Mauszeiger bewegt sich von alleine und betätigt Lautstärkenregler

JPonti · 16.09.2014, 18:16

Hallo Zusammen,

habe heute beim schauen eines youtube Videos feststellen müssen, dass meine Maus fremdgesteuert die Lautstärkenregelung verändert hat. Daraufhin habe ich meinen Virenscanner laufen lassen, der keine Bedrohungen gefunden hat. Zusätzlich lief Malwarebytes mit folgenden Ergebnis:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.09.2014
Suchlauf-Zeit: 10:36:16
Logdatei: Malwarebytes 20140916.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.16.03
Rootkit Datenbank: v2014.09.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Ponti

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 353208
Verstrichene Zeit: 10 Min, 5 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [97bcb539cfac0e28e1eef198cc368e72], 
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP, In Quarantäne, [fe5511dd5625ba7cfb5ac93adf245ea2], 
PUP.Optional.Spigot.A, HKU\S-1-5-21-4052113058-4103672911-3188137916-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, In Quarantäne, [005366886615a690c403c4a546be12ee], 

Registrierungswerte: 2
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPDP|dir, C:\Program Files\SupTab, In Quarantäne, [fe5511dd5625ba7cfb5ac93adf245ea2]
PUP.Optional.QuickStart.A, HKU\S-1-5-21-4052113058-4103672911-3188137916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [99ba08e6e29984b21daf31e059aa33cd]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 3
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, In Quarantäne, [ef6421cd3c3fe0561fb8ab3cfb07fd03], 
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [ef6421cd3c3fe0561fb8ab3cfb07fd03], 
PUP.Optional.SupTab.A, C:\Program Files\SupTab, In Quarantäne, [a9aa4ba37ffce056acb9cc24d32f1ce4], 

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0

Habe auch den Adwcleaner mit folgendem Ergebnis laufen lassen. Leider kann ich die log Datei nicht mehr finden ;-(. Ich hoffe, ich habe damit nicht überhastet gehandelt.

Nachdem ich Euer Forum durchstöbert habe, bin ich unsicher, ob mein PC infiziert ist. Hier die gewünschten logfiles:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Ponti (administrator) on PONTI-PC on 16-09-2014 17:35:55
Running from C:\Users\Ponti\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\Ir.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-09] (Intel Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [3091296 2012-07-24] (Piriform Ltd)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [MobileDocuments] => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {10C4FE93-32AE-4407-9C0C-D07248848332} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
SearchScopes: HKCU - {7E9CD751-D920-46B8-93AE-9617AA368E29} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {CE0B46E1-605C-43A5-9E55-E29756B62B0E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @gametap.com/npdd,version=1.0 -> C:\Program Files\Downloader\npdd.dll (Metaboli)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: O2CPlayer Plugin - C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default\Extensions\o2cplayer@eleco.com [2014-07-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-09-16]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-08-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-30]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> https://de.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://de.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchURL: Default -> hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Downloader Detector) - C:\Program Files\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows LiveÂ® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR CustomProfile: C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-20]
CHR Extension: (Google-Suche) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-20]
CHR Extension: (Google Wallet) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488 2014-07-18] (AVAST Software)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [602624 2010-03-29] (Hauppauge Computer Works) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-07-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5313536 2010-02-03] (ATI Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-18] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-18] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-18] ()
R3 hcw88bda; C:\Windows\System32\drivers\hcw88bda.sys [216576 2010-03-12] (Hauppauge Computer Works, Inc)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [12288 2010-03-12] (Hauppauge Computer Works, Inc.)
R3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [321280 2010-03-12] (Hauppauge Computer Works, Inc)
R3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [396928 2010-03-12] (Hauppauge Computer Works, Inc)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Ponti at 2014-09-16 17:36:47
Running from C:\Users\Ponti\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Codec (HKLM\...\{08EE3698-AAB9-4BAD-BDF4-0BE0A9157222}) (Version:  - ArcSoft)
ArcSoft TotalMedia Backup (HKLM\...\{3D69628B-4DE8-43C7-9A22-F90F5B870C08}) (Version: 1.5.21.3 - ArcSoft)
Ashampoo Burning Studio 2010 (HKLM\...\Ashampoo Burning Studio 2010_is1) (Version: 9.22 - ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{0FD7181B-7CB3-1635-9CFC-87BAAA6642B8}) (Version: 3.0.762.0 - ATI Technologies, Inc.)
avast! Internet Security (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Beurteilungs-Manager - Deinstallation (HKLM\...\Beurteilungs-Manager_is1) (Version: 2.10 - Jochen Milchsack)
Bing Bar (HKLM\...\{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}) (Version: 7.0.791.0 - Microsoft Corporation)
BMWi-Businessplaner Gründung (HKLM\...\BMWiBusinessplanerGruenden) (Version: 1.0.2 - Bundesministerium für Wirtschaft und Technologie)
BMWi-Businessplaner Gründung (Version: 1.0.2 - Bundesministerium für Wirtschaft und Technologie) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities CameraWindow (HKLM\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)
Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
Catalyst Control Center Core Implementation (Version: 2010.0202.2335.42270 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2010.0202.2335.42270 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2010.0202.2335.42270 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2010.0202.2335.42270 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2010.0202.2335.42270 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2010.0202.2335.42270 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2010.0202.2335.42270 - ATI) Hidden
CCC Help Danish (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help Dutch (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help English (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help Finnish (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help French (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help German (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help Italian (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help Japanese (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help Norwegian (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help Spanish (Version: 2010.0202.2334.42270 - ATI) Hidden
CCC Help Swedish (Version: 2010.0202.2334.42270 - ATI) Hidden
ccc-core-static (Version: 2010.0202.2335.42270 - Ihr Firmenname) Hidden
ccc-utility (Version: 2010.0202.2335.42270 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.21 - Piriform)
Citrix Online Plug-in - Web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Citrix Online Plug-in (DV) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (Version: 12.1.44.1 - Citrix Systems, Inc.) Hidden
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3213 - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
Downloader (HKLM\...\Downloader) (Version:  - )
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.14 - Runtime Software)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
EURACOM (HKLM\...\EURACOM) (Version:  - )
F1 2010 (HKLM\...\GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}) (Version: 1.0.0000.132 - Codemasters)
F1 2010 (Version: 1.0.0000.132 - Codemasters) Hidden
F1 2010 (Version: 1.0.0001.132 - Codemasters) Hidden
F1 2011 (HKLM\...\GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}) (Version: 1.0.0000.129 - Codemasters)
F1 2011 (Version: 1.0.0000.129 - Codemasters) Hidden
F1 2011 (Version: 1.0.0002.129 - Codemasters) Hidden
F1 2012 (HKLM\...\Steam App 208500) (Version:  - Codemasters)
Free YouTube to MP3 Converter version 3.12.33.424 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: 7.0.28130 - Hauppauge Computer Works)
Hauppauge WinTV Infrared Remote (HKLM\...\Hauppauge WinTV Infrared Remote) (Version: 2.66.28078 - Hauppauge Computer Works, Inc.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät (HKLM\...\{E2E25F53-EB64-4BC1-8A9E-B970BBEF8C1C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet Pro 8500 A910 Hilfe (HKLM\...\{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{E5F9BFAF-2FD9-4637-BA4E-5C2BC3A0763D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.5.1003 - Intel Corporation)
iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper Citrix Services Client (HKCU\...\Juniper_Citrix_Services) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks Host Checker (HKCU\...\Neoteris_Host_Checker) (Version: 7.1.0.19243 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 7.1.4.13103 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Logitech Vid (HKLM\...\{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}) (Version: 1.10.1009 - Logitech Inc.)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Marketsplash Schnellzugriffe (HKLM\...\{7A108EBC-C9DF-4E14-93A8-42CF316F1ECF}) (Version: 1.0.1.7 - Hewlett-Packard)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.125 - McAfee, Inc.)
Media Player Packages (HKCU\...\Media Player Packages) (Version:  - ) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.1.1 (x86 en-US) (HKLM\...\Mozilla Thunderbird 31.1.1 (x86 en-US)) (Version: 31.1.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Need for Speed™ SHIFT (HKLM\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 0.9.9 - Frank Heindörfer, Philip Chinery)
pdfsam (HKLM\...\pdfsam) (Version: 2.0.0 - )
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapture3D 2.4.9 Game (HKLM\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SHIFT 2 UNLEASHED™ (HKLM\...\{E8C37E27-5205-4C8A-BECB-B00533045AAE}) (Version: 1.0.0.0 - Electronic Arts)
Skat 8.4 (HKLM\...\{C3668066-1C86-4825-8E27-BE0F71109F2A}) (Version: 8.4.0.39 - Peter Heinlein)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Thrustmaster Force Feedback Driver (HKLM\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 1.FFD.2009 - Thrustmaster)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XnView 2.05 (HKLM\...\XnView_is1) (Version: 2.05 - Gougelet Pierre-e)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4052113058-4103672911-3188137916-1001_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-4052113058-4103672911-3188137916-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)

==================== Restore Points  =========================

16-09-2014 10:26:20 Ende der Bereinigung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {176D951E-42E5-4319-B6EC-15AA8B5B4F40} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-07-18] (AVAST Software)
Task: {19FEA392-E943-455A-8116-1D578DA9E687} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2AA190FC-2C2C-416A-8EBA-44ED57D4B2DD} - System32\Tasks\{AD69A7D6-97B5-473D-A845-9F1839C09253} => C:\Program Files\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {B42D99A2-A526-4D42-845B-F7371DE4DED8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {B66B2906-67F9-40C2-9B0F-25A0CEC10937} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-20] (Google Inc.)
Task: {BB27CECC-EAF9-41B9-BB3F-C1E8468D47B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {DBB6EBEF-C05E-4F37-9A8D-DD6417E3D5B0} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
Task: {E1ABBB7E-8D54-4AA7-9301-CE7AECFA3511} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-07-18 09:07 - 2014-07-18 09:07 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-09-16 08:41 - 2014-09-16 08:41 - 02862592 _____ () C:\Program Files\Alwil Software\Avast5\defs\14091501\algo.dll
2014-09-16 16:28 - 2014-09-16 16:28 - 02862592 _____ () C:\Program Files\Alwil Software\Avast5\defs\14091600\algo.dll
2010-10-25 21:43 - 2001-10-28 16:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-27 12:44 - 2010-04-10 04:21 - 00022528 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2010-03-08 10:05 - 2009-12-09 18:55 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2014-07-18 09:07 - 2014-07-18 09:07 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-09-16 11:12 - 2014-09-16 11:12 - 03716720 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-10 11:48 - 2014-09-10 11:48 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Ponti\Bescheinigung Schule Elke Sommerlad.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Ponti\Bescheinigung Schule Elke Sommerlad.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2014 01:26:44 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (09/16/2014 01:25:10 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (09/16/2014 01:24:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (09/16/2014 00:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xecc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (09/16/2014 00:26:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {bd2bcda8-6e3a-4d67-95fc-3e49fa89e487}


System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-05-05 08:51:50.988
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-04 18:28:45.102
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-04 17:48:58.333
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-04 17:36:10.978
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-04 17:21:11.197
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-01 18:08:51.070
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-29 17:50:13.619
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-29 16:28:40.193
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-29 16:22:06.356
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-29 16:03:31.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz
Percentage of memory in use: 46%
Total physical RAM: 3063.11 MB
Available physical RAM: 1628.87 MB
Total Pagefile: 6124.52 MB
Available Pagefile: 4056.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1887.09 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:910.41 GB) (Free:777.3 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:14.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D42951FD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

Defogger log:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:34 on 16/09/2014 (Ponti)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Gmer log:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit quick scan 2014-09-16 17:46:42
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Ponti\AppData\Local\Temp\pwdoapow.sys


---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0  unknown MBR code

---- EOF - GMER 2.1 ----

Für Hilfe wäre ich wirklich dankbar!

Gruß

Ponti

schrauber · 16.09.2014, 19:23

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

JPonti · 16.09.2014, 19:44

Hallo Schrauber,

vielen Dank für die schnelle Antwort.

Hier der Inhalt des logfiles:

Code:

ATTFilter

20:37:00.0350 0x0d80  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:37:10.0856 0x0d80  ============================================================
20:37:10.0856 0x0d80  Current date / time: 2014/09/16 20:37:10.0856
20:37:10.0856 0x0d80  SystemInfo:
20:37:10.0856 0x0d80  
20:37:10.0856 0x0d80  OS Version: 6.1.7601 ServicePack: 1.0
20:37:10.0856 0x0d80  Product type: Workstation
20:37:10.0856 0x0d80  ComputerName: PONTI-PC
20:37:10.0857 0x0d80  UserName: Ponti
20:37:10.0857 0x0d80  Windows directory: C:\Windows
20:37:10.0857 0x0d80  System windows directory: C:\Windows
20:37:10.0857 0x0d80  Processor architecture: Intel x86
20:37:10.0857 0x0d80  Number of processors: 8
20:37:10.0857 0x0d80  Page size: 0x1000
20:37:10.0857 0x0d80  Boot type: Normal boot
20:37:10.0857 0x0d80  ============================================================
20:37:11.0248 0x0d80  KLMD registered as C:\Windows\system32\drivers\95429091.sys
20:37:11.0672 0x0d80  System UUID: {7A10FD27-04A5-0ABA-1F2E-2C7FF59E85D2}
20:37:12.0228 0x0d80  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:37:12.0249 0x0d80  ============================================================
20:37:12.0250 0x0d80  \Device\Harddisk0\DR0:
20:37:12.0250 0x0d80  MBR partitions:
20:37:12.0250 0x0d80  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:37:12.0250 0x0d80  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
20:37:12.0250 0x0d80  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
20:37:12.0250 0x0d80  ============================================================
20:37:12.0274 0x0d80  C: <-> \Device\Harddisk0\DR0\Partition2
20:37:12.0354 0x0d80  D: <-> \Device\Harddisk0\DR0\Partition3
20:37:12.0421 0x0d80  ============================================================
20:37:12.0421 0x0d80  Initialize success
20:37:12.0421 0x0d80  ============================================================
20:37:53.0865 0x0e24  ============================================================
20:37:53.0865 0x0e24  Scan started
20:37:53.0865 0x0e24  Mode: Manual; SigCheck; TDLFS; 
20:37:53.0865 0x0e24  ============================================================
20:37:53.0865 0x0e24  KSN ping started
20:38:07.0375 0x0e24  KSN ping finished: true
20:38:08.0285 0x0e24  ================ Scan system memory ========================
20:38:08.0285 0x0e24  System memory - ok
20:38:08.0285 0x0e24  ================ Scan services =============================
20:38:08.0475 0x0e24  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:38:08.0585 0x0e24  1394ohci - ok
20:38:08.0675 0x0e24  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:38:08.0715 0x0e24  ACDaemon - ok
20:38:08.0755 0x0e24  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:38:08.0785 0x0e24  ACPI - ok
20:38:08.0825 0x0e24  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:38:08.0865 0x0e24  AcpiPmi - ok
20:38:08.0975 0x0e24  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:38:08.0995 0x0e24  AdobeARMservice - ok
20:38:09.0075 0x0e24  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:38:09.0095 0x0e24  AdobeFlashPlayerUpdateSvc - ok
20:38:09.0175 0x0e24  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:38:09.0205 0x0e24  adp94xx - ok
20:38:09.0265 0x0e24  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:38:09.0285 0x0e24  adpahci - ok
20:38:09.0325 0x0e24  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:38:09.0355 0x0e24  adpu320 - ok
20:38:09.0375 0x0e24  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:38:09.0415 0x0e24  AeLookupSvc - ok
20:38:09.0495 0x0e24  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
20:38:09.0535 0x0e24  AFD - ok
20:38:09.0545 0x0e24  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:38:09.0565 0x0e24  agp440 - ok
20:38:09.0595 0x0e24  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
20:38:09.0615 0x0e24  aic78xx - ok
20:38:09.0635 0x0e24  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
20:38:09.0655 0x0e24  ALG - ok
20:38:09.0695 0x0e24  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:38:09.0705 0x0e24  aliide - ok
20:38:09.0745 0x0e24  [ 7C80514AFAC57A3C1F4707F3E2AEC63A, 4957FC58C5E745ABDD4CA6D32395A0B08687879E475BF128E3BA17C8F546C335 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:38:09.0795 0x0e24  AMD External Events Utility - ok
20:38:09.0815 0x0e24  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:38:09.0835 0x0e24  amdagp - ok
20:38:09.0875 0x0e24  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:38:09.0885 0x0e24  amdide - ok
20:38:09.0905 0x0e24  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:38:09.0925 0x0e24  AmdK8 - ok
20:38:10.0115 0x0e24  [ 7E00428513C0A668E67A759DC6792A7F, 0119429C487B7E9029F1A0605DFBFD80429893652459C50F165955C83AE8378B ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
20:38:10.0355 0x0e24  amdkmdag - ok
20:38:10.0405 0x0e24  [ E34E4AA9EC11D89A3228761EE59B5957, 2E1E49168F3D5588954058BA5C09349EEB0A17B36A458C72AC7B186F4857D679 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:38:10.0445 0x0e24  amdkmdap - ok
20:38:10.0465 0x0e24  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:38:10.0485 0x0e24  AmdPPM - ok
20:38:10.0505 0x0e24  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:38:10.0515 0x0e24  amdsata - ok
20:38:10.0535 0x0e24  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:38:10.0545 0x0e24  amdsbs - ok
20:38:10.0555 0x0e24  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:38:10.0565 0x0e24  amdxata - ok
20:38:10.0605 0x0e24  [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID           C:\Windows\system32\drivers\appid.sys
20:38:10.0655 0x0e24  AppID - ok
20:38:10.0675 0x0e24  [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:38:10.0715 0x0e24  AppIDSvc - ok
20:38:10.0735 0x0e24  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
20:38:10.0785 0x0e24  Appinfo - ok
20:38:10.0895 0x0e24  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:38:10.0915 0x0e24  Apple Mobile Device - ok
20:38:10.0945 0x0e24  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:38:10.0975 0x0e24  arc - ok
20:38:10.0985 0x0e24  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:38:10.0995 0x0e24  arcsas - ok
20:38:11.0105 0x0e24  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:38:11.0135 0x0e24  aspnet_state - ok
20:38:11.0175 0x0e24  [ 3BFBB5DAE801CB893B8B46345FED6437, 2C2B71C1294585265D4871E74F17541500CA20DE34AC516F2A906DD81964C833 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
20:38:11.0205 0x0e24  aswHwid - ok
20:38:11.0275 0x0e24  [ 4E39E113E8F5FEE3C49160A0D657A4D5, AAB66B7C0EC63FD457F579ABDC21ED96F5E11C546AA7067AF2BA79BADCDE00B2 ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
20:38:11.0295 0x0e24  aswKbd - ok
20:38:11.0345 0x0e24  [ C3014C735F450FE822C97FFBB0627113, 1CCFE845AED1757B8C1F52D310933076FF1EC197D82E499DB4592B09D66137B0 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
20:38:11.0375 0x0e24  aswMonFlt - ok
20:38:11.0455 0x0e24  [ EAA4A59CFA4AB73843B13E86B50F573D, 9A1EE560AA6F77BC3D9F36158C5C30505EC29400C55F75B660CF97E743D7D030 ] aswNdisFlt      C:\Windows\system32\DRIVERS\aswNdisFlt.sys
20:38:11.0485 0x0e24  aswNdisFlt - ok
20:38:11.0525 0x0e24  [ A4614218584E41C31C7D1CBFF0432ED5, C9632FDB13FB0DD73A5FA5E2DFA5EFF97A9CD719DC0D28097B765077AD0FB3E7 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
20:38:11.0535 0x0e24  aswRdr - ok
20:38:11.0565 0x0e24  [ B7750AF7EDFD95674EB7CA92BCDD3358, A097577004F3CF71E2F9465F02B073D39926D7DEE2E2A9516D888158A5CB19E9 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
20:38:11.0585 0x0e24  aswRvrt - ok
20:38:11.0685 0x0e24  [ 51FDE588D860857A97E4C4B560E40C9B, 8A3AC3E55249DAE6CCD95593989F8B100D5C4712A16681A36E5D0F2F08BD57AA ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
20:38:11.0725 0x0e24  aswSnx - ok
20:38:11.0775 0x0e24  [ 1AEB8CDB797666AF709A291B47AE81E0, 12AC4DBC6338BA5E5C04B449FF8362E7EC8EBFCA675C4F21BE847DFDCAE8F7C9 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
20:38:11.0785 0x0e24  aswSP - ok
20:38:11.0815 0x0e24  [ 83378AE48209388D0F9BD16A44D19EEC, 0BEBD1E425077D81B5439E90B2C518EA8B94F590B551F52289842012BA3BAB2C ] aswStm          C:\Windows\system32\drivers\aswStm.sys
20:38:11.0825 0x0e24  aswStm - ok
20:38:11.0865 0x0e24  [ 90BEE0170D70D6744CEF2355EEAF8086, 8F9FF53F529B854934020E2F8163605DC794FF48464D3D4439BAAF70ECE8E963 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
20:38:11.0875 0x0e24  aswVmm - ok
20:38:11.0905 0x0e24  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:38:11.0935 0x0e24  AsyncMac - ok
20:38:11.0965 0x0e24  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:38:11.0975 0x0e24  atapi - ok
20:38:12.0005 0x0e24  [ 36A49B49E982450AC117EDA6AB35BDF5, 77D61F78C72F0490E78718613DF430C79720DAFE3317D5E68FFEDCD50405C2BF ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
20:38:12.0015 0x0e24  AtiHdmiService - ok
20:38:12.0075 0x0e24  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:38:12.0135 0x0e24  AudioEndpointBuilder - ok
20:38:12.0155 0x0e24  [ CE3B4E731638D2EF62FCB419BE0D39F0, 3B98179CB0101778D9E7810D2CD46D9C0D7120E141BA11471666E7D9EB3C93CC ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:38:12.0185 0x0e24  Audiosrv - ok
20:38:12.0235 0x0e24  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
20:38:12.0255 0x0e24  avast! Antivirus - ok
20:38:12.0285 0x0e24  [ D386D51B1839E208EF7CCFBFA964638E, 56BF72AE80DFBB5A99A060591A9250BA0D4B9FDF1BEF23C87B61169D2D0EF111 ] avast! Firewall C:\Program Files\Alwil Software\Avast5\afwServ.exe
20:38:12.0305 0x0e24  avast! Firewall - ok
20:38:12.0335 0x0e24  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:38:12.0365 0x0e24  AxInstSV - ok
20:38:12.0405 0x0e24  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
20:38:12.0435 0x0e24  b06bdrv - ok
20:38:12.0455 0x0e24  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:38:12.0495 0x0e24  b57nd60x - ok
20:38:12.0535 0x0e24  [ 483F1162EEEBD10BF77FBB32DB963370, 1BF5D6C3160ED6F04C784AE4F26DB54ED7798EFAE89E869AA8A76E82B1150453 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE
20:38:12.0565 0x0e24  BBSvc - ok
20:38:12.0605 0x0e24  [ 78779EE07231C658B483B1F38B5088DF, 42DE06151DA17C218067CA3A22509BC626CB505F87238E39D024CE29554EF47D ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
20:38:12.0625 0x0e24  BBUpdate - ok
20:38:12.0665 0x0e24  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
20:38:12.0695 0x0e24  BDESVC - ok
20:38:12.0735 0x0e24  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:38:12.0775 0x0e24  Beep - ok
20:38:12.0825 0x0e24  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
20:38:12.0865 0x0e24  BFE - ok
20:38:12.0915 0x0e24  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
20:38:12.0985 0x0e24  BITS - ok
20:38:13.0015 0x0e24  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:38:13.0025 0x0e24  blbdrive - ok
20:38:13.0105 0x0e24  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:38:13.0125 0x0e24  Bonjour Service - ok
20:38:13.0155 0x0e24  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:38:13.0175 0x0e24  bowser - ok
20:38:13.0195 0x0e24  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:38:13.0205 0x0e24  BrFiltLo - ok
20:38:13.0225 0x0e24  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:38:13.0255 0x0e24  BrFiltUp - ok
20:38:13.0285 0x0e24  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
20:38:13.0305 0x0e24  Browser - ok
20:38:13.0315 0x0e24  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:38:13.0335 0x0e24  Brserid - ok
20:38:13.0355 0x0e24  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:38:13.0375 0x0e24  BrSerWdm - ok
20:38:13.0385 0x0e24  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:38:13.0405 0x0e24  BrUsbMdm - ok
20:38:13.0405 0x0e24  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:38:13.0415 0x0e24  BrUsbSer - ok
20:38:13.0435 0x0e24  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:38:13.0455 0x0e24  BTHMODEM - ok
20:38:13.0465 0x0e24  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
20:38:13.0505 0x0e24  bthserv - ok
20:38:13.0525 0x0e24  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:38:13.0545 0x0e24  cdfs - ok
20:38:13.0575 0x0e24  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:38:13.0615 0x0e24  cdrom - ok
20:38:13.0655 0x0e24  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:38:13.0705 0x0e24  CertPropSvc - ok
20:38:13.0725 0x0e24  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:38:13.0735 0x0e24  circlass - ok
20:38:13.0765 0x0e24  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
20:38:13.0775 0x0e24  CLFS - ok
20:38:13.0845 0x0e24  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:13.0875 0x0e24  clr_optimization_v2.0.50727_32 - ok
20:38:13.0915 0x0e24  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:13.0945 0x0e24  clr_optimization_v4.0.30319_32 - ok
20:38:13.0955 0x0e24  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:38:13.0965 0x0e24  CmBatt - ok
20:38:13.0995 0x0e24  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:38:14.0005 0x0e24  cmdide - ok
20:38:14.0056 0x0e24  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:38:14.0106 0x0e24  CNG - ok
20:38:14.0136 0x0e24  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:38:14.0146 0x0e24  Compbatt - ok
20:38:14.0186 0x0e24  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:38:14.0226 0x0e24  CompositeBus - ok
20:38:14.0226 0x0e24  COMSysApp - ok
20:38:14.0256 0x0e24  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:38:14.0266 0x0e24  crcdisk - ok
20:38:14.0296 0x0e24  [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:38:14.0316 0x0e24  CryptSvc - ok
20:38:14.0406 0x0e24  [ CB6FF7012BB5D59D7C12350DB795CE1F, D0C614B206B69EBE735CFB158703730B42A72A46F6808D0D1C7385E3C1434AC5 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
20:38:14.0426 0x0e24  ctxusbm - ok
20:38:14.0456 0x0e24  [ 734BBE7C66E6FD6047A1BD29B9343B30, 4E0223AA456D782E644F42A4F49E375139D95596994368404F8E3EA4C521AA69 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:38:14.0486 0x0e24  dc3d - ok
20:38:14.0536 0x0e24  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:38:14.0586 0x0e24  DcomLaunch - ok
20:38:14.0606 0x0e24  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
20:38:14.0636 0x0e24  defragsvc - ok
20:38:14.0666 0x0e24  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:38:14.0696 0x0e24  DfsC - ok
20:38:14.0766 0x0e24  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:38:14.0796 0x0e24  Dhcp - ok
20:38:14.0806 0x0e24  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
20:38:14.0836 0x0e24  discache - ok
20:38:14.0876 0x0e24  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:38:14.0886 0x0e24  Disk - ok
20:38:14.0926 0x0e24  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:38:14.0956 0x0e24  Dnscache - ok
20:38:14.0986 0x0e24  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:38:15.0026 0x0e24  dot3svc - ok
20:38:15.0066 0x0e24  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
20:38:15.0116 0x0e24  DPS - ok
20:38:15.0156 0x0e24  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:38:15.0186 0x0e24  drmkaud - ok
20:38:15.0236 0x0e24  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:38:15.0276 0x0e24  DXGKrnl - ok
20:38:15.0296 0x0e24  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
20:38:15.0326 0x0e24  EapHost - ok
20:38:15.0706 0x0e24  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
20:38:15.0806 0x0e24  ebdrv - ok
20:38:15.0846 0x0e24  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
20:38:15.0856 0x0e24  EFS - ok
20:38:15.0906 0x0e24  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:38:15.0936 0x0e24  ehRecvr - ok
20:38:15.0966 0x0e24  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
20:38:15.0996 0x0e24  ehSched - ok
20:38:16.0026 0x0e24  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:38:16.0046 0x0e24  elxstor - ok
20:38:16.0066 0x0e24  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:38:16.0086 0x0e24  ErrDev - ok
20:38:16.0116 0x0e24  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
20:38:16.0156 0x0e24  EventSystem - ok
20:38:16.0176 0x0e24  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:38:16.0206 0x0e24  exfat - ok
20:38:16.0236 0x0e24  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:38:16.0256 0x0e24  fastfat - ok
20:38:16.0306 0x0e24  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
20:38:16.0336 0x0e24  Fax - ok
20:38:16.0356 0x0e24  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:38:16.0366 0x0e24  fdc - ok
20:38:16.0376 0x0e24  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
20:38:16.0396 0x0e24  fdPHost - ok
20:38:16.0406 0x0e24  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:38:16.0436 0x0e24  FDResPub - ok
20:38:16.0436 0x0e24  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:38:16.0446 0x0e24  FileInfo - ok
20:38:16.0466 0x0e24  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:38:16.0496 0x0e24  Filetrace - ok
20:38:16.0506 0x0e24  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:38:16.0516 0x0e24  flpydisk - ok
20:38:16.0546 0x0e24  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:38:16.0556 0x0e24  FltMgr - ok
20:38:16.0626 0x0e24  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
20:38:16.0666 0x0e24  FontCache - ok
20:38:16.0716 0x0e24  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:38:16.0736 0x0e24  FontCache3.0.0.0 - ok
20:38:16.0746 0x0e24  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:38:16.0766 0x0e24  FsDepends - ok
20:38:16.0796 0x0e24  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:38:16.0806 0x0e24  Fs_Rec - ok
20:38:16.0846 0x0e24  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:38:16.0866 0x0e24  fvevol - ok
20:38:16.0876 0x0e24  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:38:16.0886 0x0e24  gagp30kx - ok
20:38:16.0936 0x0e24  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:38:16.0946 0x0e24  GEARAspiWDM - ok
20:38:17.0036 0x0e24  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:38:17.0086 0x0e24  gpsvc - ok
20:38:17.0186 0x0e24  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
20:38:17.0196 0x0e24  gupdate - ok
20:38:17.0206 0x0e24  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
20:38:17.0216 0x0e24  gupdatem - ok
20:38:17.0286 0x0e24  [ 1DBBF9BE473F6CA2F2F4182FCCF563DC, FDE8E845332C56DD72D9E2592777F6371A06D5C7030C1AD911DAC94F092227CA ] HauppaugeTVServer C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
20:38:17.0316 0x0e24  HauppaugeTVServer - detected UnsignedFile.Multi.Generic ( 1 )
20:38:19.0816 0x0e24  Detect skipped due to KSN trusted
20:38:19.0816 0x0e24  HauppaugeTVServer - ok
20:38:19.0906 0x0e24  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:38:19.0946 0x0e24  hcw85cir - ok
20:38:20.0006 0x0e24  [ F9BA6C487215127AE49C7B614C98F91D, F6221F644C9517C306EBE2EDB12273B895ECA24DF11BF25464F134701B81FFBF ] hcw88bda        C:\Windows\system32\drivers\hcw88bda.sys
20:38:20.0046 0x0e24  hcw88bda - ok
20:38:20.0066 0x0e24  [ 42D6D0BC5276ED9BEA75FD61A8596B07, 357D1031AED18317367965FDBEEBCA5AFACC702E1E01F254F5276B04D7D213AE ] hcw88rc5        C:\Windows\system32\Drivers\hcw88rc5.sys
20:38:20.0096 0x0e24  hcw88rc5 - ok
20:38:20.0126 0x0e24  [ A17240F273D3EE76E1A7F3ACAC61C30D, 2F2493AD20866A2D36D3039F6C58A30BC799A9C2E28DBBCBF11EAC196E5E6094 ] HCW88TSE        C:\Windows\system32\drivers\hcw88tse.sys
20:38:20.0176 0x0e24  HCW88TSE - ok
20:38:20.0206 0x0e24  [ A9B0D64E763449A3BBB5B485B013BD10, FCEF6712509BEFDE713C5A236BBB7FA48C5A40CA6FBD2D12DE9FC4815FAC8D7B ] hcw88vid        C:\Windows\system32\drivers\hcw88vid.sys
20:38:20.0246 0x0e24  hcw88vid - ok
20:38:20.0296 0x0e24  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:38:20.0336 0x0e24  HdAudAddService - ok
20:38:20.0356 0x0e24  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:38:20.0366 0x0e24  HDAudBus - ok
20:38:20.0386 0x0e24  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:38:20.0406 0x0e24  HidBatt - ok
20:38:20.0426 0x0e24  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:38:20.0456 0x0e24  HidBth - ok
20:38:20.0486 0x0e24  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:38:20.0516 0x0e24  HidIr - ok
20:38:20.0546 0x0e24  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
20:38:20.0566 0x0e24  hidserv - ok
20:38:20.0606 0x0e24  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
20:38:20.0616 0x0e24  HidUsb - ok
20:38:20.0646 0x0e24  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:38:20.0686 0x0e24  hkmsvc - ok
20:38:20.0726 0x0e24  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:38:20.0776 0x0e24  HomeGroupListener - ok
20:38:20.0816 0x0e24  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:38:20.0866 0x0e24  HomeGroupProvider - ok
20:38:20.0906 0x0e24  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:38:20.0926 0x0e24  HpSAMD - ok
20:38:20.0996 0x0e24  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:38:21.0037 0x0e24  HTTP - ok
20:38:21.0067 0x0e24  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:38:21.0077 0x0e24  hwpolicy - ok
20:38:21.0127 0x0e24  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:38:21.0137 0x0e24  i8042prt - ok
20:38:21.0157 0x0e24  [ 5A6C5876FB84418D08D67B8CAED5EFCF, 672703347CB12B7160436E25D00843DBAC9CB56655D5C54AC568F2E958E1460A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:38:21.0167 0x0e24  iaStor - ok
20:38:21.0187 0x0e24  [ DE9560E9703BFE1BD08014A406BE0033, AA11848138C6EC1170EAB94393F8949C359D168F1F25A355F396390FD984A827 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:38:21.0197 0x0e24  IAStorDataMgrSvc - ok
20:38:21.0227 0x0e24  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:38:21.0247 0x0e24  iaStorV - ok
20:38:21.0317 0x0e24  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:38:21.0347 0x0e24  idsvc - ok
20:38:21.0387 0x0e24  IEEtwCollectorService - ok
20:38:21.0407 0x0e24  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:38:21.0427 0x0e24  iirsp - ok
20:38:21.0497 0x0e24  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:38:21.0557 0x0e24  IKEEXT - ok
20:38:21.0697 0x0e24  [ 8D061158F3668CA50380A33A4B227958, 1438CADF1439052229CF1AE2A1B99E44C2E97AFAA79EF5DAD68A48686A44D19D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:38:21.0797 0x0e24  IntcAzAudAddService - ok
20:38:21.0827 0x0e24  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:38:21.0847 0x0e24  intelide - ok
20:38:21.0877 0x0e24  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:38:21.0907 0x0e24  intelppm - ok
20:38:21.0917 0x0e24  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:38:21.0967 0x0e24  IPBusEnum - ok
20:38:21.0997 0x0e24  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:38:22.0027 0x0e24  IpFilterDriver - ok
20:38:22.0057 0x0e24  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:38:22.0087 0x0e24  iphlpsvc - ok
20:38:22.0107 0x0e24  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:38:22.0127 0x0e24  IPMIDRV - ok
20:38:22.0147 0x0e24  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:38:22.0187 0x0e24  IPNAT - ok
20:38:22.0257 0x0e24  [ 781ABA6C29AD40259602703A328DAEC6, 2DB936C8DE6D4424C6A10D4200F3D7F97A3A129A3B1064A83AB9846C3A828BE0 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:38:22.0297 0x0e24  iPod Service - ok
20:38:22.0317 0x0e24  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:38:22.0327 0x0e24  IRENUM - ok
20:38:22.0347 0x0e24  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:38:22.0357 0x0e24  isapnp - ok
20:38:22.0447 0x0e24  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:38:22.0477 0x0e24  iScsiPrt - ok
20:38:22.0487 0x0e24  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:38:22.0497 0x0e24  kbdclass - ok
20:38:22.0507 0x0e24  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:38:22.0537 0x0e24  kbdhid - ok
20:38:22.0547 0x0e24  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
20:38:22.0557 0x0e24  KeyIso - ok
20:38:22.0587 0x0e24  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:38:22.0597 0x0e24  KSecDD - ok
20:38:22.0617 0x0e24  [ D3964885F0A11ACF51DA3AAA776973B2, 417ED5A3201FC50FBC0D646F8F2114A1E8A91E7919A62508DCBC156C0BFB2FBA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:38:22.0627 0x0e24  KSecPkg - ok
20:38:22.0647 0x0e24  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:38:22.0687 0x0e24  KtmRm - ok
20:38:22.0717 0x0e24  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:38:22.0757 0x0e24  LanmanServer - ok
20:38:22.0797 0x0e24  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:38:22.0827 0x0e24  LanmanWorkstation - ok
20:38:22.0837 0x0e24  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:38:22.0877 0x0e24  lltdio - ok
20:38:22.0897 0x0e24  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:38:22.0937 0x0e24  lltdsvc - ok
20:38:22.0957 0x0e24  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:38:22.0977 0x0e24  lmhosts - ok
20:38:22.0997 0x0e24  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:38:23.0007 0x0e24  LSI_FC - ok
20:38:23.0027 0x0e24  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:38:23.0037 0x0e24  LSI_SAS - ok
20:38:23.0057 0x0e24  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:38:23.0067 0x0e24  LSI_SAS2 - ok
20:38:23.0087 0x0e24  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:38:23.0107 0x0e24  LSI_SCSI - ok
20:38:23.0107 0x0e24  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:38:23.0127 0x0e24  luafv - ok
20:38:23.0167 0x0e24  [ 144011D14BD35F4E36136AE057B1AADD, 63917B1E00FE5C320259A03E52A8E4A22E1B3C08E69EF3DEDD3B9F5043994291 ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
20:38:23.0177 0x0e24  LUsbFilt - ok
20:38:23.0207 0x0e24  [ 1A7DB7A00A4B0D8DA24CD691A4547291, 604E29E827841EA06313172D9063FD946CE592BF844CEA8D10173CAA397704F8 ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:38:23.0227 0x0e24  LVPr2Mon - ok
20:38:23.0287 0x0e24  [ 0DDFDCAA92C7F553328DB06BA599BEA9, DB779E38B1CF1CAD69193857043F8ED8BBEB603E97363CD798F6699431D94A41 ] LVPrcSrv        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:38:23.0317 0x0e24  LVPrcSrv - ok
20:38:23.0367 0x0e24  [ 37072EC9299E825F4335CC554B6FAC6A, AF5809137454A1DFE029F96BF6C6198CB19D469A0FE3285D7CDE7B0D84D8A465 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
20:38:23.0397 0x0e24  LVRS - ok
20:38:23.0607 0x0e24  [ A240E42A7402E927A71B6E8AA4629B13, 43E361B97FCC11F4F81C3211489AE5938D5422D3FCEC3C143CF5C4C4D4E553DB ] LVUVC           C:\Windows\system32\DRIVERS\lvuvc.sys
20:38:23.0837 0x0e24  LVUVC - ok
20:38:23.0957 0x0e24  [ 08CB6E3B84A6EA4FAB0AB879A931E4CC, 9897FB8DA72B05FC0A7BFF88C22354D1053776F5BA6ECAA86E3DCD2537C85EAF ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
20:38:23.0987 0x0e24  McAfee SiteAdvisor Service - ok
20:38:24.0067 0x0e24  [ C3ED67C05F3923F9A8FEBA7A996337E1, 0A092A22339A9BFFAAB4A8A7C795480C058C0360C743BDF5D5DE042825F464A7 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
20:38:24.0087 0x0e24  McComponentHostService - ok
20:38:24.0157 0x0e24  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:38:24.0187 0x0e24  Mcx2Svc - ok
20:38:24.0247 0x0e24  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:38:24.0277 0x0e24  megasas - ok
20:38:24.0307 0x0e24  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:38:24.0327 0x0e24  MegaSR - ok
20:38:24.0337 0x0e24  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
20:38:24.0367 0x0e24  MMCSS - ok
20:38:24.0387 0x0e24  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
20:38:24.0417 0x0e24  Modem - ok
20:38:24.0427 0x0e24  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:38:24.0447 0x0e24  monitor - ok
20:38:24.0467 0x0e24  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:38:24.0477 0x0e24  mouclass - ok
20:38:24.0487 0x0e24  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:38:24.0517 0x0e24  mouhid - ok
20:38:24.0547 0x0e24  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:38:24.0557 0x0e24  mountmgr - ok
20:38:24.0617 0x0e24  [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:38:24.0627 0x0e24  MozillaMaintenance - ok
20:38:24.0637 0x0e24  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:38:24.0647 0x0e24  mpio - ok
20:38:24.0677 0x0e24  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:38:24.0787 0x0e24  mpsdrv - ok
20:38:24.0847 0x0e24  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:38:24.0927 0x0e24  MpsSvc - ok
20:38:24.0947 0x0e24  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:38:24.0967 0x0e24  MRxDAV - ok
20:38:24.0997 0x0e24  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:38:25.0017 0x0e24  mrxsmb - ok
20:38:25.0057 0x0e24  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:38:25.0087 0x0e24  mrxsmb10 - ok
20:38:25.0097 0x0e24  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:38:25.0117 0x0e24  mrxsmb20 - ok
20:38:25.0147 0x0e24  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:38:25.0157 0x0e24  msahci - ok
20:38:25.0187 0x0e24  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:38:25.0197 0x0e24  msdsm - ok
20:38:25.0207 0x0e24  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
20:38:25.0237 0x0e24  MSDTC - ok
20:38:25.0247 0x0e24  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:38:25.0267 0x0e24  Msfs - ok
20:38:25.0277 0x0e24  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:38:25.0327 0x0e24  mshidkmdf - ok
20:38:25.0357 0x0e24  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:38:25.0367 0x0e24  msisadrv - ok
20:38:25.0377 0x0e24  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:38:25.0397 0x0e24  MSiSCSI - ok
20:38:25.0407 0x0e24  msiserver - ok
20:38:25.0427 0x0e24  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:38:25.0447 0x0e24  MSKSSRV - ok
20:38:25.0457 0x0e24  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:38:25.0477 0x0e24  MSPCLOCK - ok
20:38:25.0497 0x0e24  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:38:25.0527 0x0e24  MSPQM - ok
20:38:25.0547 0x0e24  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:38:25.0557 0x0e24  MsRPC - ok
20:38:25.0567 0x0e24  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:38:25.0577 0x0e24  mssmbios - ok
20:38:25.0587 0x0e24  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:38:25.0607 0x0e24  MSTEE - ok
20:38:25.0627 0x0e24  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:38:25.0647 0x0e24  MTConfig - ok
20:38:25.0657 0x0e24  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:38:25.0667 0x0e24  Mup - ok
20:38:25.0697 0x0e24  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
20:38:25.0727 0x0e24  napagent - ok
20:38:25.0767 0x0e24  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:38:25.0787 0x0e24  NativeWifiP - ok
20:38:25.0857 0x0e24  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:38:25.0897 0x0e24  NDIS - ok
20:38:25.0907 0x0e24  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:38:25.0937 0x0e24  NdisCap - ok
20:38:25.0967 0x0e24  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:38:25.0987 0x0e24  NdisTapi - ok
20:38:26.0027 0x0e24  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:38:26.0047 0x0e24  Ndisuio - ok
20:38:26.0077 0x0e24  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:38:26.0117 0x0e24  NdisWan - ok
20:38:26.0157 0x0e24  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:38:26.0217 0x0e24  NDProxy - ok
20:38:26.0217 0x0e24  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:38:26.0267 0x0e24  NetBIOS - ok
20:38:26.0307 0x0e24  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:38:26.0357 0x0e24  NetBT - ok
20:38:26.0367 0x0e24  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
20:38:26.0377 0x0e24  Netlogon - ok
20:38:26.0417 0x0e24  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
20:38:26.0467 0x0e24  Netman - ok
20:38:26.0507 0x0e24  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:38:26.0527 0x0e24  NetMsmqActivator - ok
20:38:26.0557 0x0e24  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:38:26.0567 0x0e24  NetPipeActivator - ok
20:38:26.0597 0x0e24  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
20:38:26.0627 0x0e24  netprofm - ok
20:38:26.0647 0x0e24  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:38:26.0657 0x0e24  NetTcpActivator - ok
20:38:26.0657 0x0e24  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:38:26.0667 0x0e24  NetTcpPortSharing - ok
20:38:26.0697 0x0e24  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:38:26.0707 0x0e24  nfrd960 - ok
20:38:26.0747 0x0e24  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:38:26.0767 0x0e24  NlaSvc - ok
20:38:26.0777 0x0e24  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:38:26.0797 0x0e24  Npfs - ok
20:38:26.0807 0x0e24  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
20:38:26.0837 0x0e24  nsi - ok
20:38:26.0837 0x0e24  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:38:26.0857 0x0e24  nsiproxy - ok
20:38:26.0937 0x0e24  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:38:26.0977 0x0e24  Ntfs - ok
20:38:26.0987 0x0e24  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
20:38:27.0007 0x0e24  Null - ok
20:38:27.0048 0x0e24  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:38:27.0058 0x0e24  nvraid - ok
20:38:27.0078 0x0e24  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:38:27.0098 0x0e24  nvstor - ok
20:38:27.0138 0x0e24  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:38:27.0148 0x0e24  nv_agp - ok
20:38:27.0228 0x0e24  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:38:27.0268 0x0e24  odserv - ok
20:38:27.0288 0x0e24  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:38:27.0308 0x0e24  ohci1394 - ok
20:38:27.0338 0x0e24  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:38:27.0348 0x0e24  ose - ok
20:38:27.0378 0x0e24  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:38:27.0408 0x0e24  p2pimsvc - ok
20:38:27.0428 0x0e24  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:38:27.0468 0x0e24  p2psvc - ok
20:38:27.0498 0x0e24  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:38:27.0508 0x0e24  Parport - ok
20:38:27.0538 0x0e24  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:38:27.0548 0x0e24  partmgr - ok
20:38:27.0558 0x0e24  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:38:27.0568 0x0e24  Parvdm - ok
20:38:27.0588 0x0e24  [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:38:27.0608 0x0e24  PcaSvc - ok
20:38:27.0638 0x0e24  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
20:38:27.0658 0x0e24  pci - ok
20:38:27.0678 0x0e24  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:38:27.0688 0x0e24  pciide - ok
20:38:27.0718 0x0e24  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:38:27.0738 0x0e24  pcmcia - ok
20:38:27.0748 0x0e24  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:38:27.0758 0x0e24  pcw - ok
20:38:27.0778 0x0e24  [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:38:27.0818 0x0e24  PEAUTH - ok
20:38:27.0938 0x0e24  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
20:38:28.0008 0x0e24  pla - ok
20:38:28.0068 0x0e24  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:38:28.0138 0x0e24  PlugPlay - ok
20:38:28.0148 0x0e24  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:38:28.0178 0x0e24  PNRPAutoReg - ok
20:38:28.0198 0x0e24  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:38:28.0208 0x0e24  PNRPsvc - ok
20:38:28.0238 0x0e24  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:38:28.0288 0x0e24  PolicyAgent - ok
20:38:28.0318 0x0e24  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
20:38:28.0338 0x0e24  Power - ok
20:38:28.0358 0x0e24  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:38:28.0398 0x0e24  PptpMiniport - ok
20:38:28.0408 0x0e24  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:38:28.0418 0x0e24  Processor - ok
20:38:28.0458 0x0e24  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:38:28.0478 0x0e24  ProfSvc - ok
20:38:28.0488 0x0e24  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:38:28.0498 0x0e24  ProtectedStorage - ok
20:38:28.0528 0x0e24  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:38:28.0548 0x0e24  Psched - ok
20:38:28.0738 0x0e24  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:38:28.0778 0x0e24  ql2300 - ok
20:38:28.0818 0x0e24  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:38:28.0828 0x0e24  ql40xx - ok
20:38:28.0868 0x0e24  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
20:38:28.0918 0x0e24  QWAVE - ok
20:38:28.0918 0x0e24  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:38:28.0938 0x0e24  QWAVEdrv - ok
20:38:28.0958 0x0e24  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:38:28.0988 0x0e24  RasAcd - ok
20:38:29.0008 0x0e24  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:38:29.0028 0x0e24  RasAgileVpn - ok
20:38:29.0048 0x0e24  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
20:38:29.0078 0x0e24  RasAuto - ok
20:38:29.0088 0x0e24  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:38:29.0128 0x0e24  Rasl2tp - ok
20:38:29.0178 0x0e24  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
20:38:29.0218 0x0e24  RasMan - ok
20:38:29.0228 0x0e24  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:38:29.0258 0x0e24  RasPppoe - ok
20:38:29.0268 0x0e24  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:38:29.0298 0x0e24  RasSstp - ok
20:38:29.0318 0x0e24  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:38:29.0348 0x0e24  rdbss - ok
20:38:29.0368 0x0e24  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:38:29.0378 0x0e24  rdpbus - ok
20:38:29.0408 0x0e24  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:38:29.0458 0x0e24  RDPCDD - ok
20:38:29.0478 0x0e24  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:38:29.0508 0x0e24  RDPENCDD - ok
20:38:29.0508 0x0e24  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:38:29.0538 0x0e24  RDPREFMP - ok
20:38:29.0568 0x0e24  [ F031683E6D1FEA157ABB2FF260B51E61, 83B552819A5964152882C527E1421DBCEAACC74DEB897E3C4B53F52F1467FED3 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:38:29.0628 0x0e24  RDPWD - ok
20:38:29.0658 0x0e24  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:38:29.0678 0x0e24  rdyboost - ok
20:38:29.0698 0x0e24  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:38:29.0728 0x0e24  RemoteAccess - ok
20:38:29.0748 0x0e24  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:38:29.0818 0x0e24  RemoteRegistry - ok
20:38:29.0858 0x0e24  [ 0F6756EF8BDA6DFA7BE50465C83132BB, 1AE76B66F04A2AE99CD1A1368D4998C8081E89578A37D7D535D8CBCAA6136AE0 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
20:38:29.0888 0x0e24  RimUsb - ok
20:38:29.0898 0x0e24  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:38:29.0948 0x0e24  RpcEptMapper - ok
20:38:29.0978 0x0e24  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
20:38:30.0008 0x0e24  RpcLocator - ok
20:38:30.0028 0x0e24  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
20:38:30.0068 0x0e24  RpcSs - ok
20:38:30.0078 0x0e24  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:38:30.0118 0x0e24  rspndr - ok
20:38:30.0158 0x0e24  [ BCEBD5D1AABCE4EFB7597635E347C44B, AB26EA1A028D30C4D1763EAB1991E2BABD44A78BDD4E06B6A1F101756860B1D4 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:38:30.0198 0x0e24  RTL8167 - ok
20:38:30.0208 0x0e24  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
20:38:30.0228 0x0e24  SamSs - ok
20:38:30.0268 0x0e24  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:38:30.0288 0x0e24  sbp2port - ok
20:38:30.0418 0x0e24  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:38:30.0458 0x0e24  SBSDWSCService - ok
20:38:30.0478 0x0e24  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:38:30.0498 0x0e24  SCardSvr - ok
20:38:30.0508 0x0e24  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:38:30.0528 0x0e24  scfilter - ok
20:38:30.0608 0x0e24  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
20:38:30.0678 0x0e24  Schedule - ok
20:38:30.0698 0x0e24  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:38:30.0718 0x0e24  SCPolicySvc - ok
20:38:30.0738 0x0e24  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:38:30.0758 0x0e24  SDRSVC - ok
20:38:30.0778 0x0e24  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:38:30.0798 0x0e24  secdrv - ok
20:38:30.0798 0x0e24  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
20:38:30.0828 0x0e24  seclogon - ok
20:38:30.0848 0x0e24  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
20:38:30.0868 0x0e24  SENS - ok
20:38:30.0868 0x0e24  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:38:30.0898 0x0e24  SensrSvc - ok
20:38:30.0918 0x0e24  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:38:30.0928 0x0e24  Serenum - ok
20:38:30.0958 0x0e24  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:38:30.0988 0x0e24  Serial - ok
20:38:31.0018 0x0e24  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:38:31.0048 0x0e24  sermouse - ok
20:38:31.0078 0x0e24  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:38:31.0108 0x0e24  SessionEnv - ok
20:38:31.0138 0x0e24  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:38:31.0168 0x0e24  sffdisk - ok
20:38:31.0188 0x0e24  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:38:31.0208 0x0e24  sffp_mmc - ok
20:38:31.0218 0x0e24  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:38:31.0228 0x0e24  sffp_sd - ok
20:38:31.0248 0x0e24  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:38:31.0258 0x0e24  sfloppy - ok
20:38:31.0278 0x0e24  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:38:31.0318 0x0e24  SharedAccess - ok
20:38:31.0378 0x0e24  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:38:31.0418 0x0e24  ShellHWDetection - ok
20:38:31.0458 0x0e24  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:38:31.0468 0x0e24  sisagp - ok
20:38:31.0478 0x0e24  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:38:31.0488 0x0e24  SiSRaid2 - ok
20:38:31.0508 0x0e24  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:38:31.0518 0x0e24  SiSRaid4 - ok
20:38:31.0568 0x0e24  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:38:31.0578 0x0e24  SkypeUpdate - ok
20:38:31.0598 0x0e24  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:38:31.0628 0x0e24  Smb - ok
20:38:31.0648 0x0e24  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:38:31.0668 0x0e24  SNMPTRAP - ok
20:38:31.0678 0x0e24  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:38:31.0688 0x0e24  spldr - ok
20:38:31.0718 0x0e24  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
20:38:31.0738 0x0e24  Spooler - ok
20:38:31.0878 0x0e24  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
20:38:32.0028 0x0e24  sppsvc - ok
20:38:32.0088 0x0e24  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:38:32.0128 0x0e24  sppuinotify - ok
20:38:32.0168 0x0e24  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:38:32.0198 0x0e24  srv - ok
20:38:32.0258 0x0e24  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:38:32.0308 0x0e24  srv2 - ok
20:38:32.0318 0x0e24  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:38:32.0338 0x0e24  srvnet - ok
20:38:32.0398 0x0e24  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:38:32.0468 0x0e24  SSDPSRV - ok
20:38:32.0488 0x0e24  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:38:32.0538 0x0e24  SstpSvc - ok
20:38:32.0568 0x0e24  Steam Client Service - ok
20:38:32.0578 0x0e24  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:38:32.0588 0x0e24  stexstor - ok
20:38:32.0618 0x0e24  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:38:32.0638 0x0e24  StillCam - ok
20:38:32.0668 0x0e24  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:38:32.0698 0x0e24  StiSvc - ok
20:38:32.0728 0x0e24  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:38:32.0738 0x0e24  swenum - ok
20:38:32.0768 0x0e24  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
20:38:32.0798 0x0e24  swprv - ok
20:38:32.0868 0x0e24  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
20:38:32.0928 0x0e24  SysMain - ok
20:38:32.0948 0x0e24  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:38:32.0998 0x0e24  TabletInputService - ok
20:38:33.0048 0x0e24  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:38:33.0099 0x0e24  TapiSrv - ok
20:38:33.0139 0x0e24  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
20:38:33.0179 0x0e24  TBS - ok
20:38:33.0309 0x0e24  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:38:33.0349 0x0e24  Tcpip - ok
20:38:33.0389 0x0e24  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:38:33.0419 0x0e24  TCPIP6 - ok
20:38:33.0449 0x0e24  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:38:33.0459 0x0e24  tcpipreg - ok
20:38:33.0489 0x0e24  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:38:33.0509 0x0e24  TDPIPE - ok
20:38:33.0529 0x0e24  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:38:33.0539 0x0e24  TDTCP - ok
20:38:33.0569 0x0e24  [ B459575348C20E8121D6039DA063C704, 1B4328A9EA39FF5A57F258E02254D04B73455F1DF7C997C13702A8B2F12D0347 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:38:33.0589 0x0e24  tdx - ok
20:38:33.0609 0x0e24  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:38:33.0619 0x0e24  TermDD - ok
20:38:33.0649 0x0e24  [ 382C804C92811BE57829D8E550A900E2, 5F52C2E7902024CF1C9CC0069F411C3F19CCA3DB209F437FA0F3932D4898EB50 ] TermService     C:\Windows\System32\termsrv.dll
20:38:33.0699 0x0e24  TermService - ok
20:38:33.0719 0x0e24  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
20:38:33.0749 0x0e24  Themes - ok
20:38:33.0759 0x0e24  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:38:33.0789 0x0e24  THREADORDER - ok
20:38:33.0789 0x0e24  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
20:38:33.0819 0x0e24  TrkWks - ok
20:38:33.0859 0x0e24  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:38:33.0889 0x0e24  TrustedInstaller - ok
20:38:33.0919 0x0e24  [ B37B08F2E5EEB1A37E448E09BACE1101, 32CC9E06B88BAB6FAB4696B744548DFCE9199A7FD2BA8B019F269CA75895852C ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:38:33.0929 0x0e24  tssecsrv - ok
20:38:33.0949 0x0e24  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:38:33.0959 0x0e24  TsUsbFlt - ok
20:38:34.0009 0x0e24  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:38:34.0029 0x0e24  tunnel - ok
20:38:34.0049 0x0e24  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:38:34.0059 0x0e24  uagp35 - ok
20:38:34.0079 0x0e24  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:38:34.0119 0x0e24  udfs - ok
20:38:34.0139 0x0e24  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:38:34.0159 0x0e24  UI0Detect - ok
20:38:34.0199 0x0e24  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:38:34.0209 0x0e24  uliagpkx - ok
20:38:34.0249 0x0e24  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:38:34.0269 0x0e24  umbus - ok
20:38:34.0289 0x0e24  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:38:34.0329 0x0e24  UmPass - ok
20:38:34.0379 0x0e24  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
20:38:34.0409 0x0e24  upnphost - ok
20:38:34.0459 0x0e24  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:38:34.0469 0x0e24  usbaudio - ok
20:38:34.0499 0x0e24  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:38:34.0529 0x0e24  usbccgp - ok
20:38:34.0559 0x0e24  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:38:34.0569 0x0e24  usbcir - ok
20:38:34.0599 0x0e24  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:38:34.0609 0x0e24  usbehci - ok
20:38:34.0629 0x0e24  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:38:34.0649 0x0e24  usbhub - ok
20:38:34.0669 0x0e24  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:38:34.0689 0x0e24  usbohci - ok
20:38:34.0689 0x0e24  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:38:34.0709 0x0e24  usbprint - ok
20:38:34.0739 0x0e24  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:38:34.0769 0x0e24  usbscan - ok
20:38:34.0789 0x0e24  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:38:34.0799 0x0e24  USBSTOR - ok
20:38:34.0809 0x0e24  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:38:34.0829 0x0e24  usbuhci - ok
20:38:34.0849 0x0e24  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
20:38:34.0869 0x0e24  UxSms - ok
20:38:34.0879 0x0e24  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
20:38:34.0889 0x0e24  VaultSvc - ok
20:38:34.0909 0x0e24  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:38:34.0919 0x0e24  vdrvroot - ok
20:38:34.0959 0x0e24  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
20:38:34.0999 0x0e24  vds - ok
20:38:35.0029 0x0e24  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:38:35.0059 0x0e24  vga - ok
20:38:35.0069 0x0e24  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:38:35.0089 0x0e24  VgaSave - ok
20:38:35.0129 0x0e24  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:38:35.0149 0x0e24  vhdmp - ok
20:38:35.0159 0x0e24  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:38:35.0169 0x0e24  viaagp - ok
20:38:35.0189 0x0e24  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:38:35.0199 0x0e24  ViaC7 - ok
20:38:35.0239 0x0e24  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:38:35.0249 0x0e24  viaide - ok
20:38:35.0259 0x0e24  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:38:35.0279 0x0e24  volmgr - ok
20:38:35.0289 0x0e24  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:38:35.0309 0x0e24  volmgrx - ok
20:38:35.0329 0x0e24  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:38:35.0349 0x0e24  volsnap - ok
20:38:35.0379 0x0e24  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:38:35.0389 0x0e24  vsmraid - ok
20:38:35.0449 0x0e24  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
20:38:35.0499 0x0e24  VSS - ok
20:38:35.0519 0x0e24  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:38:35.0539 0x0e24  vwifibus - ok
20:38:35.0559 0x0e24  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
20:38:35.0609 0x0e24  W32Time - ok
20:38:35.0619 0x0e24  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:38:35.0629 0x0e24  WacomPen - ok
20:38:35.0659 0x0e24  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:38:35.0679 0x0e24  WANARP - ok
20:38:35.0689 0x0e24  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:38:35.0709 0x0e24  Wanarpv6 - ok
20:38:35.0759 0x0e24  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
20:38:35.0819 0x0e24  wbengine - ok
20:38:35.0839 0x0e24  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:38:35.0859 0x0e24  WbioSrvc - ok
20:38:35.0909 0x0e24  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:38:35.0939 0x0e24  wcncsvc - ok
20:38:35.0939 0x0e24  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:38:35.0959 0x0e24  WcsPlugInService - ok
20:38:35.0989 0x0e24  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:38:35.0999 0x0e24  Wd - ok
20:38:36.0059 0x0e24  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:38:36.0089 0x0e24  Wdf01000 - ok
20:38:36.0089 0x0e24  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:38:36.0189 0x0e24  WdiServiceHost - ok
20:38:36.0189 0x0e24  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:38:36.0209 0x0e24  WdiSystemHost - ok
20:38:36.0289 0x0e24  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
20:38:36.0339 0x0e24  WebClient - ok
20:38:36.0349 0x0e24  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:38:36.0379 0x0e24  Wecsvc - ok
20:38:36.0389 0x0e24  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:38:36.0429 0x0e24  wercplsupport - ok
20:38:36.0459 0x0e24  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
20:38:36.0489 0x0e24  WerSvc - ok
20:38:36.0509 0x0e24  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:38:36.0529 0x0e24  WfpLwf - ok
20:38:36.0539 0x0e24  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:38:36.0549 0x0e24  WIMMount - ok
20:38:36.0629 0x0e24  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:38:36.0679 0x0e24  WinDefend - ok
20:38:36.0689 0x0e24  WinHttpAutoProxySvc - ok
20:38:36.0759 0x0e24  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:38:36.0809 0x0e24  Winmgmt - ok
20:38:36.0879 0x0e24  [ 1B91CD34EA3A90AB6A4EF0550174F4CC, 5B6618615EBFBA594C945AD35F5C68DA8C6053892B6D12D626BB6120910D80DC ] WinRM           C:\Windows\system32\WsmSvc.dll
20:38:36.0949 0x0e24  WinRM - ok
20:38:36.0999 0x0e24  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:38:37.0009 0x0e24  WinUsb - ok
20:38:37.0039 0x0e24  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:38:37.0109 0x0e24  Wlansvc - ok
20:38:37.0169 0x0e24  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:38:37.0229 0x0e24  wlidsvc - ok
20:38:37.0259 0x0e24  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:38:37.0269 0x0e24  WmiAcpi - ok
20:38:37.0279 0x0e24  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:38:37.0309 0x0e24  wmiApSrv - ok
20:38:37.0409 0x0e24  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:38:37.0479 0x0e24  WMPNetworkSvc - ok
20:38:37.0489 0x0e24  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:38:37.0499 0x0e24  WPCSvc - ok
20:38:37.0519 0x0e24  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:38:37.0549 0x0e24  WPDBusEnum - ok
20:38:37.0549 0x0e24  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:38:37.0579 0x0e24  ws2ifsl - ok
20:38:37.0599 0x0e24  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:38:37.0629 0x0e24  wscsvc - ok
20:38:37.0629 0x0e24  WSearch - ok
20:38:37.0799 0x0e24  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
20:38:37.0859 0x0e24  wuauserv - ok
20:38:37.0889 0x0e24  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:38:37.0909 0x0e24  WudfPf - ok
20:38:37.0929 0x0e24  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:38:37.0939 0x0e24  WUDFRd - ok
20:38:37.0969 0x0e24  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:38:38.0019 0x0e24  wudfsvc - ok
20:38:38.0069 0x0e24  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:38:38.0119 0x0e24  WwanSvc - ok
20:38:38.0119 0x0e24  ================ Scan global ===============================
20:38:38.0149 0x0e24  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
20:38:38.0189 0x0e24  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:38:38.0199 0x0e24  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:38:38.0219 0x0e24  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:38:38.0259 0x0e24  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
20:38:38.0259 0x0e24  [ Global ] - ok
20:38:38.0259 0x0e24  ================ Scan MBR ==================================
20:38:38.0269 0x0e24  [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0
20:38:40.0429 0x0e24  \Device\Harddisk0\DR0 - ok
20:38:40.0429 0x0e24  ================ Scan VBR ==================================
20:38:40.0429 0x0e24  [ D0418EE9C81DE1E61EAD1F1DF32E722B ] \Device\Harddisk0\DR0\Partition1
20:38:40.0469 0x0e24  \Device\Harddisk0\DR0\Partition1 - ok
20:38:40.0469 0x0e24  [ 730F8FDEEA6A5784A08B0FCF5D6258EE ] \Device\Harddisk0\DR0\Partition2
20:38:40.0509 0x0e24  \Device\Harddisk0\DR0\Partition2 - ok
20:38:40.0519 0x0e24  [ 590A46C9C581069756B3858C6D15A025 ] \Device\Harddisk0\DR0\Partition3
20:38:40.0519 0x0e24  \Device\Harddisk0\DR0\Partition3 - ok
20:38:40.0519 0x0e24  ================ Scan generic autorun ======================
20:38:40.0629 0x0e24  [ D82706D5D38AE989B9173F1314F696C7, 7000FCBD6F90859FC1D44857E8BAEF8055AEBB905C0195A350F86F3EF19133CA ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
20:38:40.0649 0x0e24  IAStorIcon - ok
20:38:40.0699 0x0e24  [ 52B642B30BAD0E7C4D56C5D3EAC76B97, 2DEBACF593826F638EE4FC7743ED981870277376B6742872E79F6FD5D694ADF2 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
20:38:40.0719 0x0e24  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
20:38:43.0270 0x0e24  Detect skipped due to KSN trusted
20:38:43.0270 0x0e24  StartCCC - ok
20:38:43.0410 0x0e24  [ 2589FFE360BED8F824CBC6171CB5B874, 4C532EE4707F9B4314AF7FC88C86B48AFCDE03A2097919F9801BE47EB5CC61EB ] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
20:38:43.0470 0x0e24  LogitechQuickCamRibbon - ok
20:38:43.0540 0x0e24  [ A7810B302294793DE88542AAE177D1B1, F0EE3684DBEB0AAAD912DC04D060976D1EAE92489E192BAE900FA0F417AD20A7 ] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
20:38:43.0550 0x0e24  ArcSoft Connection Service - ok
20:38:43.0560 0x0e24  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
20:38:43.0570 0x0e24  Logitech Download Assistant - ok
20:38:43.0680 0x0e24  [ 4814DEDE3A8F5B36839C11B04324F240, EABCAB1EF13E727E7C15BD9208A7FC9062394A7188CD535EAC05805E1DFF3619 ] c:\Program Files\Microsoft IntelliType Pro\itype.exe
20:38:43.0710 0x0e24  itype - ok
20:38:43.0790 0x0e24  [ 6229E1291BB78816A45296882D9A12C6, 66CBEABCCD107BD1ED220512393EE021321C4CD8780BFBDEE4547D2A6E63BB89 ] C:\Program Files\Citrix\ICA Client\concentr.exe
20:38:43.0810 0x0e24  ConnectionCenter - ok
20:38:43.0920 0x0e24  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:38:43.0960 0x0e24  Adobe ARM - ok
20:38:44.0020 0x0e24  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:38:44.0040 0x0e24  APSDaemon - ok
20:38:44.0190 0x0e24  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\Alwil Software\Avast5\AvastUI.exe
20:38:44.0270 0x0e24  AvastUI.exe - ok
20:38:44.0340 0x0e24  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files\QuickTime\QTTask.exe
20:38:44.0400 0x0e24  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
20:38:46.0950 0x0e24  Detect skipped due to KSN trusted
20:38:46.0950 0x0e24  QuickTime Task - ok
20:38:47.0340 0x0e24  [ C466DEC538A3BC4FA8909F09F91FA5A8, 7C4C51A2581068B3BB94FD62D7239E41B1F2784CF6A8AD927435D8B95BFAE130 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
20:38:47.0570 0x0e24  RTHDVCPL - ok
20:38:47.0640 0x0e24  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
20:38:47.0660 0x0e24  HP Software Update - ok
20:38:47.0740 0x0e24  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:38:47.0810 0x0e24  Sidebar - ok
20:38:47.0820 0x0e24  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:38:47.0840 0x0e24  mctadmin - ok
20:38:47.0860 0x0e24  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:38:47.0900 0x0e24  Sidebar - ok
20:38:47.0910 0x0e24  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:38:47.0920 0x0e24  mctadmin - ok
20:38:48.0110 0x0e24  [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
20:38:48.0160 0x0e24  SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
20:38:50.0691 0x0e24  Detect skipped due to KSN trusted
20:38:50.0691 0x0e24  SpybotSD TeaTimer - ok
20:38:50.0901 0x0e24  [ 13001914838576400EB9AFDE95AE71CE, B95363F08ABA4618DC09C6CB6C3144C9DD5FFB0B64F6F37D013F1EED39F09539 ] C:\Program Files\CCleaner\CCleaner.exe
20:38:50.0971 0x0e24  ccleaner - ok
20:38:51.0001 0x0e24  MobileDocuments - ok
20:38:51.0161 0x0e24  [ 6948349D55ABC9B90AA77B5340D2EA77, 84EEC4521832600E5209410255885B552897F47A9B03E8653B700F1FF0C34004 ] C:\Program Files\Steam\Steam.exe
20:38:51.0191 0x0e24  Steam - ok
20:38:51.0341 0x0e24  [ 395BCC9122E705F6586217E32CD01CC9, 0A2E3BF0E626A65B9FF1BEFB35FFBC9CCAA3C75DB395D175AAE2DD014A8E8A34 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
20:38:51.0391 0x0e24  HP Officejet Pro 8600 (NET) - ok
20:38:51.0421 0x0e24  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:38:51.0451 0x0e24  Sidebar - ok
20:38:51.0501 0x0e24  [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
20:38:51.0551 0x0e24  SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
20:38:51.0551 0x0e24  Detect skipped due to KSN trusted
20:38:51.0551 0x0e24  SpybotSD TeaTimer - ok
20:38:51.0621 0x0e24  [ 13001914838576400EB9AFDE95AE71CE, B95363F08ABA4618DC09C6CB6C3144C9DD5FFB0B64F6F37D013F1EED39F09539 ] C:\Program Files\CCleaner\CCleaner.exe
20:38:51.0681 0x0e24  ccleaner - ok
20:38:51.0691 0x0e24  MobileDocuments - ok
20:38:51.0731 0x0e24  [ 6948349D55ABC9B90AA77B5340D2EA77, 84EEC4521832600E5209410255885B552897F47A9B03E8653B700F1FF0C34004 ] C:\Program Files\Steam\Steam.exe
20:38:51.0761 0x0e24  Steam - ok
20:38:51.0821 0x0e24  [ 395BCC9122E705F6586217E32CD01CC9, 0A2E3BF0E626A65B9FF1BEFB35FFBC9CCAA3C75DB395D175AAE2DD014A8E8A34 ] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
20:38:51.0861 0x0e24  HP Officejet Pro 8600 (NET) - ok
20:38:51.0871 0x0e24  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:38:51.0881 0x0e24  mctadmin - ok
20:38:51.0891 0x0e24  Waiting for KSN requests completion. In queue: 14
20:38:52.0891 0x0e24  Waiting for KSN requests completion. In queue: 14
20:38:53.0891 0x0e24  Waiting for KSN requests completion. In queue: 6
20:38:54.0931 0x0e24  AV detected via SS2: avast! Antivirus, C:\Program Files\Alwil Software\Avast5\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
20:38:54.0931 0x0e24  FW detected via SS2: avast! Antivirus, C:\Program Files\Alwil Software\Avast5\VisthAux.exe ( 9.0.2021.515 ), 0x41010 ( enabled )
20:38:57.0371 0x0e24  ============================================================
20:38:57.0371 0x0e24  Scan finished
20:38:57.0371 0x0e24  ============================================================
20:38:57.0381 0x0bb4  Detected object count: 0
20:38:57.0381 0x0bb4  Actual detected object count: 0
20:40:30.0055 0x11e4  Deinitialize success

schrauber · 17.09.2014, 18:47

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

JPonti · 17.09.2014, 19:11

Hallo Schrauber,

beim Löschen mit dem Revo Uninstaller kam eine Fehlermeldung (siehe Anhang). Soll ich Combofix jetzt dennoch laufen lassen, oder sind erst noch weitere Schritte nötig?

Vielen Dank und Gruß

P.

schrauber · 18.09.2014, 13:48

einfach ok klicken, danach sucht Revo nach den Resten

JPonti · 18.09.2014, 21:44

Danke. Hier der Combofix log:

Code:

ATTFilter

ComboFix 14-09-18.01 - Ponti 18.09.2014  22:22:23.1.8 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3063.1243 [GMT 2:00]
ausgeführt von:: c:\users\Ponti\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ponti\1051.zip
c:\users\Ponti\118d.pdf
c:\users\Ponti\553.zip
c:\users\Ponti\Checkliste .xls
c:\users\Ponti\CloneCD 4.1 with serial key + Clony XXL.exe
c:\windows\system32\tmpA45B.tmp
c:\windows\system32\tmpA601.tmp
c:\windows\system32\tmpC6BA.tmp
c:\windows\system32\tmpC6FA.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-18 bis 2014-09-18  ))))))))))))))))))))))))))))))
.
.
2014-09-18 20:30 . 2014-09-18 20:33	--------	d-----w-	c:\users\Ponti\AppData\Local\temp
2014-09-17 18:01 . 2014-09-17 18:01	--------	d-----w-	c:\program files\VS Revo Group
2014-09-17 11:53 . 2014-09-18 20:27	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{78DF9A01-6F7F-4D2B-9B06-9B873D51C1F7}\offreg.dll
2014-09-16 15:35 . 2014-09-16 15:37	--------	d-----w-	C:\FRST
2014-09-16 09:09 . 2014-09-16 09:09	--------	d-----w-	c:\program files\ESET
2014-09-16 09:01 . 2014-09-16 10:25	--------	d-----w-	c:\windows\ERUNT
2014-09-16 08:27 . 2014-09-16 10:31	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-16 08:26 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-09-16 08:26 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-09-16 08:26 . 2014-09-16 08:26	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-09-16 06:47 . 2014-09-09 01:24	8806800	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{78DF9A01-6F7F-4D2B-9B06-9B873D51C1F7}\mpengine.dll
2014-09-14 18:36 . 2014-09-14 18:36	--------	d-----w-	c:\program files\iPod
2014-09-14 18:36 . 2014-09-14 18:38	--------	d-----w-	c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-14 18:36 . 2014-09-14 18:38	--------	d-----w-	c:\program files\iTunes
2014-09-12 12:30 . 2014-09-12 13:14	--------	d-----w-	c:\program files\Mozilla Thunderbird
2014-09-12 12:05 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2014-09-12 09:25 . 2014-07-07 01:40	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-09-12 09:25 . 2014-07-07 01:40	1059840	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-12 09:24 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2014-09-12 09:24 . 2014-08-01 11:35	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
2014-09-12 09:24 . 2014-09-05 01:52	445952	----a-w-	c:\windows\system32\aepdu.dll
2014-09-12 09:24 . 2014-09-05 01:47	302592	----a-w-	c:\windows\system32\aeinv.dll
2014-08-28 07:01 . 2014-08-23 01:46	305152	----a-w-	c:\windows\system32\gdi32.dll
2014-08-28 07:01 . 2014-08-23 00:42	2352640	----a-w-	c:\windows\system32\win32k.sys
2014-08-26 08:42 . 2014-08-26 08:41	880040	----a-w-	c:\windows\system32\npdeployJava1.dll
2014-08-26 08:42 . 2014-08-26 08:41	802728	----a-w-	c:\windows\system32\deployJava1.dll
2014-08-26 08:42 . 2014-08-26 08:42	--------	d-----w-	c:\users\Ponti\AppData\Roaming\Oracle
2014-08-26 08:41 . 2014-08-26 08:41	--------	d-----w-	c:\program files\Common Files\Java
2014-08-26 08:41 . 2014-08-26 08:41	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-08-25 08:05 . 2014-08-26 08:24	--------	d-----w-	c:\users\Ponti\AppData\Local\Adobe
2014-08-25 07:34 . 2014-03-09 21:47	99480	----a-w-	c:\windows\system32\infocardapi.dll
2014-08-25 07:34 . 2014-06-30 22:14	8856	----a-w-	c:\windows\system32\icardres.dll
2014-08-25 07:34 . 2014-03-09 21:47	619672	----a-w-	c:\windows\system32\icardagt.exe
2014-08-25 07:34 . 2014-06-06 06:16	35480	----a-w-	c:\windows\system32\TsWpfWrp.exe
2014-08-25 07:22 . 2014-08-25 07:22	--------	d-----w-	c:\users\Ponti\restore
2014-08-25 07:14 . 2014-08-25 07:14	--------	d-----w-	c:\windows\Hewlett-Packard
2014-08-25 06:55 . 2014-07-14 01:42	654336	----a-w-	c:\windows\system32\rpcrt4.dll
2014-08-25 06:55 . 2014-06-16 01:44	730048	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2014-08-25 06:55 . 2014-06-16 01:44	219072	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2014-08-25 06:55 . 2014-06-16 01:40	107520	----a-w-	c:\windows\system32\cdd.dll
2014-08-25 06:54 . 2014-07-16 02:46	2048	----a-w-	c:\windows\system32\tzres.dll
2014-08-25 06:53 . 2014-06-03 09:29	2363392	----a-w-	c:\windows\system32\msi.dll
2014-08-25 06:53 . 2014-06-03 09:29	1805824	----a-w-	c:\windows\system32\authui.dll
2014-08-25 06:53 . 2014-06-03 09:30	101824	----a-w-	c:\windows\system32\consent.exe
2014-08-25 06:53 . 2014-06-03 09:29	337408	----a-w-	c:\windows\system32\msihnd.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-17 14:46 . 2014-07-16 06:38	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-10 09:48 . 2012-04-15 13:23	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-09-10 09:48 . 2011-06-07 07:23	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-25 04:53 . 2010-03-08 08:23	231584	------w-	c:\windows\system32\MpSigStub.exe
2014-07-25 00:35 . 2014-07-25 00:35	875688	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2014-07-18 07:08 . 2010-10-25 19:35	414520	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-18 07:07 . 2014-01-09 15:36	71944	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-18 07:07 . 2013-03-26 08:54	192352	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-18 07:07 . 2011-06-30 14:03	779536	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-18 07:07 . 2014-07-18 07:07	43152	----a-w-	c:\windows\avastSS.scr
2014-07-18 07:07 . 2014-05-05 06:51	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-18 07:07 . 2013-03-26 08:54	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-18 07:07 . 2012-03-26 07:50	81768	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-18 07:07 . 2010-10-25 19:35	67824	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-18 07:07 . 2010-10-25 19:35	276432	----a-w-	c:\windows\system32\aswBoot.exe
2014-07-18 07:07 . 2014-05-05 06:51	26136	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2014-07-18 07:07 . 2014-07-18 07:07	270752	----a-w-	c:\windows\system32\drivers\aswNdisFlt.sys
2011-04-25 00:58 . 2014-09-16 09:12	124864	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 01:48 . 2014-09-16 09:12	13760	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 01:00 . 2014-09-16 09:12	71104	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 00:59 . 2014-09-16 09:12	92096	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 00:58 . 2014-09-16 09:12	22976	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 00:57 . 2014-09-16 09:12	255936	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 00:58 . 2014-09-16 09:12	32192	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 00:58 . 2014-09-16 09:12	40896	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 00:51 . 2014-09-16 09:12	898480	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 01:00 . 2014-09-16 09:12	24512	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-18 07:07	578240	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2012-07-24 3091296]
"Steam"="c:\program files\Steam\Steam.exe" [2013-05-03 1635752]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-09 284696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-08-01 4085896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-01-17 421888]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2014-04-10 12021464]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe /QUIET [2010-12-27 117344]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2010-10-30 331776]
WinTV Recording Status..lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2010-12-27 83456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-07-18 270752]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2014-07-18 26136]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-07-18 779536]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-07-18 414520]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 65584]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-03 172032]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-07-18 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-07-18 67824]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-07-18 71944]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2014-07-18 106488]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-03-10 249648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-09 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2014-07-28 133696]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 hcw88bda;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2010-03-12 216576]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\Drivers\hcw88rc5.sys [2010-03-12 12288]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2010-03-12 321280]
S3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2010-03-12 396928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-16 06:59	1096520	----a-w-	c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:48]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-20 10:13]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-20 10:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
mStart Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default\
FF - prefs.js: browser.search.defaulturl - hxxps://de.search.yahoo.com/yhs/search
FF - prefs.js: browser.startup.homepage - hxxps://de.yahoo.com?fr=hp-avast&type=avastbcl
FF - prefs.js: keyword.URL - hxxps://de.search.yahoo.com/yhs/search
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4052113058-4103672911-3188137916-1001\Software\SecuROM\License information*]
"datasecu"=hex:0b,70,85,81,54,3c,1d,e7,45,7c,ec,15,57,86,7d,43,ed,3b,7b,84,8e,
   09,c9,a5,51,65,47,85,28,98,e4,16,77,a7,6f,62,98,85,8c,d1,eb,f8,ee,ff,87,dc,\
"rkeysecu"=hex:d9,b0,48,5c,f8,46,e9,8d,69,2c,ca,6a,8c,d3,ed,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\WinTV\TVServer\HAUPPA~1.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\WinTV\TVServer\CAPTUR~3.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\rundll32.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\WinTV\Ir.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-18  22:37:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-09-18 20:37
.
Vor Suchlauf: 11 Verzeichnis(se), 833.500.037.120 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 833.268.908.032 Bytes frei
.
- - End Of File - - 44DA019E097D22090ECAF1A34B17C31B
C79B30CB8852157F6F908E4698CFE0D0

schrauber · 19.09.2014, 18:29

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

JPonti · 19.09.2014, 20:07

Hier die mbam:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 19.09.2014
Suchlauf-Zeit: 20:32:13
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.19.05
Rootkit Datenbank: v2014.09.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Ponti

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 368098
Verstrichene Zeit: 10 Min, 25 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner:

Code:

ATTFilter

# AdwCleaner v3.310 - Bericht erstellt am 19/09/2014 um 20:46:28
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Ponti - PONTI-PC
# Gestartet von : C:\Users\Ponti\Downloads\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.2 (x86 de)

[ Datei : C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default\prefs.js ]


[ Datei : C:\Users\Ute\AppData\Roaming\Mozilla\Firefox\Profiles\2dgl4u4o.default\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ Datei : C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1067 octets] - [19/09/2014 20:45:20]
AdwCleaner[S0].txt - [990 octets] - [19/09/2014 20:46:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1049 octets] ##########

Hier die jrt Datei:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.7 (09.18.2014:2)
OS: Windows 7 Home Premium x86
Ran by Ponti on 19.09.2014 at 20:52:23,26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ponti\AppData\Roaming\mozilla\firefox\profiles\gaxd0q4v.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.09.2014 at 20:56:27,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und die frische FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Ponti (administrator) on PONTI-PC on 19-09-2014 21:00:30
Running from C:\Users\Ponti\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\Ir.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Farbar) C:\Users\Ponti\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-09] (Intel Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [3091296 2012-07-24] (Piriform Ltd)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1635752 2013-05-04] (Valve Corporation)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {10C4FE93-32AE-4407-9C0C-D07248848332} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
SearchScopes: HKCU - {7E9CD751-D920-46B8-93AE-9617AA368E29} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {CE0B46E1-605C-43A5-9E55-E29756B62B0E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @gametap.com/npdd,version=1.0 -> C:\Program Files\Downloader\npdd.dll (Metaboli)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: O2CPlayer Plugin - C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default\Extensions\o2cplayer@eleco.com [2014-07-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-09-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-08-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-30]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> https://de.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://de.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchURL: Default -> hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Downloader Detector) - C:\Program Files\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows LiveÂ® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR CustomProfile: C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-20]
CHR Extension: (Google-Suche) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-20]
CHR Extension: (Google Wallet) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488 2014-07-18] (AVAST Software)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [602624 2010-03-29] (Hauppauge Computer Works) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-07-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5313536 2010-02-03] (ATI Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-18] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-18] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-18] ()
R3 hcw88bda; C:\Windows\System32\drivers\hcw88bda.sys [216576 2010-03-12] (Hauppauge Computer Works, Inc)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [12288 2010-03-12] (Hauppauge Computer Works, Inc.)
R3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [321280 2010-03-12] (Hauppauge Computer Works, Inc)
R3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [396928 2010-03-12] (Hauppauge Computer Works, Inc)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Ponti\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 21:00 - 2014-09-19 21:00 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST(1).exe
2014-09-19 21:00 - 2014-09-19 21:00 - 00028670 _____ () C:\Users\Ponti\Downloads\FRST.txt
2014-09-19 20:56 - 2014-09-19 20:56 - 00000756 _____ () C:\Users\Ponti\Desktop\JRT2.txt
2014-09-19 20:56 - 2014-09-19 20:56 - 00000756 _____ () C:\Users\Ponti\Desktop\JRT.txt
2014-09-19 20:51 - 2014-09-19 20:51 - 01019328 _____ (Thisisu) C:\Users\Ponti\Downloads\JRT.exe
2014-09-19 20:49 - 2014-09-19 20:49 - 00001129 _____ () C:\Users\Ponti\Desktop\AdwCleaner[S0].txt
2014-09-19 20:45 - 2014-09-19 20:46 - 00000000 ____D () C:\AdwCleaner
2014-09-19 20:44 - 2014-09-19 20:44 - 01373475 _____ () C:\Users\Ponti\Downloads\AdwCleaner_3.310.exe
2014-09-19 20:43 - 2014-09-19 20:43 - 00001156 _____ () C:\Users\Ponti\Desktop\mbam.txt
2014-09-18 23:03 - 2014-09-18 23:03 - 00017445 _____ () C:\Users\Ponti\Desktop\combofix.txt
2014-09-18 22:53 - 2014-09-18 22:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 22:37 - 2014-09-18 22:37 - 00017445 _____ () C:\ComboFix.txt
2014-09-18 22:31 - 2014-09-19 20:47 - 00001278 _____ () C:\Windows\PFRO.log
2014-09-18 22:20 - 2014-09-18 22:37 - 00000000 ____D () C:\Windows\erdnt
2014-09-18 22:20 - 2014-09-18 22:37 - 00000000 ____D () C:\Qoobox
2014-09-18 22:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-18 22:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-18 22:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-18 22:18 - 2014-09-18 22:18 - 05578824 ____R (Swearware) C:\Users\Ponti\Desktop\ComboFix.exe
2014-09-18 22:13 - 2014-09-19 20:48 - 00000224 _____ () C:\Windows\setupact.log
2014-09-18 22:13 - 2014-09-18 22:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 20:01 - 2014-09-17 20:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ponti\Downloads\revosetup95.exe
2014-09-17 20:01 - 2014-09-17 20:01 - 00001190 _____ () C:\Users\Ponti\Desktop\Revo Uninstaller.lnk
2014-09-17 20:01 - 2014-09-17 20:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-16 20:36 - 2014-09-16 20:36 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ponti\Downloads\tdsskiller.exe
2014-09-16 17:46 - 2014-09-16 17:46 - 00000391 _____ () C:\Users\Ponti\Desktop\Gmer.log
2014-09-16 17:38 - 2014-09-16 17:38 - 00380416 _____ () C:\Users\Ponti\Downloads\Gmer-19357.exe
2014-09-16 17:36 - 2014-09-16 17:37 - 00033745 _____ () C:\Users\Ponti\Desktop\Addition.txt
2014-09-16 17:35 - 2014-09-19 21:00 - 00000000 ____D () C:\FRST
2014-09-16 17:35 - 2014-09-16 17:37 - 00050306 _____ () C:\Users\Ponti\Desktop\FRST.txt
2014-09-16 17:35 - 2014-09-16 17:35 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST.exe
2014-09-16 17:33 - 2014-09-16 17:34 - 00000472 _____ () C:\Users\Ponti\Desktop\defogger_disable.log
2014-09-16 17:33 - 2014-09-16 17:33 - 00000000 _____ () C:\Users\Ponti\defogger_reenable
2014-09-16 17:32 - 2014-09-16 17:32 - 00050477 _____ () C:\Users\Ponti\Downloads\Defogger.exe
2014-09-16 12:30 - 2014-09-19 20:47 - 00095224 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 12:25 - 2014-09-16 12:26 - 00001592 _____ () C:\DelFix.txt
2014-09-16 12:24 - 2014-09-16 12:24 - 00001009 _____ () C:\Users\Ponti\Desktop\checkup.txt
2014-09-16 11:09 - 2014-09-16 11:09 - 00000000 ____D () C:\Program Files\ESET
2014-09-16 11:01 - 2014-09-16 12:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 10:48 - 2014-09-16 10:48 - 00002292 _____ () C:\Users\Ponti\Desktop\Malwarebytes 20140916.txt
2014-09-16 10:27 - 2014-09-19 20:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 10:26 - 2014-09-16 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-16 10:26 - 2014-09-16 10:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-16 10:26 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-16 10:26 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 20:38 - 2014-09-14 20:38 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:38 - 2014-09-14 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:36 - 2014-09-14 20:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-14 20:36 - 2014-09-14 20:38 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:36 - 2014-09-14 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 14:30 - 2014-09-12 15:14 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-12 14:06 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 14:06 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 14:06 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 14:06 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 14:06 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 14:06 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 14:06 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 14:06 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 14:06 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 14:06 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 14:06 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 14:06 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 14:06 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 14:06 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 14:06 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 14:06 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 14:06 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 14:06 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 14:06 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 14:06 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 14:06 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 14:06 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 14:06 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 14:06 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 14:06 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 14:06 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 14:06 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 14:06 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 14:06 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 14:06 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 14:05 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 11:25 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 11:25 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 11:24 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 11:24 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 11:24 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 11:24 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-28 09:01 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:01 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 10:42 - 2014-08-26 10:42 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\Oracle
2014-08-26 10:42 - 2014-08-26 10:41 - 00880040 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2014-08-26 10:42 - 2014-08-26 10:41 - 00802728 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-08-26 10:41 - 2014-08-26 10:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-26 10:41 - 2014-08-26 10:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-26 10:41 - 2014-08-26 10:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-26 10:39 - 2014-08-26 10:39 - 00918952 _____ (Oracle Corporation) C:\Users\Ponti\Downloads\jxpiinstall(5).exe
2014-08-26 10:24 - 2014-08-26 10:24 - 18743160 _____ (Adobe Systems Inc.) C:\Users\Ponti\Downloads\AdobeAIRInstaller(4).exe
2014-08-25 10:05 - 2014-08-26 10:24 - 00000000 ____D () C:\Users\Ponti\AppData\Local\Adobe
2014-08-25 09:34 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 09:34 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 09:34 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 09:34 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Users\Ponti\restore
2014-08-25 09:14 - 2014-08-25 09:14 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-25 08:55 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-25 08:55 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-25 08:55 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-25 08:55 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-25 08:54 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-25 08:53 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-25 08:53 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-25 08:53 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-25 08:53 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-25 08:53 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-19 21:01 - 2014-09-19 21:00 - 00028670 _____ () C:\Users\Ponti\Downloads\FRST.txt
2014-09-19 21:00 - 2014-09-19 21:00 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST(1).exe
2014-09-19 21:00 - 2014-09-16 17:35 - 00000000 ____D () C:\FRST
2014-09-19 20:59 - 2012-07-20 12:14 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 20:56 - 2014-09-19 20:56 - 00000756 _____ () C:\Users\Ponti\Desktop\JRT2.txt
2014-09-19 20:56 - 2014-09-19 20:56 - 00000756 _____ () C:\Users\Ponti\Desktop\JRT.txt
2014-09-19 20:56 - 2009-07-14 06:34 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 20:56 - 2009-07-14 06:34 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 20:53 - 2014-09-16 12:30 - 00095224 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 20:51 - 2014-09-19 20:51 - 01019328 _____ (Thisisu) C:\Users\Ponti\Downloads\JRT.exe
2014-09-19 20:50 - 2013-03-18 11:29 - 00000000 ____D () C:\Program Files\Steam
2014-09-19 20:49 - 2014-09-19 20:49 - 00001129 _____ () C:\Users\Ponti\Desktop\AdwCleaner[S0].txt
2014-09-19 20:48 - 2014-09-18 22:13 - 00000224 _____ () C:\Windows\setupact.log
2014-09-19 20:48 - 2012-07-20 12:14 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-19 20:48 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 20:47 - 2014-09-18 22:31 - 00001278 _____ () C:\Windows\PFRO.log
2014-09-19 20:47 - 2012-05-08 20:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 20:46 - 2014-09-19 20:45 - 00000000 ____D () C:\AdwCleaner
2014-09-19 20:44 - 2014-09-19 20:44 - 01373475 _____ () C:\Users\Ponti\Downloads\AdwCleaner_3.310.exe
2014-09-19 20:43 - 2014-09-19 20:43 - 00001156 _____ () C:\Users\Ponti\Desktop\mbam.txt
2014-09-19 20:31 - 2014-09-16 10:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 20:31 - 2012-01-12 23:06 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 23:03 - 2014-09-18 23:03 - 00017445 _____ () C:\Users\Ponti\Desktop\combofix.txt
2014-09-18 22:53 - 2014-09-18 22:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 22:48 - 2013-02-13 09:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 22:37 - 2014-09-18 22:37 - 00017445 _____ () C:\ComboFix.txt
2014-09-18 22:37 - 2014-09-18 22:20 - 00000000 ____D () C:\Windows\erdnt
2014-09-18 22:37 - 2014-09-18 22:20 - 00000000 ____D () C:\Qoobox
2014-09-18 22:37 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-18 22:33 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-18 22:29 - 2010-10-25 21:13 - 00000000 ____D () C:\Users\Ponti
2014-09-18 22:18 - 2014-09-18 22:18 - 05578824 ____R (Swearware) C:\Users\Ponti\Desktop\ComboFix.exe
2014-09-18 22:13 - 2014-09-18 22:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-17 20:01 - 2014-09-17 20:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ponti\Downloads\revosetup95.exe
2014-09-17 20:01 - 2014-09-17 20:01 - 00001190 _____ () C:\Users\Ponti\Desktop\Revo Uninstaller.lnk
2014-09-17 20:01 - 2014-09-17 20:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 08:58 - 2010-10-28 22:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-16 22:29 - 2012-06-11 08:51 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\Apple Computer
2014-09-16 22:24 - 2012-08-23 15:48 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-16 20:36 - 2014-09-16 20:36 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ponti\Downloads\tdsskiller.exe
2014-09-16 19:46 - 2013-08-20 15:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-16 17:46 - 2014-09-16 17:46 - 00000391 _____ () C:\Users\Ponti\Desktop\Gmer.log
2014-09-16 17:38 - 2014-09-16 17:38 - 00380416 _____ () C:\Users\Ponti\Downloads\Gmer-19357.exe
2014-09-16 17:37 - 2014-09-16 17:36 - 00033745 _____ () C:\Users\Ponti\Desktop\Addition.txt
2014-09-16 17:37 - 2014-09-16 17:35 - 00050306 _____ () C:\Users\Ponti\Desktop\FRST.txt
2014-09-16 17:35 - 2014-09-16 17:35 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST.exe
2014-09-16 17:34 - 2014-09-16 17:33 - 00000472 _____ () C:\Users\Ponti\Desktop\defogger_disable.log
2014-09-16 17:33 - 2014-09-16 17:33 - 00000000 _____ () C:\Users\Ponti\defogger_reenable
2014-09-16 17:32 - 2014-09-16 17:32 - 00050477 _____ () C:\Users\Ponti\Downloads\Defogger.exe
2014-09-16 12:26 - 2014-09-16 12:25 - 00001592 _____ () C:\DelFix.txt
2014-09-16 12:25 - 2014-09-16 11:01 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 12:24 - 2014-09-16 12:24 - 00001009 _____ () C:\Users\Ponti\Desktop\checkup.txt
2014-09-16 11:09 - 2014-09-16 11:09 - 00000000 ____D () C:\Program Files\ESET
2014-09-16 10:48 - 2014-09-16 10:48 - 00002292 _____ () C:\Users\Ponti\Desktop\Malwarebytes 20140916.txt
2014-09-16 10:26 - 2014-09-16 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-16 10:26 - 2014-09-16 10:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-16 10:26 - 2014-02-26 10:28 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\Malwarebytes
2014-09-16 10:26 - 2014-02-26 10:27 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-16 10:26 - 2014-02-26 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 10:26 - 2014-02-26 10:27 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-16 10:18 - 2010-10-29 09:40 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-09-16 09:03 - 2012-07-20 12:16 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-14 20:38 - 2014-09-14 20:38 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:38 - 2014-09-14 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:38 - 2014-09-14 20:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-14 20:38 - 2014-09-14 20:36 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:36 - 2014-09-14 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 20:36 - 2011-03-25 15:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-12 15:14 - 2014-09-12 14:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-12 15:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 14:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 14:05 - 2013-08-15 17:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 13:54 - 2010-03-08 10:25 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 13:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-12 13:53 - 2014-05-08 20:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 13:51 - 2010-03-08 09:25 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 11:48 - 2012-04-15 15:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 11:48 - 2011-06-07 09:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 17:55 - 2010-10-28 22:35 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\ZoomBrowser EX
2014-09-09 09:56 - 2014-01-08 13:51 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\HpUpdate
2014-09-05 03:52 - 2014-09-12 11:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-12 11:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 09:16 - 2012-03-14 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-28 10:06 - 2009-07-14 06:33 - 00336488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 10:42 - 2014-08-26 10:42 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\Oracle
2014-08-26 10:42 - 2010-12-20 13:37 - 00000000 ____D () C:\Program Files\Java
2014-08-26 10:41 - 2014-08-26 10:42 - 00880040 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2014-08-26 10:41 - 2014-08-26 10:42 - 00802728 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-08-26 10:41 - 2014-08-26 10:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-26 10:41 - 2014-08-26 10:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-26 10:41 - 2014-08-26 10:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-26 10:41 - 2014-07-18 11:28 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-26 10:41 - 2014-07-18 11:28 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-26 10:41 - 2013-09-20 09:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-26 10:39 - 2014-08-26 10:39 - 00918952 _____ (Oracle Corporation) C:\Users\Ponti\Downloads\jxpiinstall(5).exe
2014-08-26 10:24 - 2014-08-26 10:24 - 18743160 _____ (Adobe Systems Inc.) C:\Users\Ponti\Downloads\AdobeAIRInstaller(4).exe
2014-08-26 10:24 - 2014-08-25 10:05 - 00000000 ____D () C:\Users\Ponti\AppData\Local\Adobe
2014-08-25 09:40 - 2010-03-08 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Users\Ponti\restore
2014-08-25 09:21 - 2014-07-14 15:13 - 00000000 ____D () C:\ProgramData\tmp
2014-08-25 09:14 - 2014-08-25 09:14 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-25 06:53 - 2010-03-08 10:23 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-08-28 09:01 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 09:01 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Files to move or delete:
====================
C:\Users\Ponti\cc_20090210_163449.reg
C:\Users\Ponti\DivXInstaller.exe
C:\Users\Ponti\Encpack_Win2000_GER.exe
C:\Users\Ponti\UGA50t_G.exe


Some content of TEMP:
====================
C:\Users\Ponti\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 13:23

==================== End Of Log ============================

--- --- ---

Vielen Dank!

Gruß

P.

schrauber · 20.09.2014, 15:20

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

JPonti · 20.09.2014, 17:56

Hallo Schrauber,

bis dato hatte ich keine weiteren "Erscheinungen" oder Probleme mehr. Hier die gewünschten logs:

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=cb85bc3fd52a8b43b88208760301fb56
# engine=20235
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-20 04:33:10
# local_time=2014-09-20 06:33:10 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 97 375314 175651280 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 78360 162861981 0 0
# scanned=196267
# found=1
# cleaned=0
# scan_time=4335
sh=0C450E3EC768C5FD325BA7907BFF6F5BC464B9E6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\17a4c9.msi"

SecurityCheck:

Code:

ATTFilter

Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 McAfee SiteAdvisor    
 CCleaner     
 Java 7 Update 67  
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (32.0.2) 
 Mozilla Thunderbird (31.1.1) 
 Google Chrome 37.0.2062.103  
 Google Chrome 37.0.2062.120  
````````Process Check: objlist.exe by Laurent````````  
 Alwil Software Avast5 AvastSvc.exe  
 Alwil Software Avast5 afwServ.exe  
 Alwil Software Avast5 avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Ponti (administrator) on PONTI-PC on 20-09-2014 18:49:58
Running from C:\Users\Ponti\Downloads
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\afwServ.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\Ir.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Farbar) C:\Users\Ponti\Downloads\FRST(2).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-09] (Intel Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-03] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-04-10] (Realtek Semiconductor)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [3091296 2012-07-24] (Piriform Ltd)
HKU\S-1-5-21-4052113058-4103672911-3188137916-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
ShortcutTarget: TotalMedia Backup Monitor.lnk -> C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - {10C4FE93-32AE-4407-9C0C-D07248848332} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE739&p={SearchTerms}
SearchScopes: HKCU - {7E9CD751-D920-46B8-93AE-9617AA368E29} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {CE0B46E1-605C-43A5-9E55-E29756B62B0E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Homepage: https://de.yahoo.com?fr=hp-avast&type=avastbcl
FF Keyword.URL: https://de.search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @gametap.com/npdd,version=1.0 -> C:\Program Files\Downloader\npdd.dll (Metaboli)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF SearchPlugin: C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default\searchplugins\yahoo-avast.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: O2CPlayer Plugin - C:\Users\Ponti\AppData\Roaming\Mozilla\Firefox\Profiles\gaxd0q4v.default\Extensions\o2cplayer@eleco.com [2014-07-28]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2014-09-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-08-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-06-30]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HomePage: Default -> https://de.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: Default -> "https://de.yahoo.com?fr=hp-avast&type=avastbcl"
CHR DefaultSearchKeyword: Default -> www.yahoo.com
CHR DefaultSearchURL: Default -> hxxp://de.yhs4.search.yahoo.com/yhs/search?type=prc265&hspart=avast&hsimp=yhs-001&p={searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Downloader Detector) - C:\Program Files\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows LiveÂ® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR CustomProfile: C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-20]
CHR Extension: (Google-Suche) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-20]
CHR Extension: (Google Wallet) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Ponti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [106488 2014-07-18] (AVAST Software)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [602624 2010-03-29] (Hauppauge Computer Works) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133696 2014-07-28] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5313536 2010-02-03] (ATI Technologies Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-18] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-07-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-18] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [270752 2014-07-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-18] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-18] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-18] ()
R3 hcw88bda; C:\Windows\System32\drivers\hcw88bda.sys [216576 2010-03-12] (Hauppauge Computer Works, Inc)
R3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [12288 2010-03-12] (Hauppauge Computer Works, Inc.)
R3 HCW88TSE; C:\Windows\System32\drivers\hcw88tse.sys [321280 2010-03-12] (Hauppauge Computer Works, Inc)
R3 hcw88vid; C:\Windows\System32\drivers\hcw88vid.sys [396928 2010-03-12] (Hauppauge Computer Works, Inc)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Ponti\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 18:49 - 2014-09-20 18:49 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST(2).exe
2014-09-20 18:42 - 2014-09-20 18:42 - 00854417 _____ () C:\Users\Ponti\Downloads\SecurityCheck.exe
2014-09-20 17:16 - 2014-09-20 17:16 - 02347384 _____ (ESET) C:\Users\Ponti\Downloads\esetsmartinstaller_deu.exe
2014-09-20 17:11 - 2014-09-20 17:13 - 00022833 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 21:02 - 2014-09-19 21:02 - 00052244 _____ () C:\Users\Ponti\Desktop\FRST2.txt
2014-09-19 21:00 - 2014-09-20 18:49 - 00028084 _____ () C:\Users\Ponti\Downloads\FRST.txt
2014-09-19 21:00 - 2014-09-19 21:00 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST(1).exe
2014-09-19 20:56 - 2014-09-19 20:56 - 00000756 _____ () C:\Users\Ponti\Desktop\JRT2.txt
2014-09-19 20:56 - 2014-09-19 20:56 - 00000756 _____ () C:\Users\Ponti\Desktop\JRT.txt
2014-09-19 20:51 - 2014-09-19 20:51 - 01019328 _____ (Thisisu) C:\Users\Ponti\Downloads\JRT.exe
2014-09-19 20:49 - 2014-09-19 20:49 - 00001129 _____ () C:\Users\Ponti\Desktop\AdwCleaner[S0].txt
2014-09-19 20:45 - 2014-09-19 20:46 - 00000000 ____D () C:\AdwCleaner
2014-09-19 20:44 - 2014-09-19 20:44 - 01373475 _____ () C:\Users\Ponti\Downloads\AdwCleaner_3.310.exe
2014-09-19 20:43 - 2014-09-19 20:43 - 00001156 _____ () C:\Users\Ponti\Desktop\mbam.txt
2014-09-18 23:03 - 2014-09-18 23:03 - 00017445 _____ () C:\Users\Ponti\Desktop\combofix.txt
2014-09-18 22:53 - 2014-09-18 22:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 22:37 - 2014-09-18 22:37 - 00017445 _____ () C:\ComboFix.txt
2014-09-18 22:20 - 2014-09-18 22:37 - 00000000 ____D () C:\Windows\erdnt
2014-09-18 22:20 - 2014-09-18 22:37 - 00000000 ____D () C:\Qoobox
2014-09-18 22:20 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-18 22:20 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-18 22:20 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-18 22:20 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-18 22:18 - 2014-09-18 22:18 - 05578824 ____R (Swearware) C:\Users\Ponti\Desktop\ComboFix.exe
2014-09-17 20:01 - 2014-09-17 20:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ponti\Downloads\revosetup95.exe
2014-09-17 20:01 - 2014-09-17 20:01 - 00001190 _____ () C:\Users\Ponti\Desktop\Revo Uninstaller.lnk
2014-09-17 20:01 - 2014-09-17 20:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-16 20:36 - 2014-09-16 20:36 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ponti\Downloads\tdsskiller.exe
2014-09-16 17:46 - 2014-09-16 17:46 - 00000391 _____ () C:\Users\Ponti\Desktop\Gmer.log
2014-09-16 17:38 - 2014-09-16 17:38 - 00380416 _____ () C:\Users\Ponti\Downloads\Gmer-19357.exe
2014-09-16 17:36 - 2014-09-16 17:37 - 00033745 _____ () C:\Users\Ponti\Desktop\Addition.txt
2014-09-16 17:35 - 2014-09-20 18:50 - 00000000 ____D () C:\FRST
2014-09-16 17:35 - 2014-09-16 17:37 - 00050306 _____ () C:\Users\Ponti\Desktop\FRST.txt
2014-09-16 17:35 - 2014-09-16 17:35 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST.exe
2014-09-16 17:33 - 2014-09-16 17:34 - 00000472 _____ () C:\Users\Ponti\Desktop\defogger_disable.log
2014-09-16 17:33 - 2014-09-16 17:33 - 00000000 _____ () C:\Users\Ponti\defogger_reenable
2014-09-16 17:32 - 2014-09-16 17:32 - 00050477 _____ () C:\Users\Ponti\Downloads\Defogger.exe
2014-09-16 12:25 - 2014-09-16 12:26 - 00001592 _____ () C:\DelFix.txt
2014-09-16 12:24 - 2014-09-16 12:24 - 00001009 _____ () C:\Users\Ponti\Desktop\checkup.txt
2014-09-16 11:09 - 2014-09-16 11:09 - 00000000 ____D () C:\Program Files\ESET
2014-09-16 11:01 - 2014-09-16 12:25 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 10:48 - 2014-09-16 10:48 - 00002292 _____ () C:\Users\Ponti\Desktop\Malwarebytes 20140916.txt
2014-09-16 10:27 - 2014-09-19 20:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 10:26 - 2014-09-16 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-16 10:26 - 2014-09-16 10:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-16 10:26 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-16 10:26 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 20:38 - 2014-09-14 20:38 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:38 - 2014-09-14 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:36 - 2014-09-14 20:38 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-14 20:36 - 2014-09-14 20:38 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:36 - 2014-09-14 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-09-12 14:30 - 2014-09-12 15:14 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-12 14:06 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 14:06 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 14:06 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 14:06 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 14:06 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 14:06 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 14:06 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 14:06 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 14:06 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 14:06 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 14:06 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 14:06 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 14:06 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 14:06 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 14:06 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 14:06 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 14:06 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 14:06 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 14:06 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 14:06 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 14:06 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 14:06 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 14:06 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 14:06 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 14:06 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 14:06 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 14:06 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 14:06 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 14:06 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 14:06 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 14:05 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 11:25 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 11:25 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 11:24 - 2014-09-05 03:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-12 11:24 - 2014-09-05 03:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-12 11:24 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 11:24 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-28 09:01 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:01 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 10:42 - 2014-08-26 10:42 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\Oracle
2014-08-26 10:42 - 2014-08-26 10:41 - 00880040 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2014-08-26 10:42 - 2014-08-26 10:41 - 00802728 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-08-26 10:41 - 2014-08-26 10:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-26 10:41 - 2014-08-26 10:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-26 10:41 - 2014-08-26 10:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-26 10:39 - 2014-08-26 10:39 - 00918952 _____ (Oracle Corporation) C:\Users\Ponti\Downloads\jxpiinstall(5).exe
2014-08-26 10:24 - 2014-08-26 10:24 - 18743160 _____ (Adobe Systems Inc.) C:\Users\Ponti\Downloads\AdobeAIRInstaller(4).exe
2014-08-25 10:05 - 2014-08-26 10:24 - 00000000 ____D () C:\Users\Ponti\AppData\Local\Adobe
2014-08-25 09:34 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 09:34 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 09:34 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 09:34 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Users\Ponti\restore
2014-08-25 09:14 - 2014-08-25 09:14 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-25 08:55 - 2014-07-14 03:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-25 08:55 - 2014-06-16 03:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-25 08:55 - 2014-06-16 03:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-25 08:55 - 2014-06-16 03:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-25 08:54 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-25 08:53 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-25 08:53 - 2014-06-03 11:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-25 08:53 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-25 08:53 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-25 08:53 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 18:50 - 2014-09-19 21:00 - 00028084 _____ () C:\Users\Ponti\Downloads\FRST.txt
2014-09-20 18:50 - 2014-09-16 17:35 - 00000000 ____D () C:\FRST
2014-09-20 18:49 - 2014-09-20 18:49 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST(2).exe
2014-09-20 18:48 - 2013-02-13 09:55 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 18:42 - 2014-09-20 18:42 - 00854417 _____ () C:\Users\Ponti\Downloads\SecurityCheck.exe
2014-09-20 17:59 - 2012-07-20 12:14 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-20 17:16 - 2014-09-20 17:16 - 02347384 _____ (ESET) C:\Users\Ponti\Downloads\esetsmartinstaller_deu.exe
2014-09-20 17:16 - 2009-07-14 06:34 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 17:16 - 2009-07-14 06:34 - 00018704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 17:13 - 2014-09-20 17:11 - 00022833 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 17:13 - 2010-10-29 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-09-20 17:13 - 2010-10-29 09:40 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-09-20 17:13 - 2010-10-29 09:40 - 00000000 ____D () C:\Program Files\Logitech
2014-09-20 17:13 - 2010-10-29 09:40 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-09-20 17:08 - 2012-07-20 12:14 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-20 17:08 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-19 21:02 - 2014-09-19 21:02 - 00052244 _____ () C:\Users\Ponti\Desktop\FRST2.txt
2014-09-19 21:00 - 2014-09-19 21:00 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST(1).exe
2014-09-19 20:56 - 2014-09-19 20:56 - 00000756 _____ () C:\Users\Ponti\Desktop\JRT2.txt
2014-09-19 20:56 - 2014-09-19 20:56 - 00000756 _____ () C:\Users\Ponti\Desktop\JRT.txt
2014-09-19 20:51 - 2014-09-19 20:51 - 01019328 _____ (Thisisu) C:\Users\Ponti\Downloads\JRT.exe
2014-09-19 20:49 - 2014-09-19 20:49 - 00001129 _____ () C:\Users\Ponti\Desktop\AdwCleaner[S0].txt
2014-09-19 20:47 - 2012-05-08 20:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-19 20:46 - 2014-09-19 20:45 - 00000000 ____D () C:\AdwCleaner
2014-09-19 20:44 - 2014-09-19 20:44 - 01373475 _____ () C:\Users\Ponti\Downloads\AdwCleaner_3.310.exe
2014-09-19 20:43 - 2014-09-19 20:43 - 00001156 _____ () C:\Users\Ponti\Desktop\mbam.txt
2014-09-19 20:31 - 2014-09-16 10:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 20:31 - 2012-01-12 23:06 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-09-18 23:03 - 2014-09-18 23:03 - 00017445 _____ () C:\Users\Ponti\Desktop\combofix.txt
2014-09-18 22:53 - 2014-09-18 22:53 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-18 22:37 - 2014-09-18 22:37 - 00017445 _____ () C:\ComboFix.txt
2014-09-18 22:37 - 2014-09-18 22:20 - 00000000 ____D () C:\Windows\erdnt
2014-09-18 22:37 - 2014-09-18 22:20 - 00000000 ____D () C:\Qoobox
2014-09-18 22:37 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-09-18 22:33 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-18 22:29 - 2010-10-25 21:13 - 00000000 ____D () C:\Users\Ponti
2014-09-18 22:18 - 2014-09-18 22:18 - 05578824 ____R (Swearware) C:\Users\Ponti\Desktop\ComboFix.exe
2014-09-17 20:01 - 2014-09-17 20:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Ponti\Downloads\revosetup95.exe
2014-09-17 20:01 - 2014-09-17 20:01 - 00001190 _____ () C:\Users\Ponti\Desktop\Revo Uninstaller.lnk
2014-09-17 20:01 - 2014-09-17 20:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 08:58 - 2010-10-28 22:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-16 22:29 - 2012-06-11 08:51 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\Apple Computer
2014-09-16 22:24 - 2012-08-23 15:48 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-16 20:36 - 2014-09-16 20:36 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ponti\Downloads\tdsskiller.exe
2014-09-16 19:46 - 2013-08-20 15:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe AIR
2014-09-16 17:46 - 2014-09-16 17:46 - 00000391 _____ () C:\Users\Ponti\Desktop\Gmer.log
2014-09-16 17:38 - 2014-09-16 17:38 - 00380416 _____ () C:\Users\Ponti\Downloads\Gmer-19357.exe
2014-09-16 17:37 - 2014-09-16 17:36 - 00033745 _____ () C:\Users\Ponti\Desktop\Addition.txt
2014-09-16 17:37 - 2014-09-16 17:35 - 00050306 _____ () C:\Users\Ponti\Desktop\FRST.txt
2014-09-16 17:35 - 2014-09-16 17:35 - 01097728 _____ (Farbar) C:\Users\Ponti\Downloads\FRST.exe
2014-09-16 17:34 - 2014-09-16 17:33 - 00000472 _____ () C:\Users\Ponti\Desktop\defogger_disable.log
2014-09-16 17:33 - 2014-09-16 17:33 - 00000000 _____ () C:\Users\Ponti\defogger_reenable
2014-09-16 17:32 - 2014-09-16 17:32 - 00050477 _____ () C:\Users\Ponti\Downloads\Defogger.exe
2014-09-16 12:26 - 2014-09-16 12:25 - 00001592 _____ () C:\DelFix.txt
2014-09-16 12:25 - 2014-09-16 11:01 - 00000000 ____D () C:\Windows\ERUNT
2014-09-16 12:24 - 2014-09-16 12:24 - 00001009 _____ () C:\Users\Ponti\Desktop\checkup.txt
2014-09-16 11:09 - 2014-09-16 11:09 - 00000000 ____D () C:\Program Files\ESET
2014-09-16 10:48 - 2014-09-16 10:48 - 00002292 _____ () C:\Users\Ponti\Desktop\Malwarebytes 20140916.txt
2014-09-16 10:26 - 2014-09-16 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-16 10:26 - 2014-09-16 10:26 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-09-16 10:26 - 2014-02-26 10:28 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\Malwarebytes
2014-09-16 10:26 - 2014-02-26 10:27 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-16 10:26 - 2014-02-26 10:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-16 10:26 - 2014-02-26 10:27 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-09-16 10:18 - 2010-10-29 09:40 - 00000000 _____ () C:\Windows\system32\Drivers\lvuvc.hs
2014-09-16 09:03 - 2012-07-20 12:16 - 00002085 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-14 20:38 - 2014-09-14 20:38 - 00001717 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-14 20:38 - 2014-09-14 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-14 20:38 - 2014-09-14 20:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-09-14 20:38 - 2014-09-14 20:36 - 00000000 ____D () C:\Program Files\iTunes
2014-09-14 20:36 - 2014-09-14 20:36 - 00000000 ____D () C:\Program Files\iPod
2014-09-14 20:36 - 2011-03-25 15:30 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-12 15:14 - 2014-09-12 14:30 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-12 15:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-09-12 14:44 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-12 14:05 - 2013-08-15 17:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 13:54 - 2010-03-08 10:25 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 13:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-09-12 13:53 - 2014-05-08 20:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-12 13:51 - 2010-03-08 09:25 - 01594028 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 11:48 - 2012-04-15 15:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 11:48 - 2011-06-07 09:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 17:55 - 2010-10-28 22:35 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\ZoomBrowser EX
2014-09-09 09:56 - 2014-01-08 13:51 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\HpUpdate
2014-09-05 03:52 - 2014-09-12 11:24 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 03:47 - 2014-09-12 11:24 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-02 09:16 - 2012-03-14 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-28 10:06 - 2009-07-14 06:33 - 00336488 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-26 10:42 - 2014-08-26 10:42 - 00000000 ____D () C:\Users\Ponti\AppData\Roaming\Oracle
2014-08-26 10:42 - 2010-12-20 13:37 - 00000000 ____D () C:\Program Files\Java
2014-08-26 10:41 - 2014-08-26 10:42 - 00880040 _____ (Oracle Corporation) C:\Windows\system32\npdeployJava1.dll
2014-08-26 10:41 - 2014-08-26 10:42 - 00802728 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2014-08-26 10:41 - 2014-08-26 10:41 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-08-26 10:41 - 2014-08-26 10:41 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-08-26 10:41 - 2014-08-26 10:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-08-26 10:41 - 2014-07-18 11:28 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-08-26 10:41 - 2014-07-18 11:28 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-08-26 10:41 - 2013-09-20 09:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-26 10:39 - 2014-08-26 10:39 - 00918952 _____ (Oracle Corporation) C:\Users\Ponti\Downloads\jxpiinstall(5).exe
2014-08-26 10:24 - 2014-08-26 10:24 - 18743160 _____ (Adobe Systems Inc.) C:\Users\Ponti\Downloads\AdobeAIRInstaller(4).exe
2014-08-26 10:24 - 2014-08-25 10:05 - 00000000 ____D () C:\Users\Ponti\AppData\Local\Adobe
2014-08-25 09:40 - 2010-03-08 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-25 09:22 - 2014-08-25 09:22 - 00000000 ____D () C:\Users\Ponti\restore
2014-08-25 09:21 - 2014-07-14 15:13 - 00000000 ____D () C:\ProgramData\tmp
2014-08-25 09:14 - 2014-08-25 09:14 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-08-25 06:53 - 2010-03-08 10:23 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 03:46 - 2014-08-28 09:01 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-28 09:01 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Files to move or delete:
====================
C:\Users\Ponti\cc_20090210_163449.reg
C:\Users\Ponti\DivXInstaller.exe
C:\Users\Ponti\Encpack_Win2000_GER.exe
C:\Users\Ponti\UGA50t_G.exe


Some content of TEMP:
====================
C:\Users\Ponti\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 13:23

==================== End Of Log ============================

--- --- ---

Vielen Dank soweit. Gibt es noch irgendetwas spezielles zu beachten?

Gruß

P.

schrauber · 21.09.2014, 09:44

Adobe updatne.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Windows\Installer\17a4c9.msi

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

JPonti · 21.09.2014, 10:29

Hier der fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Ponti at 2014-09-21 11:25:11 Run:1
Running from C:\Users\Ponti\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Windows\Installer\17a4c9.msi
*****************

C:\Windows\Installer\17a4c9.msi => Moved successfully.

==== End of Fixlog ====

Danke für die Unterstützung! Ich hoffe, dass jetzt alles ok ist - Ich kann zumindest nichts gegentieliges feststellen.

Gruß

P.

schrauber · 22.09.2014, 07:34

Gern Geschehen

18.09.2014, 13:48	#6
schrauber /// the machine /// TB-Ausbilder	Mauszeiger bewegt sich von alleine und betätigt Lautstärkenregler einfach ok klicken, danach sucht Revo nach den Resten __________________ --> Mauszeiger bewegt sich von alleine und betätigt Lautstärkenregler

22.09.2014, 07:34	#14
schrauber /// the machine /// TB-Ausbilder	Mauszeiger bewegt sich von alleine und betätigt Lautstärkenregler Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Mauszeiger bewegt sich von alleine und betätigt Lautstärkenregler

Log-Analyse und Auswertung: Mauszeiger bewegt sich von alleine und betätigt Lautstärkenregler