Vista: Firefox Ansicht ändert sich, Symbole in der Taskleiste verschwinden, oder Bildschirm wird schwarz

corvin · 30.10.2014, 21:52

Symbole in der Taskleiste verschwinden, sind nach Neustart wieder da.
Das Scrollen (beim Läpi) geht plötzlich nicht mehr, nach Neustart ist wieder alles ok.
Oder der Mauszeiger verschwindet und der Bildschirm wird schwarz und es geht nichts mehr.
Spinne ich oder der Läpi???

FIREFOX Problem wurde gelöst!!!!

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-10-2014 01
Ran by kleine at 2014-10-30 21:19:04
Running from C:\Users\kleine\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Enabled - Up to date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Enabled - Up to date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{8EEFB640-A25D-448E-9F84-3CADF173CAE4}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ANNO 1602 (HKLM\...\{84F7CAD9-2316-4701-B5CA-E90FD60029E9}) (Version:  - )
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.2158.0 - Lavasoft) Hidden
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression (HKLM\...\{CCF38218-BD4A-4A4D-8EBE-735569BF89F5}) (Version: 1.2.33.353 - ArcSoft)
Atheros WLAN Client (HKLM\...\{04983D37-2202-4295-94A2-8B547C66133F}) (Version: 1.00.000 - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Cliqz (HKLM\...\{5A0C0737-6AFE-4DC6-A8B4-6DFE509ACD75}_is1) (Version: 0.5.22 - Cliqz.com)
Easy Battery Manager (HKLM\...\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}) (Version: 3.2.1.7 - )
Easy Display Manager (HKLM\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 2.0.0.0 - Samsung)
Easy Network Manager 4.0 (HKLM\...\InstallShield_{308BD058-411C-4AF2-8BF6-A6C7CFD0270D}) (Version: 4.0.0.13 - Samsung)
Easy Network Manager 4.0 (Version: 4.0.0.13 - Samsung) Hidden
Easy SpeedUp Manager (HKLM\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.0.1.0 - )
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
imagine digital freedom - Samsung (HKLM\...\{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}) (Version: 1.0.2.0 - Samsung Electronics Co., LTD)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}) (Version: 12.00.2000 - Intel(R) Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
LAME v3.98.2 for Audacity (HKLM\...\LAME for Audacity_is1) (Version:  - )
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 11.45.3.3 - Marvell)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90A40407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8003.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SOAP Toolkit 2.0 SP2 (HKLM\...\{36BEAD11-8577-49AD-9250-E06A50AE87B0}) (Version: 623.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.3 (x86 de) (HKLM\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MyDriveConnect 3.3.0.1502 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1502 - TomTom)
NVIDIA Grafiktreiber 310.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.64 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
PlayCamera (HKLM\...\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}) (Version: 1.0.1.7 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5605 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Royal Envoy™ (HKLM\...\Royal Envoy™_is1) (Version:  - Playrix Entertainment)
Samsung Magic Doctor (HKLM\...\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}) (Version: 5.00 - Samsung Electronics Co., LTD)
Samsung Recovery Solution III (HKLM\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 3.0.0.6 - Samsung)
Samsung Update Plus (HKLM\...\InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}) (Version: 1.3.0.11 - Samsung Electronics Co., LTD)
Samsung Update Plus (HKLM\...\InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}) (Version: 2.0 - Samsung Electronics Co., LTD)
Samsung Update Plus (Version: 1.3.0.11 - Samsung Electronics Co., LTD) Hidden
Samsung Update Plus (Version: 2.0 - Samsung Electronics Co., LTD) Hidden
Secunia PSI (3.0.0.9016) (HKLM\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Skat XXL (HKCU\...\Skat XXL) (Version:  - )
SPCA1528 PC Driver (HKLM\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.4.0 - )
Spotify (HKCU\...\Spotify) (Version: 0.8.8.454.gfb120cda - Spotify AB)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.29327 - TeamViewer)
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (HKLM\...\{07629207-FAA0-4F1A-8092-BF5085BE511F}) (Version: 9.00.2047.00 - Microsoft Corporation)
User Guide (HKLM\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.0 - )
Vimicro UVC Camera (HKLM\...\{71A51B09-E7D3-11DB-A386-005056C00008}) (Version: 1.00.0000 - Vimicro Corporation)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebFilteringEngine (Version: 2.2.1.0 - Lavasoft) Hidden
WIDCOMM Bluetooth Software 6.0.1.6300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6300 - WIDCOMM, Inc.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\1AF5F143058CA8C5C954BD408C48232FAF21A69F) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\2528966896853AC8DEC09D148A501604155972BD) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System  (10/05/2012 9.1.9.1002) (HKLM\...\AC2EE0A9AD3E95C0C675C31C13CF653A6CB3A598) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel USB  (10/05/2012 9.1.9.1002) (HKLM\...\48EC18D43DCBA26BDC1D4FFB660F86792AB475D2) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - NVIDIA Corporation (NVHDA) MEDIA  (07/03/2012 1.3.18.0) (HKLM\...\B46A8C1640335CA36A800E2C6D832964F6F58B54) (Version: 07/03/2012 1.3.18.0 - NVIDIA Corporation)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version:  - )
XviD MPEG-4 Video Codec (HKLM\...\XviD_is1) (Version: XviD-1.0.2-29082004 - XviD Team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4273118025-30497289-324835352-1004_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4273118025-30497289-324835352-1004_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4273118025-30497289-324835352-1004_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4273118025-30497289-324835352-1004_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4273118025-30497289-324835352-1004_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4273118025-30497289-324835352-1004_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File

==================== Restore Points  =========================

11-10-2014 20:12:30 Geplanter Prüfpunkt
15-10-2014 17:45:32 AA11
17-10-2014 06:43:31 Windows Update
18-10-2014 17:49:15 Windows Update
22-10-2014 08:02:45 Geplanter Prüfpunkt
24-10-2014 11:51:09 Windows Update
25-10-2014 18:48:11 Geplanter Prüfpunkt
27-10-2014 13:59:59 Geplanter Prüfpunkt
28-10-2014 12:35:00 Windows Update
30-10-2014 08:08:15 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2014-03-23 21:22 - 00078607 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E935E62-1D7B-4E30-AB0D-2807DA10CB83} - System32\Tasks\SamsungMagicDoctor => C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe [2007-07-04] (Samsung Electronics Co., Ltd.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {512087C4-C3C2-4F1C-B8D6-6D622A0A63FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {6348F453-7648-43E7-A11B-3ED4D8D0B2A7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {70123431-D3B0-44E9-8554-1A05B93730AD} - System32\Tasks\EasyDisplayMgr => C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe [2008-05-22] (SAMSUNG Electronics)
Task: {90255043-B028-41AF-B007-6EED10787515} - System32\Tasks\EasyBatteryManager => C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe [2008-04-17] (SAMSUNG Electronics co., LTD.)
Task: {C6D1C84C-0891-4E7E-B2D4-8B200E31F411} - System32\Tasks\EasySpeedUpManager => C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [2008-04-25] (Samsung Electronics Co., Ltd.)
Task: {C88CD5CB-B30A-4A91-A310-84715F1796DD} - System32\Tasks\SupBackGroundTask => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe [2010-04-20] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {FAF58D27-CFD2-46AB-9931-EA3C4C25CCB6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SupBackGroundTask.job => C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe

==================== Loaded Modules (whitelisted) =============

2011-02-09 11:33 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-10-15 12:56 - 2014-10-15 12:56 - 00656376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 13:06 - 2014-10-15 13:06 - 00087896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00107872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 10343760 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00638296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 13:05 - 2014-10-15 13:05 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 13:05 - 2014-10-15 13:05 - 01658200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00642376 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00105280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00754520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00693096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00868680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00209224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 13:05 - 2014-10-15 13:05 - 00780120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 13:05 - 2014-10-15 13:05 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00870736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 01003328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00769368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00856408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 13:05 - 2014-10-15 13:05 - 00705352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 13:05 - 2014-10-15 13:05 - 00669008 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 02363216 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 02613584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00834896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00286536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 02124120 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00998720 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00796992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 13:05 - 2014-10-15 13:05 - 00760136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00926568 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00123712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2013-12-15 22:27 - 2013-07-17 17:09 - 00135288 _____ () C:\Windows\system32\bdfwcore.dll
2014-06-03 20:29 - 2014-07-07 20:36 - 00663552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpbr.mdl
2014-06-03 20:29 - 2014-07-07 20:36 - 00478208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpdsp.mdl
2014-06-03 20:29 - 2014-07-07 20:36 - 02113536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttpph.mdl
2014-06-03 20:29 - 2014-07-07 20:36 - 01112064 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc2\ashttprbl.mdl
2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll
2008-09-12 05:03 - 2006-08-12 04:48 - 00049152 _____ () C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 02560336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2014-03-17 11:59 - 2014-03-17 11:59 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-03-17 11:58 - 2014-03-17 11:58 - 00082808 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-03-17 11:58 - 2014-03-17 11:58 - 00357752 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 07670592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 13:06 - 2014-10-15 13:06 - 00405848 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 01626432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00056632 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00870224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 13:06 - 2014-10-15 13:06 - 00641344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2014-09-24 20:15 - 2014-09-24 20:15 - 03715184 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-10 13:15 - 2014-09-10 13:15 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4CF61E54
AlternateDataStreams: C:\Users\kleine\Desktop\Klaus der kleine Pinguin [ukulele].mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-4273118025-30497289-324835352-500 - Administrator - Disabled)
Gast (S-1-5-21-4273118025-30497289-324835352-501 - Limited - Disabled)
kleine (S-1-5-21-4273118025-30497289-324835352-1003 - Administrator - Enabled) => C:\Users\kleine
UpdatusUser (S-1-5-21-4273118025-30497289-324835352-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2014 09:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 08:24:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 00:31:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 08:08:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 09:21:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ckskat.exe, Version 1.5.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 12a8
Anfangszeit: 01cff3b5e1708c02
Zeitpunkt der Beendigung: 31

Error: (10/29/2014 09:21:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ckskat.exe, Version 1.5.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1638
Anfangszeit: 01cff3b5949204e2
Zeitpunkt der Beendigung: 46

Error: (10/29/2014 09:19:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ckskat.exe, Version 1.5.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: ca0
Anfangszeit: 01cff3b56f5240a2
Zeitpunkt der Beendigung: 16

Error: (10/29/2014 09:11:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING-TO_DELETE> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (10/29/2014 07:39:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 01:15:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (10/30/2014 09:04:28 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/30/2014 09:00:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SPCA1528 Video Camera Service%%1058

Error: (10/30/2014 09:00:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (10/30/2014 08:58:44 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (10/30/2014 08:58:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.10.2014 um 20:56:56 unerwartet heruntergefahren.

Error: (10/30/2014 08:26:16 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (10/30/2014 08:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SPCA1528 Video Camera Service%%1058

Error: (10/30/2014 08:24:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (10/30/2014 08:23:00 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT-AUTORITÄT)
Description: 2147942402

Error: (10/30/2014 00:33:48 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032


Microsoft Office Sessions:
=========================
Error: (10/30/2014 09:00:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 08:24:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 00:31:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/30/2014 08:08:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 09:21:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ckskat.exe1.5.0.112a801cff3b5e1708c0231

Error: (10/29/2014 09:21:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ckskat.exe1.5.0.1163801cff3b5949204e246

Error: (10/29/2014 09:19:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ckskat.exe1.5.0.1ca001cff3b56f5240a216

Error: (10/29/2014 09:11:50 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\KLEINE\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\1QV2WD4L.DEFAULT\SAFEBROWSING-TO_DELETE

Error: (10/29/2014 07:39:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/29/2014 01:15:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-03-04 21:09:14.349
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:09:14.337
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:09:12.650
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:09:12.639
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:09:12.024
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:09:12.022
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:08:24.394
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:08:24.391
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:08:22.987
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-03-04 21:08:22.976
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 3065.87 MB
Available physical RAM: 1567.84 MB
Total Pagefile: 6356.14 MB
Available Pagefile: 4988.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.09 GB) (Free:19.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:144 GB) (Free:143.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 0201FF32)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=144.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2014 01
Ran by kleine (administrator) on KLEINE-PC on 30-10-2014 21:17:28
Running from C:\Users\kleine\Desktop
Loaded Profiles: kleine & UpdatusUser (Available profiles: kleine & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [7670592 2014-10-15] ()
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-4273118025-30497289-324835352-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Cliqz Beta - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\Extensions\cliqz@cliqz.com.xpi [2014-10-30]
FF Extension: CookieCuller - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-03-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-24]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\kleine\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [656376 2014-10-15] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-05-23] (Intel(R) Corporation) [File not signed]
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 wtmprovhost; C:\Windows\system32\VAN32.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [77192 2013-07-17] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2013-07-17] (BitDefender LLC)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-01] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 21:17 - 2014-10-30 21:18 - 00013628 _____ () C:\Users\kleine\Desktop\FRST.txt
2014-10-30 21:17 - 2014-10-30 21:17 - 00000000 ____D () C:\FRST
2014-10-30 21:16 - 2014-10-30 21:16 - 01105408 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe
2014-10-30 21:12 - 2014-10-30 21:13 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log
2014-10-30 21:12 - 2014-10-30 21:12 - 00000000 _____ () C:\Users\kleine\defogger_reenable
2014-10-30 21:11 - 2014-10-30 21:11 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe
2014-10-29 21:28 - 2014-10-29 21:28 - 00000924 _____ () C:\Users\kleine\Desktop\Skat XXL.lnk
2014-10-29 21:26 - 2014-10-29 21:26 - 00000000 ____D () C:\Users\kleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaGlobe
2014-10-29 21:25 - 2014-10-29 21:25 - 00000000 ____D () C:\Program Files\Meglo
2014-10-29 21:25 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-10-29 21:25 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-10-29 21:23 - 2014-10-29 21:23 - 01125200 _____ () C:\Users\kleine\Desktop\Skat XXL - CHIP-Installer.exe
2014-10-24 07:52 - 2014-10-24 07:53 - 00204416 _____ () C:\Windows\Minidump\Mini102414-01.dmp
2014-10-18 19:10 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 19:10 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 19:10 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-18 19:04 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 18:55 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-18 18:50 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 07:50 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 07:50 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 07:50 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-17 07:50 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 07:50 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-17 07:49 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 07:49 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 07:49 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 07:49 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 07:49 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 07:49 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 07:49 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-17 07:49 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 07:49 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 07:49 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-17 07:49 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 07:49 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-17 07:49 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:47 - 2014-10-15 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-15 18:46 - 2014-10-15 18:46 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-15 18:44 - 2014-10-15 18:44 - 02806920 _____ () C:\Users\kleine\Downloads\Adaware_Installer(6).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 21:15 - 2012-04-21 18:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-30 21:15 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 21:15 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 21:12 - 2008-12-17 00:53 - 00000000 ____D () C:\Users\kleine
2014-10-30 21:05 - 2006-11-02 11:33 - 00271572 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-30 21:04 - 2009-02-08 14:35 - 01768695 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 21:00 - 2013-05-27 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-10-30 20:59 - 2013-12-15 22:27 - 00002204 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-10-30 20:58 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 13:35 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-30 13:35 - 2006-11-02 14:01 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-24 07:52 - 2013-06-24 19:57 - 234298996 _____ () C:\Windows\MEMORY.DMP
2014-10-24 07:52 - 2013-06-24 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-21 20:26 - 2012-11-20 21:32 - 00000000 ____D () C:\Users\kleine\Desktop\ebay
2014-10-20 20:18 - 2009-02-18 18:57 - 00000000 ____D () C:\Users\kleine\Desktop\Corvin
2014-10-18 20:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-18 19:30 - 2013-05-27 07:59 - 00394616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 19:02 - 2013-07-16 22:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 18:55 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-13 19:17 - 2008-12-16 18:38 - 00045568 _____ () C:\Users\kleine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-02 14:53 - 2009-10-03 23:07 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\kleine\AppData\Local\temp\Install_HOSTS_Anti-Adware.exe
C:\Users\kleine\AppData\Local\temp\sdanircmdc.exe
C:\Users\kleine\AppData\Local\temp\sdapskill.exe
C:\Users\kleine\AppData\Local\temp\sdaspwn.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-30 21:07

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:12 on 30/10/2014 (kleine)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-10-30 21:42:34
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.FB4O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\kleine\AppData\Local\Temp\awdiipod.sys


---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                          bdftdif.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                          bdftdif.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b                      
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                            unknown MBR code

---- EOF - GMER 2.1 ----

schrauber · 30.10.2014, 22:19

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

corvin · 30.10.2014, 23:04

Code:

ATTFilter

23:02:15.0032 0x0ff0  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
23:02:24.0782 0x0ff0  ============================================================
23:02:24.0782 0x0ff0  Current date / time: 2014/10/30 23:02:24.0782
23:02:24.0782 0x0ff0  SystemInfo:
23:02:24.0782 0x0ff0  
23:02:24.0782 0x0ff0  OS Version: 6.0.6002 ServicePack: 2.0
23:02:24.0782 0x0ff0  Product type: Workstation
23:02:24.0782 0x0ff0  ComputerName: KLEINE-PC
23:02:24.0782 0x0ff0  UserName: kleine
23:02:24.0782 0x0ff0  Windows directory: C:\Windows
23:02:24.0782 0x0ff0  System windows directory: C:\Windows
23:02:24.0782 0x0ff0  Processor architecture: Intel x86
23:02:24.0782 0x0ff0  Number of processors: 2
23:02:24.0782 0x0ff0  Page size: 0x1000
23:02:24.0782 0x0ff0  Boot type: Normal boot
23:02:24.0782 0x0ff0  ============================================================
23:02:24.0984 0x0ff0  KLMD registered as C:\Windows\system32\drivers\48900581.sys
23:02:25.0390 0x0ff0  System UUID: {BE78AAD3-2749-B90D-C1E2-4A5D31E59055}
23:02:25.0967 0x0ff0  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:02:25.0983 0x0ff0  ============================================================
23:02:25.0983 0x0ff0  \Device\Harddisk0\DR0:
23:02:25.0983 0x0ff0  MBR partitions:
23:02:25.0983 0x0ff0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
23:02:25.0983 0x0ff0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
23:02:25.0983 0x0ff0  ============================================================
23:02:26.0014 0x0ff0  C: <-> \Device\Harddisk0\DR0\Partition1
23:02:26.0061 0x0ff0  D: <-> \Device\Harddisk0\DR0\Partition2
23:02:26.0061 0x0ff0  ============================================================
23:02:26.0061 0x0ff0  Initialize success
23:02:26.0061 0x0ff0  ============================================================
23:03:11.0550 0x16c0  ============================================================
23:03:11.0550 0x16c0  Scan started
23:03:11.0550 0x16c0  Mode: Manual; SigCheck; TDLFS; 
23:03:11.0550 0x16c0  ============================================================
23:03:11.0550 0x16c0  KSN ping started
23:03:11.0769 0x16c0  KSN ping finished: true
23:03:12.0424 0x16c0  ================ Scan system memory ========================
23:03:12.0424 0x16c0  System memory - ok
23:03:12.0424 0x16c0  ================ Scan services =============================
23:03:12.0549 0x16c0  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:03:12.0658 0x16c0  ACDaemon - ok
23:03:12.0876 0x16c0  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:03:12.0908 0x16c0  ACPI - ok
23:03:12.0986 0x16c0  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:03:13.0017 0x16c0  AdobeARMservice - ok
23:03:13.0095 0x16c0  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:03:13.0157 0x16c0  AdobeFlashPlayerUpdateSvc - ok
23:03:13.0220 0x16c0  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:03:13.0266 0x16c0  adp94xx - ok
23:03:13.0282 0x16c0  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:03:13.0329 0x16c0  adpahci - ok
23:03:13.0344 0x16c0  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:03:13.0376 0x16c0  adpu160m - ok
23:03:13.0391 0x16c0  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:03:13.0422 0x16c0  adpu320 - ok
23:03:13.0454 0x16c0  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:03:13.0485 0x16c0  AeLookupSvc - ok
23:03:13.0563 0x16c0  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc             C:\Windows\system32\drivers\Afc.sys
23:03:13.0578 0x16c0  Afc - ok
23:03:13.0641 0x16c0  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
23:03:13.0703 0x16c0  AFD - ok
23:03:13.0797 0x16c0  [ CE91B158FA490CF4C4D487A4130F4660, C343AEB125B15E6FC8428499E1C48390EF5073FACB0DC9BAB9040EFB170D04A5 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
23:03:13.0953 0x16c0  AgereSoftModem - ok
23:03:13.0984 0x16c0  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:03:14.0031 0x16c0  agp440 - ok
23:03:14.0046 0x16c0  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:03:14.0078 0x16c0  aic78xx - ok
23:03:14.0109 0x16c0  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
23:03:14.0156 0x16c0  ALG - ok
23:03:14.0171 0x16c0  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
23:03:14.0218 0x16c0  aliide - ok
23:03:14.0234 0x16c0  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:03:14.0265 0x16c0  amdagp - ok
23:03:14.0280 0x16c0  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
23:03:14.0296 0x16c0  amdide - ok
23:03:14.0312 0x16c0  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:03:14.0358 0x16c0  AmdK7 - ok
23:03:14.0374 0x16c0  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:03:14.0405 0x16c0  AmdK8 - ok
23:03:14.0468 0x16c0  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
23:03:14.0499 0x16c0  Appinfo - ok
23:03:14.0577 0x16c0  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
23:03:14.0592 0x16c0  arc - ok
23:03:14.0624 0x16c0  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:03:14.0655 0x16c0  arcsas - ok
23:03:14.0764 0x16c0  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:03:14.0795 0x16c0  aspnet_state - ok
23:03:14.0826 0x16c0  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:14.0889 0x16c0  AsyncMac - ok
23:03:14.0920 0x16c0  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
23:03:14.0951 0x16c0  atapi - ok
23:03:15.0014 0x16c0  [ 91E15B0A1D6F7B99ACE55D04C6D1544A, 23988261D07D009437F6AD78641E44E690058E85A5C81568DAE999679EE58112 ] athr            C:\Windows\system32\DRIVERS\athr.sys
23:03:15.0138 0x16c0  athr - ok
23:03:15.0232 0x16c0  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:03:15.0279 0x16c0  AudioEndpointBuilder - ok
23:03:15.0294 0x16c0  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:03:15.0341 0x16c0  Audiosrv - ok
23:03:15.0388 0x16c0  [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
23:03:15.0450 0x16c0  bcm4sbxp - ok
23:03:15.0544 0x16c0  [ 2C8F82DC54215B2FE064EFF996F39D9B, E9AFA01BEE2ED70088EE2F2C0DCBBAB7089ED330054CE53F8F88E85B9B2607DD ] BdfNdisf        c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys
23:03:15.0575 0x16c0  BdfNdisf - ok
23:03:15.0622 0x16c0  [ FECAB9DB67CD8C4E4D6FA12B27370BC3, 68CD397ECE2D054D15E7DCBEF62F82A3AAD672FE3583CC24EAD54399CB02494A ] bdftdif         C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys
23:03:15.0653 0x16c0  bdftdif - ok
23:03:15.0669 0x16c0  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:03:15.0716 0x16c0  Beep - ok
23:03:15.0778 0x16c0  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
23:03:15.0840 0x16c0  BFE - ok
23:03:15.0934 0x16c0  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
23:03:16.0059 0x16c0  BITS - ok
23:03:16.0106 0x16c0  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:03:16.0168 0x16c0  blbdrive - ok
23:03:16.0293 0x16c0  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:03:16.0355 0x16c0  Bonjour Service - ok
23:03:16.0402 0x16c0  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:03:16.0449 0x16c0  bowser - ok
23:03:16.0480 0x16c0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:03:16.0527 0x16c0  BrFiltLo - ok
23:03:16.0558 0x16c0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:03:16.0589 0x16c0  BrFiltUp - ok
23:03:16.0636 0x16c0  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
23:03:16.0683 0x16c0  Browser - ok
23:03:16.0714 0x16c0  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:03:16.0808 0x16c0  Brserid - ok
23:03:16.0823 0x16c0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:03:16.0917 0x16c0  BrSerWdm - ok
23:03:16.0932 0x16c0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:03:17.0010 0x16c0  BrUsbMdm - ok
23:03:17.0026 0x16c0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:03:17.0120 0x16c0  BrUsbSer - ok
23:03:17.0151 0x16c0  [ DA7B195275BDA7F8FCF79B40E0F45DDE, 1346E9221FD6A1DA27F0BC4F3CF5AFA60B3419931B32468107028BCD4232A708 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
23:03:17.0182 0x16c0  BthEnum - ok
23:03:17.0198 0x16c0  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:03:17.0291 0x16c0  BTHMODEM - ok
23:03:17.0322 0x16c0  [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:03:17.0385 0x16c0  BthPan - ok
23:03:17.0416 0x16c0  [ 73D53F8E90550BA81E2CF44A0873B410, 2E73A2FCF668F1F18928A293A74370BF3D6DC0208D010D10FD5335DFA3706906 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
23:03:17.0463 0x16c0  BTHPORT - ok
23:03:17.0510 0x16c0  [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ         C:\Windows\System32\bthserv.dll
23:03:17.0541 0x16c0  BthServ - ok
23:03:17.0572 0x16c0  [ 32045A4BB143BBC5BAB1298C4E9E309A, 4009AE2D186746E076CF254FD3653AA4B07182521B772CF2825A3BBDEF4288FB ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
23:03:17.0603 0x16c0  BTHUSB - ok
23:03:17.0666 0x16c0  [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1, 4AF75222BF49EBFA93C98DF206D715DFE2B5EB742BDE06622256F628A756AAD6 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
23:03:17.0697 0x16c0  btwaudio - ok
23:03:17.0728 0x16c0  [ 195872E48A7FB01F8BC9B800F70F4054, 5F37D7CE44F00791241911BA1E77AD5DAD22C08584F19367BBE27BBFA3484616 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
23:03:17.0759 0x16c0  btwavdt - ok
23:03:17.0790 0x16c0  [ 0724E7D6C9B6A289EDDDA33FA8176E80, 836BFED3A4A374AB1C699D950D87A0709F529FD65B860890699584640490DBE8 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
23:03:17.0822 0x16c0  btwrchid - ok
23:03:17.0868 0x16c0  [ A775A7DC5F5D121E566F5F12B341E0EE, 67D64CCF69DCF25EC000341656C820218E761808DF2C1708DA8F241C4F001C3F ] Bulk1528        C:\Windows\system32\Drivers\Bulk1528.sys
23:03:17.0915 0x16c0  Bulk1528 - ok
23:03:17.0962 0x16c0  [ 94BF1CD4CDF4B02BE835D78CA5104734, 69EDDC10B1ED94E90C4BBEDA7F7585C20E7C58D2947AF438C5863572FF1CFCE4 ] Ca1528av        C:\Windows\system32\Drivers\Ca1528av.sys
23:03:18.0040 0x16c0  Ca1528av - ok
23:03:18.0102 0x16c0  catchme - ok
23:03:18.0134 0x16c0  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:03:18.0180 0x16c0  cdfs - ok
23:03:18.0227 0x16c0  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:03:18.0290 0x16c0  cdrom - ok
23:03:18.0321 0x16c0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
23:03:18.0352 0x16c0  CertPropSvc - ok
23:03:18.0383 0x16c0  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:03:18.0414 0x16c0  circlass - ok
23:03:18.0477 0x16c0  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
23:03:18.0508 0x16c0  CLFS - ok
23:03:18.0602 0x16c0  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:18.0633 0x16c0  clr_optimization_v2.0.50727_32 - ok
23:03:18.0680 0x16c0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:18.0758 0x16c0  clr_optimization_v4.0.30319_32 - ok
23:03:18.0820 0x16c0  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:03:18.0867 0x16c0  CmBatt - ok
23:03:18.0882 0x16c0  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:03:18.0914 0x16c0  cmdide - ok
23:03:18.0945 0x16c0  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:03:18.0976 0x16c0  Compbatt - ok
23:03:18.0976 0x16c0  COMSysApp - ok
23:03:18.0992 0x16c0  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:03:19.0007 0x16c0  crcdisk - ok
23:03:19.0023 0x16c0  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:03:19.0070 0x16c0  Crusoe - ok
23:03:19.0132 0x16c0  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:03:19.0163 0x16c0  CryptSvc - ok
23:03:19.0241 0x16c0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:03:19.0304 0x16c0  DcomLaunch - ok
23:03:19.0350 0x16c0  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:03:19.0382 0x16c0  DfsC - ok
23:03:19.0538 0x16c0  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
23:03:19.0912 0x16c0  DFSR - ok
23:03:20.0021 0x16c0  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:03:20.0084 0x16c0  Dhcp - ok
23:03:20.0130 0x16c0  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
23:03:20.0177 0x16c0  disk - ok
23:03:20.0224 0x16c0  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:03:20.0271 0x16c0  Dnscache - ok
23:03:20.0318 0x16c0  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
23:03:20.0411 0x16c0  dot3svc - ok
23:03:20.0442 0x16c0  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
23:03:20.0505 0x16c0  DPS - ok
23:03:20.0552 0x16c0  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:03:20.0567 0x16c0  drmkaud - ok
23:03:20.0614 0x16c0  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:03:20.0676 0x16c0  DXGKrnl - ok
23:03:20.0723 0x16c0  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:03:20.0770 0x16c0  E1G60 - ok
23:03:20.0801 0x16c0  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
23:03:20.0832 0x16c0  EapHost - ok
23:03:20.0895 0x16c0  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:03:20.0926 0x16c0  Ecache - ok
23:03:21.0004 0x16c0  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:03:21.0051 0x16c0  ehRecvr - ok
23:03:21.0066 0x16c0  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
23:03:21.0113 0x16c0  ehSched - ok
23:03:21.0129 0x16c0  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
23:03:21.0144 0x16c0  ehstart - ok
23:03:21.0191 0x16c0  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:03:21.0238 0x16c0  elxstor - ok
23:03:21.0285 0x16c0  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:03:21.0347 0x16c0  EMDMgmt - ok
23:03:21.0378 0x16c0  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:03:21.0425 0x16c0  ErrDev - ok
23:03:21.0472 0x16c0  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
23:03:21.0519 0x16c0  EventSystem - ok
23:03:21.0612 0x16c0  [ 87BFD4EF2F43399DA37B48B42A84A749, DCD62246CBD60708C0F97F403F557410FBD09E726A1FA2F87351EB38F5A32CC8 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:03:21.0690 0x16c0  EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
23:03:21.0909 0x16c0  Detect skipped due to KSN trusted
23:03:21.0909 0x16c0  EvtEng - ok
23:03:21.0987 0x16c0  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:03:22.0034 0x16c0  exfat - ok
23:03:22.0080 0x16c0  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:03:22.0112 0x16c0  fastfat - ok
23:03:22.0143 0x16c0  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:03:22.0174 0x16c0  fdc - ok
23:03:22.0205 0x16c0  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
23:03:22.0236 0x16c0  fdPHost - ok
23:03:22.0252 0x16c0  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:03:22.0314 0x16c0  FDResPub - ok
23:03:22.0346 0x16c0  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:03:22.0361 0x16c0  FileInfo - ok
23:03:22.0377 0x16c0  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:03:22.0424 0x16c0  Filetrace - ok
23:03:22.0439 0x16c0  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:03:22.0486 0x16c0  flpydisk - ok
23:03:22.0517 0x16c0  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:03:22.0548 0x16c0  FltMgr - ok
23:03:22.0658 0x16c0  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
23:03:22.0736 0x16c0  FontCache - ok
23:03:22.0814 0x16c0  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:03:22.0845 0x16c0  FontCache3.0.0.0 - ok
23:03:22.0876 0x16c0  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:03:22.0907 0x16c0  Fs_Rec - ok
23:03:22.0938 0x16c0  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:03:22.0970 0x16c0  gagp30kx - ok
23:03:23.0032 0x16c0  [ 483924F92E55A5F9423201EC635E2CED, FEDAC3616709F081A0FA48E2BF521CBCC35E11E523EBADDEACA7308AD14338B3 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
23:03:23.0063 0x16c0  gfibto - ok
23:03:23.0141 0x16c0  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
23:03:23.0266 0x16c0  gpsvc - ok
23:03:23.0375 0x16c0  [ 3B5CA8EB6748D234F117AB203491F6F9, C554FC454214599831FB73448A0044ED145CB19B8F3008A78448B25145AEDA6E ] gzflt           C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys
23:03:23.0422 0x16c0  gzflt - ok
23:03:23.0469 0x16c0  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:03:23.0562 0x16c0  HdAudAddService - ok
23:03:23.0625 0x16c0  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:03:23.0687 0x16c0  HDAudBus - ok
23:03:23.0703 0x16c0  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:03:23.0765 0x16c0  HidBth - ok
23:03:23.0781 0x16c0  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:03:23.0843 0x16c0  HidIr - ok
23:03:23.0874 0x16c0  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
23:03:23.0890 0x16c0  hidserv - ok
23:03:23.0921 0x16c0  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:03:23.0968 0x16c0  HidUsb - ok
23:03:23.0999 0x16c0  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:03:24.0030 0x16c0  hkmsvc - ok
23:03:24.0046 0x16c0  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:03:24.0062 0x16c0  HpCISSs - ok
23:03:24.0124 0x16c0  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:03:24.0171 0x16c0  HTTP - ok
23:03:24.0218 0x16c0  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:03:24.0233 0x16c0  i2omp - ok
23:03:24.0264 0x16c0  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:03:24.0311 0x16c0  i8042prt - ok
23:03:24.0389 0x16c0  [ 496DB78E6A0C4C44023D9A92B4A7AC31, 2B44213C39F05090D2057E3A21C1718DFC4478E976D44255B6FA5C3B8CF20FFF ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:03:24.0686 0x16c0  ialm - ok
23:03:24.0748 0x16c0  [ 3E349157986C533E3CBEB8C1E17290BB, 1DEB9C8829D95FCB9DFA26169E64C2F26E09BDDB98416368A031F7D6C5630F5B ] iaNvStor        C:\Windows\system32\DRIVERS\iaNvStor.sys
23:03:24.0779 0x16c0  iaNvStor - ok
23:03:24.0826 0x16c0  [ ABFEBC5F846C71AFEBD7F8F6BA740C03, 3BD7EA27EC21A7A9BE544A11E5A284DF00FFB3E2554DDBE113802153D62DFDEF ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:03:24.0873 0x16c0  iaStor - ok
23:03:24.0904 0x16c0  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:03:24.0951 0x16c0  iaStorV - ok
23:03:25.0060 0x16c0  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:03:25.0138 0x16c0  idsvc - ok
23:03:25.0169 0x16c0  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:03:25.0200 0x16c0  iirsp - ok
23:03:25.0263 0x16c0  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:03:25.0325 0x16c0  IKEEXT - ok
23:03:25.0481 0x16c0  [ FFD2B3BC042596ABE785D3C15F51AB46, C2CA6E15FE95ADE211325CA907FBC213DB3B5E871DBD22CC485837FAB4E9BCEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:03:25.0622 0x16c0  IntcAzAudAddService - ok
23:03:25.0684 0x16c0  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
23:03:25.0700 0x16c0  intelide - ok
23:03:25.0715 0x16c0  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:03:25.0762 0x16c0  intelppm - ok
23:03:25.0778 0x16c0  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:03:25.0824 0x16c0  IPBusEnum - ok
23:03:25.0840 0x16c0  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:25.0871 0x16c0  IpFilterDriver - ok
23:03:25.0918 0x16c0  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:03:25.0949 0x16c0  iphlpsvc - ok
23:03:25.0949 0x16c0  IpInIp - ok
23:03:25.0965 0x16c0  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:03:25.0996 0x16c0  IPMIDRV - ok
23:03:26.0012 0x16c0  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:03:26.0058 0x16c0  IPNAT - ok
23:03:26.0074 0x16c0  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:03:26.0105 0x16c0  IRENUM - ok
23:03:26.0121 0x16c0  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:03:26.0152 0x16c0  isapnp - ok
23:03:26.0183 0x16c0  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:03:26.0214 0x16c0  iScsiPrt - ok
23:03:26.0230 0x16c0  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:03:26.0246 0x16c0  iteatapi - ok
23:03:26.0277 0x16c0  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:03:26.0292 0x16c0  iteraid - ok
23:03:26.0308 0x16c0  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:03:26.0324 0x16c0  kbdclass - ok
23:03:26.0339 0x16c0  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:03:26.0370 0x16c0  kbdhid - ok
23:03:26.0417 0x16c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
23:03:26.0448 0x16c0  KeyIso - ok
23:03:26.0480 0x16c0  [ EBC507F129DF8F0E0CA270DCFC0CF87F, 232E2C4118A3177019E111E23D02F669338AE251308DE9BEDE3869C1208D7F0B ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
23:03:26.0495 0x16c0  KMDFMEMIO - ok
23:03:26.0558 0x16c0  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:03:26.0604 0x16c0  KSecDD - ok
23:03:26.0651 0x16c0  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:03:26.0714 0x16c0  KtmRm - ok
23:03:26.0776 0x16c0  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:03:26.0807 0x16c0  LanmanServer - ok
23:03:26.0854 0x16c0  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:03:26.0901 0x16c0  LanmanWorkstation - ok
23:03:27.0057 0x16c0  [ 0A56C39219BB64CF9C827072884B6695, FE7E6D33C5338B37AF6ABF251E7689877A9539457F8F0E8470292100E0635655 ] LavasoftAdAwareService11 C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
23:03:27.0135 0x16c0  LavasoftAdAwareService11 - ok
23:03:27.0166 0x16c0  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:03:27.0197 0x16c0  lltdio - ok
23:03:27.0244 0x16c0  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:03:27.0291 0x16c0  lltdsvc - ok
23:03:27.0306 0x16c0  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:03:27.0369 0x16c0  lmhosts - ok
23:03:27.0400 0x16c0  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:03:27.0416 0x16c0  LSI_FC - ok
23:03:27.0431 0x16c0  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:03:27.0462 0x16c0  LSI_SAS - ok
23:03:27.0478 0x16c0  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:03:27.0494 0x16c0  LSI_SCSI - ok
23:03:27.0525 0x16c0  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:03:27.0556 0x16c0  luafv - ok
23:03:27.0634 0x16c0  [ C58F15CD4EF79210455512CF0C449F39, 871DE4C78A85EE4E01B15B0BEB7CE187B8CE34DD28B9322856B51D2C13BBABEA ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe
23:03:27.0681 0x16c0  McComponentHostService - ok
23:03:27.0728 0x16c0  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:03:27.0743 0x16c0  Mcx2Svc - ok
23:03:27.0790 0x16c0  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
23:03:27.0806 0x16c0  megasas - ok
23:03:27.0852 0x16c0  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:03:27.0899 0x16c0  MegaSR - ok
23:03:27.0930 0x16c0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
23:03:27.0977 0x16c0  MMCSS - ok
23:03:27.0993 0x16c0  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
23:03:28.0040 0x16c0  Modem - ok
23:03:28.0071 0x16c0  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:03:28.0118 0x16c0  monitor - ok
23:03:28.0133 0x16c0  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:03:28.0164 0x16c0  mouclass - ok
23:03:28.0180 0x16c0  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:03:28.0227 0x16c0  mouhid - ok
23:03:28.0242 0x16c0  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:03:28.0274 0x16c0  MountMgr - ok
23:03:28.0336 0x16c0  [ A5F6ADC56FA516594E99C328A7E7FD54, 6FB011B00B8AB085F3083E967B89BBFCA1AC7677407E9E72AD582CCC8212D136 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:03:28.0367 0x16c0  MozillaMaintenance - ok
23:03:28.0414 0x16c0  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:03:28.0445 0x16c0  mpio - ok
23:03:28.0461 0x16c0  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:03:28.0492 0x16c0  mpsdrv - ok
23:03:28.0554 0x16c0  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:03:28.0601 0x16c0  MpsSvc - ok
23:03:28.0617 0x16c0  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:03:28.0632 0x16c0  Mraid35x - ok
23:03:28.0679 0x16c0  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:03:28.0695 0x16c0  MRxDAV - ok
23:03:28.0742 0x16c0  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:28.0773 0x16c0  mrxsmb - ok
23:03:28.0804 0x16c0  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:28.0835 0x16c0  mrxsmb10 - ok
23:03:28.0851 0x16c0  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:28.0866 0x16c0  mrxsmb20 - ok
23:03:28.0913 0x16c0  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:03:28.0929 0x16c0  msahci - ok
23:03:28.0944 0x16c0  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:03:28.0976 0x16c0  msdsm - ok
23:03:28.0991 0x16c0  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
23:03:29.0022 0x16c0  MSDTC - ok
23:03:29.0054 0x16c0  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:03:29.0085 0x16c0  Msfs - ok
23:03:29.0100 0x16c0  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:03:29.0132 0x16c0  msisadrv - ok
23:03:29.0147 0x16c0  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:03:29.0194 0x16c0  MSiSCSI - ok
23:03:29.0194 0x16c0  msiserver - ok
23:03:29.0241 0x16c0  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:03:29.0272 0x16c0  MSKSSRV - ok
23:03:29.0288 0x16c0  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:29.0319 0x16c0  MSPCLOCK - ok
23:03:29.0334 0x16c0  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:03:29.0366 0x16c0  MSPQM - ok
23:03:29.0412 0x16c0  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:03:29.0444 0x16c0  MsRPC - ok
23:03:29.0459 0x16c0  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:03:29.0475 0x16c0  mssmbios - ok
23:03:29.0490 0x16c0  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:03:29.0537 0x16c0  MSTEE - ok
23:03:29.0553 0x16c0  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:03:29.0584 0x16c0  Mup - ok
23:03:29.0615 0x16c0  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
23:03:29.0678 0x16c0  napagent - ok
23:03:29.0740 0x16c0  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:03:29.0771 0x16c0  NativeWifiP - ok
23:03:29.0849 0x16c0  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:03:29.0912 0x16c0  NDIS - ok
23:03:29.0943 0x16c0  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:29.0990 0x16c0  NdisTapi - ok
23:03:30.0005 0x16c0  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:30.0052 0x16c0  Ndisuio - ok
23:03:30.0099 0x16c0  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:30.0146 0x16c0  NdisWan - ok
23:03:30.0177 0x16c0  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:03:30.0208 0x16c0  NDProxy - ok
23:03:30.0224 0x16c0  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:03:30.0255 0x16c0  NetBIOS - ok
23:03:30.0302 0x16c0  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:03:30.0348 0x16c0  netbt - ok
23:03:30.0364 0x16c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
23:03:30.0380 0x16c0  Netlogon - ok
23:03:30.0411 0x16c0  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
23:03:30.0458 0x16c0  Netman - ok
23:03:30.0520 0x16c0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:03:30.0551 0x16c0  NetMsmqActivator - ok
23:03:30.0567 0x16c0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:03:30.0598 0x16c0  NetPipeActivator - ok
23:03:30.0629 0x16c0  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
23:03:30.0676 0x16c0  netprofm - ok
23:03:30.0692 0x16c0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:03:30.0723 0x16c0  NetTcpActivator - ok
23:03:30.0738 0x16c0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:03:30.0770 0x16c0  NetTcpPortSharing - ok
23:03:30.0879 0x16c0  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
23:03:31.0097 0x16c0  NETw3v32 - ok
23:03:31.0128 0x16c0  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:03:31.0144 0x16c0  nfrd960 - ok
23:03:31.0175 0x16c0  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:03:31.0222 0x16c0  NlaSvc - ok
23:03:31.0253 0x16c0  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:03:31.0284 0x16c0  Npfs - ok
23:03:31.0300 0x16c0  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
23:03:31.0331 0x16c0  nsi - ok
23:03:31.0331 0x16c0  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:03:31.0378 0x16c0  nsiproxy - ok
23:03:31.0472 0x16c0  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:03:31.0534 0x16c0  Ntfs - ok
23:03:31.0565 0x16c0  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:03:31.0628 0x16c0  ntrigdigi - ok
23:03:31.0643 0x16c0  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
23:03:31.0674 0x16c0  Null - ok
23:03:31.0721 0x16c0  [ 77F9F9A199B87FE3F852E12F5419240B, BE9C05F2AC12BB41EC71A596039F2116E5A0F454D32E5A618112296721001473 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
23:03:31.0752 0x16c0  NVHDA - ok
23:03:32.0298 0x16c0  [ FEB5B1A18C47D17FB04B136B93B989E1, 5FCC70709FBFC29354D03BE4F6CBE05F82A95D77B4562799E4DB5C061DE68FDF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:03:32.0938 0x16c0  nvlddmkm - ok
23:03:33.0032 0x16c0  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:03:33.0047 0x16c0  nvraid - ok
23:03:33.0125 0x16c0  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:03:33.0156 0x16c0  nvstor - ok
23:03:33.0219 0x16c0  [ 972AFB839B7DE047B839847C7B7D4B0D, 0259F226F8B989B9080161EBC34B0F08F601BB9E9EA1A5DEE79F40577D7A149C ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:03:33.0281 0x16c0  nvsvc - ok
23:03:33.0422 0x16c0  [ 5D78F1041BFB872F9227DF8EF58C8527, 854E57476872D3AC66C3C37111408A69562641DF294D6632AC1D64CBFA2B45B0 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:03:33.0500 0x16c0  nvUpdatusService - ok
23:03:33.0531 0x16c0  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:03:33.0562 0x16c0  nv_agp - ok
23:03:33.0562 0x16c0  NwlnkFlt - ok
23:03:33.0578 0x16c0  NwlnkFwd - ok
23:03:33.0609 0x16c0  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:03:33.0640 0x16c0  ohci1394 - ok
23:03:33.0687 0x16c0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:03:33.0718 0x16c0  ose - ok
23:03:33.0796 0x16c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:03:33.0843 0x16c0  p2pimsvc - ok
23:03:33.0858 0x16c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:03:33.0905 0x16c0  p2psvc - ok
23:03:33.0936 0x16c0  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
23:03:34.0014 0x16c0  Parport - ok
23:03:34.0061 0x16c0  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:03:34.0092 0x16c0  partmgr - ok
23:03:34.0092 0x16c0  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:03:34.0170 0x16c0  Parvdm - ok
23:03:34.0202 0x16c0  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:03:34.0233 0x16c0  PcaSvc - ok
23:03:34.0280 0x16c0  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
23:03:34.0311 0x16c0  pci - ok
23:03:34.0326 0x16c0  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:03:34.0342 0x16c0  pciide - ok
23:03:34.0373 0x16c0  [ B7C5A8769541900F6DFA6FE0C5E4D513, 1885FE8AE9D6929E8B43D674B43B7B3FEAA25AF6E45973A0B49CBA7B9CBA34C4 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:03:34.0404 0x16c0  pcmcia - ok
23:03:34.0451 0x16c0  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:03:34.0545 0x16c0  PEAUTH - ok
23:03:34.0794 0x16c0  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
23:03:34.0950 0x16c0  pla - ok
23:03:35.0028 0x16c0  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:03:35.0075 0x16c0  PlugPlay - ok
23:03:35.0122 0x16c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:03:35.0169 0x16c0  PNRPAutoReg - ok
23:03:35.0200 0x16c0  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:03:35.0247 0x16c0  PNRPsvc - ok
23:03:35.0309 0x16c0  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:03:35.0356 0x16c0  PolicyAgent - ok
23:03:35.0387 0x16c0  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:03:35.0434 0x16c0  PptpMiniport - ok
23:03:35.0450 0x16c0  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
23:03:35.0481 0x16c0  Processor - ok
23:03:35.0528 0x16c0  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
23:03:35.0559 0x16c0  ProfSvc - ok
23:03:35.0574 0x16c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
23:03:35.0590 0x16c0  ProtectedStorage - ok
23:03:35.0637 0x16c0  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:03:35.0668 0x16c0  PSched - ok
23:03:35.0699 0x16c0  [ 68B57D7C11277EA89F78255480376B4D, 5530B58126BF33E6BCDED99C73C41B90BA148587BDA3866FD4DAD12035B302B5 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_x86.sys
23:03:35.0715 0x16c0  PSI - ok
23:03:35.0793 0x16c0  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:03:35.0855 0x16c0  ql2300 - ok
23:03:35.0902 0x16c0  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:03:35.0918 0x16c0  ql40xx - ok
23:03:35.0949 0x16c0  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
23:03:35.0996 0x16c0  QWAVE - ok
23:03:36.0027 0x16c0  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:03:36.0058 0x16c0  QWAVEdrv - ok
23:03:36.0074 0x16c0  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:03:36.0120 0x16c0  RasAcd - ok
23:03:36.0152 0x16c0  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
23:03:36.0198 0x16c0  RasAuto - ok
23:03:36.0214 0x16c0  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:03:36.0261 0x16c0  Rasl2tp - ok
23:03:36.0308 0x16c0  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
23:03:36.0354 0x16c0  RasMan - ok
23:03:36.0401 0x16c0  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:03:36.0432 0x16c0  RasPppoe - ok
23:03:36.0464 0x16c0  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:03:36.0495 0x16c0  RasSstp - ok
23:03:36.0526 0x16c0  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:03:36.0573 0x16c0  rdbss - ok
23:03:36.0604 0x16c0  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:03:36.0666 0x16c0  RDPCDD - ok
23:03:36.0698 0x16c0  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:03:36.0760 0x16c0  rdpdr - ok
23:03:36.0760 0x16c0  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:03:36.0807 0x16c0  RDPENCDD - ok
23:03:36.0838 0x16c0  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:03:36.0869 0x16c0  RDPWD - ok
23:03:36.0947 0x16c0  [ 3C109EFD0CEF1B540ED3C7F573594BFD, 3AAC865732972E19CD2583209D047D176259A7CB0E8ACEB1E6D91DB82A58DCA7 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:03:37.0010 0x16c0  RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
23:03:37.0228 0x16c0  Detect skipped due to KSN trusted
23:03:37.0228 0x16c0  RegSrvc - ok
23:03:37.0275 0x16c0  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:03:37.0337 0x16c0  RemoteAccess - ok
23:03:37.0384 0x16c0  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:03:37.0431 0x16c0  RemoteRegistry - ok
23:03:37.0462 0x16c0  [ 10536B0AD6F416FC7F1149977C28CCDC, F0CE929BBA996762D59570338AC2E7DCC920E76E2E945FEB629E8EBE1B311D19 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:03:37.0493 0x16c0  RFCOMM - ok
23:03:37.0509 0x16c0  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
23:03:37.0556 0x16c0  RpcLocator - ok
23:03:37.0602 0x16c0  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
23:03:37.0680 0x16c0  RpcSs - ok
23:03:37.0727 0x16c0  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:03:37.0774 0x16c0  rspndr - ok
23:03:37.0790 0x16c0  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
23:03:37.0821 0x16c0  SamSs - ok
23:03:37.0899 0x16c0  [ A9D840FA78F65857EB554229914F855C, AC3BD980ABDAECFE7D824DF71CCBA7D84749B9AD51460D130A9AA9C7B2DE3D3E ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
23:03:37.0977 0x16c0  Samsung Update Plus - detected UnsignedFile.Multi.Generic ( 1 )
23:03:38.0195 0x16c0  Detect skipped due to KSN trusted
23:03:38.0195 0x16c0  Samsung Update Plus - ok
23:03:38.0226 0x16c0  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:03:38.0258 0x16c0  sbp2port - ok
23:03:38.0304 0x16c0  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:03:38.0367 0x16c0  SCardSvr - ok
23:03:38.0429 0x16c0  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
23:03:38.0507 0x16c0  Schedule - ok
23:03:38.0523 0x16c0  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:03:38.0570 0x16c0  SCPolicySvc - ok
23:03:38.0601 0x16c0  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:03:38.0648 0x16c0  sdbus - ok
23:03:38.0679 0x16c0  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:03:38.0710 0x16c0  SDRSVC - ok
23:03:38.0726 0x16c0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:03:38.0772 0x16c0  secdrv - ok
23:03:38.0788 0x16c0  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
23:03:38.0819 0x16c0  seclogon - ok
23:03:38.0928 0x16c0  [ 398A81D590424441B2F5C5C08073CADB, 1E064DFCC49EB0D8A4150276BF796B9DFA030C451570A170EC940F8CBAAD80F3 ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
23:03:39.0006 0x16c0  Secunia PSI Agent - ok
23:03:39.0100 0x16c0  [ 8C2D3A80FC90A860F0F24DEB67471481, CE4D17B63149C44B4CD5CB7776FD4705DC675F6D2D077D53BE15578294EBC9D4 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
23:03:39.0162 0x16c0  Secunia Update Agent - ok
23:03:39.0194 0x16c0  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
23:03:39.0225 0x16c0  SENS - ok
23:03:39.0256 0x16c0  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:03:39.0287 0x16c0  Serenum - ok
23:03:39.0318 0x16c0  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:03:39.0350 0x16c0  Serial - ok
23:03:39.0365 0x16c0  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:03:39.0412 0x16c0  sermouse - ok
23:03:39.0428 0x16c0  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:03:39.0474 0x16c0  SessionEnv - ok
23:03:39.0490 0x16c0  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:03:39.0521 0x16c0  sffdisk - ok
23:03:39.0537 0x16c0  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:03:39.0568 0x16c0  sffp_mmc - ok
23:03:39.0584 0x16c0  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:03:39.0615 0x16c0  sffp_sd - ok
23:03:39.0630 0x16c0  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:03:39.0677 0x16c0  sfloppy - ok
23:03:39.0724 0x16c0  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:03:39.0771 0x16c0  SharedAccess - ok
23:03:39.0818 0x16c0  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:03:39.0849 0x16c0  ShellHWDetection - ok
23:03:39.0880 0x16c0  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:03:39.0911 0x16c0  sisagp - ok
23:03:39.0927 0x16c0  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:03:39.0958 0x16c0  SiSRaid2 - ok
23:03:39.0974 0x16c0  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:03:40.0005 0x16c0  SiSRaid4 - ok
23:03:40.0192 0x16c0  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
23:03:40.0410 0x16c0  slsvc - ok
23:03:40.0473 0x16c0  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:03:40.0504 0x16c0  SLUINotify - ok
23:03:40.0551 0x16c0  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:03:40.0582 0x16c0  Smb - ok
23:03:40.0598 0x16c0  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:03:40.0629 0x16c0  SNMPTRAP - ok
23:03:40.0644 0x16c0  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:03:40.0676 0x16c0  spldr - ok
23:03:40.0722 0x16c0  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
23:03:40.0769 0x16c0  Spooler - ok
23:03:40.0832 0x16c0  [ 9263C8898732E2B890F7E954E7729AB7, DEBFD81E702893427972A6565A9AAA54A09B9F7F30CA9391011C6F7FB758A3F4 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
23:03:40.0863 0x16c0  SQLWriter - ok
23:03:40.0910 0x16c0  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:03:40.0941 0x16c0  srv - ok
23:03:40.0988 0x16c0  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:03:41.0019 0x16c0  srv2 - ok
23:03:41.0050 0x16c0  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:03:41.0081 0x16c0  srvnet - ok
23:03:41.0112 0x16c0  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:03:41.0159 0x16c0  SSDPSRV - ok
23:03:41.0206 0x16c0  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:03:41.0222 0x16c0  SstpSvc - ok
23:03:41.0284 0x16c0  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
23:03:41.0362 0x16c0  stisvc - ok
23:03:41.0378 0x16c0  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:03:41.0409 0x16c0  swenum - ok
23:03:41.0471 0x16c0  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
23:03:41.0534 0x16c0  swprv - ok
23:03:41.0549 0x16c0  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:03:41.0580 0x16c0  Symc8xx - ok
23:03:41.0596 0x16c0  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:03:41.0612 0x16c0  Sym_hi - ok
23:03:41.0627 0x16c0  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:03:41.0658 0x16c0  Sym_u3 - ok
23:03:41.0721 0x16c0  [ 47EB81005ACCFF4075D2A0133185429B, 8025E33778E386F0BF3E3E5A3ECE42F0BD545E4E09BC6867FCDB4FAE5B93BF6C ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:03:41.0752 0x16c0  SynTP - ok
23:03:41.0814 0x16c0  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
23:03:41.0861 0x16c0  SysMain - ok
23:03:41.0908 0x16c0  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:03:41.0924 0x16c0  TabletInputService - ok
23:03:41.0970 0x16c0  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:03:42.0002 0x16c0  TapiSrv - ok
23:03:42.0017 0x16c0  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
23:03:42.0048 0x16c0  TBS - ok
23:03:42.0142 0x16c0  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:03:42.0189 0x16c0  Tcpip - ok
23:03:42.0220 0x16c0  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:03:42.0282 0x16c0  Tcpip6 - ok
23:03:42.0314 0x16c0  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:03:42.0345 0x16c0  tcpipreg - ok
23:03:42.0360 0x16c0  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:03:42.0392 0x16c0  TDPIPE - ok
23:03:42.0407 0x16c0  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:03:42.0438 0x16c0  TDTCP - ok
23:03:42.0485 0x16c0  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:03:42.0516 0x16c0  tdx - ok
23:03:42.0953 0x16c0  [ 7E0C59BEC274CF62E1C4932E0CC0A9CA, DA90625FDE95325D4AF8EB8EC11105C62413094A6349E93140B6115465EB6F31 ] TeamViewer9     C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
23:03:43.0172 0x16c0  TeamViewer9 - ok
23:03:43.0234 0x16c0  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:03:43.0250 0x16c0  TermDD - ok
23:03:43.0296 0x16c0  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
23:03:43.0343 0x16c0  TermService - ok
23:03:43.0390 0x16c0  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
23:03:43.0406 0x16c0  Themes - ok
23:03:43.0437 0x16c0  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:03:43.0468 0x16c0  THREADORDER - ok
23:03:43.0484 0x16c0  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
23:03:43.0515 0x16c0  TrkWks - ok
23:03:43.0577 0x16c0  [ 130AFD0E373F22A6320B60FEBB7E8D56, 58818F2F6674180E9A6A29BF17255678B5F3E76E9787A62CAEEFEA5D90F508C8 ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys
23:03:43.0608 0x16c0  Trufos - ok
23:03:43.0686 0x16c0  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:03:43.0702 0x16c0  TrustedInstaller - ok
23:03:43.0780 0x16c0  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:03:43.0811 0x16c0  tssecsrv - ok
23:03:43.0842 0x16c0  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:03:43.0874 0x16c0  tunmp - ok
23:03:43.0905 0x16c0  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:03:43.0920 0x16c0  tunnel - ok
23:03:43.0936 0x16c0  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:03:43.0967 0x16c0  uagp35 - ok
23:03:44.0014 0x16c0  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:03:44.0061 0x16c0  udfs - ok
23:03:44.0108 0x16c0  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:03:44.0139 0x16c0  UI0Detect - ok
23:03:44.0154 0x16c0  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:03:44.0186 0x16c0  uliagpkx - ok
23:03:44.0201 0x16c0  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:03:44.0232 0x16c0  uliahci - ok
23:03:44.0264 0x16c0  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:03:44.0295 0x16c0  UlSata - ok
23:03:44.0310 0x16c0  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:03:44.0342 0x16c0  ulsata2 - ok
23:03:44.0357 0x16c0  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:03:44.0388 0x16c0  umbus - ok
23:03:44.0420 0x16c0  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
23:03:44.0466 0x16c0  upnphost - ok
23:03:44.0529 0x16c0  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:03:44.0544 0x16c0  usbccgp - ok
23:03:44.0576 0x16c0  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:03:44.0622 0x16c0  usbcir - ok
23:03:44.0638 0x16c0  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:03:44.0669 0x16c0  usbehci - ok
23:03:44.0685 0x16c0  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:03:44.0716 0x16c0  usbhub - ok
23:03:44.0732 0x16c0  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:03:44.0778 0x16c0  usbohci - ok
23:03:44.0794 0x16c0  [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
23:03:44.0856 0x16c0  usbprint - ok
23:03:44.0872 0x16c0  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:03:44.0903 0x16c0  usbscan - ok
23:03:44.0950 0x16c0  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:03:44.0981 0x16c0  USBSTOR - ok
23:03:45.0028 0x16c0  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:03:45.0059 0x16c0  usbuhci - ok
23:03:45.0090 0x16c0  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:03:45.0122 0x16c0  usbvideo - ok
23:03:45.0168 0x16c0  [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2, D29C9A0ED5602BCD529A0D7F538DFA8771B1CAC6F433AA686C3A4917DC596369 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
23:03:45.0215 0x16c0  usb_rndisx - ok
23:03:45.0246 0x16c0  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
23:03:45.0278 0x16c0  UxSms - ok
23:03:45.0340 0x16c0  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
23:03:45.0371 0x16c0  vds - ok
23:03:45.0402 0x16c0  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:03:45.0434 0x16c0  vga - ok
23:03:45.0449 0x16c0  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:03:45.0496 0x16c0  VgaSave - ok
23:03:45.0512 0x16c0  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:03:45.0527 0x16c0  viaagp - ok
23:03:45.0543 0x16c0  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:03:45.0590 0x16c0  ViaC7 - ok
23:03:45.0590 0x16c0  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
23:03:45.0621 0x16c0  viaide - ok
23:03:45.0652 0x16c0  [ 86721C65A2010A9E34E3DC59DA0183CF, D500C5BFF99E1F3287E574095949AD76718D8FB6683803516FDB260A0B805E0E ] VMC302          C:\Windows\system32\Drivers\VMC302.sys
23:03:45.0683 0x16c0  VMC302 - ok
23:03:45.0699 0x16c0  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:03:45.0714 0x16c0  volmgr - ok
23:03:45.0777 0x16c0  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:03:45.0808 0x16c0  volmgrx - ok
23:03:45.0855 0x16c0  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:03:45.0870 0x16c0  volsnap - ok
23:03:45.0933 0x16c0  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:03:45.0964 0x16c0  vsmraid - ok
23:03:46.0042 0x16c0  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
23:03:46.0120 0x16c0  VSS - ok
23:03:46.0182 0x16c0  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
23:03:46.0214 0x16c0  W32Time - ok
23:03:46.0245 0x16c0  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:03:46.0307 0x16c0  WacomPen - ok
23:03:46.0323 0x16c0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:03:46.0354 0x16c0  Wanarp - ok
23:03:46.0370 0x16c0  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:03:46.0401 0x16c0  Wanarpv6 - ok
23:03:46.0510 0x16c0  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:03:46.0557 0x16c0  wcncsvc - ok
23:03:46.0604 0x16c0  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:03:46.0650 0x16c0  WcsPlugInService - ok
23:03:46.0697 0x16c0  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
23:03:46.0760 0x16c0  Wd - ok
23:03:46.0838 0x16c0  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:03:46.0900 0x16c0  Wdf01000 - ok
23:03:46.0931 0x16c0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:03:46.0978 0x16c0  WdiServiceHost - ok
23:03:46.0994 0x16c0  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:03:47.0040 0x16c0  WdiSystemHost - ok
23:03:47.0087 0x16c0  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
23:03:47.0134 0x16c0  WebClient - ok
23:03:47.0165 0x16c0  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:03:47.0196 0x16c0  Wecsvc - ok
23:03:47.0212 0x16c0  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:03:47.0259 0x16c0  wercplsupport - ok
23:03:47.0306 0x16c0  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:03:47.0337 0x16c0  WerSvc - ok
23:03:47.0399 0x16c0  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:03:47.0430 0x16c0  WinDefend - ok
23:03:47.0430 0x16c0  WinHttpAutoProxySvc - ok
23:03:47.0508 0x16c0  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:03:47.0540 0x16c0  Winmgmt - ok
23:03:47.0618 0x16c0  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:03:47.0711 0x16c0  WinRM - ok
23:03:47.0774 0x16c0  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:03:47.0836 0x16c0  Wlansvc - ok
23:03:47.0867 0x16c0  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:03:47.0898 0x16c0  WmiAcpi - ok
23:03:47.0930 0x16c0  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:03:47.0992 0x16c0  wmiApSrv - ok
23:03:48.0086 0x16c0  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:03:48.0164 0x16c0  WMPNetworkSvc - ok
23:03:48.0210 0x16c0  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:03:48.0257 0x16c0  WPCSvc - ok
23:03:48.0304 0x16c0  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:03:48.0335 0x16c0  WPDBusEnum - ok
23:03:48.0382 0x16c0  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:03:48.0429 0x16c0  WpdUsb - ok
23:03:48.0538 0x16c0  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:03:48.0663 0x16c0  WPFFontCache_v0400 - ok
23:03:48.0710 0x16c0  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:03:48.0788 0x16c0  ws2ifsl - ok
23:03:48.0819 0x16c0  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
23:03:48.0866 0x16c0  wscsvc - ok
23:03:48.0866 0x16c0  WSearch - ok
23:03:48.0897 0x16c0  wtmprovhost - ok
23:03:49.0037 0x16c0  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:03:49.0146 0x16c0  wuauserv - ok
23:03:49.0224 0x16c0  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:03:49.0256 0x16c0  WudfPf - ok
23:03:49.0271 0x16c0  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:03:49.0302 0x16c0  WUDFRd - ok
23:03:49.0365 0x16c0  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:03:49.0396 0x16c0  wudfsvc - ok
23:03:49.0458 0x16c0  [ E745B9D5FE1FDA8A50913FDCC8FF9FDC, 82D6E5DC6EEB432F9E2C390C29FC6F969AF57C1BDFB17DED44E716A155F618FC ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
23:03:49.0490 0x16c0  yukonwlh - ok
23:03:49.0490 0x16c0  ================ Scan global ===============================
23:03:49.0521 0x16c0  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:03:49.0583 0x16c0  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:03:49.0614 0x16c0  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:03:49.0677 0x16c0  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
23:03:49.0677 0x16c0  [ Global ] - ok
23:03:49.0677 0x16c0  ================ Scan MBR ==================================
23:03:49.0692 0x16c0  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
23:03:50.0176 0x16c0  \Device\Harddisk0\DR0 - ok
23:03:50.0176 0x16c0  ================ Scan VBR ==================================
23:03:50.0176 0x16c0  [ C66CFDF38A429ED011DD02836EF85135 ] \Device\Harddisk0\DR0\Partition1
23:03:50.0238 0x16c0  \Device\Harddisk0\DR0\Partition1 - ok
23:03:50.0238 0x16c0  [ 93627DC93E039E5F12FFB3D8CAFC2861 ] \Device\Harddisk0\DR0\Partition2
23:03:50.0301 0x16c0  \Device\Harddisk0\DR0\Partition2 - ok
23:03:50.0301 0x16c0  ================ Scan generic autorun ======================
23:03:50.0550 0x16c0  [ D1A7A7D193A0DDBF31F53610DBA05CAC, 9A122D90081C7AE4A58D409BF6FB128AC828E31E50476590F6850F42AA93CB0C ] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
23:03:50.0691 0x16c0  Ad-Aware Browsing Protection - ok
23:03:51.0112 0x16c0  [ 91E2211114AA75FD1557EB99165C7906, 2EAE723639A25F1B96C4709A500B594F63E66548238D2D9C9A8C02BA9D6C4FC9 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
23:03:51.0533 0x16c0  SynTPEnh - ok
23:03:51.0814 0x16c0  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
23:03:51.0923 0x16c0  Adobe ARM - ok
23:03:52.0235 0x16c0  [ EB57A9927A39EB86194D664E781633B7, 673F5A8D2ACFE11CAA95FBDDB4962445CCFBBBF3547DDFFB820A335F4F6B1D13 ] C:\Windows\RtHDVCpl.exe
23:03:52.0688 0x16c0  RtHDVCpl - ok
23:03:52.0781 0x16c0  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
23:03:52.0812 0x16c0  ehTray.exe - ok
23:03:52.0859 0x16c0  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
23:03:52.0890 0x16c0  WMPNSCFG - ok
23:03:53.0031 0x16c0  [ C9028150E059EF769B581E5EC6840FD1, F27A75913EDD5A87A05A053D5B7A53CED70C7B14779A6A3194CCF388E7E4A62C ] C:\Program Files\MyDrive Connect\MyDriveConnect.exe
23:03:53.0078 0x16c0  MyDriveConnect.exe - ok
23:03:53.0343 0x16c0  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:03:53.0452 0x16c0  Sidebar - ok
23:03:53.0452 0x16c0  WindowsWelcomeCenter - ok
23:03:53.0452 0x16c0  Waiting for KSN requests completion. In queue: 58
23:03:54.0575 0x16c0  AV detected via SS2: Ad-Aware Antivirus, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareSecurityCenter.exe ( 11.4.6792.0 ), 0x41000 ( enabled : updated )
23:03:54.0575 0x16c0  FW detected via SS2: Ad-Aware Firewall, C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareSecurityCenter.exe ( 11.4.6792.0 ), 0x40010 ( disabled )
23:03:54.0575 0x16c0  Win FW state via NFP2: enabled
23:03:54.0778 0x16c0  ============================================================
23:03:54.0778 0x16c0  Scan finished
23:03:54.0778 0x16c0  ============================================================
23:03:54.0794 0x1268  Detected object count: 0
23:03:54.0794 0x1268  Actual detected object count: 0

schrauber · 31.10.2014, 14:03

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

corvin · 31.10.2014, 22:32

Code:

ATTFilter

ComboFix 14-10-29.01 - kleine 31.10.2014  22:16:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2067 [GMT 1:00]
ausgeführt von:: c:\users\kleine\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-09-28 bis 2014-10-31  ))))))))))))))))))))))))))))))
.
.
2014-10-31 21:23 . 2014-10-31 21:23	--------	d-----w-	c:\users\kleine\AppData\Local\temp
2014-10-31 07:10 . 2014-10-14 20:13	8901368	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4C4AFD9-BDE2-4804-B466-DDD660A024C8}\mpengine.dll
2014-10-30 20:17 . 2014-10-30 20:20	--------	d-----w-	C:\FRST
2014-10-29 20:25 . 2014-10-29 20:25	--------	d-----w-	c:\program files\Meglo
2014-10-29 20:25 . 2011-03-25 19:42	338432	----a-w-	c:\windows\system32\sqlite36_engine.dll
2014-10-29 20:25 . 2011-05-13 11:16	493056	----a-w-	c:\windows\system32\dhRichClient3.dll
2014-10-18 18:10 . 2014-06-13 18:22	156824	----a-w-	c:\windows\system32\mscorier.dll
2014-10-18 18:10 . 2014-06-15 22:18	1131664	----a-w-	c:\windows\system32\dfshim.dll
2014-10-18 18:10 . 2014-06-13 18:22	81560	----a-w-	c:\windows\system32\mscories.dll
2014-10-18 18:04 . 2014-09-27 23:29	2054656	----a-w-	c:\windows\system32\win32k.sys
2014-10-18 17:55 . 2014-09-04 23:27	143360	----a-w-	c:\windows\system32\drivers\fastfat.sys
2014-10-18 17:50 . 2014-09-16 16:56	66560	----a-w-	c:\windows\system32\packager.dll
2014-10-17 06:50 . 2014-09-19 22:35	421376	----a-w-	c:\windows\system32\vbscript.dll
2014-10-17 06:50 . 2014-09-19 22:37	104448	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2014-10-17 06:50 . 2014-09-19 22:36	223232	----a-w-	c:\program files\Internet Explorer\ielowutil.exe
2014-10-15 17:46 . 2014-10-15 17:46	--------	d-----w-	c:\program files\Common Files\Lavasoft
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 05:35 . 2009-10-03 22:07	229000	------w-	c:\windows\system32\MpSigStub.exe
2014-09-24 18:15 . 2012-04-21 17:22	701104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-09-24 18:15 . 2011-09-21 14:19	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-09 06:24 . 2014-09-24 06:49	2048	----a-w-	c:\windows\system32\tzres.dll
2014-08-23 01:03 . 2014-08-27 18:29	297984	----a-w-	c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-03-17 473464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2013-02-25 2416368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe" [2014-10-15 7670592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 18:15]
.
2014-02-28 c:\windows\Tasks\SupBackGroundTask.job
- c:\program files\Samsung\Samsung Update Plus\SUPBackGround.exe [2008-10-27 12:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://go.web.de/suchbox/webdesuche?su=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-10-31 22:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  SynTPEnh = %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe???????????????????????????????????????????????????????????????????????????????????? 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-10-31  22:25:59
ComboFix-quarantined-files.txt  2014-10-31 21:25
.
Vor Suchlauf: 10 Verzeichnis(se), 18.209.337.344 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 19.133.059.072 Bytes frei
.
- - End Of File - - F618F2E62395B9A01646245479C2EC30
61A349592C4728853F4A90FF78F7628E

schrauber · 01.11.2014, 18:40

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

corvin · 01.11.2014, 23:34

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 01.11.2014
Suchlauf-Zeit: 22:31:46
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.3.1025
Malware Datenbank: v2014.09.19.05
Rootkit Datenbank: v2014.09.18.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: kleine

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 330836
Verstrichene Zeit: 16 Min, 40 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8, In Quarantäne, [eb96df10235886b06690e843cb38966a], 

Registrierungswerte: 3
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=43169&st=bs&tid=3580&ver=3.2&ts=1369556739922&tguid=43169-3580-1369556739922-8595221ED8D4202EFA300AAECDFC3842&q=%s, In Quarantäne, [d9a8955a97e43402a172071028db06fa]
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-4273118025-30497289-324835352-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, hxxp://start.mysearchdial.com/?f=2&a=dnldstr0202ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyCtAzz0DyDzyyEtB0B0E0A0DtN0D0Tzu0SyBzzyDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656912544&ir=, In Quarantäne, [f78ab53ae299c472c67447d13dc64db3]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-4273118025-30497289-324835352-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [94ed35bab3c8c76feb3b13fe838035cb]

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.5 (10.31.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by kleine on 01.11.2014 at 23:10:08,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ad-aware browsing protection



~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files

Successfully deleted: [File] "C:\Windows\launcher.exe"



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\ad-aware browsing protection"
Failed to delete: [Folder] "C:\ProgramData\application data\ad-aware browsing protection"



~~~ FireFox

Emptied folder: C:\Users\kleine\AppData\Roaming\mozilla\firefox\profiles\1qv2wd4l.default\minidumps [144 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.11.2014 at 23:12:26,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v4.002 - Bericht erstellt am 01/11/2014 um 22:57:10
# DB v
# Aktualisiert 27/10/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : kleine - KLEINE-PC
# Gestartet von : C:\Users\kleine\Desktop\AdwCleaner_4.002.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\doubleclick.net
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\google.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\Total
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\web.de

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16584


-\\ Mozilla Firefox v33.0.2 (x86 de)

[1qv2wd4l.default] - Zeile gelöscht : # Mozilla User Preferences
[1qv2wd4l.default] - Zeile gelöscht : 
[1qv2wd4l.default] - Zeile gelöscht : /* Do not edit this file.
[1qv2wd4l.default] - Zeile gelöscht :  *
[1qv2wd4l.default] - Zeile gelöscht :  * If you make changes to this file while the application is running,
[1qv2wd4l.default] - Zeile gelöscht :  * the changes will be overwritten when the application exits.
[1qv2wd4l.default] - Zeile gelöscht :  *
[1qv2wd4l.default] - Zeile gelöscht :  * To make a manual change to preferences, you can visit the URL about:config
[1qv2wd4l.default] - Zeile gelöscht :  */
[1qv2wd4l.default] - Zeile gelöscht : 
[1qv2wd4l.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1414872991);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.background-update-timer", 1414845128);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1414873111);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1414877066);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.experiments-update-timer", 1414872871);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1414872751);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.cache.disk.capacity", 358400);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.cache.disk.smart_size.first_run", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.cache.disk.smart_size.use_old_max", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.cache.disk.smart_size_cached_value", 358400);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.cache.frecency_experiment", 4);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.download.importedFromSqlite", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.download.lastDir", "C:\\Users\\kleine\\Desktop");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.download.panel.shown", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.link.open_newwindow", 2);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.migration.version", 22);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.newtabpage.enhanced", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.newtabpage.storageVersion", 1);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.pagethumbnails.storage_version", 3);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.places.smartBookmarksVersion", 7);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.preferences.advanced.selectedTabIndex", 4);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.rights.3.shown", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.search.useDBForOrder", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20141027150301");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.slowStartup.averageTime", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.slowStartup.samples", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.google.de/");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.startup.homepage_override.buildID", "20141027150301");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.startup.homepage_override.mstone", "33.0.2");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.uitour.whitelist.add.260", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("browser.uitour.whitelist.add.340", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.healthreport.lastDataSubmissionFailureTime", "1411238291824");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1414872491315");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1414872493845");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.healthreport.nextDataSubmissionTime", "1414958893845");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.healthreport.service.firstRun", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 1);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1393270350464");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1393270434859");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-info-bar-dismissed");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.policy.firstRunTime", "1393188211169");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.activeTicks", 1379);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.clean", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.firstPaint", 2161);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.main", 390);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.sessionRestored", 2363);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.startTime", "1414869745404");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.current.totalTime", 7566);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.currentIndex", 1600);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("datareporting.sessions.prunedIndex", 1599);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("devtools.responsiveUI.currentPreset", "800x1280");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("devtools.responsiveUI.customHeight", 480);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("devtools.responsiveUI.customWidth", 1240);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("devtools.responsiveUI.presets", "[{\"key\":\"320x480\",\"width\":320,\"height\":480},{\"key\":\"360x640\",\"width\":360,\"height\":640},{\"key\":\"768x1024\",\"width\":768,\"height\":1024},[...]
[1qv2wd4l.default] - Zeile gelöscht : user_pref("devtools.responsiveUI.rotate", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("devtools.telemetry.tools.opened.version", "{\"DEVTOOLS_WEBCONSOLE_OPENED_PER_USER_FLAG\":\"27.0.1\",\"DEVTOOLS_INSPECTOR_OPENED_PER_USER_FLAG\":\"30.0\",\"DEVTOOLS_RULEVIEW_OPENED_PER_USER_[...]
[1qv2wd4l.default] - Zeile gelöscht : user_pref("devtools.toolbox.selectedTool", "inspector");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("devtools.toolsidebar-width.inspector", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("dom.max_script_run_time", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("dom.mozApps.used", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.blocklist.pingCountTotal", 210);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.blocklist.pingCountVersion", 3);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz-lang.data", "{\"de\":\"locale\",\"en\":[222]}");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.ABTests", "{\"1006_A\":{},\"1010_A\":{},\"1013_A\":{}}");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.abortConnections", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.config_location", "DE");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.defaultSearchBarPosition", "nav-bar");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.defaultSearchBarPositionNext", "webrtc-status-button");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.dnt", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.dontHideSearchBar", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.firstStartDone", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.firstStartDoneShare", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.inPrivateWindows", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.messageInterval", 3600000);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.messageUpdate", "0");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.newProvidersAdded", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.popupHeight", 290);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.session", "qH0QLqDxpvez6pNFO4rpchXK2IrR6LAct5nnhnX+2bLstSnQ7XRkn7k6zO/HZUHx");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.sessionLogging", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.showDebugLogs", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.showNoResults", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.showQueryDebug", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz.uninstallVersion", "0.5.30");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.cliqz@cliqz.com.install-event-fired", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.databaseSchema", 16);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.enabledAddons", "%7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.2");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.getAddons.cache.lastUpdate", 1414872992);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.getAddons.databaseSchema", 5);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.lastAppVersion", "33.0.2");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.lastPlatformVersion", "33.0.2");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.pendingOperations", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.shownSelectionUI", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.ui.dictionary.hidden", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.ui.experiment.hidden", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.ui.lastCategory", "addons://list/extension");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.ui.locale.hidden", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.account.account1.emailAddress", "corvin.th@web.de");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.account.account1.provider", "webde");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.account.account1.storeLogin", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.account.account1.type", "unitedinternet");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.accountsList", ",account1");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.coupon.db.version", 11);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.coupon.enabled", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.coupon.lastUpdate", 1394308101);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.ext.currentversion", "2.9.1");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.ext.firstrun", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.hiddenButtons", "united-notes-button,united-sms-button,united-highlight-button,united-lastminute-button,united-horoscope-button");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.hotnews.firstrun", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.mailto.original.alwaysAskBeforeHandling", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.mailto.original.preferredAction", 2);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.newtab.enabled", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.newtab.opt-in", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.phish.db.version", 1);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.search.enginePreexising.1&1 Suche", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.search.enginePreexising.Englische Ergebnisse", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.search.enginePreexising.GMX Suche", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.search.enginePreexising.WEB.DE Suche", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.search.enginePreexising.lastminute", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.tracking.aib.daily", 1394308110);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.tracking.aib.monthly", 1394308110);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.tracking.aib.weekly", 1394308110);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.tracking.campaignid", 61111);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.tracking.campaignid.first", 61111);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.tracking.campaignid.latest", 61111);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.tracking.installtime", 1394308100);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.unitedinternet.tracking.statisticclass", 71);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("extensions.{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.install-event-fired", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("gecko.buildID", "20141027150301");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("gecko.mstone", "33.0.2");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("gfx.direct3d.last_used_feature_level_idx", 1);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("idle.lastDailyNotification", 1414872633);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("intl.charsetmenu.browser.cache", "ISO-8859-15, windows-1252, UTF-8");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("media.gmp-gmpopenh264.lastUpdate", 1414706407);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("media.gmp-gmpopenh264.version", "1.1");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("media.gmp-manager.lastCheck", 1414827988);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("network.cookie.prefsMigrated", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("pdfjs.migrationVersion", 2);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("pdfjs.previousHandler.preferredAction", 4);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("places.database.lastMaintenance", 1414872491);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("places.history.expiration.transient_current_max_pages", 80370);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("plugin.importedState", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_bgcolor", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_bgimages", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_colorspace", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_command", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_downloadfonts", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_duplex", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_edge_bottom", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_edge_left", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_edge_right", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_edge_top", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_evenpages", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_in_color", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_margin_bottom", "0.5");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_margin_left", "0.5");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_margin_right", "0.5");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_margin_top", "0.5");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_oddpages", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_orientation", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_page_delay", 50);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_paper_data", 9);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_paper_height", " 11,00");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_paper_name", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_paper_size_type", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_paper_size_unit", 1);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_paper_width", "  8,50");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_plex_name", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_resolution", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_resolution_name", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_reversed", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_scaling", "  1,00");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_shrink_to_fit", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_to_file", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_to_filename", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_unwriteable_margin_bottom", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_unwriteable_margin_left", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_unwriteable_margin_right", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print.printer_FreePDF.print_unwriteable_margin_top", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("print_printer", "FreePDF");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("privacy.cpd.offlineApps", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("privacy.cpd.siteSettings", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("privacy.sanitize.migrateFx3Prefs", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("privacy.sanitize.timeSpan", 2);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("services.sync.clients.lastSync", "0");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("services.sync.clients.lastSyncLocal", "0");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("services.sync.declinedEngines", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("services.sync.globalScore", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("services.sync.migrated", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("services.sync.nextSync", 0);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("services.sync.tabs.lastSync", "0");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("services.sync.tabs.lastSyncLocal", "0");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("signon.importedFromSqlite", true);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("signon.rememberSignons", false);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("storage.vacuum.last.index", 1);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("storage.vacuum.last.places.sqlite", 1412360589);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("toolkit.startup.last_success", 1414869745);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("toolkit.telemetry.previousBuildID", "20141027150301");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey", 1400992009);
[1qv2wd4l.default] - Zeile gelöscht : user_pref("xpinstall.whitelist.add", "");
[1qv2wd4l.default] - Zeile gelöscht : user_pref("xpinstall.whitelist.add.180", "");

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [22990 octets] - [01/11/2014 22:55:46]
AdwCleaner[S0].txt - [22902 octets] - [01/11/2014 22:57:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22963 octets] ##########

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014
Ran by kleine (administrator) on KLEINE-PC on 01-11-2014 23:30:35
Running from C:\Users\kleine\Desktop
Loaded Profiles: kleine & UpdatusUser (Available profiles: kleine & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [7670592 2014-10-15] ()
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-4273118025-30497289-324835352-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CookieCuller - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-03-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-10-30]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\kleine\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [656376 2014-10-15] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-05-23] (Intel(R) Corporation) [File not signed]
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 wtmprovhost; C:\Windows\system32\VAN32.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [77192 2013-07-17] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2013-07-17] (BitDefender LLC)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-01] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\kleine\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 23:30 - 2014-11-01 23:31 - 00013606 _____ () C:\Users\kleine\Desktop\FRST.txt
2014-11-01 23:28 - 2014-11-01 23:28 - 00000000 ____D () C:\Users\kleine\Desktop\FRST-OlderVersion
2014-11-01 23:12 - 2014-11-01 23:12 - 00001422 _____ () C:\Users\kleine\Desktop\JRT.txt
2014-11-01 22:59 - 2014-11-01 22:59 - 00023044 _____ () C:\Users\kleine\Desktop\AdwCleaner[S0].txt
2014-11-01 22:55 - 2014-11-01 22:57 - 00000000 ____D () C:\AdwCleaner
2014-11-01 22:54 - 2014-11-01 22:54 - 00002280 _____ () C:\Users\kleine\Desktop\mbam.txt
2014-11-01 22:30 - 2014-11-01 23:25 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-01 22:29 - 2014-11-01 22:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-01 22:29 - 2014-11-01 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-01 22:29 - 2014-11-01 22:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-01 22:29 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-01 22:29 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-01 22:29 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-01 22:26 - 2014-11-01 22:26 - 01706359 _____ (Thisisu) C:\Users\kleine\Desktop\JRT.exe
2014-11-01 22:25 - 2014-11-01 22:25 - 01998336 _____ () C:\Users\kleine\Desktop\AdwCleaner_4.002.exe
2014-11-01 22:24 - 2014-11-01 22:24 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\kleine\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-31 22:26 - 2014-10-31 22:26 - 00006602 _____ () C:\ComboFix.txt
2014-10-31 22:13 - 2014-10-31 22:26 - 00000000 ____D () C:\Qoobox
2014-10-31 22:13 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-31 22:13 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-31 22:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-31 22:10 - 2014-10-31 22:10 - 05591672 ____R (Swearware) C:\Users\kleine\Desktop\ComboFix.exe
2014-10-30 23:00 - 2014-10-30 23:00 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\kleine\Desktop\tdsskiller.exe
2014-10-30 22:39 - 2014-10-30 22:40 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-30 21:42 - 2014-10-30 21:42 - 00001251 _____ () C:\Users\kleine\Desktop\gmer.txt
2014-10-30 21:24 - 2014-10-30 21:24 - 00380416 _____ () C:\Users\kleine\Desktop\Gmer-19357.exe
2014-10-30 21:19 - 2014-10-30 21:20 - 00039196 _____ () C:\Users\kleine\Desktop\Addition.txt
2014-10-30 21:17 - 2014-11-01 23:30 - 00000000 ____D () C:\FRST
2014-10-30 21:16 - 2014-11-01 23:28 - 01105920 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe
2014-10-30 21:12 - 2014-10-30 21:13 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log
2014-10-30 21:12 - 2014-10-30 21:12 - 00000000 _____ () C:\Users\kleine\defogger_reenable
2014-10-30 21:11 - 2014-10-30 21:11 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe
2014-10-29 21:25 - 2014-10-29 21:25 - 00000000 ____D () C:\Program Files\Meglo
2014-10-29 21:25 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-10-29 21:25 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-10-24 07:52 - 2014-10-24 07:53 - 00204416 _____ () C:\Windows\Minidump\Mini102414-01.dmp
2014-10-18 19:10 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 19:10 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 19:10 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-18 19:04 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 18:55 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-18 18:50 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 07:50 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 07:50 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 07:50 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-17 07:50 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 07:50 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-17 07:49 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 07:49 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 07:49 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 07:49 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 07:49 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 07:49 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 07:49 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-17 07:49 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 07:49 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 07:49 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-17 07:49 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 07:49 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-17 07:49 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:47 - 2014-10-15 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-15 18:46 - 2014-10-15 18:46 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-15 18:44 - 2014-10-15 18:44 - 02806920 _____ () C:\Users\kleine\Downloads\Adaware_Installer(6).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 23:29 - 2006-11-02 11:33 - 00271572 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 23:27 - 2009-02-08 14:35 - 01848025 _____ () C:\Windows\WindowsUpdate.log
2014-11-01 23:25 - 2013-12-15 22:27 - 00002204 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-01 23:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-01 23:22 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-01 23:22 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-01 23:21 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-01 23:21 - 2006-11-02 14:01 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-01 23:15 - 2012-04-21 18:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-01 23:10 - 2013-05-27 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-11-01 22:58 - 2013-06-25 21:06 - 00076274 _____ () C:\Windows\PFRO.log
2014-11-01 22:29 - 2013-07-03 18:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 22:23 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-10-31 22:13 - 2013-06-25 20:55 - 00000000 ____D () C:\Windows\erdnt
2014-10-31 21:40 - 2008-12-16 18:38 - 00044544 _____ () C:\Users\kleine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-31 07:56 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-30 21:12 - 2008-12-17 00:53 - 00000000 ____D () C:\Users\kleine
2014-10-28 06:35 - 2009-10-03 23:07 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 07:52 - 2013-06-24 19:57 - 234298996 _____ () C:\Windows\MEMORY.DMP
2014-10-24 07:52 - 2013-06-24 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-21 20:26 - 2012-11-20 21:32 - 00000000 ____D () C:\Users\kleine\Desktop\ebay
2014-10-20 20:18 - 2009-02-18 18:57 - 00000000 ____D () C:\Users\kleine\Desktop\Corvin
2014-10-18 20:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-18 19:30 - 2013-05-27 07:59 - 00394616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 19:02 - 2013-07-16 22:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 18:55 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\kleine\AppData\Local\temp\Quarantine.exe
C:\Users\kleine\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-01 23:29

==================== End Of Log ============================

--- --- ---

schrauber · 02.11.2014, 15:10

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

corvin · 06.11.2014, 21:17

Hallo Schrauber, ich schaffe es leider erst am WE die Scans laufen zu lassen. Ich bitte um etwas Geduld.

schrauber · 07.11.2014, 19:21

ok.

corvin · 08.11.2014, 20:12

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6727362331a36f408e58bc15e110e5c6
# engine=20912
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-03 08:35:44
# local_time=2014-11-03 09:35:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 307492 252579672 0 0
# scanned=24225
# found=3
# cleaned=0
# scan_time=1906
sh=0B6EDE277F9EC5D0B9848885781DCE7F79E42382 ft=1 fh=5b07ce7f608edc1f vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=B745063A09BD9B16054C2B4F21BE5EAE5FA24884 ft=1 fh=c034a68ab79e1ac8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6727362331a36f408e58bc15e110e5c6
# engine=20930
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-04 08:56:18
# local_time=2014-11-04 09:56:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 7657 252667306 0 0
# scanned=45655
# found=7
# cleaned=0
# scan_time=5346
sh=0B6EDE277F9EC5D0B9848885781DCE7F79E42382 ft=1 fh=5b07ce7f608edc1f vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=B745063A09BD9B16054C2B4F21BE5EAE5FA24884 ft=1 fh=c034a68ab79e1ac8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=855094147DCCD2BC4969CB0FEDCA7BC8331B9415 ft=1 fh=aaf524e0b1926a0a vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.1.0.2.exe"
sh=5A2412403B4D0A02970C4370115ECB27D99E2E0B ft=1 fh=90670886b634dbe1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.8.0.2(1).exe"
sh=5A2412403B4D0A02970C4370115ECB27D99E2E0B ft=1 fh=90670886b634dbe1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe"
sh=30AD524393F5C696B717FAFCD36EF875531FE097 ft=1 fh=d2fdc9efc488a7d2 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\anno1602_windows2000_xp-Downloader.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6727362331a36f408e58bc15e110e5c6
# engine=20984
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-07 09:49:29
# local_time=2014-11-07 10:49:29 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 47330 252929697 0 0
# scanned=57995
# found=9
# cleaned=0
# scan_time=6515
sh=0B6EDE277F9EC5D0B9848885781DCE7F79E42382 ft=1 fh=5b07ce7f608edc1f vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=B745063A09BD9B16054C2B4F21BE5EAE5FA24884 ft=1 fh=c034a68ab79e1ac8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=855094147DCCD2BC4969CB0FEDCA7BC8331B9415 ft=1 fh=aaf524e0b1926a0a vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.1.0.2.exe"
sh=5A2412403B4D0A02970C4370115ECB27D99E2E0B ft=1 fh=90670886b634dbe1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.8.0.2(1).exe"
sh=5A2412403B4D0A02970C4370115ECB27D99E2E0B ft=1 fh=90670886b634dbe1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe"
sh=30AD524393F5C696B717FAFCD36EF875531FE097 ft=1 fh=d2fdc9efc488a7d2 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\anno1602_windows2000_xp-Downloader.exe"
sh=F3F30E326F9AC8100381683D77D7684E68FCA190 ft=1 fh=7827d8f39d75c608 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\WirelessKeyView - CHIP-Downloader.exe"
sh=B9B4B393D0B8316A749017D8A684E680D2F6B2AE ft=1 fh=5e4e3a05bca1e78e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\WirelessKeyView-lnstall.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=6727362331a36f408e58bc15e110e5c6
# engine=20984
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-11-08 07:02:50
# local_time=2014-11-08 08:02:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 120131 253006098 0 0
# scanned=161224
# found=9
# cleaned=0
# scan_time=10876
sh=0B6EDE277F9EC5D0B9848885781DCE7F79E42382 ft=1 fh=5b07ce7f608edc1f vn="Variante von Win32/Toolbar.Visicom.B evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll"
sh=B745063A09BD9B16054C2B4F21BE5EAE5FA24884 ft=1 fh=c034a68ab79e1ac8 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll"
sh=E76EA070AD321DAE71D3A0256FE88E484DCB9FFD ft=1 fh=68d72de984b0597b vn="Variante von Win32/Toolbar.Visicom.C evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe"
sh=855094147DCCD2BC4969CB0FEDCA7BC8331B9415 ft=1 fh=aaf524e0b1926a0a vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.1.0.2.exe"
sh=5A2412403B4D0A02970C4370115ECB27D99E2E0B ft=1 fh=90670886b634dbe1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.8.0.2(1).exe"
sh=5A2412403B4D0A02970C4370115ECB27D99E2E0B ft=1 fh=90670886b634dbe1 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\adawareTb_3.8.0.2.exe"
sh=30AD524393F5C696B717FAFCD36EF875531FE097 ft=1 fh=d2fdc9efc488a7d2 vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\anno1602_windows2000_xp-Downloader.exe"
sh=F3F30E326F9AC8100381683D77D7684E68FCA190 ft=1 fh=7827d8f39d75c608 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\WirelessKeyView - CHIP-Downloader.exe"
sh=B9B4B393D0B8316A749017D8A684E680D2F6B2AE ft=1 fh=5e4e3a05bca1e78e vn="Variante von Win32/WinloadSDA.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\kleine\Downloads\WirelessKeyView-lnstall.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.89  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Ad-Aware Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Ad-Aware 
 Secunia PSI (3.0.0.9016)   
 Java 7 Update 65  
 Java version out of Date! 
 Adobe Flash Player 	15.0.0.152  
 Adobe Reader 10.1.12 Adobe Reader out of Date!  
 Mozilla Firefox (33.0.3) 
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled! 
 Ad-Aware AAWTray.exe is disabled! 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareService.exe 
 Lavasoft Ad-Aware Antivirus Ad-Aware Antivirus 11.4.6792.0\AdAwareTray.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-11-2014 01
Ran by kleine (administrator) on KLEINE-PC on 08-11-2014 20:22:09
Running from C:\Users\kleine\Desktop
Loaded Profiles: kleine & UpdatusUser (Available profiles: kleine & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Secunia) C:\Program Files\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2416368 2013-02-25] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [7670592 2014-10-15] ()
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-4273118025-30497289-324835352-1003\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473464 2014-03-17] (TomTom)
HKU\S-1-5-21-4273118025-30497289-324835352-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4273118025-30497289-324835352-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - {2BA770C2-E3A0-438F-90BC-C507DF624B32} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {44F87947-6CB0-4DC7-B01A-0C6A184CE044} URL = hxxp://suche.web.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {572D9AB0-4614-4D0A-83C3-BD5F7D01CEBC} URL = hxxp://suche.gmx.net/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
SearchScopes: HKCU - {5A5C2038-9BC0-43F2-91BD-2C638D6BA9F6} URL = hxxp://go.web.de/suchbox/amazon/?keywords={searchTerms}
SearchScopes: HKCU - {5C895343-C9EC-4445-AA9F-E7D85DAAC8EA} URL = hxxp://go.web.de/suchbox/smartshopping/?searchText={searchTerms}&mc=searchplugin@suche@msie.suche@preisvergleich
SearchScopes: HKCU - {CD376ED7-26AA-4576-B779-6817F0068E63} URL = hxxp://search.1und1.de/search/web/?su={searchTerms}&mc=searchplugin@suche@msie.suche@web&origin=searchplugin
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: CookieCuller - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-03-04]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-07]
FF HKCU\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\kleine\AppData\Roaming\Mozilla\Firefox\Profiles\1qv2wd4l.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\kleine\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx [2014-01-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-05-23] (Intel(R) Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [656376 2014-10-15] ()
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe [234776 2012-10-26] (McAfee, Inc.)
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-05-23] (Intel(R) Corporation) [File not signed]
S2 Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [77480 2008-05-13] () [File not signed]
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S2 wtmprovhost; C:\Windows\system32\VAN32.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 BdfNdisf; c:\program files\lavasoft\ad-aware antivirus\firewall engine\1.6.0.0\drivers\bdfndisf6.sys [77192 2013-07-17] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdftdif.sys [130640 2013-07-17] (BitDefender LLC)
S3 Bulk1528; C:\Windows\System32\Drivers\Bulk1528.sys [14080 2009-10-20] (SunPlus)
S2 Ca1528av; C:\Windows\System32\Drivers\Ca1528av.sys [516480 2008-12-16] (Digital Camera)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-07-01] (GFI Software)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [165744 2014-04-22] (BitDefender LLC)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-12-06] (Secunia)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-04-22] (BitDefender S.R.L.)
R3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\kleine\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 20:22 - 2014-11-08 20:22 - 00013834 _____ () C:\Users\kleine\Desktop\FRST.txt
2014-11-08 20:14 - 2014-11-08 20:14 - 00854448 _____ () C:\Users\kleine\Desktop\SecurityCheck.exe
2014-11-07 14:25 - 2014-11-07 14:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-01 23:28 - 2014-11-08 20:21 - 00000000 ____D () C:\Users\kleine\Desktop\FRST-OlderVersion
2014-11-01 23:12 - 2014-11-01 23:12 - 00001422 _____ () C:\Users\kleine\Desktop\JRT.txt
2014-11-01 22:59 - 2014-11-01 22:59 - 00023044 _____ () C:\Users\kleine\Desktop\AdwCleaner[S0].txt
2014-11-01 22:55 - 2014-11-01 22:57 - 00000000 ____D () C:\AdwCleaner
2014-11-01 22:54 - 2014-11-01 22:54 - 00002280 _____ () C:\Users\kleine\Desktop\mbam.txt
2014-11-01 22:30 - 2014-11-08 19:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-01 22:29 - 2014-11-01 22:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-01 22:29 - 2014-11-01 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-01 22:29 - 2014-11-01 22:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-01 22:29 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-01 22:29 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-01 22:29 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-01 22:26 - 2014-11-01 22:26 - 01706359 _____ (Thisisu) C:\Users\kleine\Desktop\JRT.exe
2014-11-01 22:25 - 2014-11-01 22:25 - 01998336 _____ () C:\Users\kleine\Desktop\AdwCleaner_4.002.exe
2014-11-01 22:24 - 2014-11-01 22:24 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\kleine\Desktop\mbam-setup-2.0.3.1025.exe
2014-10-31 22:26 - 2014-10-31 22:26 - 00006602 _____ () C:\ComboFix.txt
2014-10-31 22:13 - 2014-10-31 22:26 - 00000000 ____D () C:\Qoobox
2014-10-31 22:13 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-31 22:13 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-31 22:13 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-31 22:13 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-31 22:10 - 2014-10-31 22:10 - 05591672 ____R (Swearware) C:\Users\kleine\Desktop\ComboFix.exe
2014-10-30 23:00 - 2014-10-30 23:00 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\kleine\Desktop\tdsskiller.exe
2014-10-30 21:42 - 2014-10-30 21:42 - 00001251 _____ () C:\Users\kleine\Desktop\gmer.txt
2014-10-30 21:24 - 2014-10-30 21:24 - 00380416 _____ () C:\Users\kleine\Desktop\Gmer-19357.exe
2014-10-30 21:19 - 2014-10-30 21:20 - 00039196 _____ () C:\Users\kleine\Desktop\Addition.txt
2014-10-30 21:17 - 2014-11-08 20:22 - 00000000 ____D () C:\FRST
2014-10-30 21:16 - 2014-11-08 20:21 - 01107968 _____ (Farbar) C:\Users\kleine\Desktop\FRST.exe
2014-10-30 21:12 - 2014-10-30 21:13 - 00000474 _____ () C:\Users\kleine\Desktop\defogger_disable.log
2014-10-30 21:12 - 2014-10-30 21:12 - 00000000 _____ () C:\Users\kleine\defogger_reenable
2014-10-30 21:11 - 2014-10-30 21:11 - 00050477 _____ () C:\Users\kleine\Desktop\Defogger.exe
2014-10-29 21:25 - 2014-10-29 21:25 - 00000000 ____D () C:\Program Files\Meglo
2014-10-29 21:25 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2014-10-29 21:25 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2014-10-24 07:52 - 2014-10-24 07:53 - 00204416 _____ () C:\Windows\Minidump\Mini102414-01.dmp
2014-10-18 19:10 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-18 19:10 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-18 19:10 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-18 19:04 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-18 18:55 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-18 18:50 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 07:50 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 07:50 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 07:50 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-17 07:50 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 07:50 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-17 07:49 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 07:49 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 07:49 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 07:49 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 07:49 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 07:49 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 07:49 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-17 07:49 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 07:49 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 07:49 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-17 07:49 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 07:49 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 07:49 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-17 07:49 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 18:47 - 2014-10-15 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-10-15 18:46 - 2014-10-15 18:46 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-10-15 18:44 - 2014-10-15 18:44 - 02806920 _____ () C:\Users\kleine\Downloads\Adaware_Installer(6).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 20:15 - 2012-04-21 18:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 18:56 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 18:56 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 17:05 - 2009-02-08 14:35 - 02005156 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 17:00 - 2013-12-15 22:27 - 00002204 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-08 16:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-07 22:50 - 2008-09-12 20:41 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-11-07 22:50 - 2006-11-02 14:01 - 00032628 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-07 19:31 - 2014-02-23 21:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-03 12:47 - 2006-11-02 11:33 - 00271572 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-01 23:10 - 2013-05-27 21:57 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-11-01 22:58 - 2013-06-25 21:06 - 00076274 _____ () C:\Windows\PFRO.log
2014-11-01 22:29 - 2013-07-03 18:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-31 22:23 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-10-31 22:13 - 2013-06-25 20:55 - 00000000 ____D () C:\Windows\erdnt
2014-10-31 21:40 - 2008-12-16 18:38 - 00044544 _____ () C:\Users\kleine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-30 21:12 - 2008-12-17 00:53 - 00000000 ____D () C:\Users\kleine
2014-10-28 06:35 - 2009-10-03 23:07 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-24 07:52 - 2013-06-24 19:57 - 234298996 _____ () C:\Windows\MEMORY.DMP
2014-10-24 07:52 - 2013-06-24 19:57 - 00000000 ____D () C:\Windows\Minidump
2014-10-21 20:26 - 2012-11-20 21:32 - 00000000 ____D () C:\Users\kleine\Desktop\ebay
2014-10-20 20:18 - 2009-02-18 18:57 - 00000000 ____D () C:\Users\kleine\Desktop\Corvin
2014-10-18 20:45 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-18 19:30 - 2013-05-27 07:59 - 00394616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-18 19:02 - 2013-07-16 22:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 18:55 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Some content of TEMP:
====================
C:\Users\kleine\AppData\Local\temp\Quarantine.exe
C:\Users\kleine\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-08 17:08

==================== End Of Log ============================

--- --- ---

--- --- ---

Bis jetzt keine Probleme mehr zu sehen :-)

Was war denn?

schrauber · 09.11.2014, 08:26

Java und Adobe updaten. Download Ordner leeren.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

corvin · 09.11.2014, 21:27

Zitat:

Zitat von schrauber

Download Ordner leeren.

Kann ich da einfach bedenkenlos alles löschen???

schrauber · 10.11.2014, 16:46

Im Download Ordner? Da sollten ja nur Downloads drin sein, also ja

corvin · 10.11.2014, 20:24

Alles klar, vielen DANK!!!!!!!!!

07.11.2014, 19:21	#10
schrauber /// the machine /// TB-Ausbilder	Vista: Firefox Ansicht ändert sich, Symbole in der Taskleiste verschwinden, oder Bildschirm wird schwarz ok. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

10.11.2014, 16:46	#14
schrauber /// the machine /// TB-Ausbilder	Vista: Firefox Ansicht ändert sich, Symbole in der Taskleiste verschwinden, oder Bildschirm wird schwarz Im Download Ordner? Da sollten ja nur Downloads drin sein, also ja __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Vista: Firefox Ansicht ändert sich, Symbole in der Taskleiste verschwinden, oder Bildschirm wird schwarz

Log-Analyse und Auswertung: Vista: Firefox Ansicht ändert sich, Symbole in der Taskleiste verschwinden, oder Bildschirm wird schwarz