wurden gefunden

schrauber · 07.07.2014, 11:14

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

UltraM · 08.07.2014, 00:32

Hallo schrauber,

erst einmal Vielen Dank für deine Ganzen Mühen!

Hier die neuen Logs:

Malwarebytes Anti-Malware

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.07.2014
Suchlauf-Zeit: 18:25:13
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.07.06
Rootkit Datenbank: v2014.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: user

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 411149
Verstrichene Zeit: 9 Min, 33 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 1
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 1288, , 

[e7cbfd9f6d0e43f3b510ed6fac55b24e]

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 2
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, , 

[e7cbfd9f6d0e43f3b510ed6fac55b24e], 
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, , [d5dda6f66219fe38edeaca308d76f010], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 4
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files

\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1400269906&from=smt&uid=WDCXWD20EARS-

00MVWB0_WD-WMAZA337026770267, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe 

hxxp://start.qone8.com/?type=sc&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267),,

[ad05128a32496fc75ef2e7af7d8703fd]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program 

Files\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1400269906&from=smt&uid=WDCXWD20EARS-

00MVWB0_WD-WMAZA337026770267, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe 

hxxp://start.qone8.com/?type=sc&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-WMAZA337026770267),,

[09a92e6eea911d19ef61c1d5877d649c]
PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, 

hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d2601b24-efad-b3ca-0773-

a67b5a7b3a40&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/01/2014&type=hp1000, Gut: (www.google.com), 

Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d2601b24-efad-b3ca-0773-

a67b5a7b3a40&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/01/2014&type=hp1000),,

[aa0868344f2c40f67df190fca1637789]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-3657025517-3778367934-1715766770-1000-{ED1FC765-E35E-4C3D-BF15-

2C2B11260CE4}-1\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?

publisher=YahooOC&dpid=YahooOC&co=DE&userid=d2601b24-efad-b3ca-0773-a67b5a7b3a40&searchtype=ds&p={searchTerms}

&fr=linkury-tb&installDate=10/01/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?

publisher=YahooOC&dpid=YahooOC&co=DE&userid=d2601b24-efad-b3ca-0773-a67b5a7b3a40&searchtype=ds&p={searchTerms}

&fr=linkury-tb&installDate=10/01/2014&type=hp1000),,[e8ca900cc6b5dd594a254c40b74d4cb4]

Ordner: 8
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, , [951d811b6a11f343c04f77393ec4728e], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, , [951d811b6a11f343c04f77393ec4728e], 

Dateien: 64
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, , 

[e7cbfd9f6d0e43f3b510ed6fac55b24e], 
PUP.Optional.Skytech.A, C:\Users\user\AppData\Roaming\qone8\UninstallManager.exe, , 

[7a38d6c6abd066d03db6becd05fcb14f], 
PUP.Optional.SweetIM.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\searchplugins

\sweetim.xml, , [a9091a82e8930234bb6f7f44f70bfd03], 
PUP.Optional.WebSearch.A, C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\searchplugins\Web 

Search.xml, , [4d6533690c6f171fe2a75f71f111d22e], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.html, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\manifest.json, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.htm, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.html, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.html, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS\border.css, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-1.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-2.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-3.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fb.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fblike.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\gmail.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\google.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\googleplus.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-1.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-2.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-3.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\left.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-1.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-2.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-3.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\mgsplusvideo.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-1.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-2.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-3.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\pinit.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\right.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\searchBox.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-1.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-2.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-3.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\twitter.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-1.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-2.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-3.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\BackPageRemove.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\defaultBlockList.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\documentEvents.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\externalJS.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\FBImagePreview.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\InternalJS.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\jquery-1.9.0.min.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\PluginWrapper.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\publisherDefinitions.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\tabReload.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\TopFrameJS.js, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\homePage.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Linkury.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Linkury128.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Linkury16.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.SnapDo.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Linkury48.png, , [bef4b1eba7d468ce5908adf062a025db], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, , [951d811b6a11f343c04f77393ec4728e], 
PUP.Optional.Qone8.A, C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( 

     "startup_urls": [ "hxxp://start.qone8.com/?type=hp&ts=1400269906&from=smt&uid=WDCXWD20EARS-00MVWB0_WD-

WMAZA337026770267" ],), ,[476ba0fcc6b5e84e5b79dee7d232cf31]

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.214 - Bericht erstellt am 08/07/2014 um 01:17:19
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : user - TOWER
# Gestartet von : E:\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\software4u
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\users\user\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\users\user\AppData\Roaming\qone8
Ordner Gelöscht : C:\users\user\AppData\Roaming\software4u
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\staged

\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\user.js
Datei Gelöscht : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\dt soft\daemon tools toolbar
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Wpm
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab

\SEARCH~1.DLL
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:

\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Winamp Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?

sredir=2685&invocationType=tb50ffwinampie7&query=");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?

sredir=2685&invocationType=tb50ffwinampab&query=");
Zeile gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Winamp Search");

[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\prefs.js ]

Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 23155906);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

-\\ Google Chrome v35.0.1916.153

[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d2601b24-efad-

b3ca-0773-a67b5a7b3a40&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/01/2014&type=hp1000
Gelöscht [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl

*************************

AdwCleaner[R0].txt - [8034 octets] - [08/07/2014 01:16:24]
AdwCleaner[S0].txt - [6916 octets] - [08/07/2014 01:17:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6976 octets] ##########

Junkware Removal Tool

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by user on 08.07.2014 at  1:19:23,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry

\REGISTRY\USER\S-1-5-21-3657025517-3778367934-1715766770-1000\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\42jvhwvp.default\extensions

\staged
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\ffrwe7zb.Test___\minidumps [574 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2014 at  1:30:42,88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und ein frisches FRST

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by user (administrator) on TOWER on 08-07-2014 01:31:21
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
() C:\Windows\DAODx.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Miranda IM) C:\Program Files (x86)\Miranda IM\miranda32.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Razer USA Ltd.) C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Razer\Tarantula\razertra.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Copy Handler] => [X]
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Tarantula] => C:\Program Files (x86)\Razer\Tarantula\razerhid.exe [159744 2007-05-07] (Razer USA Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [Thunderbird] => "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird" -turbo
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\MountPoints2: {8eda9c35-4642-11e3-ac4d-485b39caa82b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\MountPoints2: {fb60f386-d128-11df-9a4e-eb57c079cb76} - Z:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.lnk
ShortcutTarget: miranda32.lnk -> C:\Program Files (x86)\Miranda IM\miranda32.exe (Miranda IM)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFA9B49F8FE58CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{92BBF8D9-3F18-4086-AEF0-FAE6E99FE04A}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___
FF Homepage: hxxp://forum.suchathing.net/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCrochetPLUG.dll ( Voyager Japan,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ChatZilla - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011-06-01]
FF Extension: Test Pilot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-10]
FF Extension: WinToFlash Suggestor - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: ChatZilla - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-07-14]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-12-23]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\guiconfig@slosd.net.xpi [2013-06-14]
FF Extension: WinToFlash Suggestor - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-27]

Chrome: 
=======
CHR HomePage: 
CHR NewTab: "chrome-extension://amfclgbdpgndipgoegfpkkgobahigbcl/redirect.html",
				"chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-22]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-22]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-22]
CHR Extension: (FoxyProxy Standard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-12-22]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-22]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-03] (SurfRight B.V.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4714888 2012-06-29] (RealVNC Ltd)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-05-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-03] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-05-08] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 MRV6X64P; C:\Windows\System32\DRIVERS\MRVW13C.sys [245248 2007-10-16] (Marvell Semiconductor, Inc) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-06] () [File not signed]
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.)
U3 ag5yexdb; C:\Windows\System32\Drivers\ag5yexdb.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\user\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 01:30 - 2014-07-08 01:30 - 00001068 _____ () C:\Users\user\Desktop\JRT.txt
2014-07-08 01:19 - 2014-07-08 01:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-08 01:18 - 2014-07-08 01:18 - 00007092 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-07-08 01:16 - 2014-07-08 01:17 - 00000000 ____D () C:\AdwCleaner
2014-07-08 01:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-07 18:35 - 2014-07-07 18:35 - 00016898 _____ () C:\Users\user\Desktop\mw.txt
2014-07-07 18:11 - 2014-07-07 19:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 18:11 - 2014-07-07 18:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-07 18:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 18:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 10:30 - 2014-07-05 10:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
2014-07-05 10:30 - 2014-07-05 10:30 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
2014-07-04 15:54 - 2014-07-08 01:31 - 00000000 ____D () C:\FRST
2014-07-04 03:33 - 2014-07-04 03:33 - 00062908 _____ () C:\Users\user\Desktop\AVSCAN-20140703-181151-CB22AA0D.LOG
2014-07-03 18:00 - 2014-07-08 01:18 - 00158476 _____ () C:\Windows\PFRO.log
2014-07-03 18:00 - 2014-07-08 01:18 - 00015288 _____ () C:\Windows\setupact.log
2014-07-03 18:00 - 2014-07-03 18:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\AVZ
2014-07-03 17:50 - 2014-07-03 17:50 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:48 - 2014-07-03 17:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-03 17:40 - 2014-07-08 01:18 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-03 17:40 - 2014-07-03 18:00 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:52 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-03 17:40 - 2014-07-03 17:52 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-03 17:40 - 2014-07-03 17:52 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 17:38 - 2014-07-03 17:38 - 00001100 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-03 17:38 - 2014-07-03 17:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-26 21:53 - 2014-07-08 01:13 - 00000000 ____D () C:\Users\user\AppData\Roaming\Azureus
2014-06-26 21:53 - 2014-06-26 21:53 - 00001801 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\.swt
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Program Files\Vuze
2014-06-21 21:51 - 2014-06-21 21:51 - 00000958 _____ () C:\Users\user\Desktop\TinyPic.lnk
2014-06-21 21:51 - 2014-06-21 21:51 - 00000000 ____D () C:\Program Files (x86)\Tinypic
2014-06-21 21:42 - 2014-06-21 21:51 - 00000000 ____D () C:\Users\user\Desktop\kaputtes_paket
2014-06-19 17:30 - 2014-06-19 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 23:44 - 2014-06-13 23:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-06-11 20:53 - 2014-06-12 18:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 17:37 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 17:37 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 17:37 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 17:37 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 17:37 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 17:37 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 17:37 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 17:37 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 17:37 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 17:37 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 17:37 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 17:37 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 17:37 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 17:37 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 17:37 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 17:37 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 17:37 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 17:37 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 17:37 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 17:37 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 17:37 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 17:37 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 17:37 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 17:37 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 17:37 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 17:37 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 17:37 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 17:37 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 17:37 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 17:37 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 17:37 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 17:37 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 17:37 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 17:37 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 17:37 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 17:37 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 17:37 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 17:37 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 17:37 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 17:37 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 17:37 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 17:37 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 17:37 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 17:37 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 17:37 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 17:37 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 17:37 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 17:37 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 17:37 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 17:37 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 17:37 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 17:37 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 17:32 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 17:32 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 17:32 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 17:32 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 17:32 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 17:32 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 17:32 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 17:32 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 17:32 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 17:32 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 17:32 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 17:32 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 17:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 17:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 17:26 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 17:26 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-07-08 01:31 - 2014-07-04 15:54 - 00000000 ____D () C:\FRST
2014-07-08 01:31 - 2013-05-22 11:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\NetSpeedMonitor
2014-07-08 01:30 - 2014-07-08 01:30 - 00001068 _____ () C:\Users\user\Desktop\JRT.txt
2014-07-08 01:30 - 2014-04-11 21:59 - 00025411 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-07-08 01:25 - 2009-07-14 19:58 - 00774832 _____ () C:\Windows\system32\perfh007.dat
2014-07-08 01:25 - 2009-07-14 19:58 - 00175800 _____ () C:\Windows\system32\perfc007.dat
2014-07-08 01:25 - 2009-07-14 07:13 - 01809378 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-08 01:25 - 2009-07-14 06:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 01:25 - 2009-07-14 06:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 01:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-08 01:19 - 2014-07-08 01:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-08 01:18 - 2014-07-08 01:18 - 00007092 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-07-08 01:18 - 2014-07-03 18:00 - 00158476 _____ () C:\Windows\PFRO.log
2014-07-08 01:18 - 2014-07-03 18:00 - 00015288 _____ () C:\Windows\setupact.log
2014-07-08 01:18 - 2014-07-03 17:40 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-08 01:18 - 2013-12-22 12:03 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 01:18 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 01:17 - 2014-07-08 01:16 - 00000000 ____D () C:\AdwCleaner
2014-07-08 01:17 - 2010-07-26 16:13 - 01521222 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 01:14 - 2013-11-16 15:43 - 00000000 ____D () C:\Users\user\AppData\Local\Battle.net
2014-07-08 01:13 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Azureus
2014-07-08 00:46 - 2013-12-22 12:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 00:32 - 2012-04-11 20:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-07 23:07 - 2010-07-28 16:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client
2014-07-07 21:38 - 2013-02-26 03:57 - 00000000 ____D () C:\Program Files\JDownloader 2
2014-07-07 19:32 - 2014-07-07 18:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 18:35 - 2014-07-07 18:35 - 00016898 _____ () C:\Users\user\Desktop\mw.txt
2014-07-07 18:11 - 2014-07-07 18:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-07 18:11 - 2014-01-26 13:50 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-07 18:11 - 2014-01-26 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 12:01 - 2010-07-28 20:23 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-07-05 10:31 - 2012-08-21 22:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\Winamp
2014-07-05 10:30 - 2014-07-05 10:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
2014-07-05 10:30 - 2014-07-05 10:30 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
2014-07-05 10:30 - 2010-08-08 15:49 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-04 20:58 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 16:04 - 2010-10-06 11:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2014-07-04 03:33 - 2014-07-04 03:33 - 00062908 _____ () C:\Users\user\Desktop\AVSCAN-20140703-181151-CB22AA0D.LOG
2014-07-03 18:00 - 2014-07-03 18:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 18:00 - 2014-07-03 17:40 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\AVZ
2014-07-03 17:52 - 2014-07-03 17:40 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-03 17:52 - 2014-07-03 17:40 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-03 17:52 - 2014-07-03 17:40 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-03 17:51 - 2013-04-29 20:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\inkscape
2014-07-03 17:51 - 2010-09-01 00:40 - 00000000 ____D () C:\Windows\Minidump
2014-07-03 17:51 - 2010-08-01 01:58 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2014-07-03 17:51 - 2010-07-26 17:08 - 00000000 ____D () C:\Windows\Panther
2014-07-03 17:50 - 2014-07-03 17:50 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:50 - 2012-05-12 22:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:47 - 2014-07-03 17:48 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-03 17:47 - 2013-01-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-03 17:46 - 2013-01-02 15:38 - 00000000 ____D () C:\ProgramData\Avira
2014-07-03 17:46 - 2013-01-02 15:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 17:38 - 2014-07-03 17:38 - 00001100 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-03 17:38 - 2014-07-03 17:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 17:32 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\user\AppData\Local\Akamai
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ___HD () C:\Program Files (x86)\Dr.Fone_Temp
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-07-03 17:32 - 2013-11-16 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\Battle.net
2014-07-03 17:32 - 2012-12-26 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-07-03 17:32 - 2011-04-02 13:39 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-03 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-02 22:31 - 2011-02-07 20:35 - 00000000 ____D () C:\Users\user\.gimp-2.6
2014-06-27 21:18 - 2011-06-15 19:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Aegisub
2014-06-26 21:53 - 2014-06-26 21:53 - 00001801 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\.swt
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Program Files\Vuze
2014-06-26 21:53 - 2010-09-05 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-06-25 17:35 - 2010-07-28 16:51 - 00000000 ____D () C:\Users\user\AppData\Local\TeamSpeak 3 Client
2014-06-24 20:39 - 2014-07-03 17:46 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-03 17:46 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-03 17:46 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-21 21:51 - 2014-06-21 21:51 - 00000958 _____ () C:\Users\user\Desktop\TinyPic.lnk
2014-06-21 21:51 - 2014-06-21 21:51 - 00000000 ____D () C:\Program Files (x86)\Tinypic
2014-06-21 21:51 - 2014-06-21 21:42 - 00000000 ____D () C:\Users\user\Desktop\kaputtes_paket
2014-06-21 08:41 - 2013-12-22 12:03 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 08:41 - 2013-12-22 12:03 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:21 - 2012-04-25 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:30 - 2014-06-19 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 20:52 - 2013-11-23 22:41 - 00000000 ____D () C:\Users\user\Desktop\tatt
2014-06-14 09:44 - 2012-04-11 20:38 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-14 09:44 - 2012-04-11 20:38 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-14 09:44 - 2011-06-25 09:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-13 23:44 - 2014-06-13 23:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-06-13 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 18:15 - 2014-06-11 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 18:18 - 2013-08-14 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:16 - 2014-05-28 23:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 18:16 - 2010-07-26 17:10 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 18:15 - 2014-05-06 20:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 11:13 - 2014-06-11 17:26 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 17:26 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\i4jdel0.exe
C:\Users\user\AppData\Local\Temp\proxy_vole9091559444165420152.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 20:07

==================== End Of Log ============================

schrauber · 08.07.2014, 19:07

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

UltraM · 09.07.2014, 06:02

grml,

habe ich das nur so im Gefühl, oder kommt hier immer mehr Müll-Software ans Licht?! OMG was habe ich nur gemacht? :S

Hier die Logs:

ESET Online Scanner

Code:

ATTFilter

C:\AdwCleaner\Backup\C\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\prefs_08_07_2014_01_17_22.js	JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir	Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir	Win32/Thinknice.B evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\user.js.vir	JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung
C:\Program Files (x86)\JDownloader 2.0\toolbar.exe	Win32/Toolbar.Conduit evtl. unerwünschte Anwendung
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1628701b-5bbac53f	Mehrere Bedrohungen
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\prefs.js	JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0	Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung
E:\ccsetup415.exe	Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung

SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 iZotope Music & Speech Cleaner 
 JavaFX 2.1.1    
 Java(TM) 6 Update 20  
 Java(TM) 6 Update 29  
 Java 7 Update 55  
 Java version out of Date! 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (30.0) 
 Mozilla Thunderbird (24.6.0) 
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by user (administrator) on TOWER on 09-07-2014 07:01:23
Running from E:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Windows\DAODx.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\user\AppData\Local\Akamai\netsession_win.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Razer USA Ltd.) C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointG\SetPointII.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Razer\Tarantula\razertra.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Copy Handler] => [X]
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Tarantula] => C:\Program Files (x86)\Razer\Tarantula\razerhid.exe [159744 2007-05-07] (Razer USA Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [187984 2014-06-30] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [Thunderbird] => "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird" -turbo
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\Run: [Akamai NetSession Interface] => C:\Users\user\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\MountPoints2: {8eda9c35-4642-11e3-ac4d-485b39caa82b} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3657025517-3778367934-1715766770-1000\...\MountPoints2: {fb60f386-d128-11df-9a4e-eb57c079cb76} - Z:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\miranda32.lnk
ShortcutTarget: miranda32.lnk -> C:\Program Files (x86)\Miranda IM\miranda32.exe (Miranda IM)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFA9B49F8FE58CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{92BBF8D9-3F18-4086-AEF0-FAE6E99FE04A}: [NameServer]192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___
FF Homepage: hxxp://forum.suchathing.net/
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCrochetPLUG.dll ( Voyager Japan,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ChatZilla - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011-06-01]
FF Extension: Test Pilot - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-08-10]
FF Extension: WinToFlash Suggestor - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\42jvhwvp.default\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: ChatZilla - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2013-07-14]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2013-12-23]
FF Extension: No Name - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\guiconfig@slosd.net.xpi [2013-06-14]
FF Extension: WinToFlash Suggestor - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi [2012-05-25]
FF Extension: Adblock Plus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ffrwe7zb.Test___\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-27]

Chrome: 
=======
CHR HomePage: 
CHR NewTab: "chrome-extension://amfclgbdpgndipgoegfpkkgobahigbcl/redirect.html",
				"chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-22]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-22]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-22]
CHR Extension: (Google-Suche) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-22]
CHR Extension: (FoxyProxy Standard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2013-12-22]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-22]
CHR Extension: (Google Mail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-22]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-22]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [138832 2014-06-30] (Avira Operations GmbH & Co. KG)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1876816 2014-07-03] (SurfRight B.V.)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation)
S3 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4714888 2012-06-29] (RealVNC Ltd)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 ATITool; C:\Windows\System32\DRIVERS\ATITool64.sys [35624 2007-08-08] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-05-08] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 hmpalert; C:\Windows\System32\drivers\hmpalert.sys [93144 2014-07-03] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2011-05-08] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus64.sys [261120 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
S3 MRV6X64P; C:\Windows\System32\DRIVERS\MRVW13C.sys [245248 2007-10-16] (Marvell Semiconductor, Inc) [File not signed]
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-06] () [File not signed]
S3 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2009-11-12] () [File not signed]
S3 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [7168 2009-11-12] () [File not signed]
R3 TarFltr; C:\Windows\System32\drivers\UsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.)
U3 a2ckfi6b; C:\Windows\System32\Drivers\a2ckfi6b.sys [0 ] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\user\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-08 20:45 - 2014-07-08 20:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-08 01:30 - 2014-07-08 01:30 - 00001068 _____ () C:\Users\user\Desktop\JRT.txt
2014-07-08 01:19 - 2014-07-08 01:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-08 01:18 - 2014-07-08 01:18 - 00007092 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-07-08 01:16 - 2014-07-08 01:17 - 00000000 ____D () C:\AdwCleaner
2014-07-08 01:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-07 18:35 - 2014-07-07 18:35 - 00016898 _____ () C:\Users\user\Desktop\mw.txt
2014-07-07 18:11 - 2014-07-07 19:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 18:11 - 2014-07-07 18:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-07 18:11 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 18:11 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-05 10:30 - 2014-07-05 10:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
2014-07-05 10:30 - 2014-07-05 10:30 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
2014-07-04 15:54 - 2014-07-09 07:01 - 00000000 ____D () C:\FRST
2014-07-04 03:33 - 2014-07-04 03:33 - 00062908 _____ () C:\Users\user\Desktop\AVSCAN-20140703-181151-CB22AA0D.LOG
2014-07-03 18:00 - 2014-07-08 17:50 - 00016464 _____ () C:\Windows\setupact.log
2014-07-03 18:00 - 2014-07-08 01:18 - 00158476 _____ () C:\Windows\PFRO.log
2014-07-03 18:00 - 2014-07-03 18:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\AVZ
2014-07-03 17:50 - 2014-07-03 17:50 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:48 - 2014-07-03 17:47 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-03 17:46 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-03 17:40 - 2014-07-08 17:51 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-03 17:40 - 2014-07-03 18:00 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:52 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-03 17:40 - 2014-07-03 17:52 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-03 17:40 - 2014-07-03 17:52 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 17:38 - 2014-07-03 17:38 - 00001100 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-03 17:38 - 2014-07-03 17:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-26 21:53 - 2014-07-08 22:22 - 00000000 ____D () C:\Users\user\AppData\Roaming\Azureus
2014-06-26 21:53 - 2014-06-26 21:53 - 00001801 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\.swt
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Program Files\Vuze
2014-06-21 21:51 - 2014-06-21 21:51 - 00000958 _____ () C:\Users\user\Desktop\TinyPic.lnk
2014-06-21 21:51 - 2014-06-21 21:51 - 00000000 ____D () C:\Program Files (x86)\Tinypic
2014-06-21 21:42 - 2014-06-21 21:51 - 00000000 ____D () C:\Users\user\Desktop\kaputtes_paket
2014-06-19 17:30 - 2014-06-19 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 23:44 - 2014-06-13 23:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-06-11 20:53 - 2014-06-12 18:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 17:37 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 17:37 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 17:37 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 17:37 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 17:37 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 17:37 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 17:37 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 17:37 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 17:37 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 17:37 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 17:37 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 17:37 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 17:37 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 17:37 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 17:37 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 17:37 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 17:37 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 17:37 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 17:37 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 17:37 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 17:37 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 17:37 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 17:37 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 17:37 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 17:37 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 17:37 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 17:37 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 17:37 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 17:37 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 17:37 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 17:37 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 17:37 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 17:37 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 17:37 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 17:37 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 17:37 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 17:37 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 17:37 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 17:37 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 17:37 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 17:37 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 17:37 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 17:37 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 17:37 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 17:37 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 17:37 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 17:37 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 17:37 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 17:37 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 17:37 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 17:37 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 17:37 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 17:32 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 17:32 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 17:32 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 17:32 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 17:32 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 17:32 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 17:32 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 17:32 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 17:32 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 17:32 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 17:32 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 17:32 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 17:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 17:32 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 17:26 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 17:26 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

==================== One Month Modified Files and Folders =======

2014-07-09 07:01 - 2014-07-04 15:54 - 00000000 ____D () C:\FRST
2014-07-09 07:01 - 2013-05-22 11:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\NetSpeedMonitor
2014-07-09 06:46 - 2013-12-22 12:03 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 06:32 - 2012-04-11 20:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-09 03:00 - 2010-07-26 16:13 - 01536968 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 23:56 - 2013-11-16 15:43 - 00000000 ____D () C:\Users\user\AppData\Local\Battle.net
2014-07-08 23:54 - 2010-07-28 16:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\TS3Client
2014-07-08 22:22 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Azureus
2014-07-08 20:45 - 2014-07-08 20:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-08 20:32 - 2012-04-11 20:38 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:32 - 2012-04-11 20:38 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 20:32 - 2011-06-25 09:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 17:55 - 2009-07-14 06:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 17:55 - 2009-07-14 06:45 - 00014800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 17:53 - 2009-07-14 19:58 - 00774832 _____ () C:\Windows\system32\perfh007.dat
2014-07-08 17:53 - 2009-07-14 19:58 - 00175800 _____ () C:\Windows\system32\perfc007.dat
2014-07-08 17:53 - 2009-07-14 07:13 - 01809378 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-08 17:51 - 2014-07-03 17:40 - 00000000 ____D () C:\Windows\CryptoGuard
2014-07-08 17:50 - 2014-07-03 18:00 - 00016464 _____ () C:\Windows\setupact.log
2014-07-08 17:50 - 2013-12-22 12:03 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 17:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-07-08 17:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 01:30 - 2014-07-08 01:30 - 00001068 _____ () C:\Users\user\Desktop\JRT.txt
2014-07-08 01:30 - 2014-04-11 21:59 - 00025411 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-07-08 01:19 - 2014-07-08 01:19 - 00000000 ____D () C:\Windows\ERUNT
2014-07-08 01:18 - 2014-07-08 01:18 - 00007092 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-07-08 01:18 - 2014-07-03 18:00 - 00158476 _____ () C:\Windows\PFRO.log
2014-07-08 01:17 - 2014-07-08 01:16 - 00000000 ____D () C:\AdwCleaner
2014-07-07 21:38 - 2013-02-26 03:57 - 00000000 ____D () C:\Program Files\JDownloader 2
2014-07-07 19:32 - 2014-07-07 18:11 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 18:35 - 2014-07-07 18:35 - 00016898 _____ () C:\Users\user\Desktop\mw.txt
2014-07-07 18:11 - 2014-07-07 18:11 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-07 18:11 - 2014-01-26 13:51 - 00000000 ____D () C:\Users\user\AppData\Roaming\Malwarebytes
2014-07-07 18:11 - 2014-01-26 13:50 - 00001069 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-07 18:11 - 2014-01-26 13:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 12:01 - 2010-07-28 20:23 - 00000000 ____D () C:\Users\user\AppData\Local\Deployment
2014-07-05 10:31 - 2012-08-21 22:21 - 00000000 ____D () C:\Users\user\AppData\Roaming\Winamp
2014-07-05 10:30 - 2014-07-05 10:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in
2014-07-05 10:30 - 2014-07-05 10:30 - 00000000 ____D () C:\Program Files (x86)\Winamp Detect
2014-07-05 10:30 - 2010-08-08 15:49 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-07-04 20:58 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-04 16:04 - 2010-10-06 11:04 - 00000000 ____D () C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2014-07-04 03:33 - 2014-07-04 03:33 - 00062908 _____ () C:\Users\user\Desktop\AVSCAN-20140703-181151-CB22AA0D.LOG
2014-07-03 18:00 - 2014-07-03 18:00 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-03 18:00 - 2014-07-03 17:40 - 00000000 ____D () C:\Program Files (x86)\HitmanPro.Alert
2014-07-03 17:53 - 2014-07-03 17:53 - 00000000 ____D () C:\AVZ
2014-07-03 17:52 - 2014-07-03 17:40 - 00548424 _____ (SurfRight) C:\Windows\system32\hmpalert.dll
2014-07-03 17:52 - 2014-07-03 17:40 - 00477008 _____ (SurfRight) C:\Windows\SysWOW64\hmpalert.dll
2014-07-03 17:52 - 2014-07-03 17:40 - 00093144 _____ () C:\Windows\system32\Drivers\hmpalert.sys
2014-07-03 17:51 - 2013-04-29 20:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\inkscape
2014-07-03 17:51 - 2010-09-01 00:40 - 00000000 ____D () C:\Windows\Minidump
2014-07-03 17:51 - 2010-08-01 01:58 - 00000000 ____D () C:\Users\user\AppData\Roaming\Media Player Classic
2014-07-03 17:51 - 2010-07-26 17:08 - 00000000 ____D () C:\Windows\Panther
2014-07-03 17:50 - 2014-07-03 17:50 - 00000825 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\Users\user\AppData\Roaming\Avira
2014-07-03 17:50 - 2014-07-03 17:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-03 17:50 - 2012-05-12 22:22 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 17:47 - 2014-07-03 17:48 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-03 17:47 - 2013-01-02 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-03 17:46 - 2013-01-02 15:38 - 00000000 ____D () C:\ProgramData\Avira
2014-07-03 17:46 - 2013-01-02 15:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert
2014-07-03 17:40 - 2014-07-03 17:40 - 00000000 ____D () C:\ProgramData\HitmanPro.Alert
2014-07-03 17:38 - 2014-07-03 17:38 - 00001100 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-07-03 17:38 - 2014-07-03 17:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-03 17:32 - 2014-05-16 20:03 - 00000000 ____D () C:\Users\user\AppData\Local\Akamai
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ___HD () C:\Program Files (x86)\Dr.Fone_Temp
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2014-07-03 17:32 - 2014-01-08 17:09 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2014-07-03 17:32 - 2013-11-16 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\Battle.net
2014-07-03 17:32 - 2012-12-26 15:43 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-07-03 17:32 - 2011-04-02 13:39 - 00000000 ____D () C:\Users\DefaultAppPool
2014-07-03 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-07-02 22:31 - 2011-02-07 20:35 - 00000000 ____D () C:\Users\user\.gimp-2.6
2014-06-27 21:18 - 2011-06-15 19:33 - 00000000 ____D () C:\Users\user\AppData\Roaming\Aegisub
2014-06-26 21:53 - 2014-06-26 21:53 - 00001801 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Users\user\.swt
2014-06-26 21:53 - 2014-06-26 21:53 - 00000000 ____D () C:\Program Files\Vuze
2014-06-26 21:53 - 2010-09-05 02:29 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-06-25 17:35 - 2010-07-28 16:51 - 00000000 ____D () C:\Users\user\AppData\Local\TeamSpeak 3 Client
2014-06-24 20:39 - 2014-07-03 17:46 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-03 17:46 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-03 17:46 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-21 21:51 - 2014-06-21 21:51 - 00000958 _____ () C:\Users\user\Desktop\TinyPic.lnk
2014-06-21 21:51 - 2014-06-21 21:51 - 00000000 ____D () C:\Program Files (x86)\Tinypic
2014-06-21 21:51 - 2014-06-21 21:42 - 00000000 ____D () C:\Users\user\Desktop\kaputtes_paket
2014-06-21 08:41 - 2013-12-22 12:03 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 08:41 - 2013-12-22 12:03 - 00003850 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 16:21 - 2012-04-25 23:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 17:30 - 2014-06-19 17:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-15 20:52 - 2013-11-23 22:41 - 00000000 ____D () C:\Users\user\Desktop\tatt
2014-06-13 23:44 - 2014-06-13 23:44 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-06-13 20:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 18:15 - 2014-06-11 20:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-11 18:18 - 2013-08-14 19:24 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 18:16 - 2014-05-28 23:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 18:16 - 2010-07-26 17:10 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 18:15 - 2014-05-06 20:18 - 00000000 ___SD () C:\Windows\system32\CompatTel

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\avgnt.exe
C:\Users\user\AppData\Local\Temp\i4jdel0.exe
C:\Users\user\AppData\Local\Temp\proxy_vole9091559444165420152.dll
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-09 04:23

==================== End Of Log ============================

--- --- ---

schrauber · 09.07.2014, 18:10

ISt doch schon in Quarantäne das Zeug, oder nur Downloads

Java und Adobe updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

06.07.2014, 11:09	#6
schrauber /// the machine /// TB-Ausbilder	RKIT/13850.A + JS/Redirector.EB.157 - Backdoor/Trojaner? - Ist mein System infiziert? LOgfile von Avira mit den Funden? __________________ --> RKIT/13850.A + JS/Redirector.EB.157 - Backdoor/Trojaner? - Ist mein System infiziert?

RKIT/13850.A + JS/Redirector.EB.157 - Backdoor/Trojaner? - Ist mein System infiziert?

Log-Analyse und Auswertung: RKIT/13850.A + JS/Redirector.EB.157 - Backdoor/Trojaner? - Ist mein System infiziert?