Erkennung inaktiver Dienste, Sicherung nicht möglich Fehlercode 81000019 uvm.

Konny251 · 22.09.2014, 12:30

Hallo,

meine Probleme sind sehr vielseitig und ich weiß auch nicht, ob hier Virenbefall o. Ähnliches vorliegt. Ich weiß aber, dass ihr mir mal gut helfen konntet und hoffe dies in diesem Fall auch.

Hier kurze Beschreibung meiner PC-Probleme:
- PC startet langsam, Internet ist auch langsam
- Google Chrome versucht immer die alten Seiten wiederherzustellen, obwohl alle möglichen Einstellung nicht danach gehen
- Beim Herunterladen werde ich immer gefragt ob ich sicher bin ob ich herunterfahren will, da noch Programme offen sind?? (Nein)
- Tägliche ERscheinung "Erkennung inaktiver Dienste" mit Hinweisa auf nicht kompatibles Programm (Sprachinstaller)
- Sicherung funktioniert auch nicht mit oben genannten Fehlercode

Hier die Logfiles:

Zitat:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Ko at 2014-09-22 12:26:22
Running from C:\Users\Ko\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Around the World in 80 Days (HKLM-x32\...\BFG-Around the World in 80 Days) (Version: - )
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2010397950.48.56.39914730 - Audible, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{16880765-677F-440B-B16A-BFD9B9C00012}) (Version: 1.0.12 - Samsung)
ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
Eumex RNDIS64 Driver V1.03 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.03.0000 - Deutsche Telekom)
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version: - filetypeadvisor.com)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
Free YouTube Download version 3.2.23.219 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.23.219 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MatchWare MindView 5.0 (HKLM-x32\...\{C849BEF2-0216-45E5-841B-F0F2F4FDE319}) (Version: 5.0.168 - MatchWare A/S)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PhoneShare (HKLM-x32\...\{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}) (Version: 9.1.4 - Samsung)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.0 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.01 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.08.82 - Akademische Arbeitsgemeinschaft)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24482 - TeamViewer)
Teldat Eumex 402 WIN-Tools V1.00 (HKLM-x32\...\InstallShield_{1F2B2C7A-6A8D-499E-88B2-0C1E2AB06963}) (Version: 1.00.0000 - hxxp://www.teldat.de)
Teldat Eumex 402 WIN-Tools V1.00 (x32 Version: 1.00.0000 - hxxp://www.teldat.de) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.7 - )
Video Download Capture V4.4.7 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.4.7 - Apowersoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - T-Home Net (04/13/2012 6.0.6000.16384) (HKLM\...\C7DD251F4B6025D69B6ACC9FD647E009517A6069) (Version: 04/13/2012 6.0.6000.16384 - T-Home)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.0.2013 - BillP Studios)
WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.2.0.16826 - Blizzard Entertainment)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{74ee84c9-da91-4386-86eb-dc5551a283b7}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

09-09-2014 09:29:58 Windows Update
14-09-2014 15:34:04 Windows Update
14-09-2014 20:18:49 Windows Update
19-09-2014 13:14:17 Windows Update
22-09-2014 10:17:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1104F6B7-A035-451E-B7B2-4541DD9B420A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {11C9F267-B2CA-427D-84AA-778A6CCEC580} - System32\Tasks\AdobeFlashPlayerUpdate => C:\windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {12B15A75-AE31-4726-A105-C77172F9A649} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {16A2B260-EA10-41D0-A2ED-CD43B05A4244} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)
Task: {1F70E1B8-D0E0-42BD-839A-A04A9E4DC26D} - System32\Tasks\{9C7E3B4D-1E41-4AA8-B777-9AF6673625E6} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
Task: {3A1334B0-8002-46CC-A86A-5207786FCA74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {4682228C-3C2B-4543-A86E-8A41C7C9999A} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {5043B97F-1822-4362-B1E0-B19A9BC7CE6E} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {5820AAD3-CADE-447F-8593-B1D5BBECF4DC} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {597AE05A-95F1-4424-98D6-947E2CD1A393} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {5E2260BC-8566-42AD-9338-8FAF52759CA5} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {8303B12E-7A34-4FEA-BCE1-9088145BD7A5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8D508EC0-C598-4FA4-8708-535CA2E7B37E} - System32\Tasks\NCH Software\DebutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe [2013-06-04] (NCH Software)
Task: {934FD08E-DBDC-4006-80F8-8A118B0BD5C1} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {A653CAEA-9876-4343-94DD-98196BF41232} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {AC1BDC73-B8AB-4DF5-97B5-CCA7B67D2BDB} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com )
Task: {CD478CFF-5BA3-48FD-B2F2-CD5FB0222686} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {E1A6D784-FBB1-45F8-BA3C-953559D38843} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-10] (AVAST Software)
Task: {E5B7EE2E-CBF2-4FAE-8FF9-9326CF69E183} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {E689CC2A-9B46-41FA-8800-8971B2119D80} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-02-14] (SEC)
Task: {ECA9E47D-54ED-411B-B8EE-9B7EBDB75ED6} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
Task: {F334EC5C-CFA2-4D52-AE3B-BDA1832268F9} - \Digital Sites No Task File <==== ATTENTION
Task: {F39FD479-8CDF-436A-98A7-C87F5B2589C6} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {F73C0B53-13AA-4A45-A7B9-8024DE0CE43E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {FF17078D-7A7A-445F-B1AE-5DBFBE8BE1C5} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-13 15:02 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-23 11:54 - 2011-10-04 23:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll
2011-10-31 21:56 - 2008-06-05 01:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-10-31 06:53 - 2009-12-01 09:21 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-10-31 21:56 - 2010-10-21 20:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2014-07-10 11:32 - 2014-07-10 11:32 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-19 14:31 - 2014-09-19 14:31 - 02864128 _____ () C:\Program Files\AVAST Software\Avast\defs\14091900\algo.dll
2014-09-22 12:08 - 2014-09-22 12:08 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092200\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-31 07:00 - 2010-07-05 12:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2011-10-31 06:58 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2014-07-10 11:32 - 2014-07-10 11:32 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-10-31 07:11 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-10 21:13 - 2014-09-04 05:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Ko:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Ko\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Ko\Cookies:gs5sys
AlternateDataStreams: C:\Users\Ko\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Ko\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Ko\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Ko\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Ko\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Ko\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Ko\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Ko\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Ko\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Ko\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2014 00:16:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "F:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (09/22/2014 11:58:41 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/22/2014 11:44:34 AM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Die Sicherung wurde nicht erfolgreich abgeschlossen, da eine Schattenkopie nicht erstellt werden konnte. Löschen Sie auf dem zu sichernden Laufwerk nicht benötigte Dateien, um Speicherplatz freizugeben, und wiederholen Sie den Vorgang.

Error: (09/22/2014 11:40:56 AM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Die Sicherung wurde nicht erfolgreich abgeschlossen, da eine Schattenkopie nicht erstellt werden konnte. Löschen Sie auf dem zu sichernden Laufwerk nicht benötigte Dateien, um Speicherplatz freizugeben, und wiederholen Sie den Vorgang.

Error: (09/22/2014 11:37:48 AM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Die Sicherung wurde nicht erfolgreich abgeschlossen, da eine Schattenkopie nicht erstellt werden konnte. Löschen Sie auf dem zu sichernden Laufwerk nicht benötigte Dateien, um Speicherplatz freizugeben, und wiederholen Sie den Vorgang.

Error: (09/22/2014 11:33:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (09/22/2014 11:33:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/22/2014 11:33:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (09/19/2014 04:11:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9921

Error: (09/19/2014 04:11:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9921

System errors:
=============
Error: (09/22/2014 00:08:30 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/19/2014 03:45:51 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/17/2014 09:34:16 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/17/2014 09:34:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/17/2014 09:34:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Client Virtualization Handler erreicht.

Error: (09/16/2014 09:40:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Client Virtualization Handler" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/16/2014 09:40:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Client Virtualization Handler erreicht.

Error: (09/16/2014 09:40:56 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80070420" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Error: (09/12/2014 10:53:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (09/12/2014 10:49:10 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Dienst "WMPNetworkSvc" konnte nicht ordnungsgemäß gestartet werden, da ein Fehler "0x80004005" in "CoCreateInstance(CLSID_UPnPDeviceFinder)" aufgetreten ist. Überprüfen Sie, ob der Dienst "UPnPHost" ausgeführt wird und ob die Windows-Komponente "UPnPHost" richtig installiert ist.

Microsoft Office Sessions:
=========================
Error: (09/22/2014 00:16:24 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: F:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)

Error: (09/22/2014 11:58:41 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (09/22/2014 11:44:34 AM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Es konnte keine Schattenkopie erstellt werden. Weitere Informationen finden Sie in den Anwendungsereignisprotokollen "VSS" und "SPP". (0x81000019)

Error: (09/22/2014 11:40:56 AM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Es konnte keine Schattenkopie erstellt werden. Weitere Informationen finden Sie in den Anwendungsereignisprotokollen "VSS" und "SPP". (0x81000019)

Error: (09/22/2014 11:37:48 AM) (Source: Windows Backup) (EventID: 4100) (User: )
Description: Es konnte keine Schattenkopie erstellt werden. Weitere Informationen finden Sie in den Anwendungsereignisprotokollen "VSS" und "SPP". (0x81000019)

Error: (09/22/2014 11:33:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (09/22/2014 11:33:57 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/22/2014 11:33:56 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (09/19/2014 04:11:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9921

Error: (09/19/2014 04:11:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9921

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 4075.55 MB
Available physical RAM: 2018.87 MB
Total Pagefile: 8149.27 MB
Available Pagefile: 5746.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111 GB) (Free:21.65 GB) NTFS
Drive d: () (Fixed) (Total:163.58 GB) (Free:112.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1AE12585)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=163.6 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.4 GB) - (Type=27)

==================== End Of Log ============================

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Ko (administrator) on KO-PC on 22-09-2014 12:25:55
Running from C:\Users\Ko\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-2799891548-1686358224-993601196-1000\...\MountPoints2: {5cbdb924-1428-11e4-8d8d-e811327d1efb} - F:\Startme.exe
HKU\S-1-5-21-2799891548-1686358224-993601196-1000\...\MountPoints2: {e4fda9b7-9941-11e3-8323-e811327d1efb} - G:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
ShortcutTarget: Control Center.lnk -> C:\Program Files (x86)\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe (Teldat GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ko\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Forecastfox - C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: WOT - C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-05-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "", "hxxp://www.google.de/"
CHR Profile: C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-16]
CHR Extension: (Google Drive) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (WOT) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Google-Suche) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]
CHR Extension: (AdBlock) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-17]
CHR Extension: (avast! Online Security) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-07]
CHR Extension: (Word CaptureX Extension) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-10] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-02] (Windows (R) 2003 DDK 3790 provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 12:24 - 2014-09-22 12:25 - 00055881 _____ () C:\Users\Ko\Downloads\Addition.txt
2014-09-22 12:24 - 2014-09-22 12:24 - 00380416 _____ () C:\Users\Ko\Downloads\Gmer-19357.exe
2014-09-22 12:23 - 2014-09-22 12:26 - 00021258 _____ () C:\Users\Ko\Downloads\FRST.txt
2014-09-22 12:23 - 2014-09-22 12:25 - 00000000 ____D () C:\FRST
2014-09-22 12:22 - 2014-09-22 12:23 - 02105856 _____ (Farbar) C:\Users\Ko\Downloads\FRST64.exe
2014-09-22 12:21 - 2014-09-22 12:21 - 00000466 _____ () C:\Users\Ko\Desktop\defogger_disable.log
2014-09-22 12:21 - 2014-09-22 12:21 - 00000000 _____ () C:\Users\Ko\defogger_reenable
2014-09-22 12:20 - 2014-09-22 12:20 - 00050477 _____ () C:\Users\Ko\Desktop\Defogger.exe
2014-09-14 22:26 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-14 22:26 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-14 22:26 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-14 22:26 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-14 22:26 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-14 22:26 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-14 22:26 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-14 22:26 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-14 22:26 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-14 22:26 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-14 22:26 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-14 22:26 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-14 22:26 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-14 22:26 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-14 22:26 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-14 22:26 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-14 22:26 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-14 22:26 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-14 22:26 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-14 22:26 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-14 22:26 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 22:26 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-14 22:26 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-14 22:26 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-14 22:26 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-14 22:26 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-14 22:26 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-14 22:26 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-14 22:26 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-14 22:26 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-14 22:26 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-14 22:26 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-14 22:26 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-14 22:26 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-14 22:26 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-14 22:26 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 22:26 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-14 22:26 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-14 22:26 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-14 22:26 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-14 22:26 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-14 22:26 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-14 22:26 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-14 22:26 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-14 22:26 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-14 22:26 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-14 22:26 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-14 22:26 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-14 22:26 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-14 22:26 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-14 17:42 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-14 17:42 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-14 17:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-14 17:42 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-14 17:42 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\NVIDIA Corporation
2014-09-09 13:27 - 2014-09-09 13:27 - 00244400 _____ () C:\Users\Ko\Downloads\Firefox Setup Stub 32.0.exe
2014-09-09 11:45 - 2014-09-09 11:45 - 00000000 ____D () C:\windows\pss
2014-09-07 13:53 - 2014-09-07 13:53 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-30 11:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-30 11:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-30 11:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 20:16 - 2014-08-27 20:17 - 03169008 _____ () C:\Users\Ko\Downloads\msxml6_ia64 (1).msi
2014-08-27 20:16 - 2014-08-27 20:17 - 02617344 _____ () C:\Users\Ko\Downloads\msxml6_x64 (1).msi
2014-08-27 19:25 - 2014-08-27 19:25 - 01488384 _____ () C:\Users\Ko\Downloads\msxml6 (1).msi
2014-08-27 19:16 - 2014-08-27 19:16 - 00895120 _____ (Google Inc.) C:\Users\Ko\Downloads\ChromeSetup (3).exe
2014-08-25 17:52 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-25 17:52 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-25 17:52 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-25 17:52 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-25 17:52 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-25 17:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-25 17:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-25 17:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-25 17:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 22:04 - 2011-10-31 07:11 - 00000000 ____D () C:\ProgramData\WinClon
2014-09-22 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-22 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-09-22 12:26 - 2014-09-22 12:23 - 00021258 _____ () C:\Users\Ko\Downloads\FRST.txt
2014-09-22 12:25 - 2014-09-22 12:24 - 00055881 _____ () C:\Users\Ko\Downloads\Addition.txt
2014-09-22 12:25 - 2014-09-22 12:23 - 00000000 ____D () C:\FRST
2014-09-22 12:24 - 2014-09-22 12:24 - 00380416 _____ () C:\Users\Ko\Downloads\Gmer-19357.exe
2014-09-22 12:23 - 2014-09-22 12:22 - 02105856 _____ (Farbar) C:\Users\Ko\Downloads\FRST64.exe
2014-09-22 12:21 - 2014-09-22 12:21 - 00000466 _____ () C:\Users\Ko\Desktop\defogger_disable.log
2014-09-22 12:21 - 2014-09-22 12:21 - 00000000 _____ () C:\Users\Ko\defogger_reenable
2014-09-22 12:21 - 2012-07-25 20:57 - 00000000 ____D () C:\Users\Ko
2014-09-22 12:20 - 2014-09-22 12:20 - 00050477 _____ () C:\Users\Ko\Desktop\Defogger.exe
2014-09-22 12:18 - 2011-10-31 22:39 - 02028662 _____ () C:\windows\WindowsUpdate.log
2014-09-22 12:15 - 2014-03-10 14:16 - 00000000 ____D () C:\Users\Ko\Documents\Outlook-Dateien
2014-09-22 12:13 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 12:13 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 12:12 - 2012-12-16 20:36 - 00003906 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{95B62322-6037-4658-86AA-3B11CC578125}
2014-09-22 12:07 - 2013-10-07 12:33 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-22 12:06 - 2013-09-16 14:14 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 12:06 - 2013-09-16 11:18 - 00075672 _____ () C:\windows\setupact.log
2014-09-22 12:06 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-19 15:14 - 2013-08-18 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 15:04 - 2012-08-13 20:35 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 15:01 - 2013-09-16 14:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-19 14:34 - 2013-10-10 13:19 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-09-14 22:25 - 2012-12-04 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 22:17 - 2013-01-27 17:54 - 00000000 ____D () C:\Users\Ko\AppData\Roaming\TS3Client
2014-09-14 17:53 - 2014-06-28 00:40 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 17:52 - 2013-08-14 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-09-14 17:49 - 2013-10-07 13:25 - 00000000 ___RD () C:\Users\Ko\Desktop\Sicherheit
2014-09-14 17:49 - 2011-10-31 06:50 - 00000000 ____D () C:\ProgramData\Temp
2014-09-14 17:48 - 2013-10-07 13:08 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-14 17:37 - 2012-08-22 10:20 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-12 22:47 - 2013-09-18 10:09 - 00259788 _____ () C:\windows\PFRO.log
2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\NVIDIA Corporation
2014-09-11 15:56 - 2012-08-13 20:35 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 15:56 - 2012-08-01 19:29 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 15:56 - 2012-08-01 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 15:54 - 2014-07-10 08:47 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 21:13 - 2013-09-16 14:17 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 13:44 - 2012-08-07 21:42 - 00000000 ____D () C:\Users\Ko\AppData\Local\Mozilla
2014-09-09 13:27 - 2014-09-09 13:27 - 00244400 _____ () C:\Users\Ko\Downloads\Firefox Setup Stub 32.0.exe
2014-09-09 11:45 - 2014-09-09 11:45 - 00000000 ____D () C:\windows\pss
2014-09-07 13:53 - 2014-09-07 13:53 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 13:45 - 2014-04-23 14:16 - 00000000 ____D () C:\Users\Ko\AppData\Roaming\HpUpdate
2014-08-31 11:15 - 2009-07-14 06:45 - 00428608 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-30 20:32 - 2014-04-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-29 18:51 - 2012-11-28 18:15 - 00000000 ____D () C:\Users\Ko\AppData\Local\Google
2014-08-27 20:17 - 2014-08-27 20:16 - 03169008 _____ () C:\Users\Ko\Downloads\msxml6_ia64 (1).msi
2014-08-27 20:17 - 2014-08-27 20:16 - 02617344 _____ () C:\Users\Ko\Downloads\msxml6_x64 (1).msi
2014-08-27 19:25 - 2014-08-27 19:25 - 01488384 _____ () C:\Users\Ko\Downloads\msxml6 (1).msi
2014-08-27 19:16 - 2014-08-27 19:16 - 00895120 _____ (Google Inc.) C:\Users\Ko\Downloads\ChromeSetup (3).exe
2014-08-27 12:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-27 11:15 - 2013-10-10 13:19 - 00003518 _____ () C:\windows\System32\Tasks\FileAdvisorCheck
2014-08-27 11:14 - 2013-10-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2014-08-27 11:14 - 2013-02-09 20:00 - 00000000 ____D () C:\NVIDIA
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-30 11:41 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 11:41 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 11:41 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-20 11:23

==================== End Of Log ============================

--- --- ---
--- --- ---

Zitat:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:21 on 22/09/2014 (Ko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Die GMER Logfile poste ich, wenn ihr den Thread bearbeitet, da alles zusammen zu lang war.

Danke schon im Voraus für eure Bemühungen.... Konny

cosinus · 22.09.2014, 12:32

Hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Konny251 · 22.09.2014, 13:09

Danke für den Hinweis: hier hast du die Logfiles:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-22 12:39:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Ko\AppData\Local\Temp\pxldqpoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                 fffff800035bc000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                 fffff800035bc02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\windows\system32\wininit.exe[628] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\services.exe[684] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\lsass.exe[708] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                           0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[816] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\winlogon.exe[872] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\nvvsvc.exe[940] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                          0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[980] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         0000000076f7ef8d 1 byte [62]
.text     C:\windows\System32\svchost.exe[380] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         0000000076f7ef8d 1 byte [62]
.text     C:\windows\System32\svchost.exe[472] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[476] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[964] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[1212] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[1300] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1404] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                               0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\nvvsvc.exe[1412] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                         0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[1596] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\System32\spoolsv.exe[1644] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[1780] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\taskhost.exe[1792] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                       0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\Dwm.exe[1900] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                            0000000076f7ef8d 1 byte [62]
.text     C:\windows\Explorer.EXE[1928] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                                0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[2068] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                      0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2300] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                           0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2548] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                           0000000076bba2fd 1 byte [62]
.text     C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2648] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files\Elantech\ETDCtrl.exe[2704] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                  0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                    0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                  0000000075621465 2 bytes [62, 75]
.text     C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2756] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                 00000000756214bb 2 bytes [62, 75]
.text     ...                                                                                                                                                                                                * 2
.text     C:\Program Files\Windows Sidebar\sidebar.exe[2772] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                           0000000076f7ef8d 1 byte [62]
.text     C:\Program Files\Bonjour\mDNSResponder.exe[2112] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                             0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[2456] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\SysWOW64\svchost.exe[2244] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                        0000000076bba2fd 1 byte [62]
.text     C:\windows\System32\svchost.exe[1888] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe[1532] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                              0000000076bba2fd 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3148] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                 0000000076f7ef8d 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3168] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\System32\svchost.exe[3328] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe[3348] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                            0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3432] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                            0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                          0000000075621465 2 bytes [62, 75]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3432] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                         00000000756214bb 2 bytes [62, 75]
.text     ...                                                                                                                                                                                                * 2
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[3480] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                             0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[3480] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                           0000000075621465 2 bytes [62, 75]
.text     C:\Program Files (x86)\Secunia\PSI\sua.exe[3480] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                          00000000756214bb 2 bytes [62, 75]
.text     ...                                                                                                                                                                                                * 2
.text     C:\windows\system32\taskeng.exe[3676] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\taskeng.exe[3712] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe[3796] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                    0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                        0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                      0000000075621465 2 bytes [62, 75]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[3872] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                     00000000756214bb 2 bytes [62, 75]
.text     ...                                                                                                                                                                                                * 2
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[4032] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                               0000000076b98791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text     C:\Program Files\AVAST Software\Avast\avastui.exe[4032] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                      0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[1104] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                       0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[3520] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                          0000000076bba2fd 1 byte [62]
.text     C:\windows\system32\svchost.exe[4008] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[4100] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                      0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4332] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                         0000000076bba2fd 1 byte [62]
?         C:\windows\system32\mssprxy.dll [4332] entry point in ".rdata" section                                                                                                                             000000006ab171e6
.text     C:\windows\system32\wbem\wmiprvse.exe[4972] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                  0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\wbem\unsecapp.exe[1744] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                  0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2460] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                 0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2460] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                               0000000075621465 2 bytes [62, 75]
.text     C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2460] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                              00000000756214bb 2 bytes [62, 75]
.text     ...                                                                                                                                                                                                * 2
.text     C:\windows\system32\UI0Detect.exe[164] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                       0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\svchost.exe[5208] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5348] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\conhost.exe[5556] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\System32\svchost.exe[6060] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files\Windows Media Player\wmpnetwk.exe[6280] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                     0000000076f7ef8d 1 byte [62]
.text     C:\Program Files\Elantech\ETDCtrlHelper.exe[6664] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                            0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\DllHost.exe[1152] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[6640] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\system32\conhost.exe[5760] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[6384] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                           0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5032] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                         0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4824] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                         0000000076bba2fd 1 byte [62]
.text     C:\windows\system32\svchost.exe[1572] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                                                                                        0000000076f7ef8d 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                                                    0000000076b98791 5 bytes JMP 000000015dd77f8e
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                           0000000076bba2fd 1 byte [62]
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\ole32.dll!OleLoadFromStream                                                                                 0000000076966143 5 bytes JMP 000000015e2bca31
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\OLEAUT32.dll!SysFreeString                                                                                  00000000759d3e59 5 bytes JMP 000000015ddaaba8
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\OLEAUT32.dll!VariantClear                                                                                   00000000759d3eae 5 bytes JMP 000000015ddbb17a
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen                                                                          00000000759d4731 5 bytes JMP 000000015ddbaa6c
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\OLEAUT32.dll!VariantChangeType                                                                              00000000759d5dee 5 bytes JMP 000000015ddddc0e
?         C:\windows\system32\mssprxy.dll [5528] entry point in ".rdata" section                                                                                                                             000000006ab171e6
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                         0000000075621465 2 bytes [62, 75]
.text     C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE[5528] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        00000000756214bb 2 bytes [62, 75]
.text     ...                                                                                                                                                                                                * 2
.text     C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4368] C:\windows\system32\kernel32.dll!GetBinaryTypeW + 189                                            0000000076f7ef8d 1 byte [62]
.text     C:\Users\Ko\Downloads\Gmer-19357.exe[640] C:\windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                                                                                                    0000000076bba2fd 1 byte [62]

---- Threads - GMER 2.1 ----

Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6860:5476]                                                                                                                             0000000076ac7587
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6860:6544]                                                                                                                             000000006cd40cb3
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6860:6388]                                                                                                                             0000000077372e65
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6860:4564]                                                                                                                             0000000077373e85
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6860:1860]                                                                                                                             0000000077373e85
Thread    C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [6860:2632]                                                                                                                             0000000077373e85
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7D50BDE8-0917-4B6D-9934-95BCFDFC0D01}\offreg.dll (*** suspicious ***) @ C:\windows\System32\svchost.exe [4148](2014-09-22 10:28:22)  000007fef6160000

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                              unknown MBR code

---- EOF - GMER 2.1 ----

Code:

ATTFilter

ComboFix 14-09-22.01 - Ko 22.09.2014  13:47:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4076.1993 [GMT 2:00]
ausgeführt von:: c:\users\Ko\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ko\AppData\Local\._Revolution_
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-08-22 bis 2014-09-22  ))))))))))))))))))))))))))))))
.
.
2014-09-22 11:56 . 2014-09-22 11:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-09-22 10:28 . 2014-09-22 10:28	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D50BDE8-0917-4B6D-9934-95BCFDFC0D01}\offreg.dll
2014-09-22 10:23 . 2014-09-22 10:27	--------	d-----w-	C:\FRST
2014-09-22 10:18 . 2014-09-15 00:08	11578928	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D50BDE8-0917-4B6D-9934-95BCFDFC0D01}\mpengine.dll
2014-09-14 15:42 . 2014-07-07 02:06	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-09-14 15:42 . 2014-07-07 02:06	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-09-14 15:42 . 2014-07-07 01:40	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-09-14 15:42 . 2014-07-07 01:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-09-14 15:42 . 2014-07-07 01:39	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-09-11 17:59 . 2014-09-11 17:59	--------	d-----w-	C:\NVIDIA Corporation
2014-09-07 11:53 . 2014-09-07 11:53	--------	d-----w-	c:\program files (x86)\Common Files\Java
2014-09-07 11:53 . 2014-09-07 11:53	98216	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-07 11:53 . 2014-09-07 11:53	--------	d-----w-	c:\program files (x86)\Java
2014-08-30 09:41 . 2014-08-23 02:07	404480	----a-w-	c:\windows\system32\gdi32.dll
2014-08-30 09:41 . 2014-08-23 01:45	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2014-08-30 09:41 . 2014-08-23 00:59	3163648	----a-w-	c:\windows\system32\win32k.sys
2014-08-25 15:52 . 2014-05-14 16:23	44512	----a-w-	c:\windows\system32\wups2.dll
2014-08-25 15:52 . 2014-05-14 16:23	58336	----a-w-	c:\windows\system32\wuauclt.exe
2014-08-25 15:52 . 2014-05-14 16:23	2477536	----a-w-	c:\windows\system32\wuaueng.dll
2014-08-25 15:52 . 2014-05-14 16:21	2620928	----a-w-	c:\windows\system32\wucltux.dll
2014-08-25 15:52 . 2014-05-14 16:23	38880	----a-w-	c:\windows\system32\wups.dll
2014-08-25 15:52 . 2014-05-14 16:23	36320	----a-w-	c:\windows\SysWow64\wups.dll
2014-08-25 15:52 . 2014-05-14 16:23	700384	----a-w-	c:\windows\system32\wuapi.dll
2014-08-25 15:52 . 2014-05-14 16:23	581600	----a-w-	c:\windows\SysWow64\wuapi.dll
2014-08-25 15:52 . 2014-05-14 16:20	97792	----a-w-	c:\windows\system32\wudriver.dll
2014-08-25 15:52 . 2014-05-14 16:17	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2014-08-25 15:51 . 2014-05-14 07:23	198600	----a-w-	c:\windows\system32\wuwebv.dll
2014-08-25 15:51 . 2014-05-14 07:23	179656	----a-w-	c:\windows\SysWow64\wuwebv.dll
2014-08-25 15:51 . 2014-05-14 07:20	36864	----a-w-	c:\windows\system32\wuapp.exe
2014-08-25 15:51 . 2014-05-14 07:17	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-14 15:53 . 2014-06-27 22:40	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 15:37 . 2012-08-22 08:20	101694776	----a-w-	c:\windows\system32\MRT.exe
2014-09-11 13:56 . 2012-08-01 17:29	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-11 13:56 . 2012-08-01 17:29	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-11 13:54 . 2014-07-10 06:47	10036224	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-08-25 04:53 . 2010-11-21 03:27	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-08-21 08:45 . 2014-08-21 08:45	255352	----a-w-	c:\windows\SysWow64\awrdscdc.ax
2014-08-07 12:37 . 2014-08-07 12:37	71112	----a-r-	c:\users\Ko\AppData\Roaming\Microsoft\Installer\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}\ARPPRODUCTICON.exe
2014-07-25 13:50 . 2014-06-03 11:01	1291280	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50 . 2014-06-03 11:01	1126480	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50 . 2014-06-03 11:01	1715224	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-07-25 13:50 . 2014-06-03 11:01	1283136	----a-w-	c:\windows\system32\nvspcap64.dll
2014-07-16 03:23 . 2014-08-13 14:03	2048	----a-w-	c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 14:03	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 13:57	1216000	----a-w-	c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 13:57	664064	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2014-07-10 09:32 . 2013-10-07 10:33	427360	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-10 09:32 . 2014-04-25 12:05	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-10 09:32 . 2013-12-30 14:55	92008	----a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-10 09:32 . 2013-10-07 10:33	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-10 09:32 . 2013-10-07 10:33	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-10 09:32 . 2013-10-07 10:33	224896	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-10 09:32 . 2013-10-07 10:33	1041168	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-10 09:32 . 2013-10-07 10:33	79184	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-10 09:32 . 2013-10-07 10:33	307344	----a-w-	c:\windows\system32\aswBoot.exe
2014-07-10 09:32 . 2014-07-10 09:32	43152	----a-w-	c:\windows\avastSS.scr
2014-07-03 20:48 . 2014-07-03 20:48	0	----a-w-	c:\windows\SysWow64\sho51BF.tmp
2014-07-02 21:29 . 2014-08-13 12:59	31520	----a-w-	c:\windows\system32\nvhdap64.dll
2014-07-02 21:29 . 2014-08-13 12:59	197408	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2014-07-02 21:29 . 2013-02-09 18:01	1515296	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2014-07-02 20:48 . 2014-08-13 13:01	75040	----a-w-	c:\windows\system32\OpenCL.dll
2014-07-02 20:48 . 2014-08-13 13:01	61912	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-07-02 20:48 . 2014-08-13 12:59	31512520	----a-w-	c:\windows\system32\nvoglv64.dll
2014-07-02 20:48 . 2014-08-13 12:59	18626304	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-07-02 20:48 . 2014-08-13 12:59	16122344	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2014-07-02 20:48 . 2014-08-13 12:59	13922752	----a-w-	c:\windows\system32\nvopencl.dll
2014-07-02 20:48 . 2014-08-13 12:59	11283344	----a-w-	c:\windows\SysWow64\nvopencl.dll
2014-07-02 20:48 . 2014-08-13 12:59	944928	----a-w-	c:\windows\system32\NvIFR64.dll
2014-07-02 20:48 . 2014-08-13 12:59	907096	----a-w-	c:\windows\SysWow64\NvIFR.dll
2014-07-02 20:48 . 2014-08-13 12:59	903624	----a-w-	c:\windows\system32\NvFBC64.dll
2014-07-02 20:48 . 2014-08-13 12:59	869152	----a-w-	c:\windows\SysWow64\NvFBC.dll
2014-07-02 20:48 . 2014-08-13 12:59	24196896	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2014-07-02 20:48 . 2014-08-13 12:59	12866008	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2014-07-02 20:48 . 2014-08-13 12:59	4247000	----a-w-	c:\windows\system32\nvcuvid.dll
2014-07-02 20:48 . 2014-08-13 12:59	3989960	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2014-07-02 20:48 . 2014-08-13 12:59	1890080	----a-w-	c:\windows\system32\nvdispco6434052.dll
2014-07-02 20:48 . 2014-08-13 12:59	17555104	----a-w-	c:\windows\system32\nvd3dumx.dll
2014-07-02 20:48 . 2014-08-13 12:59	1539928	----a-w-	c:\windows\system32\nvdispgenco6434052.dll
2014-07-02 20:48 . 2014-08-13 12:59	15294296	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2014-07-02 20:48 . 2014-08-13 12:59	14498552	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-07-02 20:48 . 2014-08-13 12:59	13835208	----a-w-	c:\windows\system32\nvcuda.dll
2014-07-02 20:48 . 2014-08-13 12:59	11222048	----a-w-	c:\windows\SysWow64\nvcuda.dll
2014-07-02 20:48 . 2014-08-13 12:59	3196816	----a-w-	c:\windows\system32\nvapi64.dll
2014-07-02 20:48 . 2014-08-13 12:59	2814656	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-07-02 20:48 . 2014-08-13 12:59	22994208	----a-w-	c:\windows\system32\nvcompiler.dll
2014-07-02 18:55 . 2014-08-13 13:02	6783776	----a-w-	c:\windows\system32\nvcpl.dll
2014-07-02 18:55 . 2014-08-13 13:02	3522392	----a-w-	c:\windows\system32\nvsvc64.dll
2014-07-02 18:55 . 2014-08-13 13:02	935368	----a-w-	c:\windows\system32\nvvsvc.exe
2014-07-02 18:55 . 2014-08-13 13:02	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-07-02 18:55 . 2014-08-13 13:02	386520	----a-w-	c:\windows\system32\nvmctray.dll
2014-07-02 18:55 . 2014-08-13 13:02	2559960	----a-w-	c:\windows\system32\nvsvcr.dll
2014-07-02 10:14 . 2014-08-13 13:02	3826628	----a-w-	c:\windows\system32\nvcoproc.bin
2014-06-30 22:24 . 2014-08-14 07:04	8856	----a-w-	c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-14 07:04	8856	----a-w-	c:\windows\SysWow64\icardres.dll
2014-06-26 21:15 . 2014-06-26 21:15	0	----a-w-	c:\windows\SysWow64\sho70BB.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	131248	----a-w-	c:\users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-05 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Control Center.lnk - c:\program files (x86)\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe [2012-3-6 225280]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys;c:\windows\SYSNATIVE\DRIVERS\BrUsbSIb.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - pxldqpoc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-10 19:10	1096520	----a-w-	c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-07 13:56]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16 12:14]
.
2014-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16 12:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-10 09:32	634872	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09	164016	----a-w-	c:\users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-07-25 2403104]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-07-25 1283136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
@SACL=
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
@SACL=
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@SACL=
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions]
@SACL=
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-09-22  13:59:59
ComboFix-quarantined-files.txt  2014-09-22 11:59
.
Vor Suchlauf: 13 Verzeichnis(se), 23.465.074.688 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 23.943.524.352 Bytes frei
.
- - End Of File - - 9521507DE2495FF03A150BD61D4768AE

cosinus · 22.09.2014, 13:10

Bitte ein Log mit dem TDSS-Killer machen:

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Konny251 · 22.09.2014, 15:09

Code:

ATTFilter

16:05:34.0625 0x0d5c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
16:05:38.0365 0x0d5c  ============================================================
16:05:38.0365 0x0d5c  Current date / time: 2014/09/22 16:05:38.0365
16:05:38.0365 0x0d5c  SystemInfo:
16:05:38.0365 0x0d5c  
16:05:38.0365 0x0d5c  OS Version: 6.1.7601 ServicePack: 1.0
16:05:38.0365 0x0d5c  Product type: Workstation
16:05:38.0365 0x0d5c  ComputerName: KO-PC
16:05:38.0365 0x0d5c  UserName: Ko
16:05:38.0365 0x0d5c  Windows directory: C:\windows
16:05:38.0365 0x0d5c  System windows directory: C:\windows
16:05:38.0365 0x0d5c  Running under WOW64
16:05:38.0365 0x0d5c  Processor architecture: Intel x64
16:05:38.0365 0x0d5c  Number of processors: 4
16:05:38.0365 0x0d5c  Page size: 0x1000
16:05:38.0365 0x0d5c  Boot type: Normal boot
16:05:38.0365 0x0d5c  ============================================================
16:05:38.0516 0x0d5c  KLMD registered as C:\windows\system32\drivers\85755909.sys
16:05:38.0826 0x0d5c  System UUID: {0FFEA037-3721-2C6E-EA8F-31042B35D47C}
16:05:39.0386 0x0d5c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:05:39.0396 0x0d5c  ============================================================
16:05:39.0396 0x0d5c  \Device\Harddisk0\DR0:
16:05:39.0406 0x0d5c  MBR partitions:
16:05:39.0406 0x0d5c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:05:39.0406 0x0d5c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDE00000
16:05:39.0426 0x0d5c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xDE33000, BlocksNum 0x14727000
16:05:39.0426 0x0d5c  ============================================================
16:05:39.0466 0x0d5c  C: <-> \Device\Harddisk0\DR0\Partition2
16:05:39.0516 0x0d5c  D: <-> \Device\Harddisk0\DR0\Partition3
16:05:39.0516 0x0d5c  ============================================================
16:05:39.0516 0x0d5c  Initialize success
16:05:39.0516 0x0d5c  ============================================================
16:06:37.0988 0x133c  ============================================================
16:06:37.0988 0x133c  Scan started
16:06:37.0988 0x133c  Mode: Manual; SigCheck; TDLFS; 
16:06:37.0988 0x133c  ============================================================
16:06:37.0988 0x133c  KSN ping started
16:06:51.0790 0x133c  KSN ping finished: true
16:06:52.0410 0x133c  ================ Scan system memory ========================
16:06:52.0410 0x133c  System memory - ok
16:06:52.0410 0x133c  ================ Scan services =============================
16:06:52.0530 0x133c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:06:52.0600 0x133c  1394ohci - ok
16:06:52.0750 0x133c  [ 7EEB488346FBFA3731276C3EE8A8FD9E, 97D2E49C2E615E38E8176F1C1551BF452CC6A00787FF90845EFF27A4E6E20B1F ] AAV UpdateService C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
16:06:52.0770 0x133c  AAV UpdateService - ok
16:06:52.0800 0x133c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:06:52.0820 0x133c  ACPI - ok
16:06:52.0840 0x133c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:06:52.0860 0x133c  AcpiPmi - ok
16:06:52.0930 0x133c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:06:52.0940 0x133c  AdobeARMservice - ok
16:06:53.0070 0x133c  [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:06:53.0080 0x133c  AdobeFlashPlayerUpdateSvc - ok
16:06:53.0140 0x133c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
16:06:53.0160 0x133c  adp94xx - ok
16:06:53.0190 0x133c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
16:06:53.0210 0x133c  adpahci - ok
16:06:53.0240 0x133c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
16:06:53.0250 0x133c  adpu320 - ok
16:06:53.0280 0x133c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:06:53.0320 0x133c  AeLookupSvc - ok
16:06:53.0370 0x133c  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\windows\system32\drivers\afd.sys
16:06:53.0400 0x133c  AFD - ok
16:06:53.0420 0x133c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
16:06:53.0430 0x133c  agp440 - ok
16:06:53.0440 0x133c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
16:06:53.0460 0x133c  ALG - ok
16:06:53.0500 0x133c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
16:06:53.0510 0x133c  aliide - ok
16:06:53.0520 0x133c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
16:06:53.0540 0x133c  amdide - ok
16:06:53.0550 0x133c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
16:06:53.0570 0x133c  AmdK8 - ok
16:06:53.0580 0x133c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
16:06:53.0590 0x133c  AmdPPM - ok
16:06:53.0640 0x133c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:06:53.0650 0x133c  amdsata - ok
16:06:53.0680 0x133c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
16:06:53.0690 0x133c  amdsbs - ok
16:06:53.0710 0x133c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:06:53.0730 0x133c  amdxata - ok
16:06:53.0760 0x133c  [ C65A3C67630A67A97AD26C21173BA61E, 9C66AF6FC15FEA0B0352540C037AD87B4113CE401C10B6A35DE98901E74152DC ] Apowersoft_AudioDevice C:\windows\system32\drivers\Apowersoft_AudioDevice.sys
16:06:53.0770 0x133c  Apowersoft_AudioDevice - ok
16:06:53.0790 0x133c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
16:06:53.0860 0x133c  AppID - ok
16:06:53.0870 0x133c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:06:53.0910 0x133c  AppIDSvc - ok
16:06:53.0950 0x133c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
16:06:53.0960 0x133c  Appinfo - ok
16:06:54.0080 0x133c  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:06:54.0090 0x133c  Apple Mobile Device - ok
16:06:54.0160 0x133c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
16:06:54.0170 0x133c  arc - ok
16:06:54.0190 0x133c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
16:06:54.0200 0x133c  arcsas - ok
16:06:54.0290 0x133c  [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:06:54.0300 0x133c  aspnet_state - ok
16:06:54.0360 0x133c  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid         C:\windows\system32\drivers\aswHwid.sys
16:06:54.0370 0x133c  aswHwid - ok
16:06:54.0410 0x133c  [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
16:06:54.0430 0x133c  aswMonFlt - ok
16:06:54.0460 0x133c  [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr          C:\windows\system32\drivers\aswRdr2.sys
16:06:54.0480 0x133c  aswRdr - ok
16:06:54.0510 0x133c  [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
16:06:54.0520 0x133c  aswRvrt - ok
16:06:54.0580 0x133c  [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
16:06:54.0610 0x133c  aswSnx - ok
16:06:54.0680 0x133c  [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP           C:\windows\system32\drivers\aswSP.sys
16:06:54.0700 0x133c  aswSP - ok
16:06:54.0760 0x133c  [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm          C:\windows\system32\drivers\aswStm.sys
16:06:54.0770 0x133c  aswStm - ok
16:06:54.0810 0x133c  [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
16:06:54.0830 0x133c  aswVmm - ok
16:06:54.0850 0x133c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:06:54.0890 0x133c  AsyncMac - ok
16:06:54.0930 0x133c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
16:06:54.0940 0x133c  atapi - ok
16:06:55.0050 0x133c  [ 3D68A1EEF77307142636AF5127990BCB, 30926B2E1371287FF39C69C363BE4FAC67C558867D903C555A12316D303A43E8 ] athr            C:\windows\system32\DRIVERS\athrx.sys
16:06:55.0150 0x133c  athr - ok
16:06:55.0210 0x133c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:06:55.0260 0x133c  AudioEndpointBuilder - ok
16:06:55.0290 0x133c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:06:55.0340 0x133c  AudioSrv - ok
16:06:55.0450 0x133c  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:06:55.0460 0x133c  avast! Antivirus - ok
16:06:55.0470 0x133c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:06:55.0530 0x133c  AxInstSV - ok
16:06:55.0580 0x133c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
16:06:55.0620 0x133c  b06bdrv - ok
16:06:55.0640 0x133c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:06:55.0660 0x133c  b57nd60a - ok
16:06:55.0700 0x133c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
16:06:55.0730 0x133c  BDESVC - ok
16:06:55.0740 0x133c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
16:06:55.0780 0x133c  Beep - ok
16:06:55.0820 0x133c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
16:06:55.0860 0x133c  BFE - ok
16:06:55.0920 0x133c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\system32\qmgr.dll
16:06:55.0990 0x133c  BITS - ok
16:06:56.0000 0x133c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:06:56.0020 0x133c  blbdrive - ok
16:06:56.0080 0x133c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:06:56.0100 0x133c  Bonjour Service - ok
16:06:56.0120 0x133c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:06:56.0150 0x133c  bowser - ok
16:06:56.0180 0x133c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
16:06:56.0190 0x133c  BrFiltLo - ok
16:06:56.0200 0x133c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
16:06:56.0220 0x133c  BrFiltUp - ok
16:06:56.0270 0x133c  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\windows\system32\DRIVERS\bridge.sys
16:06:56.0310 0x133c  BridgeMP - ok
16:06:56.0340 0x133c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
16:06:56.0360 0x133c  Browser - ok
16:06:56.0400 0x133c  [ 63A00CDBEB300522C49EC7CA77324060, 99CB6D37C7D898982A192AAA8DE5CE255E6FA482E19FE9032BAA7069E652F6F5 ] BrSerIb         C:\windows\system32\DRIVERS\BrSerIb.sys
16:06:56.0410 0x133c  BrSerIb - ok
16:06:56.0440 0x133c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:06:56.0460 0x133c  Brserid - ok
16:06:56.0470 0x133c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:06:56.0490 0x133c  BrSerWdm - ok
16:06:56.0500 0x133c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:06:56.0520 0x133c  BrUsbMdm - ok
16:06:56.0530 0x133c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:06:56.0540 0x133c  BrUsbSer - ok
16:06:56.0580 0x133c  [ BBCFD6C6EF66449F55AF1BFDB08C9B12, D6D5D408FCFFF9ED69D095948E786C08EEECD5F55905A3D8FE2BB08944C5E1F2 ] BrUsbSIb        C:\windows\system32\DRIVERS\BrUsbSIb.sys
16:06:56.0580 0x133c  BrUsbSIb - ok
16:06:56.0630 0x133c  [ 9D95F74875491CECBF9E10A5936A570E, 55BDA43FB0C0623CFB7899D0A42BA6696A0A314F9DB5D0EC27A606C2AD9AF34C ] BtFilter        C:\windows\system32\DRIVERS\btfilter.sys
16:06:56.0660 0x133c  BtFilter - detected UnsignedFile.Multi.Generic ( 1 )
16:06:59.0480 0x133c  Detect skipped due to KSN trusted
16:06:59.0480 0x133c  BtFilter - ok
16:06:59.0530 0x133c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
16:06:59.0560 0x133c  BthEnum - ok
16:06:59.0580 0x133c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
16:06:59.0600 0x133c  BTHMODEM - ok
16:06:59.0630 0x133c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
16:06:59.0650 0x133c  BthPan - ok
16:06:59.0680 0x133c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
16:06:59.0710 0x133c  BTHPORT - ok
16:06:59.0730 0x133c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
16:06:59.0770 0x133c  bthserv - ok
16:06:59.0790 0x133c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
16:06:59.0800 0x133c  BTHUSB - ok
16:06:59.0830 0x133c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:06:59.0870 0x133c  cdfs - ok
16:06:59.0880 0x133c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:06:59.0900 0x133c  cdrom - ok
16:06:59.0920 0x133c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
16:06:59.0950 0x133c  CertPropSvc - ok
16:06:59.0970 0x133c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
16:06:59.0990 0x133c  circlass - ok
16:07:00.0020 0x133c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
16:07:00.0040 0x133c  CLFS - ok
16:07:00.0100 0x133c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:07:00.0110 0x133c  clr_optimization_v2.0.50727_32 - ok
16:07:00.0150 0x133c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:07:00.0170 0x133c  clr_optimization_v2.0.50727_64 - ok
16:07:00.0220 0x133c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:07:00.0240 0x133c  clr_optimization_v4.0.30319_32 - ok
16:07:00.0250 0x133c  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:07:00.0260 0x133c  clr_optimization_v4.0.30319_64 - ok
16:07:00.0290 0x133c  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
16:07:00.0300 0x133c  clwvd - ok
16:07:00.0310 0x133c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:07:00.0320 0x133c  CmBatt - ok
16:07:00.0330 0x133c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:07:00.0340 0x133c  cmdide - ok
16:07:00.0400 0x133c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
16:07:00.0430 0x133c  CNG - ok
16:07:00.0460 0x133c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
16:07:00.0470 0x133c  Compbatt - ok
16:07:00.0480 0x133c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
16:07:00.0500 0x133c  CompositeBus - ok
16:07:00.0510 0x133c  COMSysApp - ok
16:07:00.0520 0x133c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
16:07:00.0530 0x133c  crcdisk - ok
16:07:00.0581 0x133c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:07:00.0611 0x133c  CryptSvc - ok
16:07:00.0711 0x133c  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:07:00.0741 0x133c  cvhsvc - ok
16:07:00.0781 0x133c  [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d            C:\windows\system32\DRIVERS\dc3d.sys
16:07:00.0801 0x133c  dc3d - ok
16:07:00.0841 0x133c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:07:00.0891 0x133c  DcomLaunch - ok
16:07:00.0921 0x133c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
16:07:00.0971 0x133c  defragsvc - ok
16:07:01.0001 0x133c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:07:01.0031 0x133c  DfsC - ok
16:07:01.0081 0x133c  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
16:07:01.0091 0x133c  dg_ssudbus - ok
16:07:01.0121 0x133c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:07:01.0151 0x133c  Dhcp - ok
16:07:01.0161 0x133c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
16:07:01.0201 0x133c  discache - ok
16:07:01.0221 0x133c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
16:07:01.0231 0x133c  Disk - ok
16:07:01.0271 0x133c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:07:01.0301 0x133c  Dnscache - ok
16:07:01.0331 0x133c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
16:07:01.0371 0x133c  dot3svc - ok
16:07:01.0411 0x133c  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
16:07:01.0431 0x133c  Dot4 - ok
16:07:01.0481 0x133c  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys
16:07:01.0501 0x133c  Dot4Print - ok
16:07:01.0521 0x133c  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
16:07:01.0531 0x133c  dot4usb - ok
16:07:01.0551 0x133c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
16:07:01.0592 0x133c  DPS - ok
16:07:01.0642 0x133c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:07:01.0662 0x133c  drmkaud - ok
16:07:01.0732 0x133c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:07:01.0762 0x133c  DXGKrnl - ok
16:07:01.0792 0x133c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
16:07:01.0832 0x133c  EapHost - ok
16:07:01.0972 0x133c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
16:07:02.0092 0x133c  ebdrv - ok
16:07:02.0122 0x133c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
16:07:02.0152 0x133c  EFS - ok
16:07:02.0212 0x133c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:07:02.0262 0x133c  ehRecvr - ok
16:07:02.0272 0x133c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
16:07:02.0292 0x133c  ehSched - ok
16:07:02.0352 0x133c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
16:07:02.0372 0x133c  elxstor - ok
16:07:02.0392 0x133c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:07:02.0402 0x133c  ErrDev - ok
16:07:02.0432 0x133c  [ 9D8739A2A2173C9D27C499A3FC6EDA3F, DB25F566A071FE935996CF6C63E1CDFB85162A92E9D3D5695A56900D54C83C76 ] ETD             C:\windows\system32\DRIVERS\ETD.sys
16:07:02.0442 0x133c  ETD - ok
16:07:02.0482 0x133c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
16:07:02.0532 0x133c  EventSystem - ok
16:07:02.0552 0x133c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
16:07:02.0592 0x133c  exfat - ok
16:07:02.0612 0x133c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:07:02.0652 0x133c  fastfat - ok
16:07:02.0702 0x133c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
16:07:02.0732 0x133c  Fax - ok
16:07:02.0762 0x133c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
16:07:02.0772 0x133c  fdc - ok
16:07:02.0792 0x133c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
16:07:02.0822 0x133c  fdPHost - ok
16:07:02.0832 0x133c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
16:07:02.0872 0x133c  FDResPub - ok
16:07:02.0892 0x133c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:07:02.0902 0x133c  FileInfo - ok
16:07:02.0912 0x133c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:07:02.0952 0x133c  Filetrace - ok
16:07:02.0962 0x133c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
16:07:02.0982 0x133c  flpydisk - ok
16:07:03.0002 0x133c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:07:03.0022 0x133c  FltMgr - ok
16:07:03.0092 0x133c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
16:07:03.0152 0x133c  FontCache - ok
16:07:03.0202 0x133c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:07:03.0212 0x133c  FontCache3.0.0.0 - ok
16:07:03.0232 0x133c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:07:03.0242 0x133c  FsDepends - ok
16:07:03.0272 0x133c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:07:03.0282 0x133c  Fs_Rec - ok
16:07:03.0312 0x133c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:07:03.0332 0x133c  fvevol - ok
16:07:03.0362 0x133c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
16:07:03.0372 0x133c  gagp30kx - ok
16:07:03.0412 0x133c  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:07:03.0422 0x133c  GEARAspiWDM - ok
16:07:03.0472 0x133c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
16:07:03.0532 0x133c  gpsvc - ok
16:07:03.0592 0x133c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:07:03.0602 0x133c  gupdate - ok
16:07:03.0622 0x133c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:07:03.0632 0x133c  gupdatem - ok
16:07:03.0662 0x133c  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:07:03.0672 0x133c  gusvc - ok
16:07:03.0702 0x133c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:07:03.0732 0x133c  hcw85cir - ok
16:07:03.0762 0x133c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:07:03.0782 0x133c  HdAudAddService - ok
16:07:03.0802 0x133c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
16:07:03.0822 0x133c  HDAudBus - ok
16:07:03.0842 0x133c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
16:07:03.0852 0x133c  HidBatt - ok
16:07:03.0872 0x133c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
16:07:03.0892 0x133c  HidBth - ok
16:07:03.0902 0x133c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
16:07:03.0922 0x133c  HidIr - ok
16:07:03.0952 0x133c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\System32\hidserv.dll
16:07:03.0992 0x133c  hidserv - ok
16:07:04.0032 0x133c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
16:07:04.0042 0x133c  HidUsb - ok
16:07:04.0072 0x133c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:07:04.0112 0x133c  hkmsvc - ok
16:07:04.0132 0x133c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:07:04.0152 0x133c  HomeGroupListener - ok
16:07:04.0192 0x133c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:07:04.0212 0x133c  HomeGroupProvider - ok
16:07:04.0372 0x133c  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:07:04.0382 0x133c  hpqcxs08 - detected UnsignedFile.Multi.Generic ( 1 )
16:07:07.0182 0x133c  Detect skipped due to KSN trusted
16:07:07.0182 0x133c  hpqcxs08 - ok
16:07:07.0242 0x133c  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:07:07.0252 0x133c  hpqddsvc - detected UnsignedFile.Multi.Generic ( 1 )
16:07:10.0052 0x133c  Detect skipped due to KSN trusted
16:07:10.0052 0x133c  hpqddsvc - ok
16:07:10.0082 0x133c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:07:10.0092 0x133c  HpSAMD - ok
16:07:10.0132 0x133c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:07:10.0192 0x133c  HTTP - ok
16:07:10.0212 0x133c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:07:10.0222 0x133c  hwpolicy - ok
16:07:10.0242 0x133c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
16:07:10.0252 0x133c  i8042prt - ok
16:07:10.0282 0x133c  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
16:07:10.0302 0x133c  iaStor - ok
16:07:10.0332 0x133c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:07:10.0352 0x133c  iaStorV - ok
16:07:10.0422 0x133c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:07:10.0462 0x133c  idsvc - ok
16:07:10.0502 0x133c  IEEtwCollectorService - ok
16:07:10.0722 0x133c  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
16:07:10.0922 0x133c  igfx - ok
16:07:10.0962 0x133c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
16:07:10.0982 0x133c  iirsp - ok
16:07:11.0032 0x133c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
16:07:11.0072 0x133c  IKEEXT - ok
16:07:11.0192 0x133c  [ 65F70696BE5ABC11634FCF96AF7D7896, A1950B4A64B25E8F8FA3F905B61B8EE9FE448B8403D9A3632A7214F90276D17A ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
16:07:11.0282 0x133c  IntcAzAudAddService - ok
16:07:11.0322 0x133c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
16:07:11.0332 0x133c  intelide - ok
16:07:11.0352 0x133c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:07:11.0362 0x133c  intelppm - ok
16:07:11.0392 0x133c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:07:11.0432 0x133c  IPBusEnum - ok
16:07:11.0452 0x133c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:07:11.0492 0x133c  IpFilterDriver - ok
16:07:11.0542 0x133c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:07:11.0572 0x133c  iphlpsvc - ok
16:07:11.0592 0x133c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:07:11.0602 0x133c  IPMIDRV - ok
16:07:11.0632 0x133c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:07:11.0662 0x133c  IPNAT - ok
16:07:11.0732 0x133c  [ 68A5EDD4843CF0033BAE537C9C495F69, 386C66A6562218D0F0A616D75457CDA4B82DB87DC3DA83935497819963DB6D86 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:07:11.0752 0x133c  iPod Service - ok
16:07:11.0772 0x133c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:07:11.0792 0x133c  IRENUM - ok
16:07:11.0812 0x133c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:07:11.0822 0x133c  isapnp - ok
16:07:11.0852 0x133c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:07:11.0872 0x133c  iScsiPrt - ok
16:07:11.0882 0x133c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:07:11.0892 0x133c  kbdclass - ok
16:07:11.0912 0x133c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:07:11.0922 0x133c  kbdhid - ok
16:07:11.0932 0x133c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
16:07:11.0942 0x133c  KeyIso - ok
16:07:11.0992 0x133c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:07:12.0002 0x133c  KSecDD - ok
16:07:12.0032 0x133c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:07:12.0052 0x133c  KSecPkg - ok
16:07:12.0072 0x133c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:07:12.0102 0x133c  ksthunk - ok
16:07:12.0132 0x133c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
16:07:12.0182 0x133c  KtmRm - ok
16:07:12.0212 0x133c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\System32\srvsvc.dll
16:07:12.0262 0x133c  LanmanServer - ok
16:07:12.0302 0x133c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:07:12.0352 0x133c  LanmanWorkstation - ok
16:07:12.0362 0x133c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:07:12.0402 0x133c  lltdio - ok
16:07:12.0432 0x133c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:07:12.0482 0x133c  lltdsvc - ok
16:07:12.0492 0x133c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:07:12.0532 0x133c  lmhosts - ok
16:07:12.0583 0x133c  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:07:12.0603 0x133c  LMS - ok
16:07:12.0623 0x133c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
16:07:12.0633 0x133c  LSI_FC - ok
16:07:12.0653 0x133c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
16:07:12.0663 0x133c  LSI_SAS - ok
16:07:12.0683 0x133c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
16:07:12.0693 0x133c  LSI_SAS2 - ok
16:07:12.0713 0x133c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
16:07:12.0723 0x133c  LSI_SCSI - ok
16:07:12.0743 0x133c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
16:07:12.0793 0x133c  luafv - ok
16:07:12.0813 0x133c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:07:12.0833 0x133c  Mcx2Svc - ok
16:07:12.0843 0x133c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
16:07:12.0853 0x133c  megasas - ok
16:07:12.0883 0x133c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
16:07:12.0893 0x133c  MegaSR - ok
16:07:12.0933 0x133c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
16:07:12.0943 0x133c  MEIx64 - ok
16:07:12.0973 0x133c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
16:07:13.0013 0x133c  MMCSS - ok
16:07:13.0023 0x133c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
16:07:13.0063 0x133c  Modem - ok
16:07:13.0093 0x133c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:07:13.0113 0x133c  monitor - ok
16:07:13.0133 0x133c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:07:13.0143 0x133c  mouclass - ok
16:07:13.0173 0x133c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:07:13.0193 0x133c  mouhid - ok
16:07:13.0213 0x133c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:07:13.0223 0x133c  mountmgr - ok
16:07:13.0243 0x133c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
16:07:13.0253 0x133c  mpio - ok
16:07:13.0273 0x133c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:07:13.0303 0x133c  mpsdrv - ok
16:07:13.0343 0x133c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:07:13.0403 0x133c  MpsSvc - ok
16:07:13.0423 0x133c  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:07:13.0443 0x133c  MRxDAV - ok
16:07:13.0483 0x133c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:07:13.0513 0x133c  mrxsmb - ok
16:07:13.0543 0x133c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:07:13.0563 0x133c  mrxsmb10 - ok
16:07:13.0583 0x133c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:07:13.0603 0x133c  mrxsmb20 - ok
16:07:13.0623 0x133c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
16:07:13.0633 0x133c  msahci - ok
16:07:13.0663 0x133c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:07:13.0673 0x133c  msdsm - ok
16:07:13.0693 0x133c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
16:07:13.0713 0x133c  MSDTC - ok
16:07:13.0743 0x133c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:07:13.0773 0x133c  Msfs - ok
16:07:13.0793 0x133c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:07:13.0833 0x133c  mshidkmdf - ok
16:07:13.0853 0x133c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:07:13.0863 0x133c  msisadrv - ok
16:07:13.0883 0x133c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:07:13.0923 0x133c  MSiSCSI - ok
16:07:13.0933 0x133c  msiserver - ok
16:07:13.0953 0x133c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:07:13.0993 0x133c  MSKSSRV - ok
16:07:14.0013 0x133c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:07:14.0043 0x133c  MSPCLOCK - ok
16:07:14.0053 0x133c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:07:14.0093 0x133c  MSPQM - ok
16:07:14.0123 0x133c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:07:14.0143 0x133c  MsRPC - ok
16:07:14.0173 0x133c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
16:07:14.0183 0x133c  mssmbios - ok
16:07:14.0203 0x133c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:07:14.0233 0x133c  MSTEE - ok
16:07:14.0253 0x133c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
16:07:14.0263 0x133c  MTConfig - ok
16:07:14.0283 0x133c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
16:07:14.0293 0x133c  Mup - ok
16:07:14.0333 0x133c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
16:07:14.0383 0x133c  napagent - ok
16:07:14.0413 0x133c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:07:14.0433 0x133c  NativeWifiP - ok
16:07:14.0483 0x133c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
16:07:14.0523 0x133c  NDIS - ok
16:07:14.0543 0x133c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:07:14.0583 0x133c  NdisCap - ok
16:07:14.0603 0x133c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:07:14.0643 0x133c  NdisTapi - ok
16:07:14.0663 0x133c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:07:14.0693 0x133c  Ndisuio - ok
16:07:14.0713 0x133c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:07:14.0753 0x133c  NdisWan - ok
16:07:14.0763 0x133c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:07:14.0803 0x133c  NDProxy - ok
16:07:14.0833 0x133c  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:07:14.0843 0x133c  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:07:17.0696 0x133c  Detect skipped due to KSN trusted
16:07:17.0696 0x133c  Net Driver HPZ12 - ok
16:07:17.0735 0x133c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:07:17.0773 0x133c  NetBIOS - ok
16:07:17.0792 0x133c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:07:17.0836 0x133c  NetBT - ok
16:07:17.0847 0x133c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
16:07:17.0862 0x133c  Netlogon - ok
16:07:17.0904 0x133c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
16:07:17.0953 0x133c  Netman - ok
16:07:17.0990 0x133c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:18.0003 0x133c  NetMsmqActivator - ok
16:07:18.0010 0x133c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:18.0023 0x133c  NetPipeActivator - ok
16:07:18.0048 0x133c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
16:07:18.0100 0x133c  netprofm - ok
16:07:18.0107 0x133c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:18.0120 0x133c  NetTcpActivator - ok
16:07:18.0126 0x133c  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:07:18.0139 0x133c  NetTcpPortSharing - ok
16:07:18.0154 0x133c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
16:07:18.0166 0x133c  nfrd960 - ok
16:07:18.0210 0x133c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:07:18.0244 0x133c  NlaSvc - ok
16:07:18.0257 0x133c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:07:18.0294 0x133c  Npfs - ok
16:07:18.0329 0x133c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
16:07:18.0368 0x133c  nsi - ok
16:07:18.0385 0x133c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:07:18.0424 0x133c  nsiproxy - ok
16:07:18.0510 0x133c  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:07:18.0564 0x133c  Ntfs - ok
16:07:18.0584 0x133c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
16:07:18.0621 0x133c  Null - ok
16:07:18.0656 0x133c  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\windows\system32\drivers\nvhda64v.sys
16:07:18.0672 0x133c  NVHDA - ok
16:07:19.0099 0x133c  [ 2232AE1BB51A96A7381A2CA17DF12E24, 4813E27BC14EB3CBD55AF89B098EA5C8DA4C7FF0B6CCB7AACFC43BC0E578C988 ] nvlddmkm        C:\windows\system32\DRIVERS\nvlddmkm.sys
16:07:19.0449 0x133c  nvlddmkm - ok
16:07:19.0619 0x133c  [ 45D6780D0525D7BC29E2E3605CA73C18, C8BBE8BE9824CD1D3C4314FE370FA03BD6000187B4FC4FC935F8342E1A02FA7E ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
16:07:19.0673 0x133c  NvNetworkService - ok
16:07:19.0713 0x133c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:07:19.0727 0x133c  nvraid - ok
16:07:19.0750 0x133c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:07:19.0765 0x133c  nvstor - ok
16:07:19.0859 0x133c  [ A0D870DCE152EE5B92A41AD927201D19, 67FB025CB380D933BF0FDD4AFE9BE4E3C1D69A59865E02A96533BBE9EC260D71 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:07:19.0869 0x133c  NvStreamKms - ok
16:07:20.0502 0x133c  [ E5597D09E5239C0F908948DB7057AC26, A6045D4D9D2F8007B0F75DAAABB2AD9FEB4A898E33A51ECE9A9D788D8E8F84A4 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
16:07:21.0106 0x133c  NvStreamSvc - ok
16:07:21.0194 0x133c  [ 2C8DD5A34A81715865D66D7AF39362A6, 62F9D873127921EE2EAA80B73E8994C4BF6DA7EEDACAEA030B8D58E086FD3850 ] nvsvc           C:\windows\system32\nvvsvc.exe
16:07:21.0230 0x133c  nvsvc - ok
16:07:21.0268 0x133c  [ 75034A4D7C02327D150B617571D4196A, 8E7DAFEC4307E883D52BD0B5F0732E26E019C953770B52ACBBAD3074A66393CB ] nvvad_WaveExtensible C:\windows\system32\drivers\nvvad64v.sys
16:07:21.0279 0x133c  nvvad_WaveExtensible - ok
16:07:21.0308 0x133c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:07:21.0321 0x133c  nv_agp - ok
16:07:21.0339 0x133c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:07:21.0354 0x133c  ohci1394 - ok
16:07:21.0393 0x133c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:07:21.0406 0x133c  ose - ok
16:07:21.0606 0x133c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:07:21.0747 0x133c  osppsvc - ok
16:07:21.0797 0x133c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:07:21.0826 0x133c  p2pimsvc - ok
16:07:21.0860 0x133c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
16:07:21.0888 0x133c  p2psvc - ok
16:07:21.0919 0x133c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
16:07:21.0936 0x133c  Parport - ok
16:07:21.0968 0x133c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:07:21.0981 0x133c  partmgr - ok
16:07:22.0005 0x133c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
16:07:22.0033 0x133c  PcaSvc - ok
16:07:22.0056 0x133c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
16:07:22.0072 0x133c  pci - ok
16:07:22.0102 0x133c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
16:07:22.0113 0x133c  pciide - ok
16:07:22.0136 0x133c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
16:07:22.0153 0x133c  pcmcia - ok
16:07:22.0174 0x133c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
16:07:22.0186 0x133c  pcw - ok
16:07:22.0225 0x133c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:07:22.0284 0x133c  PEAUTH - ok
16:07:22.0361 0x133c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:07:22.0378 0x133c  PerfHost - ok
16:07:22.0464 0x133c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
16:07:22.0581 0x133c  pla - ok
16:07:22.0633 0x133c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:07:22.0671 0x133c  PlugPlay - ok
16:07:22.0706 0x133c  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:07:22.0715 0x133c  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )
16:07:25.0523 0x133c  Detect skipped due to KSN trusted
16:07:25.0523 0x133c  Pml Driver HPZ12 - ok
16:07:25.0553 0x133c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:07:25.0573 0x133c  PNRPAutoReg - ok
16:07:25.0583 0x133c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:07:25.0613 0x133c  PNRPsvc - ok
16:07:25.0663 0x133c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:07:25.0713 0x133c  PolicyAgent - ok
16:07:25.0753 0x133c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
16:07:25.0803 0x133c  Power - ok
16:07:25.0823 0x133c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:07:25.0863 0x133c  PptpMiniport - ok
16:07:25.0883 0x133c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
16:07:25.0893 0x133c  Processor - ok
16:07:25.0933 0x133c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
16:07:25.0963 0x133c  ProfSvc - ok
16:07:25.0983 0x133c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
16:07:26.0003 0x133c  ProtectedStorage - ok
16:07:26.0033 0x133c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:07:26.0073 0x133c  Psched - ok
16:07:26.0113 0x133c  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\windows\system32\DRIVERS\psi_mf_amd64.sys
16:07:26.0123 0x133c  PSI - ok
16:07:26.0213 0x133c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
16:07:26.0263 0x133c  ql2300 - ok
16:07:26.0283 0x133c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
16:07:26.0293 0x133c  ql40xx - ok
16:07:26.0343 0x133c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
16:07:26.0373 0x133c  QWAVE - ok
16:07:26.0393 0x133c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:07:26.0413 0x133c  QWAVEdrv - ok
16:07:26.0433 0x133c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:07:26.0473 0x133c  RasAcd - ok
16:07:26.0503 0x133c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:07:26.0543 0x133c  RasAgileVpn - ok
16:07:26.0563 0x133c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
16:07:26.0603 0x133c  RasAuto - ok
16:07:26.0623 0x133c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:07:26.0663 0x133c  Rasl2tp - ok
16:07:26.0683 0x133c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
16:07:26.0733 0x133c  RasMan - ok
16:07:26.0753 0x133c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:07:26.0793 0x133c  RasPppoe - ok
16:07:26.0793 0x133c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:07:26.0833 0x133c  RasSstp - ok
16:07:26.0863 0x133c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:07:26.0913 0x133c  rdbss - ok
16:07:26.0933 0x133c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
16:07:26.0953 0x133c  rdpbus - ok
16:07:26.0963 0x133c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:07:27.0003 0x133c  RDPCDD - ok
16:07:27.0013 0x133c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:07:27.0053 0x133c  RDPENCDD - ok
16:07:27.0063 0x133c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:07:27.0103 0x133c  RDPREFMP - ok
16:07:27.0123 0x133c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
16:07:27.0143 0x133c  RdpVideoMiniport - ok
16:07:27.0183 0x133c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:07:27.0223 0x133c  RDPWD - ok
16:07:27.0233 0x133c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:07:27.0253 0x133c  rdyboost - ok
16:07:27.0283 0x133c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:07:27.0333 0x133c  RemoteAccess - ok
16:07:27.0353 0x133c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:07:27.0393 0x133c  RemoteRegistry - ok
16:07:27.0423 0x133c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
16:07:27.0443 0x133c  RFCOMM - ok
16:07:27.0513 0x133c  [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
16:07:27.0533 0x133c  RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
16:07:30.0383 0x133c  Detect skipped due to KSN trusted
16:07:30.0383 0x133c  RichVideo - ok
16:07:30.0403 0x133c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:07:30.0443 0x133c  RpcEptMapper - ok
16:07:30.0453 0x133c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
16:07:30.0473 0x133c  RpcLocator - ok
16:07:30.0503 0x133c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\System32\rpcss.dll
16:07:30.0563 0x133c  RpcSs - ok
16:07:30.0593 0x133c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:07:30.0633 0x133c  rspndr - ok
16:07:30.0663 0x133c  [ EA5532868BA76923D75BCB2A1448D810, C1489714C9BC95BB76134E6B8F28C5A3D044E9B2857F01BFEEEE7C8A25C74E7D ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
16:07:30.0683 0x133c  RTL8167 - ok
16:07:30.0743 0x133c  [ 4CA0DBA9E224473D664C25E411F5A3BD, 71423A66165782EFB4DB7BE6CE48DDB463D9F65FD0F266D333A6558791D158E5 ] rtport          C:\windows\SysWOW64\drivers\rtport.sys
16:07:30.0753 0x133c  rtport - ok
16:07:30.0783 0x133c  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\windows\system32\Drivers\SABI.sys
16:07:30.0803 0x133c  SABI - ok
16:07:30.0823 0x133c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
16:07:30.0833 0x133c  SamSs - ok
16:07:30.0883 0x133c  [ D641337B75B9A9D5AE10687AA1097755, 1495654D9090FDE04EF8605D1C8A4B0ACA1A50A4E0A992DE2F049CB8413E860C ] Samsung UPD Service C:\windows\System32\SUPDSvc.exe
16:07:30.0893 0x133c  Samsung UPD Service - ok
16:07:30.0933 0x133c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:07:30.0953 0x133c  sbp2port - ok
16:07:30.0983 0x133c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:07:31.0033 0x133c  SCardSvr - ok
16:07:31.0043 0x133c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:07:31.0083 0x133c  scfilter - ok
16:07:31.0123 0x133c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
16:07:31.0193 0x133c  Schedule - ok
16:07:31.0223 0x133c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
16:07:31.0263 0x133c  SCPolicySvc - ok
16:07:31.0293 0x133c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:07:31.0313 0x133c  SDRSVC - ok
16:07:31.0333 0x133c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:07:31.0373 0x133c  secdrv - ok
16:07:31.0393 0x133c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
16:07:31.0423 0x133c  seclogon - ok
16:07:31.0533 0x133c  [ 05E383849FA1FBBBC160612B0080618C, 43A33CC6BD24635EE849E89DB4391AB36292DDC0AC407E1B480B6E1DF7FC3BC5 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
16:07:31.0573 0x133c  Secunia PSI Agent - ok
16:07:31.0623 0x133c  [ F8173F1454F21C451439CB47EF75830A, CF87917CD061686CD956884D4ED73AA8C0B04B0B7B5BA36BAA4CC4A03C8C0263 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
16:07:31.0653 0x133c  Secunia Update Agent - ok
16:07:31.0683 0x133c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\system32\sens.dll
16:07:31.0723 0x133c  SENS - ok
16:07:31.0733 0x133c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:07:31.0763 0x133c  SensrSvc - ok
16:07:31.0783 0x133c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
16:07:31.0793 0x133c  Serenum - ok
16:07:31.0813 0x133c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
16:07:31.0833 0x133c  Serial - ok
16:07:31.0833 0x133c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
16:07:31.0853 0x133c  sermouse - ok
16:07:31.0883 0x133c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
16:07:31.0923 0x133c  SessionEnv - ok
16:07:31.0953 0x133c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:07:31.0963 0x133c  sffdisk - ok
16:07:31.0983 0x133c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:07:32.0003 0x133c  sffp_mmc - ok
16:07:32.0023 0x133c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:07:32.0033 0x133c  sffp_sd - ok
16:07:32.0053 0x133c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
16:07:32.0063 0x133c  sfloppy - ok
16:07:32.0113 0x133c  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\windows\system32\DRIVERS\Sftfslh.sys
16:07:32.0153 0x133c  Sftfs - ok
16:07:32.0223 0x133c  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:07:32.0243 0x133c  sftlist - ok
16:07:32.0273 0x133c  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\windows\system32\DRIVERS\Sftplaylh.sys
16:07:32.0293 0x133c  Sftplay - ok
16:07:32.0303 0x133c  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\windows\system32\DRIVERS\Sftredirlh.sys
16:07:32.0313 0x133c  Sftredir - ok
16:07:32.0333 0x133c  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\windows\system32\DRIVERS\Sftvollh.sys
16:07:32.0343 0x133c  Sftvol - ok
16:07:32.0363 0x133c  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:07:32.0383 0x133c  sftvsa - ok
16:07:32.0443 0x133c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:07:32.0493 0x133c  SharedAccess - ok
16:07:32.0533 0x133c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:07:32.0583 0x133c  ShellHWDetection - ok
16:07:32.0593 0x133c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
16:07:32.0603 0x133c  SiSRaid2 - ok
16:07:32.0633 0x133c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
16:07:32.0653 0x133c  SiSRaid4 - ok
16:07:32.0693 0x133c  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:07:32.0713 0x133c  SkypeUpdate - ok
16:07:32.0733 0x133c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:07:32.0773 0x133c  Smb - ok
16:07:32.0803 0x133c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:07:32.0823 0x133c  SNMPTRAP - ok
16:07:32.0863 0x133c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
16:07:32.0873 0x133c  spldr - ok
16:07:32.0923 0x133c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
16:07:32.0963 0x133c  Spooler - ok
16:07:33.0113 0x133c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
16:07:33.0253 0x133c  sppsvc - ok
16:07:33.0303 0x133c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:07:33.0343 0x133c  sppuinotify - ok
16:07:33.0403 0x133c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
16:07:33.0433 0x133c  srv - ok
16:07:33.0453 0x133c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:07:33.0473 0x133c  srv2 - ok
16:07:33.0513 0x133c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:07:33.0533 0x133c  srvnet - ok
16:07:33.0563 0x133c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:07:33.0613 0x133c  SSDPSRV - ok
16:07:33.0623 0x133c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:07:33.0663 0x133c  SstpSvc - ok
16:07:33.0713 0x133c  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
16:07:33.0733 0x133c  ssudmdm - ok
16:07:33.0763 0x133c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
16:07:33.0773 0x133c  stexstor - ok
16:07:33.0803 0x133c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\DRIVERS\serscan.sys
16:07:33.0813 0x133c  StillCam - ok
16:07:33.0863 0x133c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
16:07:33.0903 0x133c  stisvc - ok
16:07:33.0923 0x133c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
16:07:33.0933 0x133c  swenum - ok
16:07:33.0973 0x133c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
16:07:34.0033 0x133c  swprv - ok
16:07:34.0093 0x133c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
16:07:34.0163 0x133c  SysMain - ok
16:07:34.0183 0x133c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
16:07:34.0203 0x133c  TabletInputService - ok
16:07:34.0233 0x133c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
16:07:34.0283 0x133c  TapiSrv - ok
16:07:34.0313 0x133c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
16:07:34.0353 0x133c  TBS - ok
16:07:34.0453 0x133c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:07:34.0513 0x133c  Tcpip - ok
16:07:34.0563 0x133c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:07:34.0624 0x133c  TCPIP6 - ok
16:07:34.0674 0x133c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:07:34.0684 0x133c  tcpipreg - ok
16:07:34.0714 0x133c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:07:34.0734 0x133c  TDPIPE - ok
16:07:34.0764 0x133c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:07:34.0774 0x133c  TDTCP - ok
16:07:34.0794 0x133c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:07:34.0834 0x133c  tdx - ok
16:07:35.0054 0x133c  [ 93A5111B177891DCEBC161E327B04F90, 3F095622A8FB0BE1702D44979FB176F9E5B6717409AA4CC4D92270EE1AFF0246 ] TeamViewer9     C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
16:07:35.0204 0x133c  TeamViewer9 - ok
16:07:35.0234 0x133c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
16:07:35.0244 0x133c  TermDD - ok
16:07:35.0294 0x133c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
16:07:35.0354 0x133c  TermService - ok
16:07:35.0374 0x133c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
16:07:35.0394 0x133c  Themes - ok
16:07:35.0434 0x133c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
16:07:35.0474 0x133c  THREADORDER - ok
16:07:35.0484 0x133c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
16:07:35.0534 0x133c  TrkWks - ok
16:07:35.0574 0x133c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:07:35.0614 0x133c  TrustedInstaller - ok
16:07:35.0664 0x133c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:07:35.0694 0x133c  tssecsrv - ok
16:07:35.0724 0x133c  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:07:35.0734 0x133c  TsUsbFlt - ok
16:07:35.0754 0x133c  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
16:07:35.0764 0x133c  TsUsbGD - ok
16:07:35.0804 0x133c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:07:35.0844 0x133c  tunnel - ok
16:07:35.0864 0x133c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
16:07:35.0884 0x133c  uagp35 - ok
16:07:35.0904 0x133c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:07:35.0954 0x133c  udfs - ok
16:07:35.0994 0x133c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:07:36.0014 0x133c  UI0Detect - ok
16:07:36.0034 0x133c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:07:36.0044 0x133c  uliagpkx - ok
16:07:36.0064 0x133c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
16:07:36.0084 0x133c  umbus - ok
16:07:36.0104 0x133c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
16:07:36.0114 0x133c  UmPass - ok
16:07:36.0264 0x133c  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:07:36.0334 0x133c  UNS - ok
16:07:36.0374 0x133c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
16:07:36.0424 0x133c  upnphost - ok
16:07:36.0454 0x133c  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
16:07:36.0484 0x133c  USBAAPL64 - ok
16:07:36.0514 0x133c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\windows\system32\drivers\usbaudio.sys
16:07:36.0534 0x133c  usbaudio - ok
16:07:36.0594 0x133c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:07:36.0624 0x133c  usbccgp - ok
16:07:36.0664 0x133c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:07:36.0694 0x133c  usbcir - ok
16:07:36.0714 0x133c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
16:07:36.0734 0x133c  usbehci - ok
16:07:36.0754 0x133c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:07:36.0784 0x133c  usbhub - ok
16:07:36.0804 0x133c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
16:07:36.0824 0x133c  usbohci - ok
16:07:36.0854 0x133c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:07:36.0874 0x133c  usbprint - ok
16:07:36.0904 0x133c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
16:07:36.0914 0x133c  usbscan - ok
16:07:36.0944 0x133c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:07:36.0974 0x133c  USBSTOR - ok
16:07:36.0994 0x133c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:07:37.0004 0x133c  usbuhci - ok
16:07:37.0054 0x133c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
16:07:37.0074 0x133c  usbvideo - ok
16:07:37.0114 0x133c  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\windows\system32\DRIVERS\usb8023x.sys
16:07:37.0144 0x133c  usb_rndisx - ok
16:07:37.0174 0x133c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
16:07:37.0214 0x133c  UxSms - ok
16:07:37.0234 0x133c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
16:07:37.0244 0x133c  VaultSvc - ok
16:07:37.0274 0x133c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:07:37.0284 0x133c  vdrvroot - ok
16:07:37.0324 0x133c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
16:07:37.0384 0x133c  vds - ok
16:07:37.0414 0x133c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:07:37.0434 0x133c  vga - ok
16:07:37.0454 0x133c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
16:07:37.0494 0x133c  VgaSave - ok
16:07:37.0514 0x133c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:07:37.0534 0x133c  vhdmp - ok
16:07:37.0574 0x133c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
16:07:37.0584 0x133c  viaide - ok
16:07:37.0604 0x133c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:07:37.0614 0x133c  volmgr - ok
16:07:37.0634 0x133c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:07:37.0654 0x133c  volmgrx - ok
16:07:37.0704 0x133c  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:07:37.0724 0x133c  volsnap - ok
16:07:37.0744 0x133c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
16:07:37.0764 0x133c  vsmraid - ok
16:07:37.0844 0x133c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
16:07:37.0944 0x133c  VSS - ok
16:07:37.0974 0x133c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:07:37.0994 0x133c  vwifibus - ok
16:07:38.0034 0x133c  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:07:38.0054 0x133c  vwififlt - ok
16:07:38.0094 0x133c  [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:07:38.0114 0x133c  vwifimp - ok
16:07:38.0154 0x133c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
16:07:38.0204 0x133c  W32Time - ok
16:07:38.0234 0x133c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
16:07:38.0244 0x133c  WacomPen - ok
16:07:38.0274 0x133c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:07:38.0304 0x133c  WANARP - ok
16:07:38.0314 0x133c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:07:38.0354 0x133c  Wanarpv6 - ok
16:07:38.0424 0x133c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
16:07:38.0494 0x133c  wbengine - ok
16:07:38.0514 0x133c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:07:38.0544 0x133c  WbioSrvc - ok
16:07:38.0564 0x133c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:07:38.0604 0x133c  wcncsvc - ok
16:07:38.0614 0x133c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:07:38.0634 0x133c  WcsPlugInService - ok
16:07:38.0654 0x133c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
16:07:38.0664 0x133c  Wd - ok
16:07:38.0734 0x133c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:07:38.0764 0x133c  Wdf01000 - ok
16:07:38.0784 0x133c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:07:38.0824 0x133c  WdiServiceHost - ok
16:07:38.0834 0x133c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:07:38.0854 0x133c  WdiSystemHost - ok
16:07:38.0884 0x133c  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\windows\System32\webclnt.dll
16:07:38.0914 0x133c  WebClient - ok
16:07:38.0934 0x133c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:07:38.0984 0x133c  Wecsvc - ok
16:07:39.0004 0x133c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:07:39.0044 0x133c  wercplsupport - ok
16:07:39.0064 0x133c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
16:07:39.0104 0x133c  WerSvc - ok
16:07:39.0124 0x133c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:07:39.0154 0x133c  WfpLwf - ok
16:07:39.0184 0x133c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:07:39.0194 0x133c  WIMMount - ok
16:07:39.0224 0x133c  WinDefend - ok
16:07:39.0244 0x133c  WinHttpAutoProxySvc - ok
16:07:39.0294 0x133c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:07:39.0344 0x133c  Winmgmt - ok
16:07:39.0434 0x133c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
16:07:39.0534 0x133c  WinRM - ok
16:07:39.0564 0x133c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:07:39.0584 0x133c  WinUsb - ok
16:07:39.0645 0x133c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
16:07:39.0685 0x133c  Wlansvc - ok
16:07:39.0755 0x133c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:07:39.0765 0x133c  wlcrasvc - ok
16:07:39.0885 0x133c  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:07:39.0955 0x133c  wlidsvc - ok
16:07:39.0985 0x133c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys
16:07:40.0005 0x133c  WmiAcpi - ok
16:07:40.0065 0x133c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:07:40.0085 0x133c  wmiApSrv - ok
16:07:40.0115 0x133c  WMPNetworkSvc - ok
16:07:40.0145 0x133c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:07:40.0165 0x133c  WPCSvc - ok
16:07:40.0185 0x133c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:07:40.0205 0x133c  WPDBusEnum - ok
16:07:40.0245 0x133c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:07:40.0275 0x133c  ws2ifsl - ok
16:07:40.0315 0x133c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\system32\wscsvc.dll
16:07:40.0335 0x133c  wscsvc - ok
16:07:40.0345 0x133c  WSearch - ok
16:07:40.0465 0x133c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\windows\system32\wuaueng.dll
16:07:40.0545 0x133c  wuauserv - ok
16:07:40.0585 0x133c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:07:40.0615 0x133c  WudfPf - ok
16:07:40.0635 0x133c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:07:40.0655 0x133c  WUDFRd - ok
16:07:40.0695 0x133c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:07:40.0705 0x133c  wudfsvc - ok
16:07:40.0755 0x133c  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\windows\System32\wwansvc.dll
16:07:40.0785 0x133c  WwanSvc - ok
16:07:40.0825 0x133c  ================ Scan global ===============================
16:07:40.0865 0x133c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
16:07:40.0905 0x133c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
16:07:40.0925 0x133c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
16:07:40.0955 0x133c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
16:07:40.0995 0x133c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
16:07:41.0005 0x133c  [ Global ] - ok
16:07:41.0005 0x133c  ================ Scan MBR ==================================
16:07:41.0015 0x133c  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
16:07:41.0365 0x133c  \Device\Harddisk0\DR0 - ok
16:07:41.0365 0x133c  ================ Scan VBR ==================================
16:07:41.0365 0x133c  [ C7FD431A93D30EC025D152577421382C ] \Device\Harddisk0\DR0\Partition1
16:07:41.0365 0x133c  \Device\Harddisk0\DR0\Partition1 - ok
16:07:41.0375 0x133c  [ 5A986E8F0E128501C49FF2144A91FF9D ] \Device\Harddisk0\DR0\Partition2
16:07:41.0375 0x133c  \Device\Harddisk0\DR0\Partition2 - ok
16:07:41.0425 0x133c  [ 776B9E325AFAC7BD09BC7F3493B5CC82 ] \Device\Harddisk0\DR0\Partition3
16:07:41.0425 0x133c  \Device\Harddisk0\DR0\Partition3 - ok
16:07:41.0435 0x133c  ================ Scan generic autorun ======================
16:07:41.0855 0x133c  [ AB931C25243CCD13874046875F68F241, 8B277285C1ED5BBAC40AE458FF6AC3B0D40C50CCE4879300397B139B6FFAF558 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
16:07:42.0215 0x133c  RtHDVCpl - ok
16:07:42.0225 0x133c  ETDCtrl - ok
16:07:42.0255 0x133c  Nvtmru - ok
16:07:42.0365 0x133c  [ 05470C684B62C2F86325D8685E4513CB, EDE70A162AFA104D774AE1D8D3A077F2C12940851EC5BA785242F4032EEA902E ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
16:07:42.0445 0x133c  NvBackend - ok
16:07:42.0475 0x133c  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\windows\system32\rundll32.exe
16:07:42.0485 0x133c  ShadowPlay - ok
16:07:42.0675 0x133c  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:07:42.0795 0x133c  AvastUI.exe - ok
16:07:42.0885 0x133c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
16:07:42.0945 0x133c  Sidebar - ok
16:07:42.0945 0x133c  Waiting for KSN requests completion. In queue: 302
16:07:43.0945 0x133c  Waiting for KSN requests completion. In queue: 302
16:07:44.0945 0x133c  Waiting for KSN requests completion. In queue: 302
16:07:45.0945 0x133c  Waiting for KSN requests completion. In queue: 302
16:07:46.0945 0x133c  Waiting for KSN requests completion. In queue: 302
16:07:47.0945 0x133c  Waiting for KSN requests completion. In queue: 302
16:07:48.0955 0x133c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
16:07:48.0955 0x133c  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x40010 ( disabled )
16:07:48.0965 0x133c  Win FW state via NFP2: enabled
16:07:51.0656 0x133c  ============================================================
16:07:51.0656 0x133c  Scan finished
16:07:51.0656 0x133c  ============================================================
16:07:51.0656 0x1174  Detected object count: 0
16:07:51.0656 0x1174  Actual detected object count: 0

cosinus · 22.09.2014, 15:12

Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen aus den Desktop!)

1. Schritt: Malwarebytes

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

2. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Konny251 · 22.09.2014, 16:41

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ko on 22.09.2014 at 17:18:25,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\syswow64\sho51BF.tmp
Successfully deleted: [File] C:\windows\syswow64\sho640D.tmp
Successfully deleted: [File] C:\windows\syswow64\sho70BB.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Ko\appdata\local\{7DAB12F8-B4BE-4B85-9DD8-5FC2C934BD3E}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.09.2014 at 17:34:01,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v3.310 - Bericht erstellt am 22/09/2014 um 17:13:23
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Ko - KO-PC
# Gestartet von : C:\Users\Ko\Downloads\AdwCleaner_3.310.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Users\Ko\AppData\Roaming\NCH Software

***** [ Tasks ] *****

Task Gelöscht : Digital Sites

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

[ Datei : C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\prefs.js ]


-\\ Google Chrome v37.0.2062.120

[ Datei : C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M697CCFDB-C19E-4FAC-8CBF-333BA56E8D85&SearchSource=58&CUI=&UM=5&UP=SP2BE45269-2676-4157-A41B-C6273C671A91&q={searchTerms}&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [22983 octets] - [04/10/2013 14:47:08]
AdwCleaner[R1].txt - [6179 octets] - [05/05/2014 21:42:14]
AdwCleaner[R2].txt - [4253 octets] - [22/09/2014 17:11:53]
AdwCleaner[S0].txt - [22098 octets] - [04/10/2013 14:49:27]
AdwCleaner[S1].txt - [6199 octets] - [05/05/2014 21:47:09]
AdwCleaner[S2].txt - [4118 octets] - [22/09/2014 17:13:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [4178 octets] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.09.2014
Suchlauf-Zeit: 16:56:52
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.22.04
Rootkit Datenbank: v2014.09.19.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Ko

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 341827
Verstrichene Zeit: 10 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Ko (administrator) on KO-PC on 22-09-2014 17:37:08
Running from C:\Users\Ko\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Teldat GmbH) C:\Program Files (x86)\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
ShortcutTarget: Control Center.lnk -> C:\Program Files (x86)\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe (Teldat GmbH)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ko\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Forecastfox - C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: WOT - C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-05-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "", "hxxp://www.google.de/"
CHR Profile: C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-16]
CHR Extension: (Google Drive) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (WOT) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Google-Suche) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]
CHR Extension: (AdBlock) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-17]
CHR Extension: (avast! Online Security) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-07]
CHR Extension: (Word CaptureX Extension) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-10] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-02] (Windows (R) 2003 DDK 3790 provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 17:34 - 2014-09-22 17:34 - 00001049 _____ () C:\Users\Ko\Desktop\JRT.txt
2014-09-22 17:17 - 2014-09-22 17:17 - 01027006 _____ (Thisisu) C:\Users\Ko\Downloads\JRT.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 01373475 _____ () C:\Users\Ko\Downloads\AdwCleaner_3.310.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 00001153 _____ () C:\mbam.txt
2014-09-22 16:55 - 2014-09-22 16:56 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 16:54 - 2014-09-22 16:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-22 16:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-22 16:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-22 16:52 - 2014-09-22 16:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ko\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 16:01 - 2014-09-22 16:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ko\Downloads\tdsskiller.exe
2014-09-22 14:00 - 2014-09-22 14:00 - 00028148 _____ () C:\ComboFix.txt
2014-09-22 13:45 - 2014-09-22 14:00 - 00000000 ____D () C:\Qoobox
2014-09-22 13:45 - 2014-09-22 13:57 - 00000000 ____D () C:\windows\erdnt
2014-09-22 13:45 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-09-22 13:45 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-09-22 13:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-09-22 13:42 - 2014-09-22 13:43 - 05579290 ____R (Swearware) C:\Users\Ko\Downloads\ComboFix.exe
2014-09-22 12:24 - 2014-09-22 12:27 - 00055881 _____ () C:\Users\Ko\Downloads\Addition.txt
2014-09-22 12:24 - 2014-09-22 12:24 - 00380416 _____ () C:\Users\Ko\Downloads\Gmer-19357.exe
2014-09-22 12:23 - 2014-09-22 17:37 - 00019256 _____ () C:\Users\Ko\Downloads\FRST.txt
2014-09-22 12:23 - 2014-09-22 17:37 - 00000000 ____D () C:\FRST
2014-09-22 12:22 - 2014-09-22 12:23 - 02105856 _____ (Farbar) C:\Users\Ko\Downloads\FRST64.exe
2014-09-22 12:21 - 2014-09-22 12:21 - 00000000 _____ () C:\Users\Ko\defogger_reenable
2014-09-14 22:26 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-14 22:26 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-14 22:26 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-14 22:26 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-14 22:26 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-14 22:26 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-14 22:26 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-14 22:26 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-14 22:26 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-14 22:26 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-14 22:26 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-14 22:26 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-14 22:26 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-14 22:26 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-14 22:26 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-14 22:26 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-14 22:26 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-14 22:26 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-14 22:26 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-14 22:26 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-14 22:26 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 22:26 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-14 22:26 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-14 22:26 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-14 22:26 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-14 22:26 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-14 22:26 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-14 22:26 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-14 22:26 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-14 22:26 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-14 22:26 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-14 22:26 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-14 22:26 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-14 22:26 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-14 22:26 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-14 22:26 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 22:26 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-14 22:26 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-14 22:26 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-14 22:26 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-14 22:26 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-14 22:26 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-14 22:26 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-14 22:26 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-14 22:26 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-14 22:26 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-14 22:26 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-14 22:26 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-14 22:26 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-14 22:26 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-14 17:42 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-14 17:42 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-14 17:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-14 17:42 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-14 17:42 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\NVIDIA Corporation
2014-09-09 13:27 - 2014-09-09 13:27 - 00244400 _____ () C:\Users\Ko\Downloads\Firefox Setup Stub 32.0.exe
2014-09-09 11:45 - 2014-09-09 11:45 - 00000000 ____D () C:\windows\pss
2014-09-07 13:53 - 2014-09-07 13:53 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-30 11:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-30 11:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-30 11:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 20:16 - 2014-08-27 20:17 - 03169008 _____ () C:\Users\Ko\Downloads\msxml6_ia64 (1).msi
2014-08-27 20:16 - 2014-08-27 20:17 - 02617344 _____ () C:\Users\Ko\Downloads\msxml6_x64 (1).msi
2014-08-27 19:25 - 2014-08-27 19:25 - 01488384 _____ () C:\Users\Ko\Downloads\msxml6 (1).msi
2014-08-27 19:16 - 2014-08-27 19:16 - 00895120 _____ (Google Inc.) C:\Users\Ko\Downloads\ChromeSetup (3).exe
2014-08-25 17:52 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-25 17:52 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-25 17:52 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-25 17:52 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-25 17:52 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-25 17:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-25 17:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-25 17:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-25 17:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 22:04 - 2011-10-31 07:11 - 00000000 ____D () C:\ProgramData\WinClon
2014-09-22 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-22 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-09-22 17:37 - 2014-09-22 12:23 - 00019256 _____ () C:\Users\Ko\Downloads\FRST.txt
2014-09-22 17:37 - 2014-09-22 12:23 - 00000000 ____D () C:\FRST
2014-09-22 17:34 - 2014-09-22 17:34 - 00001049 _____ () C:\Users\Ko\Desktop\JRT.txt
2014-09-22 17:21 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 17:21 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 17:17 - 2014-09-22 17:17 - 01027006 _____ (Thisisu) C:\Users\Ko\Downloads\JRT.exe
2014-09-22 17:15 - 2013-10-07 12:33 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-22 17:15 - 2013-09-16 11:18 - 00076008 _____ () C:\windows\setupact.log
2014-09-22 17:14 - 2013-09-18 10:09 - 00260648 _____ () C:\windows\PFRO.log
2014-09-22 17:14 - 2013-09-16 14:14 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 17:14 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-22 17:13 - 2013-10-04 13:45 - 00000000 ____D () C:\AdwCleaner
2014-09-22 17:13 - 2011-10-31 22:39 - 02048263 _____ () C:\windows\WindowsUpdate.log
2014-09-22 17:10 - 2014-09-22 17:10 - 01373475 _____ () C:\Users\Ko\Downloads\AdwCleaner_3.310.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 00001153 _____ () C:\mbam.txt
2014-09-22 17:04 - 2012-08-13 20:35 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 17:01 - 2013-09-16 14:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 16:56 - 2014-09-22 16:55 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 16:54 - 2014-09-22 16:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ko\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 16:42 - 2013-10-07 13:25 - 00000000 ___RD () C:\Users\Ko\Desktop\Sicherheit
2014-09-22 16:41 - 2013-10-07 13:08 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-22 16:01 - 2014-09-22 16:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ko\Downloads\tdsskiller.exe
2014-09-22 14:52 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-22 14:15 - 2014-03-10 14:16 - 00000000 ____D () C:\Users\Ko\Documents\Outlook-Dateien
2014-09-22 14:00 - 2014-09-22 14:00 - 00028148 _____ () C:\ComboFix.txt
2014-09-22 14:00 - 2014-09-22 13:45 - 00000000 ____D () C:\Qoobox
2014-09-22 14:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 13:57 - 2014-09-22 13:45 - 00000000 ____D () C:\windows\erdnt
2014-09-22 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-09-22 13:52 - 2011-10-31 06:50 - 00000000 ____D () C:\ProgramData\Temp
2014-09-22 13:43 - 2014-09-22 13:42 - 05579290 ____R (Swearware) C:\Users\Ko\Downloads\ComboFix.exe
2014-09-22 12:27 - 2014-09-22 12:24 - 00055881 _____ () C:\Users\Ko\Downloads\Addition.txt
2014-09-22 12:24 - 2014-09-22 12:24 - 00380416 _____ () C:\Users\Ko\Downloads\Gmer-19357.exe
2014-09-22 12:23 - 2014-09-22 12:22 - 02105856 _____ (Farbar) C:\Users\Ko\Downloads\FRST64.exe
2014-09-22 12:21 - 2014-09-22 12:21 - 00000000 _____ () C:\Users\Ko\defogger_reenable
2014-09-22 12:21 - 2012-07-25 20:57 - 00000000 ____D () C:\Users\Ko
2014-09-22 12:12 - 2012-12-16 20:36 - 00003906 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{95B62322-6037-4658-86AA-3B11CC578125}
2014-09-19 15:14 - 2013-08-18 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 14:34 - 2013-10-10 13:19 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-09-14 22:25 - 2012-12-04 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 22:17 - 2013-01-27 17:54 - 00000000 ____D () C:\Users\Ko\AppData\Roaming\TS3Client
2014-09-14 17:52 - 2013-08-14 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-09-14 17:37 - 2012-08-22 10:20 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\NVIDIA Corporation
2014-09-11 15:56 - 2012-08-13 20:35 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 15:56 - 2012-08-01 19:29 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 15:56 - 2012-08-01 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 15:54 - 2014-07-10 08:47 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 21:13 - 2013-09-16 14:17 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 13:44 - 2012-08-07 21:42 - 00000000 ____D () C:\Users\Ko\AppData\Local\Mozilla
2014-09-09 13:27 - 2014-09-09 13:27 - 00244400 _____ () C:\Users\Ko\Downloads\Firefox Setup Stub 32.0.exe
2014-09-09 11:45 - 2014-09-09 11:45 - 00000000 ____D () C:\windows\pss
2014-09-07 13:53 - 2014-09-07 13:53 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 13:45 - 2014-04-23 14:16 - 00000000 ____D () C:\Users\Ko\AppData\Roaming\HpUpdate
2014-08-31 11:15 - 2009-07-14 06:45 - 00428608 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-30 20:32 - 2014-04-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-29 18:51 - 2012-11-28 18:15 - 00000000 ____D () C:\Users\Ko\AppData\Local\Google
2014-08-27 20:17 - 2014-08-27 20:16 - 03169008 _____ () C:\Users\Ko\Downloads\msxml6_ia64 (1).msi
2014-08-27 20:17 - 2014-08-27 20:16 - 02617344 _____ () C:\Users\Ko\Downloads\msxml6_x64 (1).msi
2014-08-27 19:25 - 2014-08-27 19:25 - 01488384 _____ () C:\Users\Ko\Downloads\msxml6 (1).msi
2014-08-27 19:16 - 2014-08-27 19:16 - 00895120 _____ (Google Inc.) C:\Users\Ko\Downloads\ChromeSetup (3).exe
2014-08-27 11:15 - 2013-10-10 13:19 - 00003518 _____ () C:\windows\System32\Tasks\FileAdvisorCheck
2014-08-27 11:14 - 2013-10-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2014-08-27 11:14 - 2013-02-09 20:00 - 00000000 ____D () C:\NVIDIA
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-30 11:41 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 11:41 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 11:41 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Ko\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-20 11:23

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 22.09.2014, 23:25

Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.

Konny251 · 23.09.2014, 07:43

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Ko (administrator) on KO-PC on 22-09-2014 17:37:08
Running from C:\Users\Ko\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Teldat GmbH) C:\Program Files (x86)\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
ShortcutTarget: Control Center.lnk -> C:\Program Files (x86)\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe (Teldat GmbH)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ko\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Forecastfox - C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: WOT - C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-05-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "", "hxxp://www.google.de/"
CHR Profile: C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-16]
CHR Extension: (Google Drive) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (WOT) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Google-Suche) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]
CHR Extension: (AdBlock) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-17]
CHR Extension: (avast! Online Security) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-07]
CHR Extension: (Word CaptureX Extension) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-10] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-02] (Windows (R) 2003 DDK 3790 provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 17:34 - 2014-09-22 17:34 - 00001049 _____ () C:\Users\Ko\Desktop\JRT.txt
2014-09-22 17:17 - 2014-09-22 17:17 - 01027006 _____ (Thisisu) C:\Users\Ko\Downloads\JRT.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 01373475 _____ () C:\Users\Ko\Downloads\AdwCleaner_3.310.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 00001153 _____ () C:\mbam.txt
2014-09-22 16:55 - 2014-09-22 16:56 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 16:54 - 2014-09-22 16:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-22 16:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-22 16:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-22 16:52 - 2014-09-22 16:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ko\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 16:01 - 2014-09-22 16:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ko\Downloads\tdsskiller.exe
2014-09-22 14:00 - 2014-09-22 14:00 - 00028148 _____ () C:\ComboFix.txt
2014-09-22 13:45 - 2014-09-22 14:00 - 00000000 ____D () C:\Qoobox
2014-09-22 13:45 - 2014-09-22 13:57 - 00000000 ____D () C:\windows\erdnt
2014-09-22 13:45 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-09-22 13:45 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-09-22 13:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-09-22 13:42 - 2014-09-22 13:43 - 05579290 ____R (Swearware) C:\Users\Ko\Downloads\ComboFix.exe
2014-09-22 12:24 - 2014-09-22 12:27 - 00055881 _____ () C:\Users\Ko\Downloads\Addition.txt
2014-09-22 12:24 - 2014-09-22 12:24 - 00380416 _____ () C:\Users\Ko\Downloads\Gmer-19357.exe
2014-09-22 12:23 - 2014-09-22 17:37 - 00019256 _____ () C:\Users\Ko\Downloads\FRST.txt
2014-09-22 12:23 - 2014-09-22 17:37 - 00000000 ____D () C:\FRST
2014-09-22 12:22 - 2014-09-22 12:23 - 02105856 _____ (Farbar) C:\Users\Ko\Downloads\FRST64.exe
2014-09-22 12:21 - 2014-09-22 12:21 - 00000000 _____ () C:\Users\Ko\defogger_reenable
2014-09-14 22:26 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-14 22:26 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-14 22:26 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-14 22:26 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-14 22:26 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-14 22:26 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-14 22:26 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-14 22:26 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-14 22:26 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-14 22:26 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-14 22:26 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-14 22:26 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-14 22:26 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-14 22:26 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-14 22:26 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-14 22:26 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-14 22:26 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-14 22:26 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-14 22:26 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-14 22:26 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-14 22:26 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 22:26 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-14 22:26 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-14 22:26 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-14 22:26 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-14 22:26 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-14 22:26 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-14 22:26 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-14 22:26 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-14 22:26 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-14 22:26 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-14 22:26 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-14 22:26 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-14 22:26 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-14 22:26 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-14 22:26 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 22:26 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-14 22:26 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-14 22:26 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-14 22:26 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-14 22:26 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-14 22:26 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-14 22:26 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-14 22:26 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-14 22:26 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-14 22:26 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-14 22:26 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-14 22:26 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-14 22:26 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-14 22:26 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-14 17:42 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-14 17:42 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-14 17:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-14 17:42 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-14 17:42 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\NVIDIA Corporation
2014-09-09 13:27 - 2014-09-09 13:27 - 00244400 _____ () C:\Users\Ko\Downloads\Firefox Setup Stub 32.0.exe
2014-09-09 11:45 - 2014-09-09 11:45 - 00000000 ____D () C:\windows\pss
2014-09-07 13:53 - 2014-09-07 13:53 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-30 11:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-30 11:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-30 11:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 20:16 - 2014-08-27 20:17 - 03169008 _____ () C:\Users\Ko\Downloads\msxml6_ia64 (1).msi
2014-08-27 20:16 - 2014-08-27 20:17 - 02617344 _____ () C:\Users\Ko\Downloads\msxml6_x64 (1).msi
2014-08-27 19:25 - 2014-08-27 19:25 - 01488384 _____ () C:\Users\Ko\Downloads\msxml6 (1).msi
2014-08-27 19:16 - 2014-08-27 19:16 - 00895120 _____ (Google Inc.) C:\Users\Ko\Downloads\ChromeSetup (3).exe
2014-08-25 17:52 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-25 17:52 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-25 17:52 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-25 17:52 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-25 17:52 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-25 17:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-25 17:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-25 17:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-25 17:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 22:04 - 2011-10-31 07:11 - 00000000 ____D () C:\ProgramData\WinClon
2014-09-22 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-22 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-09-22 17:37 - 2014-09-22 12:23 - 00019256 _____ () C:\Users\Ko\Downloads\FRST.txt
2014-09-22 17:37 - 2014-09-22 12:23 - 00000000 ____D () C:\FRST
2014-09-22 17:34 - 2014-09-22 17:34 - 00001049 _____ () C:\Users\Ko\Desktop\JRT.txt
2014-09-22 17:21 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 17:21 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 17:17 - 2014-09-22 17:17 - 01027006 _____ (Thisisu) C:\Users\Ko\Downloads\JRT.exe
2014-09-22 17:15 - 2013-10-07 12:33 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-22 17:15 - 2013-09-16 11:18 - 00076008 _____ () C:\windows\setupact.log
2014-09-22 17:14 - 2013-09-18 10:09 - 00260648 _____ () C:\windows\PFRO.log
2014-09-22 17:14 - 2013-09-16 14:14 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 17:14 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-22 17:13 - 2013-10-04 13:45 - 00000000 ____D () C:\AdwCleaner
2014-09-22 17:13 - 2011-10-31 22:39 - 02048263 _____ () C:\windows\WindowsUpdate.log
2014-09-22 17:10 - 2014-09-22 17:10 - 01373475 _____ () C:\Users\Ko\Downloads\AdwCleaner_3.310.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 00001153 _____ () C:\mbam.txt
2014-09-22 17:04 - 2012-08-13 20:35 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 17:01 - 2013-09-16 14:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-22 16:56 - 2014-09-22 16:55 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 16:54 - 2014-09-22 16:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ko\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 16:42 - 2013-10-07 13:25 - 00000000 ___RD () C:\Users\Ko\Desktop\Sicherheit
2014-09-22 16:41 - 2013-10-07 13:08 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-22 16:01 - 2014-09-22 16:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ko\Downloads\tdsskiller.exe
2014-09-22 14:52 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-22 14:15 - 2014-03-10 14:16 - 00000000 ____D () C:\Users\Ko\Documents\Outlook-Dateien
2014-09-22 14:00 - 2014-09-22 14:00 - 00028148 _____ () C:\ComboFix.txt
2014-09-22 14:00 - 2014-09-22 13:45 - 00000000 ____D () C:\Qoobox
2014-09-22 14:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 13:57 - 2014-09-22 13:45 - 00000000 ____D () C:\windows\erdnt
2014-09-22 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-09-22 13:52 - 2011-10-31 06:50 - 00000000 ____D () C:\ProgramData\Temp
2014-09-22 13:43 - 2014-09-22 13:42 - 05579290 ____R (Swearware) C:\Users\Ko\Downloads\ComboFix.exe
2014-09-22 12:27 - 2014-09-22 12:24 - 00055881 _____ () C:\Users\Ko\Downloads\Addition.txt
2014-09-22 12:24 - 2014-09-22 12:24 - 00380416 _____ () C:\Users\Ko\Downloads\Gmer-19357.exe
2014-09-22 12:23 - 2014-09-22 12:22 - 02105856 _____ (Farbar) C:\Users\Ko\Downloads\FRST64.exe
2014-09-22 12:21 - 2014-09-22 12:21 - 00000000 _____ () C:\Users\Ko\defogger_reenable
2014-09-22 12:21 - 2012-07-25 20:57 - 00000000 ____D () C:\Users\Ko
2014-09-22 12:12 - 2012-12-16 20:36 - 00003906 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{95B62322-6037-4658-86AA-3B11CC578125}
2014-09-19 15:14 - 2013-08-18 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 14:34 - 2013-10-10 13:19 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-09-14 22:25 - 2012-12-04 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 22:17 - 2013-01-27 17:54 - 00000000 ____D () C:\Users\Ko\AppData\Roaming\TS3Client
2014-09-14 17:52 - 2013-08-14 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-09-14 17:37 - 2012-08-22 10:20 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\NVIDIA Corporation
2014-09-11 15:56 - 2012-08-13 20:35 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 15:56 - 2012-08-01 19:29 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 15:56 - 2012-08-01 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 15:54 - 2014-07-10 08:47 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 21:13 - 2013-09-16 14:17 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 13:44 - 2012-08-07 21:42 - 00000000 ____D () C:\Users\Ko\AppData\Local\Mozilla
2014-09-09 13:27 - 2014-09-09 13:27 - 00244400 _____ () C:\Users\Ko\Downloads\Firefox Setup Stub 32.0.exe
2014-09-09 11:45 - 2014-09-09 11:45 - 00000000 ____D () C:\windows\pss
2014-09-07 13:53 - 2014-09-07 13:53 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 13:45 - 2014-04-23 14:16 - 00000000 ____D () C:\Users\Ko\AppData\Roaming\HpUpdate
2014-08-31 11:15 - 2009-07-14 06:45 - 00428608 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-30 20:32 - 2014-04-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-29 18:51 - 2012-11-28 18:15 - 00000000 ____D () C:\Users\Ko\AppData\Local\Google
2014-08-27 20:17 - 2014-08-27 20:16 - 03169008 _____ () C:\Users\Ko\Downloads\msxml6_ia64 (1).msi
2014-08-27 20:17 - 2014-08-27 20:16 - 02617344 _____ () C:\Users\Ko\Downloads\msxml6_x64 (1).msi
2014-08-27 19:25 - 2014-08-27 19:25 - 01488384 _____ () C:\Users\Ko\Downloads\msxml6 (1).msi
2014-08-27 19:16 - 2014-08-27 19:16 - 00895120 _____ (Google Inc.) C:\Users\Ko\Downloads\ChromeSetup (3).exe
2014-08-27 11:15 - 2013-10-10 13:19 - 00003518 _____ () C:\windows\System32\Tasks\FileAdvisorCheck
2014-08-27 11:14 - 2013-10-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2014-08-27 11:14 - 2013-02-09 20:00 - 00000000 ____D () C:\NVIDIA
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-30 11:41 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-30 11:41 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-30 11:41 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Ko\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-20 11:23

==================== End Of Log ============================

--- --- ---

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by Ko (administrator) on KO-PC on 23-09-2014 08:40:45
Running from C:\Users\Ko\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Teldat GmbH) C:\Program Files (x86)\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-06-25] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-05] (AVAST Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk
ShortcutTarget: Control Center.lnk -> C:\Program Files (x86)\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe (Teldat GmbH)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Ko\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Extension: Forecastfox - C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2012-10-09]
FF Extension: WOT - C:\Users\Ko\AppData\Roaming\Mozilla\Firefox\Profiles\yq4p9rch.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-05-16]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-04-18]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-07]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-02-22]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "", "hxxp://www.google.de/"
CHR Profile: C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-16]
CHR Extension: (Google Drive) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (WOT) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-10-07]
CHR Extension: (YouTube) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-16]
CHR Extension: (Google-Suche) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-16]
CHR Extension: (AdBlock) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-17]
CHR Extension: (avast! Online Security) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-10-07]
CHR Extension: (Word CaptureX Extension) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2013-09-16]
CHR Extension: (Google Wallet) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16]
CHR Extension: (Google Mail) - C:\Users\Ko\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-10]
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-10] (AVAST Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-01] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-10] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-10] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-02] (Windows (R) 2003 DDK 3790 provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 17:34 - 2014-09-22 17:34 - 00001049 _____ () C:\Users\Ko\Desktop\JRT.txt
2014-09-22 17:17 - 2014-09-22 17:17 - 01027006 _____ (Thisisu) C:\Users\Ko\Downloads\JRT.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 01373475 _____ () C:\Users\Ko\Downloads\AdwCleaner_3.310.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 00001153 _____ () C:\mbam.txt
2014-09-22 16:55 - 2014-09-22 16:56 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 16:54 - 2014-09-22 16:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-22 16:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-22 16:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-22 16:52 - 2014-09-22 16:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ko\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 16:01 - 2014-09-22 16:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ko\Downloads\tdsskiller.exe
2014-09-22 14:00 - 2014-09-22 14:00 - 00028148 _____ () C:\ComboFix.txt
2014-09-22 13:45 - 2014-09-22 14:00 - 00000000 ____D () C:\Qoobox
2014-09-22 13:45 - 2014-09-22 13:57 - 00000000 ____D () C:\windows\erdnt
2014-09-22 13:45 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-09-22 13:45 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-09-22 13:45 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-09-22 13:45 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-09-22 13:42 - 2014-09-22 13:43 - 05579290 ____R (Swearware) C:\Users\Ko\Downloads\ComboFix.exe
2014-09-22 12:24 - 2014-09-22 12:27 - 00055881 _____ () C:\Users\Ko\Downloads\Addition.txt
2014-09-22 12:24 - 2014-09-22 12:24 - 00380416 _____ () C:\Users\Ko\Downloads\Gmer-19357.exe
2014-09-22 12:23 - 2014-09-23 08:40 - 00019880 _____ () C:\Users\Ko\Downloads\FRST.txt
2014-09-22 12:23 - 2014-09-23 08:40 - 00000000 ____D () C:\FRST
2014-09-22 12:22 - 2014-09-22 12:23 - 02105856 _____ (Farbar) C:\Users\Ko\Downloads\FRST64.exe
2014-09-22 12:21 - 2014-09-22 12:21 - 00000000 _____ () C:\Users\Ko\defogger_reenable
2014-09-14 22:26 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-14 22:26 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-14 22:26 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-14 22:26 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-14 22:26 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-14 22:26 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-14 22:26 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-14 22:26 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-14 22:26 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-14 22:26 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-14 22:26 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-14 22:26 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-14 22:26 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-14 22:26 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-14 22:26 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-14 22:26 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-14 22:26 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-14 22:26 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-14 22:26 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-14 22:26 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-14 22:26 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-14 22:26 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-14 22:26 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-14 22:26 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-14 22:26 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-14 22:26 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-14 22:26 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-14 22:26 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-14 22:26 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-14 22:26 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-14 22:26 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-14 22:26 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-14 22:26 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-14 22:26 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-14 22:26 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-14 22:26 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-14 22:26 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-14 22:26 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-14 22:26 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-14 22:26 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-14 22:26 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-14 22:26 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-14 22:26 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-14 22:26 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-14 22:26 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-14 22:26 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-14 22:26 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-14 22:26 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-14 22:26 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-14 22:26 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-14 22:26 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-14 22:26 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-14 17:42 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-14 17:42 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-14 17:42 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-14 17:42 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-14 17:42 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\NVIDIA Corporation
2014-09-09 13:27 - 2014-09-09 13:27 - 00244400 _____ () C:\Users\Ko\Downloads\Firefox Setup Stub 32.0.exe
2014-09-09 11:45 - 2014-09-09 11:45 - 00000000 ____D () C:\windows\pss
2014-09-07 13:53 - 2014-09-07 13:53 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-30 11:41 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-30 11:41 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-30 11:41 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 20:16 - 2014-08-27 20:17 - 03169008 _____ () C:\Users\Ko\Downloads\msxml6_ia64 (1).msi
2014-08-27 20:16 - 2014-08-27 20:17 - 02617344 _____ () C:\Users\Ko\Downloads\msxml6_x64 (1).msi
2014-08-27 19:25 - 2014-08-27 19:25 - 01488384 _____ () C:\Users\Ko\Downloads\msxml6 (1).msi
2014-08-27 19:16 - 2014-08-27 19:16 - 00895120 _____ (Google Inc.) C:\Users\Ko\Downloads\ChromeSetup (3).exe
2014-08-25 17:52 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-25 17:52 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-25 17:52 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-25 17:52 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-25 17:52 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-25 17:52 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-25 17:51 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-25 17:51 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-25 17:51 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-25 17:51 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-23 08:40 - 2014-09-22 12:23 - 00019880 _____ () C:\Users\Ko\Downloads\FRST.txt
2014-09-23 08:40 - 2014-09-22 12:23 - 00000000 ____D () C:\FRST
2014-09-23 08:40 - 2014-03-10 14:16 - 00000000 ____D () C:\Users\Ko\Documents\Outlook-Dateien
2014-09-23 08:39 - 2013-09-16 14:14 - 00001102 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-23 08:38 - 2012-08-13 20:35 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 08:38 - 2011-10-31 22:39 - 02049179 _____ () C:\windows\WindowsUpdate.log
2014-09-22 22:04 - 2011-10-31 07:11 - 00000000 ____D () C:\ProgramData\WinClon
2014-09-22 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-22 22:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-09-22 17:34 - 2014-09-22 17:34 - 00001049 _____ () C:\Users\Ko\Desktop\JRT.txt
2014-09-22 17:21 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 17:21 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 17:17 - 2014-09-22 17:17 - 01027006 _____ (Thisisu) C:\Users\Ko\Downloads\JRT.exe
2014-09-22 17:15 - 2013-10-07 12:33 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-22 17:15 - 2013-09-16 11:18 - 00076008 _____ () C:\windows\setupact.log
2014-09-22 17:14 - 2013-09-18 10:09 - 00260648 _____ () C:\windows\PFRO.log
2014-09-22 17:14 - 2013-09-16 14:14 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-22 17:14 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-22 17:13 - 2013-10-04 13:45 - 00000000 ____D () C:\AdwCleaner
2014-09-22 17:10 - 2014-09-22 17:10 - 01373475 _____ () C:\Users\Ko\Downloads\AdwCleaner_3.310.exe
2014-09-22 17:10 - 2014-09-22 17:10 - 00001153 _____ () C:\mbam.txt
2014-09-22 16:56 - 2014-09-22 16:55 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-22 16:54 - 2014-09-22 16:54 - 00001062 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:54 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-09-22 16:54 - 2014-09-22 16:52 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ko\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-22 16:42 - 2013-10-07 13:25 - 00000000 ___RD () C:\Users\Ko\Desktop\Sicherheit
2014-09-22 16:41 - 2013-10-07 13:08 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-22 16:01 - 2014-09-22 16:01 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Ko\Downloads\tdsskiller.exe
2014-09-22 14:52 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-22 14:00 - 2014-09-22 14:00 - 00028148 _____ () C:\ComboFix.txt
2014-09-22 14:00 - 2014-09-22 13:45 - 00000000 ____D () C:\Qoobox
2014-09-22 14:00 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-22 13:57 - 2014-09-22 13:45 - 00000000 ____D () C:\windows\erdnt
2014-09-22 13:56 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-09-22 13:52 - 2011-10-31 06:50 - 00000000 ____D () C:\ProgramData\Temp
2014-09-22 13:43 - 2014-09-22 13:42 - 05579290 ____R (Swearware) C:\Users\Ko\Downloads\ComboFix.exe
2014-09-22 12:27 - 2014-09-22 12:24 - 00055881 _____ () C:\Users\Ko\Downloads\Addition.txt
2014-09-22 12:24 - 2014-09-22 12:24 - 00380416 _____ () C:\Users\Ko\Downloads\Gmer-19357.exe
2014-09-22 12:23 - 2014-09-22 12:22 - 02105856 _____ (Farbar) C:\Users\Ko\Downloads\FRST64.exe
2014-09-22 12:21 - 2014-09-22 12:21 - 00000000 _____ () C:\Users\Ko\defogger_reenable
2014-09-22 12:21 - 2012-07-25 20:57 - 00000000 ____D () C:\Users\Ko
2014-09-22 12:12 - 2012-12-16 20:36 - 00003906 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{95B62322-6037-4658-86AA-3B11CC578125}
2014-09-19 15:14 - 2013-08-18 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 14:34 - 2013-10-10 13:19 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-09-14 22:25 - 2012-12-04 11:50 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-14 22:17 - 2013-01-27 17:54 - 00000000 ____D () C:\Users\Ko\AppData\Roaming\TS3Client
2014-09-14 17:52 - 2013-08-14 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-09-14 17:37 - 2012-08-22 10:20 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-11 19:59 - 2014-09-11 19:59 - 00000000 ____D () C:\NVIDIA Corporation
2014-09-11 15:56 - 2012-08-13 20:35 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-11 15:56 - 2012-08-01 19:29 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 15:56 - 2012-08-01 19:29 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 15:54 - 2014-07-10 08:47 - 10036224 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 21:13 - 2013-09-16 14:17 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-09 13:44 - 2012-08-07 21:42 - 00000000 ____D () C:\Users\Ko\AppData\Local\Mozilla
2014-09-09 13:27 - 2014-09-09 13:27 - 00244400 _____ () C:\Users\Ko\Downloads\Firefox Setup Stub 32.0.exe
2014-09-09 11:45 - 2014-09-09 11:45 - 00000000 ____D () C:\windows\pss
2014-09-07 13:53 - 2014-09-07 13:53 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 13:53 - 2014-09-07 13:53 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 13:53 - 2014-09-07 13:53 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 13:45 - 2014-04-23 14:16 - 00000000 ____D () C:\Users\Ko\AppData\Roaming\HpUpdate
2014-08-31 11:15 - 2009-07-14 06:45 - 00428608 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-30 20:32 - 2014-04-18 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-08-29 18:51 - 2012-11-28 18:15 - 00000000 ____D () C:\Users\Ko\AppData\Local\Google
2014-08-27 20:17 - 2014-08-27 20:16 - 03169008 _____ () C:\Users\Ko\Downloads\msxml6_ia64 (1).msi
2014-08-27 20:17 - 2014-08-27 20:16 - 02617344 _____ () C:\Users\Ko\Downloads\msxml6_x64 (1).msi
2014-08-27 19:25 - 2014-08-27 19:25 - 01488384 _____ () C:\Users\Ko\Downloads\msxml6 (1).msi
2014-08-27 19:16 - 2014-08-27 19:16 - 00895120 _____ (Google Inc.) C:\Users\Ko\Downloads\ChromeSetup (3).exe
2014-08-27 11:15 - 2013-10-10 13:19 - 00003518 _____ () C:\windows\System32\Tasks\FileAdvisorCheck
2014-08-27 11:14 - 2013-10-10 13:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2014-08-27 11:14 - 2013-02-09 20:00 - 00000000 ____D () C:\NVIDIA
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Ko\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-20 11:23

==================== End Of Log ============================

--- --- ---

Konny251 · 23.09.2014, 07:45

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by Ko at 2014-09-23 08:41:14
Running from C:\Users\Ko\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.8 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.8 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Around the World in 80 Days (HKLM-x32\...\BFG-Around the World in 80 Days) (Version:  - )
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2010397950.48.56.39914730 - Audible, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.3509 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.82 - NCH Software)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{16880765-677F-440B-B16A-BFD9B9C00012}) (Version: 1.0.12 - Samsung)
ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
Eumex RNDIS64 Driver V1.03 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.03.0000 - Deutsche Telekom)
F4200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube Download version 3.2.23.219 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.23.219 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.34.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.34.430 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{A00C9114-40E6-4C70-A619-7DF264B23485}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MatchWare MindView 5.0 (HKLM-x32\...\{C849BEF2-0216-45E5-841B-F0F2F4FDE319}) (Version: 5.0.168 - MatchWare A/S)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.0 - )
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PDF Creator (HKLM\...\PDF Creator) (Version:  - )
PDF24 Creator 6.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhoneShare (HKLM-x32\...\{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}) (Version: 9.1.4 - Samsung)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.0 - Samsung)
Samsung Support Center 1.0 (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.38 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.01 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.08.82 - Akademische Arbeitsgemeinschaft)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24482 - TeamViewer)
Teldat Eumex 402 WIN-Tools V1.00 (HKLM-x32\...\InstallShield_{1F2B2C7A-6A8D-499E-88B2-0C1E2AB06963}) (Version: 1.00.0000 - hxxp://www.teldat.de)
Teldat Eumex 402 WIN-Tools V1.00 (x32 Version: 1.00.0000 - hxxp://www.teldat.de) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.7 - )
Video Download Capture V4.4.7 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.4.7 - Apowersoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - T-Home Net  (04/13/2012 6.0.6000.16384) (HKLM\...\C7DD251F4B6025D69B6ACC9FD647E009517A6069) (Version: 04/13/2012 6.0.6000.16384 - T-Home)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 29.0.2013 - BillP Studios)
WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.2.0.16826 - Blizzard Entertainment)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{74ee84c9-da91-4386-86eb-dc5551a283b7}\InprocServer32 -> C:\windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2799891548-1686358224-993601196-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ko\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points  =========================

19-09-2014 13:14:17 Windows Update
22-09-2014 10:17:46 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1104F6B7-A035-451E-B7B2-4541DD9B420A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {11C9F267-B2CA-427D-84AA-778A6CCEC580} - System32\Tasks\AdobeFlashPlayerUpdate => C:\windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {12B15A75-AE31-4726-A105-C77172F9A649} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2010-08-27] (Samsung Electronics)
Task: {16A2B260-EA10-41D0-A2ED-CD43B05A4244} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-23] (Samsung Electronics Co., Ltd.)
Task: {1F70E1B8-D0E0-42BD-839A-A04A9E4DC26D} - System32\Tasks\{9C7E3B4D-1E41-4AA8-B777-9AF6673625E6} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
Task: {3A1334B0-8002-46CC-A86A-5207786FCA74} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {4682228C-3C2B-4543-A86E-8A41C7C9999A} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {5043B97F-1822-4362-B1E0-B19A9BC7CE6E} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {5820AAD3-CADE-447F-8593-B1D5BBECF4DC} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {597AE05A-95F1-4424-98D6-947E2CD1A393} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {5E2260BC-8566-42AD-9338-8FAF52759CA5} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {8303B12E-7A34-4FEA-BCE1-9088145BD7A5} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8D508EC0-C598-4FA4-8708-535CA2E7B37E} - System32\Tasks\NCH Software\DebutDowngrade => C:\Program Files (x86)\NCH Software\Debut\debut.exe
Task: {934FD08E-DBDC-4006-80F8-8A118B0BD5C1} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {A653CAEA-9876-4343-94DD-98196BF41232} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {AC1BDC73-B8AB-4DF5-97B5-CCA7B67D2BDB} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-12] (filetypeadvisor.com                                         )
Task: {CD478CFF-5BA3-48FD-B2F2-CD5FB0222686} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {E1A6D784-FBB1-45F8-BA3C-953559D38843} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-10] (AVAST Software)
Task: {E5B7EE2E-CBF2-4FAE-8FF9-9326CF69E183} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-09-04] (SAMSUNG Electronics)
Task: {E689CC2A-9B46-41FA-8800-8971B2119D80} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-02-14] (SEC)
Task: {ECA9E47D-54ED-411B-B8EE-9B7EBDB75ED6} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)
Task: {F39FD479-8CDF-436A-98A7-C87F5B2589C6} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-12] (File Type Advisor)
Task: {F73C0B53-13AA-4A45-A7B9-8024DE0CE43E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-16] (Google Inc.)
Task: {FF17078D-7A7A-445F-B1AE-5DBFBE8BE1C5} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2011-01-04] (Samsung Electronics Co., Ltd.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-13 15:02 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-23 11:54 - 2011-10-04 23:43 - 00087552 _____ () C:\windows\System32\custmon64i.dll
2011-10-31 21:56 - 2008-06-05 01:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-10-31 06:53 - 2009-12-01 09:21 - 00244904 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2011-10-31 21:56 - 2010-10-21 20:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2014-07-10 11:32 - 2014-07-10 11:32 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-22 12:08 - 2014-09-22 12:08 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092200\algo.dll
2014-09-23 08:39 - 2014-09-23 08:39 - 02865152 _____ () C:\Program Files\AVAST Software\Avast\defs\14092201\algo.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-31 07:00 - 2010-07-05 12:42 - 00203776 _____ () C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll
2014-07-10 11:32 - 2014-07-10 11:32 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-10-31 06:58 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
2011-10-31 07:11 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-10 21:13 - 2014-09-04 05:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2014-09-10 21:12 - 2014-09-04 05:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\Ko:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\Users\Ko\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Ko\Cookies:gs5sys
AlternateDataStreams: C:\Users\Ko\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\Ko\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\Ko\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\Ko\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\Ko\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\Ko\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\Ko\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Ko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Ko\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Ko\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Ko\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/22/2014 08:06:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7765262

Error: (09/22/2014 08:06:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7765262

Error: (09/22/2014 08:06:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (09/22/2014 08:06:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (09/22/2014 08:06:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7765262

Error: (09/22/2014 08:06:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7765262

Error: (09/22/2014 08:06:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 33%
Total physical RAM: 4075.55 MB
Available physical RAM: 2720.48 MB
Total Pagefile: 8149.27 MB
Available Pagefile: 5968.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111 GB) (Free:23.24 GB) NTFS
Drive d: () (Fixed) (Total:163.58 GB) (Free:112.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1AE12585)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=163.6 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.4 GB) - (Type=27)

==================== End Of Log ============================

cosinus · 23.09.2014, 10:55

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Hosts:
EmptyTemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Konny251 · 24.09.2014, 18:48

Sorry für die späte Meldung, hatte Doppeldienst

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-09-2014
Ran by Ko at 2014-09-24 19:46:43 Run:1
Running from C:\Users\Ko\Desktop\Sicherheit
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Hosts: EmptyTemp: 
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

==== End of Fixlog ====

cosinus · 24.09.2014, 20:58

Du hast den Fix nicht nach Anleitung gemacht, meine Fixlist nicht 1:1 übernommen, was in drei Zeilen steht muss auch in drei Zeilen sein und nicht alles in einer

Bitte nochmal richtig machen

Konny251 · 30.09.2014, 08:58

Hallo cosinus, bitte entschuldige die spärliche Meldung, aber derzeit gehts bei mir drunter und drüber....

Irgendwas mache ich noch falsch, ich habe es jetzt mehrmals nach deiner Anleitung gemacht. Doch jedesmal nach dem Neustart, erstellt er mir keinen Fixlog??

Kannst Du mir helfen??

cosinus · 30.09.2014, 14:08

Du machst deine fixlist so:

Code:

ATTFilter

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION Hosts: EmptyTemp

Damit kann FRST nicht umgehen (außerdem fehlt ein Doppelpunkt bei EmptyTemp) jede Anweisung muss in eine seaparate Zeile also so:

Code:

ATTFilter

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 
Hosts: 
EmptyTemp:

22.09.2014, 23:25	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Erkennung inaktiver Dienste, Sicherung nicht möglich Fehlercode 81000019 uvm. Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken. __________________ Logfiles bitte immer in CODE-Tags posten

24.09.2014, 20:58	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Erkennung inaktiver Dienste, Sicherung nicht möglich Fehlercode 81000019 uvm. Du hast den Fix nicht nach Anleitung gemacht, meine Fixlist nicht 1:1 übernommen, was in drei Zeilen steht muss auch in drei Zeilen sein und nicht alles in einer Bitte nochmal richtig machen __________________ Logfiles bitte immer in CODE-Tags posten

Erkennung inaktiver Dienste, Sicherung nicht möglich Fehlercode 81000019 uvm.

Log-Analyse und Auswertung: Erkennung inaktiver Dienste, Sicherung nicht möglich Fehlercode 81000019 uvm.