Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 18.01.2015, 13:29   #1
lupomar
 
Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015
Ran by  (administrator) on WEB2-PC on 18-01-2015 11:11:34
Running from C:\Users\\Downloads
Loaded Profiles: & Administrator (Available profiles: WEB2 &  & Administrator)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 2\creator-ws.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Piriform Ltd) D:\Programme\CCleaner\CCleaner.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2662424 2014-10-06] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-21-2674687411-896115206-3012793717-1001\...\Run: [] => [X]
HKU\S-1-5-21-2674687411-896115206-3012793717-1001\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Run: [CCleaner Monitoring] => D:\Programme\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\MountPoints2: {586c6e4b-c3db-11e3-ab46-0040053254e7} - H:\unlock.exe autoplay=true
HKU\S-1-5-21-2674687411-896115206-3012793717-500\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2295072 2007-12-05] (Hewlett-Packard Company)
HKU\S-1-5-21-2674687411-896115206-3012793717-500\...\Run: [NokiaSuite.exe] => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
HKU\S-1-5-21-2674687411-896115206-3012793717-500\...\Run: [PC Suite Tray] => "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~1.DLL => C:\PROGRA~2\Amazon\AMAZON~1\\AMAZON~1.DLL File Not Found
IFEO\backitup.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\cdspeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\coverdes.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\drivespeed.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\infotool.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\lightscribecontrolpanel.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\lslauncher.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nero.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\nerostartsmart.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\pdf architect 2.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\setupx.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\tomtomhome.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\wdsmartware.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} =>  No File
BootExecute: autocheck autochk /r \??\L:autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2674687411-896115206-3012793717-1001] => http=;ftp=;https=;
ProxyServer: [S-1-5-21-2674687411-896115206-3012793717-1003] => localhost:8080
HKU\S-1-5-21-2674687411-896115206-3012793717-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2674687411-896115206-3012793717-500 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-2674687411-896115206-3012793717-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2674687411-896115206-3012793717-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2674687411-896115206-3012793717-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks:  - {56F9679E-7826-4C84-81F3-532071A8BCC5} -  No File [ ]
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

FireFox:
========
FF ProfilePath: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=M69DB71F0-F5CD-461A-A83E-7A42A67B3172&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4CC2324E-7C07-4AB4-85E7-6FF4018BF983
FF SelectedSearchEngine: Conduit Search
FF Homepage: https://www.google.de/
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> L:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF user.js: detected! => C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\user.js
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: HTTPS-Everywhere - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\https-everywhere@eff.org [2014-10-17]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) [2014-04-14]
FF Extension: NoScript - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-18]
FF Extension: Adblock Plus - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-14]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.2.0.18
FF Extension: AVG Web TuneUp - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.2.0.18 [2014-10-06]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Win7 Scrollbars) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifcnoebhbpdndjendfkpehpfbglgfkc [2014-04-14]
CHR Extension: (Google-Suche) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Google Mail) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [800040 2007-09-17] (Nero AG)
S4 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [379952 2013-05-23] (Samsung Electronics Co., Ltd.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
R2 vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-08-30] (AVG Secure Search)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [238592 2011-03-09] (WDC) [File not signed]
S4 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060864 2011-03-09] () [File not signed]
S4 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2011-03-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-18] (Phoenix Technologies) [File not signed]
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [25600 2010-05-07] (eMPIA Technology, Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-05-24] (Samsung Electronics) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [583552 2014-04-15] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [840960 2014-04-15] (eMPIA Technology, Inc.)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 11:11 - 2015-01-18 11:12 - 00020105 _____ () C:\Users\Bade\Downloads\FRST.txt
2015-01-18 11:09 - 2015-01-18 11:11 - 00000000 ____D () C:\FRST
2015-01-18 11:07 - 2015-01-18 11:07 - 01117696 _____ (Farbar) C:\Users\Bade\Downloads\FRST.exe
2015-01-18 11:04 - 2015-01-18 11:05 - 00000470 _____ () C:\Users\Bade\Downloads\defogger_disable.log
2015-01-18 11:04 - 2015-01-18 11:04 - 00000000 _____ () C:\Users\Bade\defogger_reenable
2015-01-18 11:02 - 2015-01-18 11:02 - 00050477 _____ () C:\Users\Bade\Downloads\Defogger.exe
2015-01-18 10:13 - 2015-01-18 10:13 - 00243728 _____ () C:\Users\Bade\Downloads\Firefox Setup Stub 35.0.exe
2015-01-14 11:44 - 2015-01-14 11:51 - 125285624 _____ (Microsoft Corporation) C:\Users\Bade\Downloads\msert ms safety scanner.exe
2015-01-14 11:36 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:36 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 11:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:36 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:36 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-10 13:35 - 2015-01-10 13:35 - 00000000 ____D () C:\Users\Bade\Documents\ProcAlyzer Dumps
2015-01-10 11:28 - 2015-01-10 11:33 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-10 11:28 - 2015-01-10 11:28 - 00002137 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-10 11:28 - 2015-01-10 11:28 - 00002125 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-10 11:28 - 2015-01-10 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-10 11:22 - 2015-01-10 11:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Bade\Downloads\spybot-2.4.exe
2014-12-24 09:28 - 2014-12-24 09:29 - 11604456 _____ () C:\Users\Bade\Downloads\SetupAnyDVD7550.exe
2014-12-23 16:41 - 2014-12-23 16:41 - 00136488 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-12-22 08:03 - 2015-01-16 10:45 - 00041372 _____ () C:\Windows\PFRO.log
2014-12-21 09:39 - 2015-01-18 10:03 - 00001400 _____ () C:\Windows\setupact.log
2014-12-21 09:39 - 2014-12-21 09:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 23:31 - 2014-12-20 23:31 - 00030616 _____ (Elaborate Bytes AG) C:\Windows\system32\Drivers\ElbyCDIO.sys
2014-12-20 09:54 - 2014-12-20 09:54 - 05317104 _____ (Piriform Ltd) C:\Users\Bade\Downloads\ccsetup501.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 11:04 - 2014-04-14 14:20 - 00000000 ____D () C:\Users\Bade
2015-01-18 10:27 - 2014-10-01 11:12 - 00000000 ____D () C:\Users\Bade\AppData\Local\Adobe
2015-01-18 10:27 - 2014-04-18 08:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-18 10:27 - 2014-04-18 08:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-18 10:17 - 2014-12-12 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-18 10:17 - 2014-07-26 08:49 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-18 10:17 - 2014-07-26 08:49 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-18 10:17 - 2014-04-14 14:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 10:14 - 2014-05-11 09:26 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 10:10 - 2009-07-14 05:34 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 10:10 - 2009-07-14 05:34 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 10:09 - 2014-04-14 14:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-18 10:09 - 2014-04-14 13:05 - 01916013 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 10:03 - 2014-05-11 09:26 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 10:03 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-17 08:42 - 2014-10-22 11:31 - 00000957 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-17 08:42 - 2014-04-15 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-15 17:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 13:58 - 2010-11-20 22:01 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 12:00 - 2014-04-14 14:22 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-14 11:57 - 2014-04-14 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:37 - 2014-04-14 17:41 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 13:33 - 2014-04-14 19:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-05 10:54 - 2014-04-14 17:57 - 00000000 ____D () C:\Users\Bade\AppData\Local\Thunderbird
2014-12-24 09:31 - 2013-10-16 14:28 - 00000757 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-12-20 09:58 - 2010-11-09 09:17 - 00000671 _____ () C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======
2013-10-16 14:27 - 2013-10-16 14:32 - 0000088 __SHC () C:\ProgramData\.zreglib
2014-04-14 17:51 - 2014-04-14 17:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-16 23:09 - 2014-04-16 23:09 - 0000048 _____ () C:\ProgramData\dummy.txt
2010-01-05 10:25 - 2010-01-05 10:25 - 0005048 ____C () C:\ProgramData\mtbjfghn.xbe
2010-01-24 11:39 - 2014-11-07 13:58 - 0000020 ____H () C:\ProgramData\PKP_DLec.DAT

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\WEB2\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 23:00

==================== End Of Log ============================
         
--- --- ---


Hallo everybody -
habe nach verdächtigen Pop-ups beim Surfen erstmals nach Jahren einen Microsoft Safety Scan zusätzlich zu AVG & Spybot gefahren - dabei wurden 2 Vorkommnisse entdeckt und AVG meldete kurz darauf über den Resident Schutz die Infektionen laut Anlage . Da der Generic als Trojaner identifiziert wurde, habe ich für beide - wie empfohlen - die Sandbox aktiviert und im darauffolgenden Rundum Scan hat AVG alles clean gemeldet. Ein zweiter Tiefenroo0tscan von Spybot zeigte aber nach wie vor die gleichen Rootkitmeldungen an. Scheint also doch erweiterte cleaning Aktion neben sandboxing erforderlich zu sein. Deshalb benötige ich Hilfte.

Ich habe bereits defogging und FRST laufen lassen. wenns klappt wie folgt Logfiles:

Alt 18.01.2015, 14:18   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Hi,

es fehlt noch die Addition.txt von FRST.
__________________

__________________

Alt 18.01.2015, 14:48   #3
lupomar
 
Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Hi nochmal Schrauber -
Sry, dieses ist mein erster blog - habe noch einige Kinken in der Prozedur.
Versuche die addition einzufügten:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-01-2015
Ran by Bade at 2015-01-18 11:13:30
Running from C:\Users\Bade\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\{8F9B1C8E-F50E-4139-8701-45016021E102}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-2674687411-896115206-3012793717-1001\...\Amazon Amazon Cloud Player) (Version: 2.4.0.26 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.5.0 - SlySoft)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 3 (HKLM\...\{A5F68DC8-0278-4AD8-B413-861509B5F25B}) (Version:  - ArcSoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite (HKLM\...\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}) (Version: 1.00.000 - )
BUFFALO eco Manager for HD (HKLM\...\UN080616) (Version:  - )
BUFFALO TurboUSB for FLASH/HDD (HKLM\...\UN070618) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CloneDVDmobile (HKLM\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
C-Media 3D Audio (HKLM\...\C-Media Audio) (Version:  - )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corp.)
Debugging Tools for Windows (x86) (HKLM\...\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}) (Version: 6.11.1.404 - Microsoft Corporation)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
EZ Tape Converter 2.0.0 by MixMeister (HKLM\...\EZ Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Laplink PCmover Upgrade Assistant (HKLM\...\{F65BA800-3F9A-4265-A1C9-C631F269C583}) (Version: 8.20.635 - Laplink Software, Inc.)
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 6.01.0723.01 - )
LightScribe System Software  1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Bootvis (HKLM\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 7.0  (HKLM\...\{EDDDC607-91D9-4758-9F57-265FDCD8A772}) (Version: 07.02.0702 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MPC-HC 1.7.3 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.3 - MPC-HC Team)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771031}) (Version: 7.03.0918 - Nero AG)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.91.000 - )
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2674687411-896115206-3012793717-1001\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 Create Module (HKLM\...\{03EC56DE-6424-43D7-A020-1EEE3E8159DE}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Personal Backup 5.6 (HKLM\...\Personal Backup 5_is1) (Version: 5.6 - Dr. J. Rathlev)
PHOTOfunSTUDIO 6.1 HD Lite Edition (HKLM\...\{7E653036-DE31-4BFD-96BB-421CC72E06FC}) (Version: 6.01.015 - Panasonic Corporation)
PictureProject (HKLM\...\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}) (Version: 1.0 - )
Platform (Version: 1.1 - VIA Technologies, Inc.) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - PowerDVDCorp.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 063604(3.7)_Vista_LG - CyberLink Corp.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
Router monopuerto (HKLM\...\KitAim20CT5071RoHS) (Version:  - )
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.05.62 (30.04.2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.03.30.00(24.05.2013) - Samsung Electronics Co., Ltd.)
Samsung M267x 287x Series (HKLM\...\Samsung M267x 287x Series) (Version: 1.20 (10.07.2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.10.05 (23.05.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.179 - TuneUp Software) Hidden
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.1 - VIA Technologies, Inc.)
Video Grabber  Driver Setup (HKLM\...\{3FF76A1B-13C9-4336-BBCF-B007A745B065}) (Version: 1.00.0000 - Medion)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (HKLM\...\{BC3804E5-77CC-47A0-8BD5-797355A26BA3}) (Version: 1.4.5.5 - Western Digital)
WEB.DE Toolbar für Internet Explorer 8 (HKLM\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 1.2.21.0 - 1&1 Mail & Media GmbH)
WEB.DE Toolbar MSVC90 CRT (Version: 1.0.0 - 1&1 Mail & Media GmbH) Hidden
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0943BD77-76F8-4358-88FD-12CBCC63F446} - System32\Tasks\CCleanerSkipUAC => D:\Programme\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {184868E7-506E-4746-987F-40EAFAC75620} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {19F8714C-54F7-4E2D-8BF7-3450E94DCB79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1F5ADAD6-D69E-40E8-B31D-83E316D2385B} - System32\Tasks\{58A24736-AE0E-4F18-BF55-8F348F0CE28E} => D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {4780C82B-21B0-4B2F-B869-003D4F4DBDB8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {4C4592AC-2201-43A9-AC1A-75DA14622902} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {77848069-0D3C-4325-845D-1C5B31F5BDD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {993D4AD5-1DC9-472B-94B5-7DD09F485B08} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {9BD46E28-7E90-4529-B428-D265192379B8} - System32\Tasks\{B341E2F0-98A2-40D6-BAA0-307F12DC45CE} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{9810C3D4-4799-42AB-BCF8-48D93A6C5E15}\setup.exe" -c UNINSTALL /l0x0007
Task: {B506E1AC-F35D-4F4F-8B22-136A755906BB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B53F9AB7-EAF9-4476-989C-5F89F99915E8} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {CBF265F5-A38F-4532-A47E-CD33F4F9BF60} - System32\Tasks\{BE268E2C-1445-493E-9347-D3F8EC017DF4} => pcalua.exe -a "C:\Users\Bade\Downloads\32bit_Win7_Win8_Win81_R273 realtek.exe" -d C:\Users\Bade\Downloads
Task: {CE1D5BA8-2915-4E97-8317-EC3600C55C90} - System32\Tasks\{D9BFB92B-1850-4BFA-9E79-84CDC86FC99B} => D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {DE3D2FB5-01F8-483A-9E78-6F1DF5D02901} - System32\Tasks\{22032200-9FD4-4B87-9EB9-CB2BA195775B} => G:\Programme\iTunes\2\iTunes.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-03 10:44 - 2014-12-03 10:44 - 00025600 _____ () C:\Windows\System32\ssa6mlm.dll
2014-04-16 22:52 - 2007-05-14 03:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2015-01-10 11:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-10 11:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-10 11:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-10 11:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-10 11:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-08-30 08:17 - 2014-10-06 13:26 - 00577560 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-08-30 08:17 - 2014-10-06 13:26 - 02662424 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2014-08-30 08:17 - 2014-08-30 08:16 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll
2013-05-24 10:29 - 2013-05-24 10:29 - 02560512 _____ () C:\Program Files\Samsung\Easy Printer Manager\sf.dll
2013-05-24 10:49 - 2013-05-24 10:49 - 00310272 _____ () C:\Program Files\Samsung\Easy Printer Manager\sslog.dll
2014-07-16 09:24 - 2014-07-16 09:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-08-30 08:17 - 2014-08-30 08:16 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () D:\Programme\CCleaner\lang\lang-1031.dll
2015-01-18 10:17 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NkbMonitor.exe.lnk => C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Scheduler.lnk => C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WDDMStatus.lnk => C:\WINDOWS\pss\WDDMStatus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk.CommonStartup
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AlcWzrd => ALCWZRD.EXE
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Bade\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Bade\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AnyDVD => "D:\Programme\SlySoft\AnyDVD\AnyDVD.exe"
MSCONFIG\startupreg: CLMLServer => "D:\Programme\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Cmaudio => RunDll32 cmicnfg.cpl,CMICtrlWnd
MSCONFIG\startupreg: ControlCenter2.0 => C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
MSCONFIG\startupreg: InCD => C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSCONFIG\startupreg: InstallShieldSetup => C:\PROGRA~2\INSTAL~1\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{80F24F31-F641-4349-83F3-59E335976D16}\reboot.ini  -l0x7
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LanguageShortcut => "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LGODDFU => "D:\Program Files\lg_fwupdate\fwupdate.exe" blrun
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: PC Suite Tray => "D:\Programme\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PCTVUSB2Remote => D:\Programme\Pinnacle\PCTV USB2\Remote\Remoterm.exe
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files\HomeCinema\Power2Go\Power2GoExpress.exe" /Startup
MSCONFIG\startupreg: QuickTime Task => "D:\Programme\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SearchSettings => C:\Program Files\pdfforge Toolbar\SearchSettings.exe
MSCONFIG\startupreg: SecurDisc => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
MSCONFIG\startupreg: SetDefPrt => D:\Programme\Brother\Brmfl04g\BrStDvPt.exe
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SpybotSD TeaTimer => D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: StartCCC => "D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Telefonica => "C:\Program Files\Telefonica\bin\sprtcmd.exe" /P Telefonica
MSCONFIG\startupreg: TomTomHOME.exe => "D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" -s
MSCONFIG\startupreg: UpdateP2GoShortCut => "D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide

========================= Accounts: ==========================

Administrator (S-1-5-21-2674687411-896115206-3012793717-500 - Administrator - Enabled) => C:\Users\Administrator
Bade (S-1-5-21-2674687411-896115206-3012793717-1003 - Administrator - Enabled) => C:\Users\Bade
Gast (S-1-5-21-2674687411-896115206-3012793717-501 - Limited - Enabled)
WEB2 (S-1-5-21-2674687411-896115206-3012793717-1001 - Limited - Enabled) => C:\Users\WEB2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 11:13:32 AM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/18/2015 11:13:32 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/18/2015 10:03:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:20:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 09:19:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/17/2015 09:18:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/17/2015 09:18:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/17/2015 09:18:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (01/17/2015 07:42:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 10:45:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/18/2015 10:04:08 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/18/2015 10:04:02 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/18/2015 10:03:57 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/18/2015 10:03:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/18/2015 10:03:04 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/18/2015 10:03:04 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/17/2015 11:21:05 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/17/2015 11:21:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/17/2015 11:20:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/17/2015 11:19:58 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (01/18/2015 11:13:32 AM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/18/2015 11:13:32 AM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/18/2015 10:03:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 11:20:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 09:19:27 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"e:\program files\panasonic\photofunstudio 6.1 hd lite\HDWTools\RegTool.exe

Error: (01/17/2015 09:18:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\network pc fax\drv\NetFaxTray64.exe

Error: (01/17/2015 09:18:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\network pc fax\drv\NetFaxMon64.exe

Error: (01/17/2015 09:18:32 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Samsung\samsung m267x 287x series\Setup\Setup\bin\wiainst64.exe

Error: (01/17/2015 07:42:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 10:45:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 1533.8 MB
Available physical RAM: 627.9 MB
Total Pagefile: 3067.6 MB
Available Pagefile: 1687.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.06 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:101.51 GB) (Free:35.23 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:55.51 GB) (Free:43.1 GB) NTFS
Drive e: (Daten) (Fixed) (Total:29.29 GB) (Free:27.23 GB) NTFS
Drive l: (HD-CEU2) (Fixed) (Total:465.65 GB) (Free:404.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: A3FAA3FA)
Partition 1: (Active) - (Size=101.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: F5B83B08)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================
         
__________________

Alt 18.01.2015, 16:41   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.01.2015, 17:41   #5
lupomar
 
Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Hi, Schrauber -
habe beide tools durchlaufenlassen mit -0 - Befund.

hier noch mal die logs zur Sicherheit:

Code:
ATTFilter
17:28:56.0457 0x0d54  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
17:29:09.0988 0x0d54  ============================================================
17:29:09.0988 0x0d54  Current date / time: 2015/01/18 17:29:09.0988
17:29:09.0988 0x0d54  SystemInfo:
17:29:09.0988 0x0d54  
17:29:09.0988 0x0d54  OS Version: 6.1.7601 ServicePack: 1.0
17:29:09.0988 0x0d54  Product type: Workstation
17:29:09.0988 0x0d54  ComputerName: WEB2-PC
17:29:09.0988 0x0d54  UserName: Bade
17:29:09.0988 0x0d54  Windows directory: C:\Windows
17:29:09.0988 0x0d54  System windows directory: C:\Windows
17:29:09.0988 0x0d54  Processor architecture: Intel x86
17:29:09.0988 0x0d54  Number of processors: 1
17:29:09.0988 0x0d54  Page size: 0x1000
17:29:09.0988 0x0d54  Boot type: Normal boot
17:29:09.0988 0x0d54  ============================================================
17:29:12.0097 0x0d54  KLMD registered as C:\Windows\system32\drivers\21825109.sys
17:29:12.0863 0x0d54  System UUID: {6095B240-D20A-F2BF-55AA-FE99E3E2DE2A}
17:29:14.0613 0x0d54  Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 ( 186.31 Gb ), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:29:14.0613 0x0d54  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:29:14.0613 0x0d54  ============================================================
17:29:14.0613 0x0d54  \Device\Harddisk0\DR0:
17:29:14.0613 0x0d54  MBR partitions:
17:29:14.0613 0x0d54  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCB03FC4
17:29:14.0613 0x0d54  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xCB04003, BlocksNum 0x6F0798F
17:29:14.0613 0x0d54  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x13A0B992, BlocksNum 0x3A9381E
17:29:14.0613 0x0d54  \Device\Harddisk1\DR1:
17:29:14.0613 0x0d54  MBR partitions:
17:29:14.0613 0x0d54  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
17:29:14.0613 0x0d54  ============================================================
17:29:14.0644 0x0d54  C: <-> \Device\Harddisk0\DR0\Partition1
17:29:14.0676 0x0d54  D: <-> \Device\Harddisk0\DR0\Partition2
17:29:14.0691 0x0d54  E: <-> \Device\Harddisk0\DR0\Partition3
17:29:14.0738 0x0d54  L: <-> \Device\Harddisk1\DR1\Partition1
17:29:14.0769 0x0d54  ============================================================
17:29:14.0769 0x0d54  Initialize success
17:29:14.0769 0x0d54  ============================================================
17:30:04.0035 0x15f8  ============================================================
17:30:04.0035 0x15f8  Scan started
17:30:04.0035 0x15f8  Mode: Manual; 
17:30:04.0035 0x15f8  ============================================================
17:30:04.0035 0x15f8  KSN ping started
17:30:06.0644 0x15f8  KSN ping finished: true
17:30:07.0816 0x15f8  ================ Scan system memory ========================
17:30:07.0816 0x15f8  System memory - ok
17:30:07.0832 0x15f8  ================ Scan services =============================
17:30:08.0035 0x15f8  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:30:08.0051 0x15f8  1394ohci - ok
17:30:08.0113 0x15f8  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:30:08.0129 0x15f8  ACPI - ok
17:30:08.0160 0x15f8  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:30:08.0160 0x15f8  AcpiPmi - ok
17:30:08.0332 0x15f8  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:30:08.0332 0x15f8  AdobeARMservice - ok
17:30:08.0410 0x15f8  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:30:08.0426 0x15f8  adp94xx - ok
17:30:08.0472 0x15f8  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:30:08.0488 0x15f8  adpahci - ok
17:30:08.0535 0x15f8  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:30:08.0551 0x15f8  adpu320 - ok
17:30:08.0597 0x15f8  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:30:08.0597 0x15f8  AeLookupSvc - ok
17:30:08.0676 0x15f8  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
17:30:08.0676 0x15f8  AFD - ok
17:30:08.0722 0x15f8  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:30:08.0722 0x15f8  agp440 - ok
17:30:08.0785 0x15f8  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:30:08.0785 0x15f8  aic78xx - ok
17:30:08.0847 0x15f8  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
17:30:08.0847 0x15f8  ALG - ok
17:30:08.0894 0x15f8  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:30:08.0894 0x15f8  aliide - ok
17:30:08.0957 0x15f8  [ B19505648F033393E907E2E419FDE8B3, BEF76AAD61FE0CA1F2B91C491FD94DE1BE67E776BBB7972D57ADFBE0333E9615 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:30:08.0957 0x15f8  AMD External Events Utility - ok
17:30:09.0004 0x15f8  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:30:09.0004 0x15f8  amdagp - ok
17:30:09.0019 0x15f8  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:30:09.0019 0x15f8  amdide - ok
17:30:09.0066 0x15f8  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:30:09.0066 0x15f8  AmdK8 - ok
17:30:09.0097 0x15f8  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
17:30:09.0097 0x15f8  AmdPPM - ok
17:30:09.0160 0x15f8  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:30:09.0160 0x15f8  amdsata - ok
17:30:09.0222 0x15f8  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
17:30:09.0238 0x15f8  amdsbs - ok
17:30:09.0269 0x15f8  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:30:09.0269 0x15f8  amdxata - ok
17:30:09.0316 0x15f8  [ E07473ED4962D3560870B4A98F4EB478, 7CF161395C60C641F5F7EB76546E362488C1A567DA5D6415D360ADDE20B54C82 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
17:30:09.0316 0x15f8  AnyDVD - ok
17:30:09.0379 0x15f8  [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID           C:\Windows\system32\drivers\appid.sys
17:30:09.0379 0x15f8  AppID - ok
17:30:09.0410 0x15f8  [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:30:09.0410 0x15f8  AppIDSvc - ok
17:30:09.0457 0x15f8  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
17:30:09.0457 0x15f8  Appinfo - ok
17:30:09.0566 0x15f8  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:09.0566 0x15f8  Apple Mobile Device - ok
17:30:09.0613 0x15f8  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\drivers\arc.sys
17:30:09.0613 0x15f8  arc - ok
17:30:09.0644 0x15f8  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:30:09.0644 0x15f8  arcsas - ok
17:30:09.0769 0x15f8  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:30:09.0769 0x15f8  aspnet_state - ok
17:30:09.0832 0x15f8  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:30:09.0832 0x15f8  AsyncMac - ok
17:30:09.0863 0x15f8  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:30:09.0863 0x15f8  atapi - ok
17:30:10.0160 0x15f8  [ 04F09923A393E4E0E8453A8F78361E73, B5C0B9D1195B87AF823887AD9355CD2B4C4F4DDF34103891EE48EA86F0F544E7 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
17:30:10.0379 0x15f8  atikmdag - ok
17:30:10.0472 0x15f8  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:30:10.0488 0x15f8  AudioEndpointBuilder - ok
17:30:10.0535 0x15f8  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:30:10.0551 0x15f8  Audiosrv - ok
17:30:10.0613 0x15f8  [ CB2C2B24BD7E64CFB2B24D401FF5BBC0, F48ABD9F5BF91BF5F25E6D5EE02647F7DD8E1C1A11FEEE2C1C1B3BD34E3D0F85 ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
17:30:10.0629 0x15f8  Avgdiskx - ok
17:30:10.0863 0x15f8  [ 225B28E9303D375314C744AE181DF95F, 6BC8F19F6B4D901661022CD8F4EA90A8F1895B6B3BD1225B3708E2CBDCAB8D50 ] AVGIDSAgent     C:\Program Files\AVG\AVG2015\avgidsagent.exe
17:30:10.0941 0x15f8  AVGIDSAgent - ok
17:30:11.0019 0x15f8  [ EB1AA821F99D5D2DA05511AE8D4704C4, 68AE41B7DA35200B24E27733DC05D9DA1F2D4C98524531AB8F1BD2AB4AFC831C ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
17:30:11.0035 0x15f8  AVGIDSDriver - ok
17:30:11.0066 0x15f8  [ D1663A0114691080C624D857A8343D5B, 8E7029A8FE7A62F4BED7687C54699D0709876D05D93CAA499B4BC69BF8C59091 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
17:30:11.0066 0x15f8  AVGIDSHX - ok
17:30:11.0113 0x15f8  [ 2429F7F025F63532B6B264D97E4ECA49, EDE2C88B3B4B2A3AC59A3AB0B2FEC1D2CC75AA8AFFF0F5011D07AB4F053390D9 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
17:30:11.0113 0x15f8  AVGIDSShim - ok
17:30:11.0160 0x15f8  [ 9AFD535116E986D49877B811F3665E8E, 6843415ED638BB26A17BE9AB7A49D36070A588088256D4D0D1B4789FBDA6730B ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
17:30:11.0176 0x15f8  Avgldx86 - ok
17:30:11.0207 0x15f8  [ D94378757947E02AE9BC484DF196A44D, 91B711C07320EFFDB780356EF84D39A06673198C4E0B45EE1D1412B996CB9227 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
17:30:11.0222 0x15f8  Avglogx - ok
17:30:11.0269 0x15f8  [ 35DD83C14AA01F4817BA46A4D6B6A520, 563619CDFC2ACC061C2421091E3527CA3C6C5F595008C5E9E45CFBE954D45841 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
17:30:11.0285 0x15f8  Avgmfx86 - ok
17:30:11.0316 0x15f8  [ F016B95273E0B1961F204F7FD2FFD811, 9F89323177B68DEDE6B1F09790E6A978376B4FCBDC029283B297A3C4D9B242FF ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
17:30:11.0316 0x15f8  Avgrkx86 - ok
17:30:11.0363 0x15f8  [ 5A22A7A67BFB67D3223B7A339FC97780, 1DADB75B30665866FC93DADDC1EC9F612CD8CE5EC8582BCAF2A527FFDAFF8DBE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
17:30:11.0363 0x15f8  Avgtdix - ok
17:30:11.0426 0x15f8  [ D15D2E9F5567075740B88F16F01810D6, 09086182352B0901D886B1F588F141DFC1E68CF0CA62BA399F841E1C96DFDFEF ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
17:30:11.0426 0x15f8  avgtp - ok
17:30:11.0472 0x15f8  [ 2B38C7E964FA19A298D04CA177FF8B6F, B233B6AD03217AD72A8F4253FDCF182E6007B5D28178F38BDCACBC16BD69D0CB ] avgwd           C:\Program Files\AVG\AVG2015\avgwdsvc.exe
17:30:11.0488 0x15f8  avgwd - ok
17:30:11.0551 0x15f8  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:30:11.0551 0x15f8  AxInstSV - ok
17:30:11.0629 0x15f8  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\drivers\bxvbdx.sys
17:30:11.0644 0x15f8  b06bdrv - ok
17:30:11.0691 0x15f8  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:30:11.0707 0x15f8  b57nd60x - ok
17:30:11.0769 0x15f8  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
17:30:11.0769 0x15f8  BDESVC - ok
17:30:11.0801 0x15f8  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:30:11.0801 0x15f8  Beep - ok
17:30:11.0863 0x15f8  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
17:30:11.0879 0x15f8  BFE - ok
17:30:11.0957 0x15f8  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
17:30:11.0988 0x15f8  BITS - ok
17:30:12.0035 0x15f8  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:30:12.0035 0x15f8  blbdrive - ok
17:30:12.0129 0x15f8  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:30:12.0144 0x15f8  Bonjour Service - ok
17:30:12.0191 0x15f8  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:30:12.0191 0x15f8  bowser - ok
17:30:12.0222 0x15f8  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
17:30:12.0222 0x15f8  BrFiltLo - ok
17:30:12.0269 0x15f8  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
17:30:12.0269 0x15f8  BrFiltUp - ok
17:30:12.0316 0x15f8  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
17:30:12.0316 0x15f8  Browser - ok
17:30:12.0347 0x15f8  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:30:12.0363 0x15f8  Brserid - ok
17:30:12.0394 0x15f8  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:30:12.0394 0x15f8  BrSerWdm - ok
17:30:12.0426 0x15f8  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:30:12.0426 0x15f8  BrUsbMdm - ok
17:30:12.0457 0x15f8  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:30:12.0457 0x15f8  BrUsbSer - ok
17:30:12.0488 0x15f8  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:30:12.0488 0x15f8  BTHMODEM - ok
17:30:12.0566 0x15f8  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
17:30:12.0566 0x15f8  bthserv - ok
17:30:12.0613 0x15f8  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:30:12.0613 0x15f8  cdfs - ok
17:30:12.0660 0x15f8  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:30:12.0676 0x15f8  cdrom - ok
17:30:12.0738 0x15f8  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:30:12.0738 0x15f8  CertPropSvc - ok
17:30:12.0785 0x15f8  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:30:12.0785 0x15f8  circlass - ok
17:30:12.0816 0x15f8  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
17:30:12.0832 0x15f8  CLFS - ok
17:30:12.0926 0x15f8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:12.0941 0x15f8  clr_optimization_v2.0.50727_32 - ok
17:30:12.0988 0x15f8  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:12.0988 0x15f8  clr_optimization_v4.0.30319_32 - ok
17:30:13.0035 0x15f8  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
17:30:13.0035 0x15f8  CmBatt - ok
17:30:13.0082 0x15f8  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:30:13.0082 0x15f8  cmdide - ok
17:30:13.0160 0x15f8  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
17:30:13.0176 0x15f8  CNG - ok
17:30:13.0222 0x15f8  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:30:13.0222 0x15f8  Compbatt - ok
17:30:13.0269 0x15f8  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:30:13.0269 0x15f8  CompositeBus - ok
17:30:13.0285 0x15f8  COMSysApp - ok
17:30:13.0316 0x15f8  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:30:13.0316 0x15f8  crcdisk - ok
17:30:13.0379 0x15f8  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:30:13.0394 0x15f8  CryptSvc - ok
17:30:13.0472 0x15f8  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:30:13.0488 0x15f8  DcomLaunch - ok
17:30:13.0551 0x15f8  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
17:30:13.0551 0x15f8  defragsvc - ok
17:30:13.0613 0x15f8  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:30:13.0613 0x15f8  DfsC - ok
17:30:13.0660 0x15f8  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:30:13.0676 0x15f8  Dhcp - ok
17:30:13.0691 0x15f8  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
17:30:13.0691 0x15f8  discache - ok
17:30:13.0769 0x15f8  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\drivers\disk.sys
17:30:13.0769 0x15f8  Disk - ok
17:30:13.0816 0x15f8  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:30:13.0816 0x15f8  Dnscache - ok
17:30:13.0879 0x15f8  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:30:13.0879 0x15f8  dot3svc - ok
17:30:13.0941 0x15f8  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
17:30:13.0941 0x15f8  DPS - ok
17:30:14.0004 0x15f8  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:30:14.0051 0x15f8  drmkaud - ok
17:30:14.0160 0x15f8  [ 651554E483712B708EDE864D0CA1AA73, A016C03D630A2FF7FC44B826DEA890F5AC09DD270588CEAD05F63A5A0AC79249 ] DrvAgent32      C:\Windows\system32\Drivers\DrvAgent32.sys
17:30:14.0160 0x15f8  DrvAgent32 - ok
17:30:14.0238 0x15f8  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:30:14.0285 0x15f8  DXGKrnl - ok
17:30:14.0347 0x15f8  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
17:30:14.0347 0x15f8  EapHost - ok
17:30:14.0535 0x15f8  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\drivers\evbdx.sys
17:30:14.0676 0x15f8  ebdrv - ok
17:30:14.0722 0x15f8  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
17:30:14.0738 0x15f8  EFS - ok
17:30:14.0832 0x15f8  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:30:14.0847 0x15f8  ehRecvr - ok
17:30:14.0879 0x15f8  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
17:30:14.0894 0x15f8  ehSched - ok
17:30:14.0910 0x15f8  [ 72753D5CC94A90F5CFC6C00ECC47163F, 824EEDCB94334912D8C44BC9626723F142DA95E9494C4B7D2F6EC7899CFF1DD2 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
17:30:14.0910 0x15f8  ElbyCDIO - ok
17:30:14.0988 0x15f8  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:30:15.0004 0x15f8  elxstor - ok
17:30:15.0066 0x15f8  [ 8BC8294AB15A472D05650CC6C255204A, C2A704438ACE3E41692C7CF5BEDEB732F10B69FF92B2945ABF990E9277A8906A ] emAudio         C:\Windows\system32\drivers\emAudio.sys
17:30:15.0066 0x15f8  emAudio - ok
17:30:15.0097 0x15f8  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:30:15.0097 0x15f8  ErrDev - ok
17:30:15.0176 0x15f8  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
17:30:15.0191 0x15f8  EventSystem - ok
17:30:15.0238 0x15f8  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:30:15.0238 0x15f8  exfat - ok
17:30:15.0285 0x15f8  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:30:15.0285 0x15f8  fastfat - ok
17:30:15.0363 0x15f8  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
17:30:15.0394 0x15f8  Fax - ok
17:30:15.0441 0x15f8  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:30:15.0441 0x15f8  fdc - ok
17:30:15.0488 0x15f8  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
17:30:15.0488 0x15f8  fdPHost - ok
17:30:15.0519 0x15f8  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:30:15.0519 0x15f8  FDResPub - ok
17:30:15.0551 0x15f8  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:30:15.0551 0x15f8  FileInfo - ok
17:30:15.0582 0x15f8  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:30:15.0582 0x15f8  Filetrace - ok
17:30:15.0613 0x15f8  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
17:30:15.0629 0x15f8  flpydisk - ok
17:30:15.0676 0x15f8  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:30:15.0676 0x15f8  FltMgr - ok
17:30:15.0785 0x15f8  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
17:30:15.0816 0x15f8  FontCache - ok
17:30:15.0879 0x15f8  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:30:15.0894 0x15f8  FontCache3.0.0.0 - ok
17:30:15.0926 0x15f8  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:30:15.0941 0x15f8  FsDepends - ok
17:30:15.0957 0x15f8  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:30:15.0957 0x15f8  Fs_Rec - ok
17:30:16.0019 0x15f8  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:30:16.0019 0x15f8  fvevol - ok
17:30:16.0066 0x15f8  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:30:16.0066 0x15f8  gagp30kx - ok
17:30:16.0144 0x15f8  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:30:16.0160 0x15f8  GEARAspiWDM - ok
17:30:16.0238 0x15f8  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:30:16.0285 0x15f8  gpsvc - ok
17:30:16.0410 0x15f8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:30:16.0410 0x15f8  gupdate - ok
17:30:16.0457 0x15f8  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:30:16.0457 0x15f8  gupdatem - ok
17:30:16.0535 0x15f8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:30:16.0551 0x15f8  gusvc - ok
17:30:16.0597 0x15f8  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:30:16.0597 0x15f8  hcw85cir - ok
17:30:16.0691 0x15f8  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:30:16.0707 0x15f8  HdAudAddService - ok
17:30:16.0769 0x15f8  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:30:16.0785 0x15f8  HDAudBus - ok
17:30:16.0832 0x15f8  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
17:30:16.0832 0x15f8  HidBatt - ok
17:30:16.0863 0x15f8  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:30:16.0863 0x15f8  HidBth - ok
17:30:16.0941 0x15f8  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:30:16.0941 0x15f8  HidIr - ok
17:30:16.0988 0x15f8  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
17:30:17.0004 0x15f8  hidserv - ok
17:30:17.0066 0x15f8  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
17:30:17.0066 0x15f8  HidUsb - ok
17:30:17.0113 0x15f8  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:30:17.0113 0x15f8  hkmsvc - ok
17:30:17.0176 0x15f8  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:30:17.0176 0x15f8  HomeGroupListener - ok
17:30:17.0238 0x15f8  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:30:17.0238 0x15f8  HomeGroupProvider - ok
17:30:17.0301 0x15f8  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:30:17.0316 0x15f8  HpSAMD - ok
17:30:17.0379 0x15f8  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:30:17.0379 0x15f8  HTTP - ok
17:30:17.0410 0x15f8  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:30:17.0410 0x15f8  hwpolicy - ok
17:30:17.0472 0x15f8  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:30:17.0519 0x15f8  i8042prt - ok
17:30:17.0566 0x15f8  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:30:17.0582 0x15f8  iaStorV - ok
17:30:17.0691 0x15f8  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
17:30:17.0754 0x15f8  IDriverT - ok
17:30:17.0879 0x15f8  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:30:17.0941 0x15f8  idsvc - ok
17:30:17.0972 0x15f8  IEEtwCollectorService - ok
17:30:18.0019 0x15f8  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:30:18.0035 0x15f8  iirsp - ok
17:30:18.0129 0x15f8  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
17:30:18.0176 0x15f8  IKEEXT - ok
17:30:18.0519 0x15f8  [ 816EEF1A714ABF9A633F478EFAC8F24C, 362492F5922781CE1AD6EB3DC8415BBEC736A5046BF6D9E82C69BADDE86048B8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:30:18.0644 0x15f8  IntcAzAudAddService - ok
17:30:18.0707 0x15f8  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:30:18.0707 0x15f8  intelide - ok
17:30:18.0863 0x15f8  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:30:18.0863 0x15f8  intelppm - ok
17:30:18.0910 0x15f8  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:30:18.0926 0x15f8  IPBusEnum - ok
17:30:18.0957 0x15f8  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:30:18.0972 0x15f8  IpFilterDriver - ok
17:30:19.0051 0x15f8  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:30:19.0066 0x15f8  iphlpsvc - ok
17:30:19.0113 0x15f8  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:30:19.0129 0x15f8  IPMIDRV - ok
17:30:19.0144 0x15f8  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:30:19.0160 0x15f8  IPNAT - ok
17:30:19.0238 0x15f8  [ 33813E4F82AEC696762EAD9EDADC9FE3, D0045D6782523B7B6FCFE4A6C864F081B522E409D9E5F031A7B8584910CEE3F5 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:30:19.0254 0x15f8  iPod Service - ok
17:30:19.0301 0x15f8  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:30:19.0301 0x15f8  IRENUM - ok
17:30:19.0347 0x15f8  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:30:19.0347 0x15f8  isapnp - ok
17:30:19.0394 0x15f8  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:30:19.0410 0x15f8  iScsiPrt - ok
17:30:19.0441 0x15f8  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:30:19.0441 0x15f8  kbdclass - ok
17:30:19.0488 0x15f8  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:30:19.0488 0x15f8  kbdhid - ok
17:30:19.0519 0x15f8  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
17:30:19.0519 0x15f8  KeyIso - ok
17:30:19.0551 0x15f8  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:30:19.0566 0x15f8  KSecDD - ok
17:30:19.0597 0x15f8  [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:30:19.0597 0x15f8  KSecPkg - ok
17:30:19.0660 0x15f8  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:30:19.0676 0x15f8  KtmRm - ok
17:30:19.0738 0x15f8  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:30:19.0754 0x15f8  LanmanServer - ok
17:30:19.0816 0x15f8  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:30:19.0816 0x15f8  LanmanWorkstation - ok
17:30:19.0910 0x15f8  [ CCAD2AAE36E24346488B0F54A049DE78, 6A698AA0952822515413B1A432D914C9B90C3B5A43DDC2A2D72D3ADE972998D0 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:30:19.0910 0x15f8  LightScribeService - ok
17:30:19.0957 0x15f8  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:30:19.0972 0x15f8  lltdio - ok
17:30:20.0019 0x15f8  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:30:20.0035 0x15f8  lltdsvc - ok
17:30:20.0066 0x15f8  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:30:20.0066 0x15f8  lmhosts - ok
17:30:20.0113 0x15f8  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:30:20.0129 0x15f8  LSI_FC - ok
17:30:20.0160 0x15f8  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:30:20.0160 0x15f8  LSI_SAS - ok
17:30:20.0191 0x15f8  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
17:30:20.0191 0x15f8  LSI_SAS2 - ok
17:30:20.0222 0x15f8  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:30:20.0222 0x15f8  LSI_SCSI - ok
17:30:20.0269 0x15f8  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
17:30:20.0269 0x15f8  luafv - ok
17:30:20.0316 0x15f8  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:30:20.0316 0x15f8  Mcx2Svc - ok
17:30:20.0426 0x15f8  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
17:30:20.0426 0x15f8  MDM - ok
17:30:20.0457 0x15f8  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:30:20.0457 0x15f8  megasas - ok
17:30:20.0519 0x15f8  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
17:30:20.0535 0x15f8  MegaSR - ok
17:30:20.0582 0x15f8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
17:30:20.0582 0x15f8  MMCSS - ok
17:30:20.0613 0x15f8  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
17:30:20.0629 0x15f8  Modem - ok
17:30:20.0660 0x15f8  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:30:20.0660 0x15f8  monitor - ok
17:30:20.0691 0x15f8  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:30:20.0691 0x15f8  mouclass - ok
17:30:20.0738 0x15f8  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
17:30:20.0738 0x15f8  mouhid - ok
17:30:20.0769 0x15f8  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:30:20.0769 0x15f8  mountmgr - ok
17:30:20.0847 0x15f8  [ 9E587AFE2AD4873C809F1E0C598AB435, 0B0ECFF265120BCBAC37CF9B53B18462725AB991D00B90DBEE8DD9375121DA4F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:30:20.0863 0x15f8  MozillaMaintenance - ok
17:30:20.0894 0x15f8  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:30:20.0894 0x15f8  mpio - ok
17:30:20.0941 0x15f8  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:30:20.0941 0x15f8  mpsdrv - ok
17:30:21.0019 0x15f8  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:30:21.0051 0x15f8  MpsSvc - ok
17:30:21.0097 0x15f8  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:30:21.0097 0x15f8  MRxDAV - ok
17:30:21.0144 0x15f8  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:30:21.0160 0x15f8  mrxsmb - ok
17:30:21.0191 0x15f8  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:30:21.0207 0x15f8  mrxsmb10 - ok
17:30:21.0238 0x15f8  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:30:21.0238 0x15f8  mrxsmb20 - ok
17:30:21.0269 0x15f8  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:30:21.0269 0x15f8  msahci - ok
17:30:21.0316 0x15f8  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:30:21.0316 0x15f8  msdsm - ok
17:30:21.0347 0x15f8  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
17:30:21.0363 0x15f8  MSDTC - ok
17:30:21.0410 0x15f8  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:30:21.0410 0x15f8  Msfs - ok
17:30:21.0441 0x15f8  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:30:21.0441 0x15f8  mshidkmdf - ok
17:30:21.0457 0x15f8  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:30:21.0457 0x15f8  msisadrv - ok
17:30:21.0519 0x15f8  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:30:21.0519 0x15f8  MSiSCSI - ok
17:30:21.0535 0x15f8  msiserver - ok
17:30:21.0582 0x15f8  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:30:21.0597 0x15f8  MSKSSRV - ok
17:30:21.0613 0x15f8  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:30:21.0613 0x15f8  MSPCLOCK - ok
17:30:21.0644 0x15f8  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:30:21.0644 0x15f8  MSPQM - ok
17:30:21.0676 0x15f8  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:30:21.0691 0x15f8  MsRPC - ok
17:30:21.0722 0x15f8  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:30:21.0738 0x15f8  mssmbios - ok
17:30:21.0769 0x15f8  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:30:21.0785 0x15f8  MSTEE - ok
17:30:21.0816 0x15f8  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
17:30:21.0816 0x15f8  MTConfig - ok
17:30:21.0847 0x15f8  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:30:21.0847 0x15f8  Mup - ok
17:30:21.0926 0x15f8  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
17:30:21.0926 0x15f8  napagent - ok
17:30:21.0988 0x15f8  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:30:22.0004 0x15f8  NativeWifiP - ok
17:30:22.0160 0x15f8  [ 5836B9E91863A00EC1B8E785EFD86ECB, 6D6BC5C8070FB82A30228A6D617F0A141E225F2EC5C27F2BA8B67B8A50ABBE69 ] NBService       D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
17:30:22.0191 0x15f8  NBService - ok
17:30:22.0269 0x15f8  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:30:22.0285 0x15f8  NDIS - ok
17:30:22.0347 0x15f8  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:30:22.0347 0x15f8  NdisCap - ok
17:30:22.0394 0x15f8  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:30:22.0394 0x15f8  NdisTapi - ok
17:30:22.0441 0x15f8  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:30:22.0441 0x15f8  Ndisuio - ok
17:30:22.0472 0x15f8  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:30:22.0488 0x15f8  NdisWan - ok
17:30:22.0519 0x15f8  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:30:22.0519 0x15f8  NDProxy - ok
17:30:22.0551 0x15f8  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:30:22.0551 0x15f8  NetBIOS - ok
17:30:22.0582 0x15f8  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:30:22.0597 0x15f8  NetBT - ok
17:30:22.0629 0x15f8  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
17:30:22.0629 0x15f8  Netlogon - ok
17:30:22.0691 0x15f8  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
17:30:22.0691 0x15f8  Netman - ok
17:30:22.0738 0x15f8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:30:22.0754 0x15f8  NetMsmqActivator - ok
17:30:22.0769 0x15f8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:30:22.0769 0x15f8  NetPipeActivator - ok
17:30:22.0816 0x15f8  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
17:30:22.0832 0x15f8  netprofm - ok
17:30:22.0863 0x15f8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:30:22.0863 0x15f8  NetTcpActivator - ok
17:30:22.0894 0x15f8  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:30:22.0894 0x15f8  NetTcpPortSharing - ok
17:30:22.0957 0x15f8  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:30:22.0957 0x15f8  nfrd960 - ok
17:30:23.0004 0x15f8  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:30:23.0019 0x15f8  NlaSvc - ok
17:30:23.0113 0x15f8  [ A328A46D87BB92CE4D8A4528E9D84787, D3245ED700151111592BA82FB675B284DA7FCE52B07A7F68352F64A402CAB37C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
17:30:23.0129 0x15f8  NMIndexingService - ok
17:30:23.0176 0x15f8  [ F6C40E0A565EE3CE5AEEB325E10054F2, 30C8BA41B1C235ECB2C7F29CD76C8F41B8D705BE7DD44F66666C28275EA56BAC ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
17:30:23.0176 0x15f8  nmwcd - ok
17:30:23.0207 0x15f8  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:30:23.0222 0x15f8  Npfs - ok
17:30:23.0269 0x15f8  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
17:30:23.0269 0x15f8  nsi - ok
17:30:23.0316 0x15f8  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:30:23.0316 0x15f8  nsiproxy - ok
17:30:23.0441 0x15f8  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:30:23.0488 0x15f8  Ntfs - ok
17:30:23.0535 0x15f8  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
17:30:23.0535 0x15f8  Null - ok
17:30:23.0582 0x15f8  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:30:23.0597 0x15f8  nvraid - ok
17:30:23.0629 0x15f8  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:30:23.0629 0x15f8  nvstor - ok
17:30:23.0660 0x15f8  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:30:23.0676 0x15f8  nv_agp - ok
17:30:23.0722 0x15f8  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:30:23.0722 0x15f8  ohci1394 - ok
17:30:23.0785 0x15f8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:30:23.0801 0x15f8  p2pimsvc - ok
17:30:23.0863 0x15f8  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:30:23.0879 0x15f8  p2psvc - ok
17:30:23.0926 0x15f8  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:30:23.0941 0x15f8  Parport - ok
17:30:23.0988 0x15f8  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:30:23.0988 0x15f8  partmgr - ok
17:30:24.0019 0x15f8  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:30:24.0019 0x15f8  Parvdm - ok
17:30:24.0066 0x15f8  [ 3A55D53687F16D9EF5BF307BBFEFCD9C, F1BB1B43442B151686500768C43A4D20CAA47427E78386953A42DDB42D9DDF0C ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:30:24.0082 0x15f8  PcaSvc - ok
17:30:24.0113 0x15f8  pccsmcfd - ok
17:30:24.0144 0x15f8  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
17:30:24.0144 0x15f8  pci - ok
17:30:24.0191 0x15f8  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:30:24.0191 0x15f8  pciide - ok
17:30:24.0222 0x15f8  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:30:24.0238 0x15f8  pcmcia - ok
17:30:24.0269 0x15f8  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:30:24.0269 0x15f8  pcw - ok
17:30:24.0426 0x15f8  [ F97DC1A5244469D367B1334D47118E34, A36B6C402F92BEBE14082296CBF5F69656ED87AB700789028799768FA1FE2A72 ] PDF Architect 2 C:\Program Files\PDF Architect 2\ws.exe
17:30:24.0472 0x15f8  PDF Architect 2 - ok
17:30:24.0566 0x15f8  [ B932EEFE2A1C456856E44B8A9A79D36C, 26DCB96E1FC177DF3192CEAB6BE2524E9D23F858E09A47530275174F6FD767BA ] PDF Architect 2 Creator C:\Program Files\PDF Architect 2\creator-ws.exe
17:30:24.0582 0x15f8  PDF Architect 2 Creator - ok
17:30:24.0676 0x15f8  [ E81F7D5371C95904D4105B06405D5EDA, A6A41793AC241801D37A95C25B2DA0C3CDDC804B4F2BD087ECBD30C562F3517B ] pdfforge CrashHandler C:\Program Files\PDF Architect 2\crash-handler-ws.exe
17:30:24.0722 0x15f8  pdfforge CrashHandler - ok
17:30:24.0801 0x15f8  [ 344D1FA0438A967F1A2BAA42C86D6E19, E9CB31CBD9075B84BA771CF82A4C3AB5BF57ADEA3E76ABE8FE36FEACFD681D89 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:30:24.0816 0x15f8  PEAUTH - ok
17:30:24.0972 0x15f8  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
17:30:25.0019 0x15f8  pla - ok
17:30:25.0082 0x15f8  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:30:25.0097 0x15f8  PlugPlay - ok
17:30:25.0129 0x15f8  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:30:25.0129 0x15f8  PNRPAutoReg - ok
17:30:25.0160 0x15f8  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:30:25.0176 0x15f8  PNRPsvc - ok
17:30:25.0254 0x15f8  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:30:25.0269 0x15f8  PolicyAgent - ok
17:30:25.0332 0x15f8  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
17:30:25.0332 0x15f8  Power - ok
17:30:25.0410 0x15f8  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:30:25.0410 0x15f8  PptpMiniport - ok
17:30:25.0441 0x15f8  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\drivers\processr.sys
17:30:25.0441 0x15f8  Processor - ok
17:30:25.0504 0x15f8  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:30:25.0519 0x15f8  ProfSvc - ok
17:30:25.0535 0x15f8  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:30:25.0535 0x15f8  ProtectedStorage - ok
17:30:25.0582 0x15f8  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:30:25.0582 0x15f8  Psched - ok
17:30:25.0644 0x15f8  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
17:30:25.0644 0x15f8  PxHelp20 - ok
17:30:25.0754 0x15f8  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:30:25.0816 0x15f8  ql2300 - ok
17:30:25.0847 0x15f8  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:30:25.0863 0x15f8  ql40xx - ok
17:30:25.0910 0x15f8  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
17:30:25.0926 0x15f8  QWAVE - ok
17:30:25.0957 0x15f8  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:30:25.0957 0x15f8  QWAVEdrv - ok
17:30:25.0988 0x15f8  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:30:26.0004 0x15f8  RasAcd - ok
17:30:26.0066 0x15f8  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:30:26.0066 0x15f8  RasAgileVpn - ok
17:30:26.0129 0x15f8  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
17:30:26.0129 0x15f8  RasAuto - ok
17:30:26.0191 0x15f8  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:26.0191 0x15f8  Rasl2tp - ok
17:30:26.0269 0x15f8  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
17:30:26.0301 0x15f8  RasMan - ok
17:30:26.0347 0x15f8  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:26.0347 0x15f8  RasPppoe - ok
17:30:26.0410 0x15f8  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:30:26.0410 0x15f8  RasSstp - ok
17:30:26.0441 0x15f8  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:30:26.0457 0x15f8  rdbss - ok
17:30:26.0504 0x15f8  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
17:30:26.0519 0x15f8  rdpbus - ok
17:30:26.0551 0x15f8  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:26.0551 0x15f8  RDPCDD - ok
17:30:26.0597 0x15f8  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:30:26.0597 0x15f8  RDPENCDD - ok
17:30:26.0660 0x15f8  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:30:26.0660 0x15f8  RDPREFMP - ok
17:30:26.0754 0x15f8  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:30:26.0754 0x15f8  RdpVideoMiniport - ok
17:30:26.0816 0x15f8  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:30:26.0832 0x15f8  RDPWD - ok
17:30:26.0894 0x15f8  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:30:26.0894 0x15f8  rdyboost - ok
17:30:26.0941 0x15f8  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:30:26.0941 0x15f8  RemoteAccess - ok
17:30:27.0004 0x15f8  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:30:27.0004 0x15f8  RemoteRegistry - ok
17:30:27.0144 0x15f8  [ 06A49B7BDC36CFBF97DD90804F833369, 0E02B50F9F371162E18D5E4FFEF1669E9B5B75460618B10FD31E63F2ACC50A90 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:30:27.0160 0x15f8  RichVideo - ok
17:30:27.0207 0x15f8  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:30:27.0222 0x15f8  RpcEptMapper - ok
17:30:27.0269 0x15f8  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
17:30:27.0269 0x15f8  RpcLocator - ok
17:30:27.0332 0x15f8  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
17:30:27.0332 0x15f8  RpcSs - ok
17:30:27.0410 0x15f8  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:30:27.0410 0x15f8  rspndr - ok
17:30:27.0472 0x15f8  [ 4E20765744BFBC16F6D6E5BD5598786B, CDB5AB7F8BE3C0085D08DC00CC8DB3266ABA16228B2F022380482C9D05070839 ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
17:30:27.0472 0x15f8  RTL8023xp - ok
17:30:27.0504 0x15f8  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
17:30:27.0504 0x15f8  SamSs - ok
17:30:27.0660 0x15f8  [ AB60A0447A8C4B8FB5706D9BDF7DC156, 6DDC4252E8B3D38E4D98A516894DEBFE6E6C8D33DC76200C671810A15ADD7318 ] Samsung Network Fax Server C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe
17:30:27.0676 0x15f8  Samsung Network Fax Server - ok
17:30:27.0722 0x15f8  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:30:27.0722 0x15f8  sbp2port - ok
17:30:27.0785 0x15f8  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:30:27.0801 0x15f8  SCardSvr - ok
17:30:27.0832 0x15f8  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:30:27.0832 0x15f8  scfilter - ok
17:30:27.0957 0x15f8  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
17:30:28.0004 0x15f8  Schedule - ok
17:30:28.0051 0x15f8  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:30:28.0051 0x15f8  SCPolicySvc - ok
17:30:28.0113 0x15f8  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:30:28.0129 0x15f8  SDRSVC - ok
17:30:28.0363 0x15f8  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
17:30:28.0426 0x15f8  SDScannerService - ok
17:30:28.0691 0x15f8  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
17:30:28.0769 0x15f8  SDUpdateService - ok
17:30:28.0926 0x15f8  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
17:30:28.0926 0x15f8  SDWSCService - ok
17:30:28.0988 0x15f8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:30:28.0988 0x15f8  secdrv - ok
17:30:29.0051 0x15f8  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
17:30:29.0051 0x15f8  seclogon - ok
17:30:29.0097 0x15f8  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
17:30:29.0113 0x15f8  SENS - ok
17:30:29.0160 0x15f8  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:30:29.0160 0x15f8  SensrSvc - ok
17:30:29.0191 0x15f8  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:30:29.0207 0x15f8  Serenum - ok
17:30:29.0254 0x15f8  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:30:29.0269 0x15f8  Serial - ok
17:30:29.0301 0x15f8  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:30:29.0301 0x15f8  sermouse - ok
17:30:29.0410 0x15f8  [ C3BB6CF8F9EE199005A2AAE2815AD756, 7A817599C2F3AD819D643223AA714CCCB790EE5983096D8D9CD2D626D6924837 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:30:29.0441 0x15f8  ServiceLayer - ok
17:30:29.0504 0x15f8  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:30:29.0519 0x15f8  SessionEnv - ok
17:30:29.0566 0x15f8  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:30:29.0566 0x15f8  sffdisk - ok
17:30:29.0582 0x15f8  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:30:29.0597 0x15f8  sffp_mmc - ok
17:30:29.0629 0x15f8  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:30:29.0629 0x15f8  sffp_sd - ok
17:30:29.0644 0x15f8  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:30:29.0644 0x15f8  sfloppy - ok
17:30:29.0722 0x15f8  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:30:29.0722 0x15f8  SharedAccess - ok
17:30:29.0785 0x15f8  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:30:29.0801 0x15f8  ShellHWDetection - ok
17:30:29.0847 0x15f8  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:30:29.0847 0x15f8  sisagp - ok
17:30:29.0894 0x15f8  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
17:30:29.0894 0x15f8  SiSRaid2 - ok
17:30:29.0926 0x15f8  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:30:29.0926 0x15f8  SiSRaid4 - ok
17:30:30.0004 0x15f8  [ 7C15061CD0372487903B07B9BB03AFAD, FB96CDA29C7C1E8A315BA89E8B150918E59F32CE749D3EF43FCBEB3FB57BF1C6 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:30:30.0019 0x15f8  SkypeUpdate - ok
17:30:30.0051 0x15f8  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:30:30.0051 0x15f8  Smb - ok
17:30:30.0129 0x15f8  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:30:30.0144 0x15f8  SNMPTRAP - ok
17:30:30.0176 0x15f8  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:30:30.0191 0x15f8  spldr - ok
17:30:30.0254 0x15f8  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
17:30:30.0269 0x15f8  Spooler - ok
17:30:30.0457 0x15f8  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
17:30:30.0597 0x15f8  sppsvc - ok
17:30:30.0644 0x15f8  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:30:30.0644 0x15f8  sppuinotify - ok
17:30:30.0707 0x15f8  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:30:30.0722 0x15f8  srv - ok
17:30:30.0769 0x15f8  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:30:30.0785 0x15f8  srv2 - ok
17:30:30.0816 0x15f8  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:30:30.0816 0x15f8  srvnet - ok
17:30:30.0879 0x15f8  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:30:30.0879 0x15f8  SSDPSRV - ok
17:30:30.0941 0x15f8  [ EF3458337D7341A05169CEFC73709264, C9D0AE966CFA02F7B72586C2A6E2AFA9818C9F4856A4E9625B79BC5A886FC193 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
17:30:30.0941 0x15f8  SSPORT - ok
17:30:30.0988 0x15f8  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:30:30.0988 0x15f8  SstpSvc - ok
17:30:31.0035 0x15f8  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\drivers\stexstor.sys
17:30:31.0035 0x15f8  stexstor - ok
17:30:31.0129 0x15f8  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:30:31.0144 0x15f8  StiSvc - ok
17:30:31.0191 0x15f8  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:30:31.0191 0x15f8  swenum - ok
17:30:31.0238 0x15f8  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
17:30:31.0254 0x15f8  swprv - ok
17:30:31.0347 0x15f8  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
17:30:31.0394 0x15f8  SysMain - ok
17:30:31.0457 0x15f8  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
17:30:31.0457 0x15f8  TabletInputService - ok
17:30:31.0504 0x15f8  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:30:31.0519 0x15f8  TapiSrv - ok
17:30:31.0535 0x15f8  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
17:30:31.0551 0x15f8  TBS - ok
17:30:31.0660 0x15f8  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:30:31.0722 0x15f8  Tcpip - ok
17:30:31.0816 0x15f8  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:30:31.0863 0x15f8  TCPIP6 - ok
17:30:31.0926 0x15f8  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:30:31.0926 0x15f8  tcpipreg - ok
17:30:31.0988 0x15f8  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:30:31.0988 0x15f8  TDPIPE - ok
17:30:32.0019 0x15f8  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:30:32.0019 0x15f8  TDTCP - ok
17:30:32.0082 0x15f8  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:30:32.0082 0x15f8  tdx - ok
17:30:32.0113 0x15f8  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:30:32.0113 0x15f8  TermDD - ok
17:30:32.0176 0x15f8  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
17:30:32.0207 0x15f8  TermService - ok
17:30:32.0254 0x15f8  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
17:30:32.0254 0x15f8  Themes - ok
17:30:32.0285 0x15f8  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:30:32.0301 0x15f8  THREADORDER - ok
17:30:32.0363 0x15f8  [ E4FAD21646088D79F8889B6531396ACF, D0C8F0E3293D423245FD2233F283A1FE2463E15F8B9F4ED6AC96C2164EC51F75 ] TomTomHOMEService D:\Programme\TomTom HOME 2\TomTomHOMEService.exe
17:30:32.0363 0x15f8  TomTomHOMEService - ok
17:30:32.0426 0x15f8  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
17:30:32.0426 0x15f8  TrkWks - ok
17:30:32.0519 0x15f8  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:30:32.0519 0x15f8  TrustedInstaller - ok
17:30:32.0597 0x15f8  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:32.0597 0x15f8  tssecsrv - ok
17:30:32.0644 0x15f8  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:30:32.0644 0x15f8  TsUsbFlt - ok
17:30:32.0691 0x15f8  [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
17:30:32.0691 0x15f8  TsUsbGD - ok
17:30:32.0879 0x15f8  [ 110F9D73BEB93EB2CDB0A0D9101F8164, F60F3DD6A63D875701FFC3BAB475108E9EF5C2B99E815972D9417A197E863A4C ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
17:30:32.0926 0x15f8  TuneUp.UtilitiesSvc - ok
17:30:32.0972 0x15f8  [ E5049C43601473B5A909058596111229, 96CFE481F767C66FA2877594384086C1BE8B2BADBF12DBF4CB72CF73898D0876 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys
17:30:32.0972 0x15f8  TuneUpUtilitiesDrv - ok
17:30:33.0019 0x15f8  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:30:33.0019 0x15f8  tunnel - ok
17:30:33.0066 0x15f8  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:30:33.0066 0x15f8  uagp35 - ok
17:30:33.0129 0x15f8  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:30:33.0144 0x15f8  udfs - ok
17:30:33.0207 0x15f8  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:30:33.0207 0x15f8  UI0Detect - ok
17:30:33.0238 0x15f8  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:30:33.0238 0x15f8  uliagpkx - ok
17:30:33.0285 0x15f8  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:30:33.0285 0x15f8  umbus - ok
17:30:33.0316 0x15f8  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\drivers\umpass.sys
17:30:33.0316 0x15f8  UmPass - ok
17:30:33.0363 0x15f8  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
17:30:33.0379 0x15f8  upnphost - ok
17:30:33.0426 0x15f8  [ 587E643A4E2FFD9A00F114B057CEB773, CEB821A89FAE95D8CFAF468EEDA349B666C3FC13E1D142D5141484D621681197 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
17:30:33.0426 0x15f8  upperdev - ok
17:30:33.0519 0x15f8  [ D339B7E74D908EEBEB4B4413B756150B, 96F4E297EED813E18DD6D5A778A7C535C89D2669083A4EC3D25B837066EF2BA2 ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA.sys
17:30:33.0551 0x15f8  USB28xxBGA - ok
17:30:33.0629 0x15f8  [ 65C288D96EB8DBB6FE6787011E99665C, B7D1432EE003A30BA64438A08FA92CAC7E6F26D4CE6AE570F0ABA8C2C7262591 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM.sys
17:30:33.0660 0x15f8  USB28xxOEM - ok
17:30:33.0722 0x15f8  [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:30:33.0722 0x15f8  usbaudio - ok
17:30:33.0769 0x15f8  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:33.0769 0x15f8  usbccgp - ok
17:30:33.0816 0x15f8  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:30:33.0816 0x15f8  usbcir - ok
17:30:33.0863 0x15f8  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:30:33.0863 0x15f8  usbehci - ok
17:30:33.0926 0x15f8  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:30:33.0926 0x15f8  usbhub - ok
17:30:33.0972 0x15f8  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:30:33.0988 0x15f8  usbohci - ok
17:30:34.0019 0x15f8  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:30:34.0035 0x15f8  usbprint - ok
17:30:34.0082 0x15f8  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:30:34.0082 0x15f8  usbscan - ok
17:30:34.0144 0x15f8  [ 007C0C8D5B01D82ACEB70431D15083F6, 7EAF68CD3C38D3CD2CDFEE9ECE1DFB38E274F1F9E6F70B73BCE1336E87D5496C ] usbser          C:\Windows\system32\drivers\usbser.sys
17:30:34.0144 0x15f8  usbser - ok
17:30:34.0191 0x15f8  [ FCA6A196D47CB972A0E4ADC0DB9CD17C, 31EF8E3839C3EB9404B72ABE777060B831AFAFAD51E10ADEB72E41DCC4FE8D47 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
17:30:34.0191 0x15f8  UsbserFilt - ok
17:30:34.0222 0x15f8  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:34.0222 0x15f8  USBSTOR - ok
17:30:34.0269 0x15f8  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:30:34.0285 0x15f8  usbuhci - ok
17:30:34.0332 0x15f8  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
17:30:34.0332 0x15f8  UxSms - ok
17:30:34.0347 0x15f8  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
17:30:34.0363 0x15f8  VaultSvc - ok
17:30:34.0410 0x15f8  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:30:34.0410 0x15f8  vdrvroot - ok
17:30:34.0472 0x15f8  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
17:30:34.0488 0x15f8  vds - ok
17:30:34.0535 0x15f8  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:34.0535 0x15f8  vga - ok
17:30:34.0566 0x15f8  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:30:34.0582 0x15f8  VgaSave - ok
17:30:34.0613 0x15f8  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:30:34.0613 0x15f8  vhdmp - ok
17:30:34.0660 0x15f8  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:30:34.0660 0x15f8  viaagp - ok
17:30:34.0691 0x15f8  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:30:34.0707 0x15f8  ViaC7 - ok
17:30:34.0738 0x15f8  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
17:30:34.0738 0x15f8  viaide - ok
17:30:34.0769 0x15f8  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:30:34.0769 0x15f8  volmgr - ok
17:30:34.0816 0x15f8  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:30:34.0816 0x15f8  volmgrx - ok
17:30:34.0879 0x15f8  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:30:34.0894 0x15f8  volsnap - ok
17:30:34.0941 0x15f8  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:30:34.0941 0x15f8  vsmraid - ok
17:30:35.0035 0x15f8  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
17:30:35.0066 0x15f8  VSS - ok
17:30:35.0207 0x15f8  [ C3382C99F1D10BCBEBC689BF847B77B5, BB11A866595D745BA7427CCB9E1F39F2340BC55B3E61B48B47B8E64384D3FFEA ] vToolbarUpdater3.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
17:30:35.0254 0x15f8  vToolbarUpdater3.2.0 - ok
17:30:35.0301 0x15f8  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:30:35.0301 0x15f8  vwifibus - ok
17:30:35.0332 0x15f8  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
17:30:35.0347 0x15f8  W32Time - ok
17:30:35.0410 0x15f8  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:30:35.0410 0x15f8  WacomPen - ok
17:30:35.0457 0x15f8  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:30:35.0457 0x15f8  WANARP - ok
17:30:35.0472 0x15f8  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:30:35.0472 0x15f8  Wanarpv6 - ok
17:30:35.0597 0x15f8  [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
17:30:35.0644 0x15f8  WatAdminSvc - ok
17:30:35.0769 0x15f8  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
17:30:35.0832 0x15f8  wbengine - ok
17:30:35.0894 0x15f8  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:30:35.0894 0x15f8  WbioSrvc - ok
17:30:35.0957 0x15f8  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:30:35.0972 0x15f8  wcncsvc - ok
17:30:36.0004 0x15f8  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:30:36.0019 0x15f8  WcsPlugInService - ok
17:30:36.0066 0x15f8  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\drivers\wd.sys
17:30:36.0066 0x15f8  Wd - ok
17:30:36.0191 0x15f8  [ BF847A3972CC6B5CE26E0EA742DD52D9, F8EEAB98260A6D1A1426842F5DE7F28186784FBE30C86EFF4FD3BFFBCF9F277F ] WDDMService     C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
17:30:36.0207 0x15f8  WDDMService - ok
17:30:36.0285 0x15f8  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:30:36.0316 0x15f8  Wdf01000 - ok
17:30:36.0488 0x15f8  [ B5966F1DFF6E20576F3C8C2D93D129FD, 215526629D2160B15117B4F2395AA8B2B01A1237F9320B6CF33B668F7F36B2F5 ] WDFME           C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
17:30:36.0551 0x15f8  WDFME - ok
17:30:36.0582 0x15f8  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:30:36.0582 0x15f8  WdiServiceHost - ok
17:30:36.0613 0x15f8  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:30:36.0613 0x15f8  WdiSystemHost - ok
17:30:36.0691 0x15f8  [ 92F0088CA18BB08BB596EF2608256F8A, 70DD5E23505719DB114B8E78770CDB48B985FB8F00AF59B9BB191600D52D95A5 ] WDSC            C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
17:30:36.0707 0x15f8  WDSC - ok
17:30:36.0769 0x15f8  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
17:30:36.0785 0x15f8  WebClient - ok
17:30:36.0894 0x15f8  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:30:36.0910 0x15f8  Wecsvc - ok
17:30:36.0957 0x15f8  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:30:36.0972 0x15f8  wercplsupport - ok
17:30:37.0035 0x15f8  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
17:30:37.0035 0x15f8  WerSvc - ok
17:30:37.0082 0x15f8  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:30:37.0097 0x15f8  WfpLwf - ok
17:30:37.0129 0x15f8  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:30:37.0129 0x15f8  WIMMount - ok
17:30:37.0269 0x15f8  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:30:37.0301 0x15f8  WinDefend - ok
17:30:37.0347 0x15f8  WinHttpAutoProxySvc - ok
17:30:37.0472 0x15f8  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:30:37.0488 0x15f8  Winmgmt - ok
17:30:37.0629 0x15f8  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:30:37.0660 0x15f8  WinRM - ok
17:30:37.0785 0x15f8  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:30:37.0785 0x15f8  WinUsb - ok
17:30:37.0926 0x15f8  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:30:37.0988 0x15f8  Wlansvc - ok
17:30:38.0019 0x15f8  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:30:38.0019 0x15f8  WmiAcpi - ok
17:30:38.0082 0x15f8  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:30:38.0097 0x15f8  wmiApSrv - ok
17:30:38.0269 0x15f8  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:30:38.0332 0x15f8  WMPNetworkSvc - ok
17:30:38.0394 0x15f8  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:30:38.0410 0x15f8  WPCSvc - ok
17:30:38.0457 0x15f8  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:30:38.0472 0x15f8  WPDBusEnum - ok
17:30:38.0504 0x15f8  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:30:38.0519 0x15f8  ws2ifsl - ok
17:30:38.0566 0x15f8  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
17:30:38.0582 0x15f8  wscsvc - ok
17:30:38.0597 0x15f8  WSearch - ok
17:30:38.0801 0x15f8  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
17:30:38.0894 0x15f8  wuauserv - ok
17:30:38.0957 0x15f8  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:30:38.0957 0x15f8  WudfPf - ok
17:30:39.0004 0x15f8  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:39.0004 0x15f8  WUDFRd - ok
17:30:39.0066 0x15f8  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:30:39.0082 0x15f8  wudfsvc - ok
17:30:39.0129 0x15f8  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:30:39.0144 0x15f8  WwanSvc - ok
17:30:39.0191 0x15f8  ================ Scan global ===============================
17:30:39.0238 0x15f8  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
17:30:39.0285 0x15f8  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:30:39.0316 0x15f8  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
17:30:39.0363 0x15f8  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
17:30:39.0426 0x15f8  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
17:30:39.0441 0x15f8  [ Global ] - ok
17:30:39.0457 0x15f8  ================ Scan MBR ==================================
17:30:39.0472 0x15f8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:30:39.0644 0x15f8  \Device\Harddisk0\DR0 - ok
17:30:39.0660 0x15f8  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:30:39.0676 0x15f8  \Device\Harddisk1\DR1 - ok
17:30:39.0691 0x15f8  ================ Scan VBR ==================================
17:30:39.0707 0x15f8  [ 6164367842B2B6E1C5F2B9BFA10C83A7 ] \Device\Harddisk0\DR0\Partition1
17:30:39.0707 0x15f8  \Device\Harddisk0\DR0\Partition1 - ok
17:30:39.0707 0x15f8  [ D18C3DC1E36D73B629A262261C6A0FEF ] \Device\Harddisk0\DR0\Partition2
17:30:39.0722 0x15f8  \Device\Harddisk0\DR0\Partition2 - ok
17:30:39.0722 0x15f8  [ F0E8303CD3AC156178A855292988E1F6 ] \Device\Harddisk0\DR0\Partition3
17:30:39.0738 0x15f8  \Device\Harddisk0\DR0\Partition3 - ok
17:30:39.0738 0x15f8  [ 35B1B5D58EC7C9C30B69455808156ED8 ] \Device\Harddisk1\DR1\Partition1
17:30:39.0738 0x15f8  \Device\Harddisk1\DR1\Partition1 - ok
17:30:39.0754 0x15f8  ================ Scan generic autorun ======================
17:30:39.0816 0x15f8  [ EB7711A785E5B12F153C715CC91BC76F, A83820C9D8347E7B080453BEFE4E84D74817936B6C97459A361A8C3C9EA73BCD ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
17:30:39.0832 0x15f8  CDAServer - ok
17:30:40.0066 0x15f8  [ 7E713E2ED0226EA82E97A630684115BE, C99F83CF01E7926DE8D2FBCDFA9565D2BCC2D156976458367AEBDB3B327FB849 ] C:\Program Files\AVG\AVG2015\avgui.exe
17:30:40.0144 0x15f8  AVG_UI - ok
17:30:40.0347 0x15f8  [ 1E677E475F85F6CB94AE42B545F45FE7, C2CCEC00E28B7D057FE1E96BC7934EDF40C5F79A149B8061334FDB90AC1F98B6 ] C:\Program Files\AVG Web TuneUp\vprot.exe
17:30:40.0410 0x15f8  vProt - ok
17:30:40.0504 0x15f8  [ F0CE006E1D14F45959985A05F8E81204, D9FE67DB4CEDB3B09A48C305DDE983A15695EE41C68CE222880D002C0D5D7688 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
17:30:40.0519 0x15f8  APSDaemon - ok
17:30:40.0754 0x15f8  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
17:30:40.0832 0x15f8  SDTray - ok
17:30:40.0972 0x15f8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:30:41.0019 0x15f8  Sidebar - ok
17:30:41.0066 0x15f8  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:30:41.0066 0x15f8  mctadmin - ok
17:30:41.0144 0x15f8  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
17:30:41.0176 0x15f8  Sidebar - ok
17:30:41.0191 0x15f8  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
17:30:41.0191 0x15f8  mctadmin - ok
17:30:41.0207 0x15f8  EEDSpeedLauncher - ok
17:30:41.0707 0x15f8  [ 805210C8DB11D5799E7172923959BF98, A8DCB8A6FDE5ED583D329D6D8A5979FFD3E844046335529BB2E81A5D310E5894 ] D:\Programme\CCleaner\CCleaner.exe
17:30:41.0832 0x15f8  CCleaner Monitoring - ok
17:30:41.0863 0x15f8  Waiting for KSN requests completion. In queue: 78
17:30:42.0863 0x15f8  Waiting for KSN requests completion. In queue: 78
17:30:43.0863 0x15f8  Waiting for KSN requests completion. In queue: 78
17:30:44.0957 0x15f8  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.5645 ), 0x41000 ( enabled : updated )
17:30:45.0051 0x15f8  Win FW state via NFP2: enabled
17:30:47.0597 0x15f8  ============================================================
17:30:47.0597 0x15f8  Scan finished
17:30:47.0597 0x15f8  ============================================================
17:30:47.0613 0x14a4  Detected object count: 0
17:30:47.0613 0x14a4  Actual detected object count: 0



Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.18.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
Bade :: WEB2-PC [administrator]

18.01.2015 16:50:31
mbar-log-2015-01-18 (16-50-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 429144
Time elapsed: 34 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 18.01.2015, 19:43   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF

Alt 19.01.2015, 14:02   #7
lupomar
 
Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Hi, Schrauber -
habe AVG deaktiviert bis zu nächsten Hochfahren - Combofix moniert dass Spybot search
and destroy scanner noch aktiv ist und deaktiviert wird, da sonst Ergebnisse verfälscht bzw.
Schäden am Computer verursacht werden können.

Bevor ich im pop-up Fenster auf ok drücke muss das passieren - habe aber in den gesamten Einstellungen von Spybot keine deaktivierungsfunktion entdecken können, Was mache ich jetzt ???

d r i n g e n d

Hi, Schrauber - hier noch mal lupomar +
Spybotanweisung lt. Internet funktioniert so nicht - stattdessen muss man Systemintegration
deaktivieren für sämtliche Haken - wird dann beim nächsten Hochfahren aktiv.

Habe das erste Mal noch auf OK gedrückt - kam Meldung von Combofix, dass Spybot scanning noch immer aktiv ist, er aber trotzdem mit dem Scan startet - nun ja.

Scan lief dann für etwa drei Minuten, dann hörte das Scanning-Geräusch des Computers auf,
der Curser blinkte, aber es tat sich für die nächsten 15 Min. absolut nichts. Buttons auf dem
Desktop waren bei Versuch absolut inaktiv, also offensichtlich Aufhängung, woraufhin Zwangsbeendung und anschliessender Neustart - bei Frage : Windows normal gestartet.

Erneutes Deaktivieren von AVG, Spybot jetzt definitiv aktiviert und Combofix unter Downloads erneut gestartet.

Das gleiche Spielchen, die ersten ca. 3 Min. aktives Scannen mit Geräusch, dann Stille und blinkender Curser - diesmal halbe Stunde ereignislos gewartet, dann Versuch PC normal herunterzufahren, ging nicht, also Zwangsbeendung mit separaten Neustart, bei Frage WIN normal gestartet - Dich kontaktiert.

Was nun, sprach Zeuss ...

höre gerne

MfG
lupomar

19.1. 12:03
Hi, Schrauber -
in meinem letzten post muss es natürlich heissen: spybot definitiv deaktiviert statt aktiviert - sorry, war wohl schon etwas spät.

Heute morgen habe ich Combofix sicherheitshalber noch mal laufen lassen - aber wieder gleiches Resultat - es hängt sich nach ca. 3 Minuten aktiven Scannens auf - auch nach langem Zuwarten keine Reaktion - kein Cursor Zeiger mehr, also Zwangsbeendung.

Vermutest Du dass bei meinem Rechner trotz der diversen anderen checks noch etwas im Gebälk schlummert ?

Gruss, lupomar

Hi, Schrauber -
der Vollständigkeit halber habe ich auch noch mal einen aktuellen Spybot deep Rootkitscan laufen lassen.

Davon hatte ich ursprünglich snipping tool Aufnahmen gemacht, wusste aber nicht wie man diese an einen post anhängt.

Zwischenzeitlich habe ich auch die logs gefunden, die ich Dir nun im Original sende. Das Bild ist seit Anfang an konstant unverändert - bei den AVG Rootkits ging ich bisher davon aus, dass diese harmlos sind. Anders kann es für den Block danach aussehen, der im Original display mit roten Fahnen versehen war.

Evtl. schafft das ja zusätzliche Klarheit.

Gruss, lupomar

[/CODE]// info: Rootkit removal help file
// copyright: (c) 2008-2015 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Unknown ADS","C:\Users\Bade\Documents\Scanned Documents\Begrüßungsscan.jpg:3or4kl4x13tuuug3Byamue2s4b:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2015\chjw\1cf4b2ece0078f0.dat:2c188f3a-f536-4b29-82aa-8157a6535904:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2015\chjw\1cf4b309fb338f0.dat:4e82f262-0f64-4f22-83df-2f5dd6caeb49:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2015\chjw\1cf4b30cf32a570.dat:4e1d4d75-a225-4444-be15-bd1722840222:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2015\chjw\9c64d17064d14da0.dat:89294b24-043a-4b6b-89c8-d43383fb9331:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2015\chjw\9c64d17064d14da0.dat:af9aaf70-e054-4b4a-8a73-e41375175c58:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2015\chjw\9c64d17064d14da0.dat:e018e505-8140-4417-b40f-d87859459e39:$DATA"
File:"Unknown ADS","C:\ProgramData\AVG2015\chjw\9c64d17064d14da0.dat:e84ad031-edad-410a-8026-624f8b1b5e28:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0B4227B4:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\10e8cd86e8cd6a94.dat:ba714a0c-d7d9-496b-8d2a-fd5eac8dbf6c:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\1cf4b2ece0078f0.dat:d29c3669-b8c0-413f-99df-b415f78ee662:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\1cf4b309fb338f0.dat:e094197f-a7c4-4c6b-a18d-642624e3641d:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\1cf4b30cf32a570.dat:3cf7031c-4dd3-412e-8e98-101eb99d7654:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\9c64d17064d14da0.dat:1a3a1755-d7d8-4f0d-8d63-d95a41f72b15:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\9c64d17064d14da0.dat:49565441-93a0-493b-8f4f-802c51fb3175:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\9c64d17064d14da0.dat:49e66a72-68b7-4f12-b790-9f40eaa2a90c:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\da5cd8b35cd88b9f.dat:718fd666-f5ea-400c-a112-cc46b1f7d30e:$DATA"
File:"Unknown ADS","C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2014\chjw\dc244c90244c6f96.dat:16a26e21-cd6a-402f-b426-bd4f6e52424f:$DATA"
File:"Unknown ADS","C:\ComboFix\f_system:test:$DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\","InprocServer32<0x00>"
RegyKey:"Zero char in key name","HKEY_LOCAL_MACHINE","\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\","InprocServer32<0x00>"
[/CODE]

Alt 19.01.2015, 16:04   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Da werden nur ADS gefunden.

Spybot deinstallieren (nutzt das heute noch jemand?), dann Combofix.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.01.2015, 17:45   #9
lupomar
 
Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Hi, Schrauber -
Dein Wort ist mir wie immer Befehl - obwohl Spybot definitiv deaktiviert war, und ja, dieses wird noch von sehr vielen Leuten genutzt und zwar speziell in der modernen neuen, erweiterten Version. Ich habe Erfahrungen seit ca. 15 Jahren damit und kann für diverse Ereignisse bestätigen, dass es häufig Malware erkannt hat, die sonst von keiner anderen Software gesehen wurde.

Und es läuft immer ohne Beanstandung, was ich Dir leider von Deiner Spezial-Software nicht bestätigen kann. Auch nach Deinstallation von Spybot (also ob mit oder ohne) das gleiche Spiel: ca. 3 Minuten Scan, dann hängt sich die Software zusammen mit dem Rechner auf, auch wenn niemand irgend etwas berührt, wie ja bereits von Dir vorsorglich avisiert - sorry, aber sie zickt immer noch. Wat nu' ???

Gruss
lupomar

Alt 19.01.2015, 20:24   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Das ist nit meine Software

Zitat:
dass es häufig Malware erkannt hat, die sonst von keiner anderen Software gesehen wurde.
Ehm, ja. Das sieht man ja eindeutig oben an dem Log


Poste bitte nochmal ein frisches FRST log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.01.2015, 22:30   #11
lupomar
 
Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Hi, Schrauber -
Ehm ja, vielleicht nit Deine, aber das Original wie auf bleeping computers ist es auch nicht mehr. Das kommt in Anbetracht der erheblichen Risiken und Komplikationen der software mit einer detailed Guideline, die aber wegen der veränderten Oberfläche nicht mehr so richtig pass passt - nun ja. Hilft aber weiter, wenigstens die Funktion der software zu begreifen und zu erkennen, was falsch läuft.

Ironie bei der Erkennung von anderer Software hilft nicht wirklich weiter wenn die anderen tools null Erkennungen melden - sorry, bin vielleicht zu sehr Laie.

Hier die frischen FRST logs:

LG lupomar
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by Bade at 2015-01-19 22:17:28
Running from C:\Users\Bade\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\{8F9B1C8E-F50E-4139-8701-45016021E102}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
Any Video Converter 5.5.8 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.5.5.0 - SlySoft)
Apple Application Support (HKLM\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 3 (HKLM\...\{A5F68DC8-0278-4AD8-B413-861509B5F25B}) (Version:  - ArcSoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4260 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM\...\AVG Web TuneUp) (Version: 3.2.0.18 - AVG Technologies)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite (HKLM\...\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}) (Version: 1.00.000 - )
BUFFALO eco Manager for HD (HKLM\...\UN080616) (Version:  - )
BUFFALO TurboUSB for FLASH/HDD (HKLM\...\UN070618) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CloneDVDmobile (HKLM\...\CloneDVDmobile) (Version: 1.9.0.1 - SlySoft)
C-Media 3D Audio (HKLM\...\C-Media Audio) (Version:  - )
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corp.)
Debugging Tools for Windows (x86) (HKLM\...\{300A2961-B2B5-4889-9CB9-5C2A570D08AD}) (Version: 6.11.1.404 - Microsoft Corporation)
EVEREST Home Edition v2.20 (HKLM\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
EZ Tape Converter 2.0.0 by MixMeister (HKLM\...\EZ Tape Converter by MixMeister_is1) (Version:  - MixMeister Technology LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
iTunes (HKLM\...\{0A37EE62-9A58-420D-90CC-4E52153112EE}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Laplink PCmover Upgrade Assistant (HKLM\...\{F65BA800-3F9A-4265-A1C9-C631F269C583}) (Version: 8.20.635 - Laplink Software, Inc.)
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 6.01.0723.01 - )
LightScribe System Software  1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Bootvis (HKLM\...\{0F9196C6-58B4-445B-B56E-B1200FECC151}) (Version: 1.3.37 - Microsoft)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office XP Professional mit FrontPage (HKLM\...\{90280407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 7.0  (HKLM\...\{EDDDC607-91D9-4758-9F57-265FDCD8A772}) (Version: 07.02.0702 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 35.0 (x86 de) (HKLM\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MPC-HC 1.7.3 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.3 - MPC-HC Team)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771031}) (Version: 7.03.0918 - Nero AG)
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.91.000 - )
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 Create Module (HKLM\...\{03EC56DE-6424-43D7-A020-1EEE3E8159DE}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Personal Backup 5.6 (HKLM\...\Personal Backup 5_is1) (Version: 5.6 - Dr. J. Rathlev)
PHOTOfunSTUDIO 6.1 HD Lite Edition (HKLM\...\{7E653036-DE31-4BFD-96BB-421CC72E06FC}) (Version: 6.01.015 - Panasonic Corporation)
PictureProject (HKLM\...\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}) (Version: 1.0 - )
Platform (Version: 1.1 - VIA Technologies, Inc.) Hidden
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - PowerDVDCorp.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 063604(3.7)_Vista_LG - CyberLink Corp.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.92 (HKLM\...\Revo Uninstaller) (Version: 1.92 - VS Revo Group)
Router monopuerto (HKLM\...\KitAim20CT5071RoHS) (Version:  - )
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.05.62 (30.04.2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.03.30.00(24.05.2013) - Samsung Electronics Co., Ltd.)
Samsung M267x 287x Series (HKLM\...\Samsung M267x 287x Series) (Version: 1.20 (10.07.2013) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.10.05 (23.05.2013) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.00.56.01 - Samsung Electronics Co., Ltd.) Hidden
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version:  - Microsoft Corporation)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
TomTom HOME (HKLM\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.340 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.340 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 13.0.4000.179 - TuneUp Software) Hidden
VIA Plattform-Geräte-Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.1 - VIA Technologies, Inc.)
Video Grabber  Driver Setup (HKLM\...\{3FF76A1B-13C9-4336-BBCF-B007A745B065}) (Version: 1.00.0000 - Medion)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD SmartWare (HKLM\...\{BC3804E5-77CC-47A0-8BD5-797355A26BA3}) (Version: 1.4.5.5 - Western Digital)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2674687411-896115206-3012793717-1003_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0943BD77-76F8-4358-88FD-12CBCC63F446} - System32\Tasks\CCleanerSkipUAC => D:\Programme\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {19F8714C-54F7-4E2D-8BF7-3450E94DCB79} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {1F5ADAD6-D69E-40E8-B31D-83E316D2385B} - System32\Tasks\{58A24736-AE0E-4F18-BF55-8F348F0CE28E} => D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {4780C82B-21B0-4B2F-B869-003D4F4DBDB8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {77848069-0D3C-4325-845D-1C5B31F5BDD5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {9BD46E28-7E90-4529-B428-D265192379B8} - System32\Tasks\{B341E2F0-98A2-40D6-BAA0-307F12DC45CE} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{9810C3D4-4799-42AB-BCF8-48D93A6C5E15}\setup.exe" -c UNINSTALL /l0x0007
Task: {B506E1AC-F35D-4F4F-8B22-136A755906BB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {B53F9AB7-EAF9-4476-989C-5F89F99915E8} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-09-26] (Oracle Corporation)
Task: {CBF265F5-A38F-4532-A47E-CD33F4F9BF60} - System32\Tasks\{BE268E2C-1445-493E-9347-D3F8EC017DF4} => pcalua.exe -a "C:\Users\Bade\Downloads\32bit_Win7_Win8_Win81_R273 realtek.exe" -d C:\Users\Bade\Downloads
Task: {CE1D5BA8-2915-4E97-8317-EC3600C55C90} - System32\Tasks\{D9BFB92B-1850-4BFA-9E79-84CDC86FC99B} => D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
Task: {DE3D2FB5-01F8-483A-9E78-6F1DF5D02901} - System32\Tasks\{22032200-9FD4-4B87-9EB9-CB2BA195775B} => G:\Programme\iTunes\2\iTunes.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-03 10:44 - 2014-12-03 10:44 - 00025600 _____ () C:\Windows\System32\ssa6mlm.dll
2014-04-16 22:52 - 2007-05-14 03:54 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2014-07-16 09:24 - 2014-07-16 09:24 - 00585528 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-08-30 08:17 - 2014-08-30 08:16 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
2014-08-30 08:17 - 2014-08-30 08:16 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00350072 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-08-30 08:17 - 2014-10-06 13:26 - 00577560 _____ () C:\Program Files\AVG Web TuneUp\TBAPI.dll
2014-08-30 08:17 - 2014-10-06 13:26 - 02662424 _____ () C:\Program Files\AVG Web TuneUp\vprot.exe
2013-05-24 10:29 - 2013-05-24 10:29 - 02560512 _____ () C:\Program Files\Samsung\Easy Printer Manager\sf.dll
2013-05-24 10:49 - 2013-05-24 10:49 - 00310272 _____ () C:\Program Files\Samsung\Easy Printer Manager\sslog.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () D:\Programme\CCleaner\lang\lang-1031.dll
2015-01-18 10:17 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33021108.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33021108.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^NkbMonitor.exe.lnk => C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk => C:\WINDOWS\pss\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Pinnacle Scheduler.lnk => C:\WINDOWS\pss\Pinnacle Scheduler.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WDDMStatus.lnk => C:\WINDOWS\pss\WDDMStatus.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk.CommonStartup
MSCONFIG\startupreg: Alcmtr => ALCMTR.EXE
MSCONFIG\startupreg: AlcWzrd => ALCWZRD.EXE
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\Bade\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Bade\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: AnyDVD => "D:\Programme\SlySoft\AnyDVD\AnyDVD.exe"
MSCONFIG\startupreg: CLMLServer => "D:\Programme\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Cmaudio => RunDll32 cmicnfg.cpl,CMICtrlWnd
MSCONFIG\startupreg: ControlCenter2.0 => C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
MSCONFIG\startupreg: InCD => C:\Program Files\Nero\Nero 7\InCD\InCD.exe
MSCONFIG\startupreg: InstallShieldSetup => C:\PROGRA~2\INSTAL~1\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{80F24F31-F641-4349-83F3-59E335976D16}\reboot.ini  -l0x7
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k
MSCONFIG\startupreg: LanguageShortcut => "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LGODDFU => "D:\Program Files\lg_fwupdate\fwupdate.exe" blrun
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NokiaMServer => C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: NokiaOviSuite2 => C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: PC Suite Tray => "D:\Programme\Nokia PC Suite 7\PCSuite.exe" -onlytray
MSCONFIG\startupreg: PCTVUSB2Remote => D:\Programme\Pinnacle\PCTV USB2\Remote\Remoterm.exe
MSCONFIG\startupreg: Power2GoExpress => "C:\Program Files\HomeCinema\Power2Go\Power2GoExpress.exe" /Startup
MSCONFIG\startupreg: QuickTime Task => "D:\Programme\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SearchSettings => C:\Program Files\pdfforge Toolbar\SearchSettings.exe
MSCONFIG\startupreg: SecurDisc => C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
MSCONFIG\startupreg: SetDefPrt => D:\Programme\Brother\Brmfl04g\BrStDvPt.exe
MSCONFIG\startupreg: SkyTel => SkyTel.EXE
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SpybotSD TeaTimer => D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: StartCCC => "D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Telefonica => "C:\Program Files\Telefonica\bin\sprtcmd.exe" /P Telefonica
MSCONFIG\startupreg: TomTomHOME.exe => "D:\Programme\TomTom HOME 2\TomTomHOMERunner.exe" -s
MSCONFIG\startupreg: UpdateP2GoShortCut => "D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "D:\Programme\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
MSCONFIG\startupreg: UpdatePPShortCut => "C:\Program Files\HomeCinema\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
MSCONFIG\startupreg: UserFaultCheck => %systemroot%\system32\dumprep 0 -u
MSCONFIG\startupreg: Windows Defender => "C:\Program Files\Windows Defender\MSASCui.exe" -hide

========================= Accounts: ==========================

Administrator (S-1-5-21-2674687411-896115206-3012793717-500 - Administrator - Enabled) => C:\Users\Administrator
Bade (S-1-5-21-2674687411-896115206-3012793717-1003 - Administrator - Enabled) => C:\Users\Bade
Gast (S-1-5-21-2674687411-896115206-3012793717-501 - Limited - Enabled)
WEB2 (S-1-5-21-2674687411-896115206-3012793717-1001 - Limited - Enabled) => C:\Users\WEB2

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/19/2015 10:17:30 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/19/2015 10:17:30 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/19/2015 10:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 06:57:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 06:30:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\wbem\wmiprvse.exe; Beschreibung = ComboFix created restore point; Fehler = 0x80042302).

Error: (01/19/2015 06:30:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "GetProviderMgmtInterface" ist ein unerwarteter Fehler aufgetreten. hr = 0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.
.

Error: (01/19/2015 06:30:59 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (01/19/2015 06:30:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (01/19/2015 06:30:58 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/19/2015 06:30:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator


System errors:
=============
Error: (01/19/2015 10:09:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/19/2015 10:09:23 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/19/2015 10:09:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/19/2015 10:08:30 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/19/2015 10:08:30 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/19/2015 06:57:49 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422

Error: (01/19/2015 06:57:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058

Error: (01/19/2015 06:56:33 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (01/19/2015 06:56:33 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (01/19/2015 06:56:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎19.‎01.‎2015 um 18:32:35 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (01/19/2015 10:17:30 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/19/2015 10:17:30 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/19/2015 10:09:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 06:57:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/19/2015 06:30:59 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x80042302

Error: (01/19/2015 06:30:59 PM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, Unerwarteter Fehler beim Schattenkopieanbieter bei dem Versuch, den angegebenen Vorgang zu verarbeiten.

Error: (01/19/2015 06:30:59 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (01/19/2015 06:30:59 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Anbieterverwaltungsschnittstelle wird abgerufen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {00000000-0000-0000-0000-000000000000}
   Snapshotkontext: -1
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}

Error: (01/19/2015 06:30:58 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator

Error: (01/19/2015 06:30:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
   Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
   Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
   Schattenkopien abfragen

Kontext:
   Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshotkontext: 13
   Snapshotkontext: 13
   Ausführungskontext: Coordinator


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 53%
Total physical RAM: 1533.8 MB
Available physical RAM: 706.67 MB
Total Pagefile: 3067.6 MB
Available Pagefile: 1976.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.94 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:101.51 GB) (Free:35.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:55.51 GB) (Free:43.11 GB) NTFS
Drive e: (Daten) (Fixed) (Total:29.29 GB) (Free:27.23 GB) NTFS
Drive l: (HD-CEU2) (Fixed) (Total:465.65 GB) (Free:404.16 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: A3FAA3FA)
Partition 1: (Active) - (Size=101.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: F5B83B08)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by Bade (administrator) on WEB2-PC on 19-01-2015 22:15:30
Running from C:\Users\Bade\Downloads
Loaded Profiles: Bade (Available profiles: WEB2 & Bade & Administrator)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(pdfforge GmbH) C:\Program Files\PDF Architect 2\creator-ws.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Printer Manager\SpoolerComp.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(Piriform Ltd) D:\Programme\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) D:\Programme\QuickTime\QuickTimePlayer.exe
(Apple Inc.) D:\Programme\QuickTime\QTSystem\ExportController.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [350072 2012-03-09] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2662424 2014-10-06] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-03] (Apple Inc.)
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\Run: [CCleaner Monitoring] => D:\Programme\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\...\MountPoints2: {586c6e4b-c3db-11e3-ab46-0040053254e7} - H:\unlock.exe autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
ShellIconOverlayIdentifiers: [Offline Files] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} =>  No File
BootExecute: autocheck autochk /r \??\L:autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-2674687411-896115206-3012793717-1003] => localhost:8080
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-2674687411-896115206-3012793717-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2674687411-896115206-3012793717-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks:  - {56F9679E-7826-4C84-81F3-532071A8BCC5} -  No File [ ]
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

FireFox:
========
FF ProfilePath: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=M69DB71F0-F5CD-461A-A83E-7A42A67B3172&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4CC2324E-7C07-4AB4-85E7-6FF4018BF983
FF SelectedSearchEngine: Conduit Search
FF Homepage: https://www.google.de/
FF Keyword.URL: 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> L:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF user.js: detected! => C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\user.js
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\avg-secure-search.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml
FF Extension: HTTPS-Everywhere - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\https-everywhere@eff.org [2014-10-17]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}(2) [2014-04-14]
FF Extension: NoScript - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-01-18]
FF Extension: Adblock Plus - C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-14]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.2.0.18
FF Extension: AVG Web TuneUp - C:\ProgramData\AVG Web TuneUp\FireFoxExt\3.2.0.18 [2014-10-06]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.de/
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR Profile: C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-03]
CHR Extension: (YouTube) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Win7 Scrollbars) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifcnoebhbpdndjendfkpehpfbglgfkc [2014-04-14]
CHR Extension: (Google-Suche) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Google Mail) - C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.0.5.292\avg.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 NBService; D:\Program Files\Nero 7\Nero BackItUp\NBService.exe [800040 2007-09-17] (Nero AG)
S4 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
R2 PDF Architect 2 Creator; C:\Program Files\PDF Architect 2\creator-ws.exe [738856 2014-06-26] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [379952 2013-05-23] (Samsung Electronics Co., Ltd.)
S4 TomTomHOMEService; D:\Programme\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1781048 2014-07-16] (TuneUp Software)
R2 vToolbarUpdater3.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-08-30] (AVG Secure Search)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [238592 2011-03-09] (WDC) [File not signed]
S4 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060864 2011-03-09] () [File not signed]
S4 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [484352 2011-03-09] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [136488 2014-12-23] (SlySoft, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208152 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-08-30] (AVG Technologies)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2014-04-18] (Phoenix Technologies) [File not signed]
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG)
S3 emAudio; C:\Windows\System32\drivers\emAudio.sys [25600 2010-05-07] (eMPIA Technology, Inc.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-05-24] (Samsung Electronics) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-06-23] (TuneUp Software)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [583552 2014-04-15] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [840960 2014-04-15] (eMPIA Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Bade\AppData\Local\Temp\catchme.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 22:15 - 2015-01-19 22:16 - 00016606 _____ () C:\Users\Bade\Downloads\FRST.txt
2015-01-19 22:10 - 2015-01-19 22:10 - 01118208 _____ (Farbar) C:\Users\Bade\Downloads\FRST.exe
2015-01-19 22:10 - 2015-01-19 22:10 - 00000000 ____D () C:\Users\Bade\Downloads\FRST-OlderVersion
2015-01-19 18:30 - 2015-01-19 18:33 - 00000000 ___SD () C:\ComboFix
2015-01-19 18:25 - 2015-01-19 18:25 - 00001134 _____ () C:\Users\Bade\Desktop\ComboFix - Verknüpfung.lnk
2015-01-18 23:12 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-18 23:12 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-18 23:12 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-18 23:12 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-18 22:47 - 2015-01-18 23:12 - 00000000 ____D () C:\Qoobox
2015-01-18 22:46 - 2015-01-18 22:46 - 00000000 ____D () C:\Windows\erdnt
2015-01-18 22:39 - 2015-01-19 11:16 - 05608785 ____R (Swearware) C:\Users\Bade\Downloads\ComboFix.exe
2015-01-18 22:37 - 2015-01-18 22:37 - 00000444 _____ () C:\Users\Bade\Downloads\defogger_disable.log
2015-01-18 22:37 - 2015-01-18 22:37 - 00000000 _____ () C:\Users\Bade\defogger_reenable
2015-01-18 18:29 - 2015-01-18 18:29 - 00000242 _____ () C:\Users\Bade\Downloads\XXX defogger_enable.log
2015-01-18 18:25 - 2015-01-18 18:25 - 00000000 __SHD () C:\Users\Bade\AppData\Local\EmieBrowserModeList
2015-01-18 17:27 - 2015-01-18 17:28 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Bade\Downloads\XXX tdsskiller.exe
2015-01-18 16:50 - 2015-01-18 16:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 16:49 - 2015-01-18 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-18 16:49 - 2015-01-18 16:49 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 16:48 - 2015-01-18 16:48 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 16:46 - 2015-01-18 17:25 - 00000000 ____D () C:\Users\Bade\Desktop\mbar
2015-01-18 16:45 - 2015-01-18 16:46 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Bade\Downloads\XXX mbar-1.08.2.1001.exe
2015-01-18 12:01 - 2015-01-18 13:33 - 00027357 _____ () C:\Users\Bade\Downloads\XXX FRST editor.txt
2015-01-18 12:01 - 2015-01-18 13:18 - 00000004 _____ () C:\Users\Bade\Downloads\XXX FRST SCAN.txt
2015-01-18 11:13 - 2015-01-18 11:14 - 00038762 _____ () C:\Users\Bade\Downloads\XXX Addition.txt
2015-01-18 11:11 - 2015-01-18 11:14 - 00027357 _____ () C:\Users\Bade\Downloads\XXX FRST.txt
2015-01-18 11:09 - 2015-01-19 22:15 - 00000000 ____D () C:\FRST
2015-01-18 11:07 - 2015-01-18 11:07 - 01117696 _____ (Farbar) C:\Users\Bade\Downloads\XXX FRST.exe
2015-01-18 11:04 - 2015-01-18 11:05 - 00000470 _____ () C:\Users\Bade\Downloads\XXX defogger_disable.log
2015-01-18 11:02 - 2015-01-18 11:02 - 00050477 _____ () C:\Users\Bade\Downloads\XXX Defogger.exe
2015-01-18 10:13 - 2015-01-18 10:13 - 00243728 _____ () C:\Users\Bade\Downloads\Firefox Setup Stub 35.0.exe
2015-01-14 11:44 - 2015-01-14 11:51 - 125285624 _____ (Microsoft Corporation) C:\Users\Bade\Downloads\XXX msert ms safety scanner.exe
2015-01-14 11:36 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 11:36 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 11:36 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 11:36 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 11:36 - 2014-12-11 18:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 11:36 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-10 13:35 - 2015-01-10 13:35 - 00000000 ____D () C:\Users\Bade\Documents\ProcAlyzer Dumps
2015-01-10 11:28 - 2015-01-19 17:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-10 11:22 - 2015-01-10 11:25 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Bade\Downloads\spybot-2.4.exe
2014-12-24 09:28 - 2014-12-24 09:29 - 11604456 _____ () C:\Users\Bade\Downloads\SetupAnyDVD7550.exe
2014-12-23 16:41 - 2014-12-23 16:41 - 00136488 _____ (SlySoft, Inc.) C:\Windows\system32\Drivers\AnyDVD.sys
2014-12-22 08:03 - 2015-01-19 18:56 - 00047082 _____ () C:\Windows\PFRO.log
2014-12-21 09:39 - 2015-01-19 22:08 - 00002016 _____ () C:\Windows\setupact.log
2014-12-21 09:39 - 2014-12-21 09:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-20 23:31 - 2014-12-20 23:31 - 00030616 _____ (Elaborate Bytes AG) C:\Windows\system32\Drivers\ElbyCDIO.sys
2014-12-20 09:54 - 2014-12-20 09:54 - 05317104 _____ (Piriform Ltd) C:\Users\Bade\Downloads\ccsetup501.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 22:16 - 2009-07-14 05:34 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 22:16 - 2009-07-14 05:34 - 00026720 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 22:14 - 2014-05-11 09:26 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 22:12 - 2014-04-14 13:05 - 01975406 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 22:09 - 2014-05-11 09:26 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 22:08 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 17:03 - 2014-07-03 15:12 - 00000079 _____ () C:\Windows\wininit.ini
2015-01-19 16:09 - 2014-04-14 14:22 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-19 08:33 - 2014-04-09 10:23 - 00002127 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-18 22:37 - 2014-04-14 14:20 - 00000000 ____D () C:\Users\Bade
2015-01-18 18:05 - 2014-04-14 14:22 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-18 10:27 - 2014-10-01 11:12 - 00000000 ____D () C:\Users\Bade\AppData\Local\Adobe
2015-01-18 10:27 - 2014-04-18 08:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-18 10:27 - 2014-04-18 08:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-18 10:17 - 2014-12-12 18:00 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-18 10:17 - 2014-07-26 08:49 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-18 10:17 - 2014-07-26 08:49 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-17 08:42 - 2014-10-22 11:31 - 00000957 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-01-17 08:42 - 2014-04-15 17:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-15 17:33 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-15 13:58 - 2010-11-20 22:01 - 01593956 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 12:00 - 2014-04-14 14:22 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-14 11:57 - 2014-04-14 17:41 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:37 - 2014-04-14 17:41 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 13:33 - 2014-04-14 19:22 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-05 10:54 - 2014-04-14 17:57 - 00000000 ____D () C:\Users\Bade\AppData\Local\Thunderbird
2014-12-24 09:31 - 2013-10-16 14:28 - 00000757 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2014-12-20 09:58 - 2010-11-09 09:17 - 00000671 _____ () C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======
2013-10-16 14:27 - 2013-10-16 14:32 - 0000088 __SHC () C:\ProgramData\.zreglib
2014-04-14 17:51 - 2014-04-14 17:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-04-16 23:09 - 2014-04-16 23:09 - 0000048 _____ () C:\ProgramData\dummy.txt
2010-01-05 10:25 - 2010-01-05 10:25 - 0005048 ____C () C:\ProgramData\mtbjfghn.xbe
2010-01-24 11:39 - 2014-11-07 13:58 - 0000020 ____H () C:\ProgramData\PKP_DLec.DAT

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\NEventMessages.dll
C:\Users\Administrator\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Bade\AppData\Local\Temp\catchme.dll
C:\Users\WEB2\AppData\Local\Temp\NOSEventMessages.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 23:00

==================== End Of Log ============================
         
--- --- ---

Alt 20.01.2015, 12:34   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Zitat:
aber das Original wie auf bleeping computers ist es auch nicht mehr. Das kommt in Anbetracht der erheblichen Risiken und Komplikationen der software mit einer detailed Guideline, die aber wegen der veränderten Oberfläche nicht mehr so richtig pass passt - nun ja. Hilft aber weiter, wenigstens die Funktion der software zu begreifen und zu erkennen, was falsch läuft.
das war mir jetzt zu hoch

Spybot empfiehlt eigentlich kein Mensch mehr (ausser die im Spybot Forum). Genau wie SuperAntiSpyware. Dafür ist MBAM die viel bessere Alternative als zusätzlicher Scanner.

Einen Tipp noch:
Falls Du nicht vorhast den Rechner als Grill oder Toaster zu verwenden, würde ich TuneUp schleunigst entfernen. Google mal "Rechner kaputt TuneUp" .


Und vielleicht hab ich das irgendwie überlesen, aber sitzt Du gerade in Spanien?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 20.01.2015, 13:26   #13
lupomar
 
Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



zu 1)
Im Klartext: a) Nein, es war nicht Deine Software, aber es handelt sich um eine geänderte Version unter Deinem Link (in einzelnen Prozessen verkürzt) b) die bleepingcomputers.com empfiehlt nachdrücklich, vor Installation und Ausführung die detailed Guideline auszudrucken, um dann präzise installieren und arbeiten zu können d) Ihr tut das nicht - ich habe es auch dort nur zufällig der Homepage entnommen e) der detailed guide weicht notgedrungen bei Eurer verkürzten/geänderten Version in etlichen Punkten ab - nicht mehr und nicht weniger wollte ich zum Ausdruck bringen. Er weist aber immer noch auf inherente Gefahren und Änderungen am Computer hin, über die man besser im Vorwege Bescheid wissen sollte.

zu 2)
Ich habe es auch nicht empfohlen, werde aber gerne Deinen "besseren" Tipp prüfen

zu 3)
Dein angeregter Google Suchbegriff zeigt im Ergebnis von blinder Verdammnis bis zu höchstem Lob so ziemlich alles auf. Hatte das Free Tool bereits im Rahmen von AVG Anti Virus über längere Zeit unbeanstandet im Einsatz und jetzt seit einem halben Jahr unbeanstandet die Kaufversion. Mein PC ist in allen Bereichen schneller geworden - vor jeder Änderung steht es dem Benutzer frei, diese zu akzeptieren oder auch nicht. Das ist natürlich nichts für Automatik-Freaks. Läuft übrigens auch auf meinem Laptop, der clean von allen Infektionen ist und hat auch diesen in jeder Beziehung schneller und flüssiger im Ablauf gemacht ...

zu 4)
in der Tat steht der infizierte PC in meinem Domizil in Spanien

brachten die letzten Logs irgendwie weiteren Aufschluss ?

Höre gerne,
Grüsse lupomar

Alt 20.01.2015, 18:05   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Ich sehe in den Logs keinen Befall. Da ist ein Localhost Proxy im IE drin, man kann aus den Tiefen der Registry ein wenig Adware graben, aber mehr auch nicht.

Bitte mal mit AdwCLeaner nur einen Scan machen und das log posten:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 21.01.2015, 09:34   #15
lupomar
 
Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - Standard

Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF



Hi, moin, moin

Hier das Log über die Löschung:

Code:
ATTFilter
# AdwCleaner v4.108 - Bericht erstellt am 21/01/2015 um 09:17:54
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Bade - WEB2-PC
# Gestartet von : C:\Users\Bade\Downloads\AdwCleaner_4.108.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : vToolbarUpdater3.2.0

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\ProgramData\FileCure
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\ProgramData\PC Drivers HeadQuarters
Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Program Files\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\Bade\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\Bade\AppData\Roaming\pdfforge
Datei Gelöscht : C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\searchplugins\conduit-search.xml
Datei Gelöscht : C:\Users\Bade\AppData\Roaming\Mozilla\Firefox\Profiles\d93wb87z.default\user.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0 (x86 de)

[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.extHomepage", "hxxp://isearch.avg.com?pid=avg&sg=11&cid=%7B5875604e-8a9f-4395-b593-265bc5bc194e%7D&mid=f564e0f860da47d69644d10943d6bd14-08a1fac59661ea6a034ef658a51b4c2ef03f5eb5&[...]
[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.installDirPath", "C:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\AVG Secure Search\\FireFoxExt\\18.0.5.292");
[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("avg.install.userSPSettings", "Conduit Search");
[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.comgoogle\\.\\w+yahoo\\.\\w+gmail\\.\\w+hotmail\\.\\w+live\\.\\w+isearch\\.avg\\.commysearch\\.avg\\.com");
[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("avg.wtu.ext.Revert_DSP", "Conduit Search");
[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("avg.wtu.ext.setting_hp_list", "[{\"name\":\"AVG Secure Search\",\"value\":\"hxxp://mysearch.avg.com\"},{\"name\":\"Google\",\"value\":\"hxxp://www.google.com\"},{\"name\":\"Yahoo\",\"value\[...]
[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("avg.wtu.ext.userSPSettings", "Conduit Search");
[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&ISID=M69DB71F0-F5CD-461A-A83E-7A42A67B3172&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4CC2324E-7C0[...]
[d93wb87z.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Conduit Search");

-\\ Google Chrome v39.0.2171.99

[C:\Users\Bade\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={0BDA55F9-04F0-4AFC-A350-DBCA3661616F}&mid=b4a802421ee747d1ab2ed15756fb9645-857f63230792b25e3358eb551c50d6af3cc78b09&lang=de&ds=AVG&pr=fr&d=2011-12-23 19:09:32&v=10.0.0.7&sap=dsp&q={searchTerms}

*************************

AdwCleaner[R0].txt - [6333 octets] - [21/01/2015 09:07:22]
AdwCleaner[S0].txt - [6328 octets] - [21/01/2015 09:17:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6388 octets] ##########
         
PS: Dein Tip bezgl. MBAM - bringt die Free-Version ausreichenden Nutzen oder nur die Bezahlt-Version ?

Gruss,
Lupomar

Antwort

Themen zu Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF
.dll, anlage, avg, browser, ccsetup, defender, desktop, explorer, firefox, ftp, helper, home, homepage, mozilla, newtab, registry, rundll, scan, schutz, secure search, services.exe, software, svchost.exe, system, temp, trojaner, usb, vtoolbarupdater, windows, winlogon.exe




Ähnliche Themen: Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF


  1. InstallBrain5BA in C:\Windows\System\32\ = gesichert, MalSign.OpenCandy.7AF... C:\Documentsand Settin.... = gesichert, Trojaner : Crypt
    Plagegeister aller Art und deren Bekämpfung - 02.11.2015 (26)
  2. MalSign.Generic.9CE und Co.
    Log-Analyse und Auswertung - 26.08.2015 (12)
  3. QuickShare lässt sich nicht deinstallieren (MalSign.Linkury.33E)
    Log-Analyse und Auswertung - 10.05.2015 (17)
  4. Fund bei Malwarebytes: OpenCandy und Spigot
    Plagegeister aller Art und deren Bekämpfung - 05.03.2015 (28)
  5. "MalSign.Generic.9CE" Virus oder Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 06.11.2014 (17)
  6. Windows 7: Virus nicht wegzubekommen (Malsign.Dailytools.3A7)
    Log-Analyse und Auswertung - 08.10.2014 (16)
  7. Malsign.Dailytools.3A7
    Log-Analyse und Auswertung - 02.09.2014 (40)
  8. Bedrohung MalSign.Dailytools.3A7 einfach nicht wegzukriegen
    Log-Analyse und Auswertung - 31.08.2014 (3)
  9. MalSign.Dailytools.3A7 nicht wegzukriegen
    Log-Analyse und Auswertung - 17.08.2014 (1)
  10. malsign.generic.834
    Plagegeister aller Art und deren Bekämpfung - 06.08.2014 (3)
  11. Spybot Fund Downloadsponsor
    Plagegeister aller Art und deren Bekämpfung - 22.05.2014 (17)
  12. Avira meldet Fund: 'TR/Crypt.XPACK.Gen2, Malwarebytes findet PUP.Optional.OpenCandy. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (14)
  13. Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware
    Log-Analyse und Auswertung - 19.03.2014 (11)
  14. Nach Fund von Generic probleme mit dem PC
    Log-Analyse und Auswertung - 14.11.2013 (13)
  15. Windows 7: MBAM Fund: PUP.Optional.Opencandy
    Log-Analyse und Auswertung - 29.10.2013 (9)
  16. Win32Agend.adb Fund von Spybot
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (21)
  17. fund von unqip.exe(Adware.Sogou) nach scan mit malwarebytes.bitte um hilfe!
    Plagegeister aller Art und deren Bekämpfung - 16.11.2008 (10)

Zum Thema Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF - FRST Logfile: Code: Alles auswählen Aufklappen ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 Ran by (administrator) on WEB2-PC on 18-01-2015 11:11:34 Running from C:\Users\\Downloads Loaded - Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF...
Archiv
Du betrachtest: Win 7 Resultate nach Rootscan Spybot, Microsoft safety scan, AVG Meldung Fund 1) MalSign.generic.712 Fund 2) MalSign.OpenCandy. 7AF auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.