Verdacht auf Vieren oder Trojaner

Mandalas · 05.02.2015, 21:38

Liebes Trojanerboardteam,
ich habe von PayPal eine Rechnung erhalten obwohl das Konto seit August 2014 geschlossen ist.
Mein Rechner geht langsam und öffnet die Webseiten extrem langsam. Ich vermute Vieren oder Trojaner. Ich möchte Euch bitten mir zu helfen.
P.S. Die Mail mit der Rechnung kopiere ich hier rein. Ich danke für Eure hilfe im Vorraus. LG

PayPal-Logo 05. Feb. 2015 10:04:34 MESZ
Sehr geehrte(r) Frau/Herr Brunhilde Albrecht,

Sie haben eine Zahlung über €290,00 EUR an Virtual World Services GmbH gesendet (info@mediamarkt).

Aus Sicherheitsgründen, müssen wir Ihre Kreditkarte und Bankdaten verifizieren!
Händler
Mediamarkt Services GmbH
support@mediamarkt Mitteilung an Händler
Sie haben keine Mitteilung eingegeben.

Bestätigen Sie bitte jetzt Ihre Kreditkarte & Bankdaten!

>>Hier geht es weiter
Beschreibung Stückpreis Anzahl Betrag
Einzahlung von EUR 290,00 auf das Mediamarkt-Konto 'DevilEys'. €490,00 EUR 1 €290,00 EUR
Zwischensumme €290,00 EUR
Summe €290,00 EUR
Zahlung €290,00 EUR
Zahlung gesendet an info@mediamarkt.info

Probleme mit Ihrer Zahlung?
Ab dem Datum der Transaktion haben Sie 45 Tage lang Zeit, um auf der Seite "Konfliktlösungen" einen Konflikt zu melden.

Haben Sie Fragen? Antworten finden Sie im Hilfe-Center unter www.paypal.com/de/help.

Bitte antworten Sie nicht auf diese E-Mail. Diese Mailbox wird nicht überwacht. Wenn Sie Hilfe benötigen, loggen Sie sich in Ihr PayPal-Konto ein und klicken Sie auf Hilfe.

Anstelle unserer HTML-E-Mails können wir Ihnen Benachrichtigungen auch als Reintext zusenden. Wenn Sie Ihre Optionen für E-Mail-Benachrichtigungen ändern wollen, loggen Sie sich in Ihr Konto ein und klicken Sie unter "Mein Profil" auf Einstellungen.

Copyright © 1999-2014 PayPal. Alle Rechte vorbehalten.

PayPal (Europe) S.à r.l. & Cie, S.C.A.
Société en Commandite par Actions
Sitz: 22-24 Boulevard Royal, L-2449 Luxemburg
RCS Luxemburg B 118 349

PayPal E-Mail-ID PP4560 -546846549874

schrauber · 05.02.2015, 21:41

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Mandalas · 06.02.2015, 20:56

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Bruni (administrator) on BRUNI-PC on 06-02-2015 20:46:30
Running from C:\Users\Bruni\Downloads
Loaded Profiles: Bruni (Available profiles: Bruni)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-12-12] (Nero AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1768843665-64091385-3868669945-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1768843665-64091385-3868669945-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25

FireFox:
========
FF ProfilePath: C:\Users\Bruni\AppData\Roaming\Mozilla\Firefox\Profiles\dysprlty.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: StartWeb
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WEB.DE MailCheck - C:\Users\Bruni\AppData\Roaming\Mozilla\Firefox\Profiles\dysprlty.default\Extensions\toolbar@web.de [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-04]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Profile: C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-11] (AVAST Software)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-11] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-11] ()
R3 L1C; C:\Windows\System32\DRIVERS\l1c51x64.sys [52224 2009-07-27] (Atheros Communications, Inc.)
S3 catchme; \??\C:\combofix-14.8.5.1-multi\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 20:45 - 2015-02-06 20:46 - 00020840 _____ () C:\Users\Bruni\Downloads\Addition.txt
2015-02-06 20:44 - 2015-02-06 20:46 - 00011252 _____ () C:\Users\Bruni\Downloads\FRST.txt
2015-02-06 20:43 - 2015-02-06 20:46 - 00000000 ____D () C:\FRST
2015-02-06 20:42 - 2015-02-06 20:42 - 02131968 _____ (Farbar) C:\Users\Bruni\Downloads\FRST64.exe
2015-02-06 20:19 - 2015-02-06 20:19 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-04 18:40 - 2015-02-04 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 13:32 - 2015-01-23 13:33 - 00000010 _____ () C:\Users\Bruni\Desktop\Neues Textdokument.txt
2015-01-15 20:24 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 20:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 20:24 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 20:24 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 20:24 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 20:24 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 20:24 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 20:24 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 20:24 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 20:24 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 20:24 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 20:24 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 20:24 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 23:35 - 2015-02-06 20:09 - 00001469 _____ () C:\Windows\setupact.log
2015-01-12 23:35 - 2015-01-12 23:35 - 00001348 _____ () C:\Windows\PFRO.log
2015-01-12 23:35 - 2015-01-12 23:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 23:31 - 2015-01-12 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-12 23:30 - 2015-01-11 16:30 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-12 23:26 - 2015-01-12 23:27 - 132469808 _____ (AVAST Software) C:\Users\Bruni\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-01-12 23:07 - 2015-01-12 23:07 - 04086376 _____ (PCRx.com, LLC ) C:\Users\Bruni\Downloads\PCRxSetup.exe
2015-01-12 21:30 - 2015-01-12 21:30 - 01883584 _____ (Avanquest Software ) C:\Users\Bruni\Downloads\PCSpeedMaximizer_PIH.exe
2015-01-11 16:31 - 2015-01-12 23:31 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-11 16:30 - 2015-01-11 16:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 20:46 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 20:46 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 20:21 - 2012-06-29 08:59 - 02064854 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 20:19 - 2012-12-09 19:10 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 20:19 - 2012-12-09 19:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 20:19 - 2012-07-04 18:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 20:19 - 2012-07-04 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 20:10 - 2012-11-25 19:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 20:10 - 2012-07-04 18:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-06 20:09 - 2012-07-04 18:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-06 20:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-04 21:05 - 2012-11-25 19:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 16:06 - 2013-06-02 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-23 13:32 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-22 12:14 - 2012-06-29 18:53 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-22 12:14 - 2012-06-29 18:53 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-22 12:14 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 23:31 - 2012-07-04 18:06 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 16:30 - 2014-05-18 12:54 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-11 16:30 - 2014-01-19 14:29 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 16:30 - 2013-04-16 20:14 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-11 16:30 - 2013-04-16 20:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-07 19:55 - 2012-07-07 11:16 - 00000000 ____D () C:\Users\Bruni\Documents\Firma

==================== Files in the root of some directories =======

2013-07-03 18:14 - 2008-02-11 11:33 - 0418816 _____ (c't Magazin für Computertechnik) C:\Program Files\h2testw.exe
2013-07-03 18:17 - 2011-07-11 21:20 - 3208568 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Setup_de.exe
2012-07-22 21:39 - 2013-08-11 08:46 - 0000128 _____ () C:\Users\Bruni\AppData\Roaming\default.pls
2013-05-07 19:51 - 2013-07-03 18:26 - 0000235 _____ () C:\Users\Bruni\AppData\Roaming\devices.xml
2013-05-07 19:51 - 2013-07-03 18:26 - 0000012 _____ () C:\Users\Bruni\AppData\Roaming\settings.xml
2012-07-04 18:12 - 2013-07-08 18:03 - 0001550 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Bruni\hpothb07.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 18:44

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Bruni at 2015-02-06 20:49:11
Running from C:\Users\Bruni\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Speicher-Disc (HKLM-x32\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
MEDION GoPal Assistant (HKLM-x32\...\{B9D45A76-61DF-4387-B0FE-CA165D582B57}) (Version: 6.3.6.13143 - MEDION)
Medion GoPal Assistant 4.01.028 (HKLM-x32\...\Medion GoPal Assistant) (Version: 4.1.28.0 - Medion)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}) (Version: 8.3.465 - Nero AG)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-01-2015 20:23:14 Windows Update
15-01-2015 21:35:55 Windows Update
26-01-2015 19:57:50 Windows Update
30-01-2015 15:58:27 Windows Update
04-02-2015 17:50:10 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-15 20:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {42CA35A5-B623-47A0-859A-3DD17DC58B58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ADEB0B5B-D8CC-45DE-82E2-AFAF04CF33AA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-11] (AVAST Software)
Task: {D723A22D-0290-4457-B1D5-2F9CAE2614AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {E02A367A-8484-487E-B27D-4F78F7EA012E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {E74C9270-ABF3-4654-ABFE-CD832E946201} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-05 21:14 - 2015-02-05 21:14 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020500\algo.dll
2015-02-06 20:12 - 2015-02-06 20:12 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020501\algo.dll
2015-01-11 16:29 - 2015-01-11 16:29 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-04 18:40 - 2015-02-04 18:41 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-01-30 16:19 - 2015-01-30 16:19 - 16844976 ____N () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bruni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1768843665-64091385-3868669945-500 - Administrator - Disabled)
Bruni (S-1-5-21-1768843665-64091385-3868669945-1000 - Administrator - Enabled) => C:\Users\Bruni
Gast (S-1-5-21-1768843665-64091385-3868669945-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1768843665-64091385-3868669945-1079 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 08:10:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/05/2015 09:11:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 06:40:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/04/2015 06:40:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (02/04/2015 06:40:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/04/2015 05:42:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NMIndexStoreSvr.exe, Version: 3.3.9.0, Zeitstempel: 0x493788e3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x07070707
ID des fehlerhaften Prozesses: 0x4b8
Startzeit der fehlerhaften Anwendung: 0xNMIndexStoreSvr.exe0
Pfad der fehlerhaften Anwendung: NMIndexStoreSvr.exe1
Pfad des fehlerhaften Moduls: NMIndexStoreSvr.exe2
Berichtskennung: NMIndexStoreSvr.exe3

Error: (02/04/2015 05:42:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2015 03:50:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/26/2015 07:50:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/23/2015 01:08:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/06/2015 08:10:09 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (02/05/2015 09:11:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (02/04/2015 07:51:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (02/04/2015 05:42:19 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (01/30/2015 03:53:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error: (01/30/2015 03:50:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (01/26/2015 07:49:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (01/23/2015 01:08:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (01/23/2015 09:20:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS

Error: (01/22/2015 00:05:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS


Microsoft Office Sessions:
=========================
Error: (08/31/2014 05:13:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 275 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (05/29/2014 09:01:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 681 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/13/2014 09:39:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 76 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/09/2014 01:41:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 349 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (02/09/2014 01:34:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1238 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (12/11/2013 08:33:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/02/2013 09:10:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/27/2013 08:37:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/16/2013 07:53:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2970 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (08/08/2013 04:55:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-15 21:56:47.850
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\combofix-14.8.5.1-multi\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-15 21:56:47.569
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\combofix-14.8.5.1-multi\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU 575 @ 2.00GHz
Percentage of memory in use: 54%
Total physical RAM: 1976.94 MB
Available physical RAM: 892.03 MB
Total Pagefile: 3953.88 MB
Available Pagefile: 2602.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.83 GB) (Free:38.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:74.22 GB) (Free:69.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 000E4006)
Partition 1: (Active) - (Size=74.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Hallo Schrauber
das FRST habe ich mehrmals angeklickt damit es scannt, dann ging es nicht zu stoppen, demzufolge hatte ich mehrere Log-Dateien.
Ich hoffe du kannst was damit anfangen.
Danke LG Mandalas

schrauber · 07.02.2015, 12:10

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Mandalas · 08.02.2015, 18:34

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version:
main: v2015.02.08.05
rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Bruni :: BRUNI-PC [administrator]

08.02.2015 18:12:55
mbar-log-2015-02-08 (18-12-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 345026
Time elapsed: 16 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.08.3.1004
www.malwarebytes.org

Database version:
  main:    v2015.02.08.05
  rootkit: v2015.02.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17501
Bruni :: BRUNI-PC [administrator]

08.02.2015 18:12:55
mbar-log-2015-02-08 (18-12-55).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 345026
Time elapsed: 16 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

schrauber · 08.02.2015, 18:47

Dann noch TDSSKiller bitte

Mandalas · 08.02.2015, 18:49

Code:

ATTFilter

18:35:37.0256 0x0c14  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
18:35:48.0099 0x0c14  ============================================================
18:35:48.0099 0x0c14  Current date / time: 2015/02/08 18:35:48.0099
18:35:48.0099 0x0c14  SystemInfo:
18:35:48.0099 0x0c14  
18:35:48.0099 0x0c14  OS Version: 6.1.7601 ServicePack: 1.0
18:35:48.0099 0x0c14  Product type: Workstation
18:35:48.0100 0x0c14  ComputerName: BRUNI-PC
18:35:48.0102 0x0c14  UserName: Bruni
18:35:48.0102 0x0c14  Windows directory: C:\Windows
18:35:48.0102 0x0c14  System windows directory: C:\Windows
18:35:48.0102 0x0c14  Running under WOW64
18:35:48.0102 0x0c14  Processor architecture: Intel x64
18:35:48.0102 0x0c14  Number of processors: 1
18:35:48.0102 0x0c14  Page size: 0x1000
18:35:48.0102 0x0c14  Boot type: Normal boot
18:35:48.0102 0x0c14  ============================================================
18:35:50.0033 0x0c14  KLMD registered as C:\Windows\system32\drivers\15211886.sys
18:35:50.0878 0x0c14  System UUID: {8527F0AD-515A-7796-4C57-42E714283CE3}
18:35:52.0688 0x0c14  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:35:52.0693 0x0c14  ============================================================
18:35:52.0693 0x0c14  \Device\Harddisk0\DR0:
18:35:52.0693 0x0c14  MBR partitions:
18:35:52.0693 0x0c14  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x95A73E9
18:35:52.0693 0x0c14  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x95A7800, BlocksNum 0x9471800
18:35:52.0693 0x0c14  ============================================================
18:35:52.0719 0x0c14  C: <-> \Device\Harddisk0\DR0\Partition1
18:35:52.0803 0x0c14  D: <-> \Device\Harddisk0\DR0\Partition2
18:35:52.0825 0x0c14  ============================================================
18:35:52.0825 0x0c14  Initialize success
18:35:52.0825 0x0c14  ============================================================
18:39:02.0400 0x0bac  ============================================================
18:39:02.0400 0x0bac  Scan started
18:39:02.0400 0x0bac  Mode: Manual; 
18:39:02.0400 0x0bac  ============================================================
18:39:02.0400 0x0bac  KSN ping started
18:39:16.0615 0x0bac  KSN ping finished: true
18:39:17.0669 0x0bac  ================ Scan system memory ========================
18:39:17.0669 0x0bac  System memory - ok
18:39:17.0669 0x0bac  ================ Scan services =============================
18:39:17.0831 0x0bac  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:39:17.0851 0x0bac  1394ohci - ok
18:39:17.0933 0x0bac  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:39:17.0943 0x0bac  ACPI - ok
18:39:17.0983 0x0bac  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:39:17.0983 0x0bac  AcpiPmi - ok
18:39:18.0123 0x0bac  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:39:18.0123 0x0bac  AdobeARMservice - ok
18:39:18.0243 0x0bac  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:39:18.0253 0x0bac  AdobeFlashPlayerUpdateSvc - ok
18:39:18.0333 0x0bac  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:39:18.0353 0x0bac  adp94xx - ok
18:39:18.0413 0x0bac  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:39:18.0423 0x0bac  adpahci - ok
18:39:18.0443 0x0bac  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:39:18.0453 0x0bac  adpu320 - ok
18:39:18.0503 0x0bac  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:39:18.0507 0x0bac  AeLookupSvc - ok
18:39:18.0585 0x0bac  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
18:39:18.0605 0x0bac  AFD - ok
18:39:18.0653 0x0bac  AFS - ok
18:39:18.0701 0x0bac  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:39:18.0705 0x0bac  agp440 - ok
18:39:18.0747 0x0bac  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:39:18.0751 0x0bac  ALG - ok
18:39:18.0792 0x0bac  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:39:18.0795 0x0bac  aliide - ok
18:39:18.0827 0x0bac  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:39:18.0827 0x0bac  amdide - ok
18:39:18.0867 0x0bac  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:39:18.0867 0x0bac  AmdK8 - ok
18:39:18.0887 0x0bac  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:39:18.0887 0x0bac  AmdPPM - ok
18:39:18.0939 0x0bac  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:39:18.0949 0x0bac  amdsata - ok
18:39:18.0990 0x0bac  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:39:19.0003 0x0bac  amdsbs - ok
18:39:19.0029 0x0bac  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:39:19.0031 0x0bac  amdxata - ok
18:39:19.0071 0x0bac  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
18:39:19.0071 0x0bac  AppID - ok
18:39:19.0111 0x0bac  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:39:19.0111 0x0bac  AppIDSvc - ok
18:39:19.0151 0x0bac  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
18:39:19.0161 0x0bac  Appinfo - ok
18:39:19.0201 0x0bac  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:39:19.0211 0x0bac  arc - ok
18:39:19.0245 0x0bac  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:39:19.0253 0x0bac  arcsas - ok
18:39:19.0393 0x0bac  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:39:19.0393 0x0bac  aspnet_state - ok
18:39:19.0453 0x0bac  [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
18:39:19.0453 0x0bac  aswHwid - ok
18:39:19.0503 0x0bac  [ 6B91E6D483AADB3FC4E13E2355200611, 246423703AEA346B99B5F81F1846F0C34DF1178859DD59BCA6393A7CDD8D48AC ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
18:39:19.0513 0x0bac  aswKbd - ok
18:39:19.0553 0x0bac  [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
18:39:19.0553 0x0bac  aswMonFlt - ok
18:39:19.0583 0x0bac  [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
18:39:19.0593 0x0bac  aswRdr - ok
18:39:19.0655 0x0bac  [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
18:39:19.0655 0x0bac  aswRvrt - ok
18:39:19.0735 0x0bac  [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
18:39:19.0785 0x0bac  aswSnx - ok
18:39:19.0847 0x0bac  [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
18:39:19.0867 0x0bac  aswSP - ok
18:39:19.0959 0x0bac  [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
18:39:19.0959 0x0bac  aswStm - ok
18:39:20.0009 0x0bac  [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
18:39:20.0019 0x0bac  aswVmm - ok
18:39:20.0059 0x0bac  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:39:20.0059 0x0bac  AsyncMac - ok
18:39:20.0105 0x0bac  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:39:20.0107 0x0bac  atapi - ok
18:39:20.0215 0x0bac  [ 0ACC06FCF46F64ED4F11E57EE461C1F4, F2AB7198C7F7D36AB1D6D03C1FEFD929ED402002AC835B909FC14938BC0EE24B ] athr            C:\Windows\system32\DRIVERS\athrx.sys
18:39:20.0293 0x0bac  athr - ok
18:39:20.0355 0x0bac  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:39:20.0402 0x0bac  AudioEndpointBuilder - ok
18:39:20.0437 0x0bac  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:39:20.0457 0x0bac  AudioSrv - ok
18:39:20.0539 0x0bac  [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:39:20.0539 0x0bac  avast! Antivirus - ok
18:39:20.0609 0x0bac  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:39:20.0614 0x0bac  AxInstSV - ok
18:39:20.0671 0x0bac  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:39:20.0691 0x0bac  b06bdrv - ok
18:39:20.0741 0x0bac  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:39:20.0751 0x0bac  b57nd60a - ok
18:39:20.0811 0x0bac  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:39:20.0821 0x0bac  BDESVC - ok
18:39:20.0841 0x0bac  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:39:20.0841 0x0bac  Beep - ok
18:39:20.0921 0x0bac  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:39:20.0951 0x0bac  BFE - ok
18:39:21.0013 0x0bac  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
18:39:21.0063 0x0bac  BITS - ok
18:39:21.0099 0x0bac  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:39:21.0102 0x0bac  blbdrive - ok
18:39:21.0135 0x0bac  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:39:21.0135 0x0bac  bowser - ok
18:39:21.0165 0x0bac  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:39:21.0215 0x0bac  BrFiltLo - ok
18:39:21.0225 0x0bac  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:39:21.0225 0x0bac  BrFiltUp - ok
18:39:21.0245 0x0bac  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:39:21.0245 0x0bac  BridgeMP - ok
18:39:21.0276 0x0bac  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:39:21.0282 0x0bac  Browser - ok
18:39:21.0302 0x0bac  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:39:21.0312 0x0bac  Brserid - ok
18:39:21.0317 0x0bac  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:39:21.0327 0x0bac  BrSerWdm - ok
18:39:21.0337 0x0bac  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:39:21.0347 0x0bac  BrUsbMdm - ok
18:39:21.0361 0x0bac  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:39:21.0364 0x0bac  BrUsbSer - ok
18:39:21.0387 0x0bac  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:39:21.0391 0x0bac  BTHMODEM - ok
18:39:21.0432 0x0bac  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:39:21.0437 0x0bac  bthserv - ok
18:39:21.0459 0x0bac  catchme - ok
18:39:21.0489 0x0bac  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:39:21.0489 0x0bac  cdfs - ok
18:39:21.0539 0x0bac  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:39:21.0539 0x0bac  cdrom - ok
18:39:21.0589 0x0bac  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:39:21.0599 0x0bac  CertPropSvc - ok
18:39:21.0639 0x0bac  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:39:21.0639 0x0bac  circlass - ok
18:39:21.0679 0x0bac  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
18:39:21.0699 0x0bac  CLFS - ok
18:39:21.0789 0x0bac  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:21.0789 0x0bac  clr_optimization_v2.0.50727_32 - ok
18:39:21.0839 0x0bac  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:39:21.0849 0x0bac  clr_optimization_v2.0.50727_64 - ok
18:39:21.0929 0x0bac  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:39:21.0939 0x0bac  clr_optimization_v4.0.30319_32 - ok
18:39:22.0011 0x0bac  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:39:22.0031 0x0bac  clr_optimization_v4.0.30319_64 - ok
18:39:22.0071 0x0bac  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
18:39:22.0081 0x0bac  CmBatt - ok
18:39:22.0101 0x0bac  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:39:22.0101 0x0bac  cmdide - ok
18:39:22.0151 0x0bac  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
18:39:22.0181 0x0bac  CNG - ok
18:39:22.0211 0x0bac  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
18:39:22.0211 0x0bac  Compbatt - ok
18:39:22.0258 0x0bac  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:39:22.0262 0x0bac  CompositeBus - ok
18:39:22.0290 0x0bac  COMSysApp - ok
18:39:22.0315 0x0bac  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:39:22.0317 0x0bac  crcdisk - ok
18:39:22.0373 0x0bac  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:39:22.0383 0x0bac  CryptSvc - ok
18:39:22.0433 0x0bac  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:39:22.0453 0x0bac  DcomLaunch - ok
18:39:22.0505 0x0bac  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:39:22.0515 0x0bac  defragsvc - ok
18:39:22.0535 0x0bac  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:39:22.0535 0x0bac  DfsC - ok
18:39:22.0585 0x0bac  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:39:22.0605 0x0bac  Dhcp - ok
18:39:22.0635 0x0bac  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:39:22.0635 0x0bac  discache - ok
18:39:22.0677 0x0bac  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:39:22.0677 0x0bac  Disk - ok
18:39:22.0717 0x0bac  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:39:22.0727 0x0bac  Dnscache - ok
18:39:22.0767 0x0bac  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:39:22.0777 0x0bac  dot3svc - ok
18:39:22.0816 0x0bac  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:39:22.0825 0x0bac  DPS - ok
18:39:22.0859 0x0bac  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:39:22.0869 0x0bac  drmkaud - ok
18:39:22.0949 0x0bac  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:39:22.0996 0x0bac  DXGKrnl - ok
18:39:23.0051 0x0bac  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:39:23.0051 0x0bac  EapHost - ok
18:39:23.0223 0x0bac  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:39:23.0356 0x0bac  ebdrv - ok
18:39:23.0431 0x0bac  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
18:39:23.0437 0x0bac  EFS - ok
18:39:23.0534 0x0bac  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:39:23.0571 0x0bac  ehRecvr - ok
18:39:23.0609 0x0bac  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:39:23.0615 0x0bac  ehSched - ok
18:39:23.0673 0x0bac  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:39:23.0696 0x0bac  elxstor - ok
18:39:23.0718 0x0bac  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:39:23.0720 0x0bac  ErrDev - ok
18:39:23.0785 0x0bac  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:39:23.0832 0x0bac  EventSystem - ok
18:39:23.0862 0x0bac  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:39:23.0870 0x0bac  exfat - ok
18:39:23.0900 0x0bac  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:39:23.0910 0x0bac  fastfat - ok
18:39:23.0969 0x0bac  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:39:24.0002 0x0bac  Fax - ok
18:39:24.0028 0x0bac  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:39:24.0030 0x0bac  fdc - ok
18:39:24.0070 0x0bac  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:39:24.0075 0x0bac  fdPHost - ok
18:39:24.0104 0x0bac  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:39:24.0108 0x0bac  FDResPub - ok
18:39:24.0156 0x0bac  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:39:24.0157 0x0bac  FileInfo - ok
18:39:24.0177 0x0bac  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:39:24.0177 0x0bac  Filetrace - ok
18:39:24.0207 0x0bac  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:39:24.0207 0x0bac  flpydisk - ok
18:39:24.0267 0x0bac  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:39:24.0278 0x0bac  FltMgr - ok
18:39:24.0349 0x0bac  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
18:39:24.0413 0x0bac  FontCache - ok
18:39:24.0481 0x0bac  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:39:24.0481 0x0bac  FontCache3.0.0.0 - ok
18:39:24.0525 0x0bac  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:39:24.0529 0x0bac  FsDepends - ok
18:39:24.0557 0x0bac  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:39:24.0559 0x0bac  Fs_Rec - ok
18:39:24.0603 0x0bac  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:39:24.0613 0x0bac  fvevol - ok
18:39:24.0643 0x0bac  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:39:24.0643 0x0bac  gagp30kx - ok
18:39:24.0703 0x0bac  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:39:24.0753 0x0bac  gpsvc - ok
18:39:24.0855 0x0bac  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:39:24.0865 0x0bac  gupdate - ok
18:39:24.0885 0x0bac  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:39:24.0885 0x0bac  gupdatem - ok
18:39:24.0925 0x0bac  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:39:24.0935 0x0bac  hcw85cir - ok
18:39:24.0985 0x0bac  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:39:25.0005 0x0bac  HdAudAddService - ok
18:39:25.0047 0x0bac  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:39:25.0047 0x0bac  HDAudBus - ok
18:39:25.0067 0x0bac  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:39:25.0067 0x0bac  HidBatt - ok
18:39:25.0107 0x0bac  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:39:25.0107 0x0bac  HidBth - ok
18:39:25.0117 0x0bac  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:39:25.0127 0x0bac  HidIr - ok
18:39:25.0157 0x0bac  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
18:39:25.0157 0x0bac  hidserv - ok
18:39:25.0207 0x0bac  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:39:25.0217 0x0bac  HidUsb - ok
18:39:25.0247 0x0bac  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:39:25.0257 0x0bac  hkmsvc - ok
18:39:25.0291 0x0bac  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:39:25.0319 0x0bac  HomeGroupListener - ok
18:39:25.0371 0x0bac  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:39:25.0381 0x0bac  HomeGroupProvider - ok
18:39:25.0421 0x0bac  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:39:25.0421 0x0bac  HpSAMD - ok
18:39:25.0471 0x0bac  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:39:25.0511 0x0bac  HTTP - ok
18:39:25.0531 0x0bac  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:39:25.0531 0x0bac  hwpolicy - ok
18:39:25.0563 0x0bac  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
18:39:25.0568 0x0bac  i8042prt - ok
18:39:25.0643 0x0bac  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:39:25.0673 0x0bac  iaStorV - ok
18:39:25.0755 0x0bac  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:39:25.0804 0x0bac  idsvc - ok
18:39:25.0837 0x0bac  IEEtwCollectorService - ok
18:39:26.0177 0x0bac  [ 2D18C9E1F23970DE32D78D3B1CDDA0A7, 4AC6425F6D1921ED7975A0450D536B2675964574E40D86099410423E72D70D88 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:39:26.0458 0x0bac  igfx - ok
18:39:26.0517 0x0bac  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:39:26.0521 0x0bac  iirsp - ok
18:39:26.0583 0x0bac  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:39:26.0623 0x0bac  IKEEXT - ok
18:39:26.0676 0x0bac  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:39:26.0679 0x0bac  intelide - ok
18:39:26.0705 0x0bac  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:39:26.0705 0x0bac  intelppm - ok
18:39:26.0735 0x0bac  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:39:26.0745 0x0bac  IPBusEnum - ok
18:39:26.0775 0x0bac  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:39:26.0775 0x0bac  IpFilterDriver - ok
18:39:26.0835 0x0bac  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:39:26.0865 0x0bac  iphlpsvc - ok
18:39:26.0885 0x0bac  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:39:26.0885 0x0bac  IPMIDRV - ok
18:39:26.0910 0x0bac  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:39:26.0916 0x0bac  IPNAT - ok
18:39:26.0947 0x0bac  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:39:26.0957 0x0bac  IRENUM - ok
18:39:26.0977 0x0bac  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:39:26.0977 0x0bac  isapnp - ok
18:39:27.0037 0x0bac  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:39:27.0047 0x0bac  iScsiPrt - ok
18:39:27.0077 0x0bac  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
18:39:27.0087 0x0bac  kbdclass - ok
18:39:27.0117 0x0bac  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
18:39:27.0117 0x0bac  kbdhid - ok
18:39:27.0147 0x0bac  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
18:39:27.0147 0x0bac  KeyIso - ok
18:39:27.0199 0x0bac  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:39:27.0207 0x0bac  KSecDD - ok
18:39:27.0249 0x0bac  [ 41774FF331F609EF442B7398EE6202B1, AD67DA06A74895C384F4A1F1CF47050DAEE9C6CE8AD12F1A116FC977B6C3A864 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:39:27.0259 0x0bac  KSecPkg - ok
18:39:27.0279 0x0bac  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:39:27.0279 0x0bac  ksthunk - ok
18:39:27.0321 0x0bac  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:39:27.0341 0x0bac  KtmRm - ok
18:39:27.0401 0x0bac  [ FC690886A7881A202B662FB94BDFD94F, 92388BE9140CF604DAECEBF9355EAFC67160E530CE1AA7283B202CBAFA3FBA03 ] L1C             C:\Windows\system32\DRIVERS\l1c51x64.sys
18:39:27.0401 0x0bac  L1C - ok
18:39:27.0451 0x0bac  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:39:27.0461 0x0bac  LanmanServer - ok
18:39:27.0502 0x0bac  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:39:27.0512 0x0bac  LanmanWorkstation - ok
18:39:27.0553 0x0bac  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:39:27.0563 0x0bac  lltdio - ok
18:39:27.0610 0x0bac  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:39:27.0623 0x0bac  lltdsvc - ok
18:39:27.0655 0x0bac  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:39:27.0665 0x0bac  lmhosts - ok
18:39:27.0715 0x0bac  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:39:27.0715 0x0bac  LSI_FC - ok
18:39:27.0735 0x0bac  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:39:27.0735 0x0bac  LSI_SAS - ok
18:39:27.0755 0x0bac  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:39:27.0765 0x0bac  LSI_SAS2 - ok
18:39:27.0785 0x0bac  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:39:27.0795 0x0bac  LSI_SCSI - ok
18:39:27.0815 0x0bac  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:39:27.0825 0x0bac  luafv - ok
18:39:27.0855 0x0bac  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:39:27.0865 0x0bac  Mcx2Svc - ok
18:39:27.0885 0x0bac  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:39:27.0895 0x0bac  megasas - ok
18:39:27.0945 0x0bac  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:39:27.0955 0x0bac  MegaSR - ok
18:39:28.0057 0x0bac  [ FAFE367D032ED82E9332B4C741A20216, 7B123766E360570E0FCB211835B7910D6A1806C25A06BCA9227AB9E993376CA8 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
18:39:28.0057 0x0bac  Microsoft Office Groove Audit Service - ok
18:39:28.0117 0x0bac  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:39:28.0117 0x0bac  MMCSS - ok
18:39:28.0157 0x0bac  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:39:28.0157 0x0bac  Modem - ok
18:39:28.0187 0x0bac  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:39:28.0197 0x0bac  monitor - ok
18:39:28.0217 0x0bac  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
18:39:28.0227 0x0bac  mouclass - ok
18:39:28.0257 0x0bac  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:39:28.0257 0x0bac  mouhid - ok
18:39:28.0287 0x0bac  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:39:28.0287 0x0bac  mountmgr - ok
18:39:28.0337 0x0bac  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:39:28.0347 0x0bac  MozillaMaintenance - ok
18:39:28.0377 0x0bac  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:39:28.0377 0x0bac  mpio - ok
18:39:28.0429 0x0bac  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:39:28.0429 0x0bac  mpsdrv - ok
18:39:28.0499 0x0bac  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:39:28.0539 0x0bac  MpsSvc - ok
18:39:28.0591 0x0bac  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:39:28.0597 0x0bac  MRxDAV - ok
18:39:28.0631 0x0bac  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:39:28.0641 0x0bac  mrxsmb - ok
18:39:28.0671 0x0bac  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:39:28.0689 0x0bac  mrxsmb10 - ok
18:39:28.0721 0x0bac  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:39:28.0723 0x0bac  mrxsmb20 - ok
18:39:28.0753 0x0bac  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:39:28.0753 0x0bac  msahci - ok
18:39:28.0803 0x0bac  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:39:28.0803 0x0bac  msdsm - ok
18:39:28.0833 0x0bac  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:39:28.0843 0x0bac  MSDTC - ok
18:39:28.0893 0x0bac  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:39:28.0893 0x0bac  Msfs - ok
18:39:28.0933 0x0bac  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:39:28.0933 0x0bac  mshidkmdf - ok
18:39:28.0963 0x0bac  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:39:28.0963 0x0bac  msisadrv - ok
18:39:29.0003 0x0bac  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:39:29.0013 0x0bac  MSiSCSI - ok
18:39:29.0023 0x0bac  msiserver - ok
18:39:29.0063 0x0bac  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:39:29.0067 0x0bac  MSKSSRV - ok
18:39:29.0079 0x0bac  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:39:29.0082 0x0bac  MSPCLOCK - ok
18:39:29.0104 0x0bac  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:39:29.0138 0x0bac  MSPQM - ok
18:39:29.0180 0x0bac  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:39:29.0235 0x0bac  MsRPC - ok
18:39:29.0283 0x0bac  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:39:29.0284 0x0bac  mssmbios - ok
18:39:29.0308 0x0bac  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:39:29.0310 0x0bac  MSTEE - ok
18:39:29.0317 0x0bac  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:39:29.0317 0x0bac  MTConfig - ok
18:39:29.0347 0x0bac  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:39:29.0357 0x0bac  Mup - ok
18:39:29.0409 0x0bac  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:39:29.0439 0x0bac  napagent - ok
18:39:29.0489 0x0bac  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:39:29.0499 0x0bac  NativeWifiP - ok
18:39:29.0589 0x0bac  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:39:29.0629 0x0bac  NDIS - ok
18:39:29.0678 0x0bac  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:39:29.0681 0x0bac  NdisCap - ok
18:39:29.0711 0x0bac  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:39:29.0711 0x0bac  NdisTapi - ok
18:39:29.0751 0x0bac  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:39:29.0751 0x0bac  Ndisuio - ok
18:39:29.0771 0x0bac  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:39:29.0781 0x0bac  NdisWan - ok
18:39:29.0813 0x0bac  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:39:29.0813 0x0bac  NDProxy - ok
18:39:29.0923 0x0bac  [ 78073F606AE3B24F6C1F555759AA8511, 335ED089265B4672FC297F385CA970120B936C9C29A580E6C33EDA701EB9C695 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
18:39:29.0954 0x0bac  Nero BackItUp Scheduler 3 - ok
18:39:29.0990 0x0bac  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:39:29.0993 0x0bac  NetBIOS - ok
18:39:30.0035 0x0bac  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:39:30.0045 0x0bac  NetBT - ok
18:39:30.0065 0x0bac  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
18:39:30.0075 0x0bac  Netlogon - ok
18:39:30.0115 0x0bac  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:39:30.0135 0x0bac  Netman - ok
18:39:30.0235 0x0bac  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:30.0235 0x0bac  NetMsmqActivator - ok
18:39:30.0275 0x0bac  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:30.0275 0x0bac  NetPipeActivator - ok
18:39:30.0305 0x0bac  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:39:30.0324 0x0bac  netprofm - ok
18:39:30.0337 0x0bac  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:30.0347 0x0bac  NetTcpActivator - ok
18:39:30.0357 0x0bac  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:39:30.0367 0x0bac  NetTcpPortSharing - ok
18:39:30.0400 0x0bac  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:39:30.0404 0x0bac  nfrd960 - ok
18:39:30.0479 0x0bac  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:39:30.0499 0x0bac  NlaSvc - ok
18:39:30.0619 0x0bac  [ 62F68443D244024845B875B44D76A92F, 60CB13374A8002AFF5AB6D54B0F03ED00A97C4E9D1E1A1BE017A364BA275E928 ] NMIndexingService C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
18:39:30.0639 0x0bac  NMIndexingService - ok
18:39:30.0663 0x0bac  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:39:30.0666 0x0bac  Npfs - ok
18:39:30.0701 0x0bac  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:39:30.0708 0x0bac  nsi - ok
18:39:30.0731 0x0bac  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:39:30.0731 0x0bac  nsiproxy - ok
18:39:30.0851 0x0bac  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:39:30.0913 0x0bac  Ntfs - ok
18:39:30.0948 0x0bac  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:39:30.0950 0x0bac  Null - ok
18:39:30.0995 0x0bac  [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
18:39:30.0995 0x0bac  nusb3hub - ok
18:39:31.0035 0x0bac  [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
18:39:31.0045 0x0bac  nusb3xhc - ok
18:39:31.0075 0x0bac  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:39:31.0086 0x0bac  nvraid - ok
18:39:31.0127 0x0bac  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:39:31.0137 0x0bac  nvstor - ok
18:39:31.0187 0x0bac  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:39:31.0205 0x0bac  nv_agp - ok
18:39:31.0319 0x0bac  [ 84DE1DD996B48B05ACE31AD015FA108A, 4B9D1E4EF83ECED6C77F23D9879C124534F7053D7423E3A2D0F67A4A720CEA94 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:39:31.0339 0x0bac  odserv - ok
18:39:31.0369 0x0bac  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:39:31.0369 0x0bac  ohci1394 - ok
18:39:31.0431 0x0bac  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:39:31.0431 0x0bac  ose - ok
18:39:31.0493 0x0bac  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:39:31.0513 0x0bac  p2pimsvc - ok
18:39:31.0563 0x0bac  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:39:31.0603 0x0bac  p2psvc - ok
18:39:31.0633 0x0bac  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
18:39:31.0643 0x0bac  Parport - ok
18:39:31.0689 0x0bac  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:39:31.0693 0x0bac  partmgr - ok
18:39:31.0724 0x0bac  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:39:31.0735 0x0bac  PcaSvc - ok
18:39:31.0755 0x0bac  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:39:31.0765 0x0bac  pci - ok
18:39:31.0797 0x0bac  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:39:31.0797 0x0bac  pciide - ok
18:39:31.0837 0x0bac  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:39:31.0847 0x0bac  pcmcia - ok
18:39:31.0877 0x0bac  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:39:31.0877 0x0bac  pcw - ok
18:39:31.0929 0x0bac  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:39:31.0959 0x0bac  PEAUTH - ok
18:39:32.0051 0x0bac  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:39:32.0061 0x0bac  PerfHost - ok
18:39:32.0163 0x0bac  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:39:32.0289 0x0bac  pla - ok
18:39:32.0327 0x0bac  [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
18:39:32.0337 0x0bac  PLFlash DeviceIoControl Service - ok
18:39:32.0397 0x0bac  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:39:32.0417 0x0bac  PlugPlay - ok
18:39:32.0437 0x0bac  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:39:32.0447 0x0bac  PNRPAutoReg - ok
18:39:32.0477 0x0bac  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:39:32.0494 0x0bac  PNRPsvc - ok
18:39:32.0549 0x0bac  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:39:32.0579 0x0bac  PolicyAgent - ok
18:39:32.0626 0x0bac  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:39:32.0631 0x0bac  Power - ok
18:39:32.0681 0x0bac  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:39:32.0681 0x0bac  PptpMiniport - ok
18:39:32.0711 0x0bac  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:39:32.0711 0x0bac  Processor - ok
18:39:32.0771 0x0bac  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:39:32.0791 0x0bac  ProfSvc - ok
18:39:32.0821 0x0bac  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:39:32.0821 0x0bac  ProtectedStorage - ok
18:39:32.0851 0x0bac  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:39:32.0861 0x0bac  Psched - ok
18:39:32.0943 0x0bac  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:39:33.0005 0x0bac  ql2300 - ok
18:39:33.0057 0x0bac  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:39:33.0057 0x0bac  ql40xx - ok
18:39:33.0097 0x0bac  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:39:33.0117 0x0bac  QWAVE - ok
18:39:33.0127 0x0bac  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:39:33.0137 0x0bac  QWAVEdrv - ok
18:39:33.0279 0x0bac  [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
18:39:33.0289 0x0bac  RapiMgr - ok
18:39:33.0309 0x0bac  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:39:33.0309 0x0bac  RasAcd - ok
18:39:33.0351 0x0bac  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:39:33.0351 0x0bac  RasAgileVpn - ok
18:39:33.0381 0x0bac  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:39:33.0391 0x0bac  RasAuto - ok
18:39:33.0431 0x0bac  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:39:33.0441 0x0bac  Rasl2tp - ok
18:39:33.0471 0x0bac  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:39:33.0498 0x0bac  RasMan - ok
18:39:33.0522 0x0bac  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:39:33.0527 0x0bac  RasPppoe - ok
18:39:33.0543 0x0bac  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:39:33.0553 0x0bac  RasSstp - ok
18:39:33.0593 0x0bac  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:39:33.0604 0x0bac  rdbss - ok
18:39:33.0633 0x0bac  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
18:39:33.0635 0x0bac  rdpbus - ok
18:39:33.0665 0x0bac  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:39:33.0665 0x0bac  RDPCDD - ok
18:39:33.0695 0x0bac  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:39:33.0695 0x0bac  RDPENCDD - ok
18:39:33.0725 0x0bac  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:39:33.0735 0x0bac  RDPREFMP - ok
18:39:33.0817 0x0bac  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:39:33.0817 0x0bac  RdpVideoMiniport - ok
18:39:33.0857 0x0bac  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:39:33.0867 0x0bac  RDPWD - ok
18:39:33.0910 0x0bac  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:39:33.0919 0x0bac  rdyboost - ok
18:39:33.0949 0x0bac  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:39:33.0959 0x0bac  RemoteAccess - ok
18:39:34.0009 0x0bac  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:39:34.0019 0x0bac  RemoteRegistry - ok
18:39:34.0059 0x0bac  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:39:34.0059 0x0bac  RpcEptMapper - ok
18:39:34.0079 0x0bac  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:39:34.0089 0x0bac  RpcLocator - ok
18:39:34.0146 0x0bac  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:39:34.0164 0x0bac  RpcSs - ok
18:39:34.0241 0x0bac  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:39:34.0255 0x0bac  rspndr - ok
18:39:34.0281 0x0bac  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
18:39:34.0285 0x0bac  SamSs - ok
18:39:34.0316 0x0bac  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:39:34.0322 0x0bac  sbp2port - ok
18:39:34.0377 0x0bac  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:39:34.0397 0x0bac  SCardSvr - ok
18:39:34.0423 0x0bac  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:39:34.0423 0x0bac  scfilter - ok
18:39:34.0483 0x0bac  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
18:39:34.0547 0x0bac  Schedule - ok
18:39:34.0585 0x0bac  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:39:34.0588 0x0bac  SCPolicySvc - ok
18:39:34.0615 0x0bac  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:39:34.0625 0x0bac  SDRSVC - ok
18:39:34.0677 0x0bac  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:39:34.0687 0x0bac  secdrv - ok
18:39:34.0697 0x0bac  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:39:34.0707 0x0bac  seclogon - ok
18:39:34.0737 0x0bac  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
18:39:34.0737 0x0bac  SENS - ok
18:39:34.0767 0x0bac  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:39:34.0767 0x0bac  SensrSvc - ok
18:39:34.0797 0x0bac  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
18:39:34.0797 0x0bac  Serenum - ok
18:39:34.0837 0x0bac  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
18:39:34.0837 0x0bac  Serial - ok
18:39:34.0857 0x0bac  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:39:34.0857 0x0bac  sermouse - ok
18:39:34.0911 0x0bac  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:39:34.0920 0x0bac  SessionEnv - ok
18:39:34.0934 0x0bac  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:39:34.0936 0x0bac  sffdisk - ok
18:39:34.0961 0x0bac  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:39:34.0964 0x0bac  sffp_mmc - ok
18:39:34.0969 0x0bac  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:39:34.0979 0x0bac  sffp_sd - ok
18:39:34.0989 0x0bac  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:39:34.0999 0x0bac  sfloppy - ok
18:39:35.0051 0x0bac  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:39:35.0081 0x0bac  SharedAccess - ok
18:39:35.0121 0x0bac  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:39:35.0141 0x0bac  ShellHWDetection - ok
18:39:35.0184 0x0bac  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:39:35.0187 0x0bac  SiSRaid2 - ok
18:39:35.0221 0x0bac  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:39:35.0223 0x0bac  SiSRaid4 - ok
18:39:35.0263 0x0bac  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:39:35.0263 0x0bac  Smb - ok
18:39:35.0305 0x0bac  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:39:35.0313 0x0bac  SNMPTRAP - ok
18:39:35.0335 0x0bac  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:39:35.0338 0x0bac  spldr - ok
18:39:35.0385 0x0bac  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:39:35.0425 0x0bac  Spooler - ok
18:39:35.0593 0x0bac  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:39:35.0715 0x0bac  sppsvc - ok
18:39:35.0753 0x0bac  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:39:35.0762 0x0bac  sppuinotify - ok
18:39:35.0801 0x0bac  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:39:35.0831 0x0bac  srv - ok
18:39:35.0871 0x0bac  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:39:35.0883 0x0bac  srv2 - ok
18:39:35.0923 0x0bac  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:39:35.0933 0x0bac  srvnet - ok
18:39:35.0963 0x0bac  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:39:35.0983 0x0bac  SSDPSRV - ok
18:39:36.0011 0x0bac  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:39:36.0015 0x0bac  SstpSvc - ok
18:39:36.0055 0x0bac  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:39:36.0055 0x0bac  stexstor - ok
18:39:36.0125 0x0bac  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:39:36.0155 0x0bac  stisvc - ok
18:39:36.0175 0x0bac  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:39:36.0198 0x0bac  swenum - ok
18:39:36.0267 0x0bac  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:39:36.0297 0x0bac  swprv - ok
18:39:36.0389 0x0bac  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
18:39:36.0471 0x0bac  SysMain - ok
18:39:36.0510 0x0bac  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:39:36.0518 0x0bac  TabletInputService - ok
18:39:36.0553 0x0bac  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:39:36.0573 0x0bac  TapiSrv - ok
18:39:36.0603 0x0bac  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:39:36.0615 0x0bac  TBS - ok
18:39:36.0755 0x0bac  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:39:36.0827 0x0bac  Tcpip - ok
18:39:36.0930 0x0bac  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:39:36.0977 0x0bac  TCPIP6 - ok
18:39:37.0022 0x0bac  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:39:37.0026 0x0bac  tcpipreg - ok
18:39:37.0062 0x0bac  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:39:37.0062 0x0bac  TDPIPE - ok
18:39:37.0092 0x0bac  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:39:37.0102 0x0bac  TDTCP - ok
18:39:37.0132 0x0bac  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:39:37.0132 0x0bac  tdx - ok
18:39:37.0152 0x0bac  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:39:37.0224 0x0bac  TermDD - ok
18:39:37.0294 0x0bac  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:39:37.0342 0x0bac  TermService - ok
18:39:37.0383 0x0bac  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:39:37.0386 0x0bac  Themes - ok
18:39:37.0426 0x0bac  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:39:37.0426 0x0bac  THREADORDER - ok
18:39:37.0466 0x0bac  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:39:37.0466 0x0bac  TrkWks - ok
18:39:37.0548 0x0bac  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:39:37.0548 0x0bac  TrustedInstaller - ok
18:39:37.0599 0x0bac  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:39:37.0603 0x0bac  tssecsrv - ok
18:39:37.0650 0x0bac  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:39:37.0660 0x0bac  TsUsbFlt - ok
18:39:37.0690 0x0bac  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:39:37.0700 0x0bac  TsUsbGD - ok
18:39:37.0742 0x0bac  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:39:37.0752 0x0bac  tunnel - ok
18:39:37.0772 0x0bac  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:39:37.0782 0x0bac  uagp35 - ok
18:39:37.0824 0x0bac  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:39:37.0834 0x0bac  udfs - ok
18:39:37.0896 0x0bac  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:39:37.0906 0x0bac  UI0Detect - ok
18:39:37.0936 0x0bac  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:39:37.0936 0x0bac  uliagpkx - ok
18:39:37.0956 0x0bac  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:39:37.0956 0x0bac  umbus - ok
18:39:37.0966 0x0bac  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:39:37.0976 0x0bac  UmPass - ok
18:39:38.0012 0x0bac  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:39:38.0048 0x0bac  upnphost - ok
18:39:38.0078 0x0bac  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:39:38.0088 0x0bac  usbccgp - ok
18:39:38.0138 0x0bac  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:39:38.0138 0x0bac  usbcir - ok
18:39:38.0178 0x0bac  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:39:38.0238 0x0bac  usbehci - ok
18:39:38.0288 0x0bac  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:39:38.0308 0x0bac  usbhub - ok
18:39:38.0348 0x0bac  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:39:38.0348 0x0bac  usbohci - ok
18:39:38.0398 0x0bac  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
18:39:38.0398 0x0bac  usbprint - ok
18:39:38.0438 0x0bac  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
18:39:38.0438 0x0bac  usbscan - ok
18:39:38.0458 0x0bac  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:39:38.0468 0x0bac  USBSTOR - ok
18:39:38.0498 0x0bac  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:39:38.0498 0x0bac  usbuhci - ok
18:39:38.0540 0x0bac  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:39:38.0540 0x0bac  UxSms - ok
18:39:38.0560 0x0bac  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
18:39:38.0570 0x0bac  VaultSvc - ok
18:39:38.0622 0x0bac  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:39:38.0622 0x0bac  vdrvroot - ok
18:39:38.0662 0x0bac  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:39:38.0702 0x0bac  vds - ok
18:39:38.0733 0x0bac  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:39:38.0737 0x0bac  vga - ok
18:39:38.0752 0x0bac  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:39:38.0754 0x0bac  VgaSave - ok
18:39:38.0792 0x0bac  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:39:38.0794 0x0bac  vhdmp - ok
18:39:38.0834 0x0bac  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:39:38.0834 0x0bac  viaide - ok
18:39:38.0864 0x0bac  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:39:38.0874 0x0bac  volmgr - ok
18:39:38.0915 0x0bac  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:39:38.0927 0x0bac  volmgrx - ok
18:39:38.0956 0x0bac  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:39:38.0966 0x0bac  volsnap - ok
18:39:38.0996 0x0bac  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:39:39.0011 0x0bac  vsmraid - ok
18:39:39.0108 0x0bac  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:39:39.0190 0x0bac  VSS - ok
18:39:39.0230 0x0bac  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:39:39.0272 0x0bac  vwifibus - ok
18:39:39.0302 0x0bac  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:39:39.0312 0x0bac  vwififlt - ok
18:39:39.0352 0x0bac  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
18:39:39.0352 0x0bac  vwifimp - ok
18:39:39.0406 0x0bac  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:39:39.0429 0x0bac  W32Time - ok
18:39:39.0469 0x0bac  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:39:39.0473 0x0bac  WacomPen - ok
18:39:39.0517 0x0bac  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:39:39.0522 0x0bac  WANARP - ok
18:39:39.0544 0x0bac  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:39:39.0549 0x0bac  Wanarpv6 - ok
18:39:39.0640 0x0bac  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:39:39.0694 0x0bac  WatAdminSvc - ok
18:39:39.0786 0x0bac  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:39:39.0858 0x0bac  wbengine - ok
18:39:39.0900 0x0bac  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:39:39.0910 0x0bac  WbioSrvc - ok
18:39:39.0970 0x0bac  [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
18:39:39.0990 0x0bac  WcesComm - ok
18:39:40.0034 0x0bac  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:39:40.0052 0x0bac  wcncsvc - ok
18:39:40.0097 0x0bac  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:39:40.0110 0x0bac  WcsPlugInService - ok
18:39:40.0134 0x0bac  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:39:40.0144 0x0bac  Wd - ok
18:39:40.0204 0x0bac  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:39:40.0284 0x0bac  Wdf01000 - ok
18:39:40.0333 0x0bac  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:39:40.0336 0x0bac  WdiServiceHost - ok
18:39:40.0346 0x0bac  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:39:40.0356 0x0bac  WdiSystemHost - ok
18:39:40.0418 0x0bac  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
18:39:40.0428 0x0bac  WebClient - ok
18:39:40.0448 0x0bac  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:39:40.0468 0x0bac  Wecsvc - ok
18:39:40.0494 0x0bac  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:39:40.0502 0x0bac  wercplsupport - ok
18:39:40.0530 0x0bac  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:39:40.0540 0x0bac  WerSvc - ok
18:39:40.0590 0x0bac  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:39:40.0590 0x0bac  WfpLwf - ok
18:39:40.0610 0x0bac  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:39:40.0610 0x0bac  WIMMount - ok
18:39:40.0650 0x0bac  WinDefend - ok
18:39:40.0690 0x0bac  WinHttpAutoProxySvc - ok
18:39:40.0742 0x0bac  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:39:40.0752 0x0bac  Winmgmt - ok
18:39:40.0864 0x0bac  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
18:39:40.0958 0x0bac  WinRM - ok
18:39:41.0038 0x0bac  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WINUSB          C:\Windows\system32\DRIVERS\WinUSB.SYS
18:39:41.0048 0x0bac  WINUSB - ok
18:39:41.0118 0x0bac  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:39:41.0158 0x0bac  Wlansvc - ok
18:39:41.0230 0x0bac  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
18:39:41.0240 0x0bac  WmiAcpi - ok
18:39:41.0280 0x0bac  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:39:41.0290 0x0bac  wmiApSrv - ok
18:39:41.0330 0x0bac  WMPNetworkSvc - ok
18:39:41.0360 0x0bac  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:39:41.0370 0x0bac  WPCSvc - ok
18:39:41.0403 0x0bac  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:39:41.0412 0x0bac  WPDBusEnum - ok
18:39:41.0442 0x0bac  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:39:41.0442 0x0bac  ws2ifsl - ok
18:39:41.0462 0x0bac  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
18:39:41.0472 0x0bac  wscsvc - ok
18:39:41.0492 0x0bac  WSearch - ok
18:39:41.0633 0x0bac  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:39:41.0745 0x0bac  wuauserv - ok
18:39:41.0798 0x0bac  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:39:41.0798 0x0bac  WudfPf - ok
18:39:41.0828 0x0bac  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:39:41.0838 0x0bac  WUDFRd - ok
18:39:41.0868 0x0bac  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:39:41.0882 0x0bac  wudfsvc - ok
18:39:41.0940 0x0bac  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:39:41.0960 0x0bac  WwanSvc - ok
18:39:42.0006 0x0bac  ================ Scan global ===============================
18:39:42.0052 0x0bac  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
18:39:42.0092 0x0bac  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:39:42.0122 0x0bac  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
18:39:42.0152 0x0bac  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:39:42.0274 0x0bac  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
18:39:42.0294 0x0bac  [ Global ] - ok
18:39:42.0294 0x0bac  ================ Scan MBR ==================================
18:39:42.0304 0x0bac  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:39:42.0470 0x08f4  Object required for P2P: [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig
18:39:42.0569 0x0bac  \Device\Harddisk0\DR0 - ok
18:39:42.0573 0x0bac  ================ Scan VBR ==================================
18:39:42.0578 0x0bac  [ 0FE21ACFC9BEDD54C5BA74ED20D6F8B8 ] \Device\Harddisk0\DR0\Partition1
18:39:42.0581 0x0bac  \Device\Harddisk0\DR0\Partition1 - ok
18:39:42.0592 0x0bac  [ 6A92787CE74E650E6060CDAE888A8AE9 ] \Device\Harddisk0\DR0\Partition2
18:39:42.0594 0x0bac  \Device\Harddisk0\DR0\Partition2 - ok
18:39:42.0598 0x0bac  ================ Scan generic autorun ======================
18:39:42.0637 0x0bac  [ EBF3456B2C7663E6A13940FA10B4E0F8, 97970E77B9306D70FFD4A43CDC39474FDC39C4AD949D9335DF6D88B2971E15D8 ] C:\Windows\system32\igfxtray.exe
18:39:42.0645 0x0bac  IgfxTray - ok
18:39:42.0676 0x0bac  [ B45EA7CAE2ACDBEB3522181E7F5A98AC, 38B808422C1B23E099DD3B5D199E29CD8A7CB91C4690A5607B2B47EC2D366894 ] C:\Windows\system32\hkcmd.exe
18:39:42.0700 0x0bac  HotKeysCmds - ok
18:39:42.0728 0x0bac  [ DEA7D385517BBF31AA0940E1D75D01F4, F9299ECCE2EE8635C8D26690E8B15485E127574F26A264DCB91A1AB0E0CDB64F ] C:\Windows\system32\igfxpers.exe
18:39:42.0758 0x0bac  Persistence - ok
18:39:42.0828 0x0bac  [ 233A10D4B3F6897899112E4EC60F1906, 1F7E768E57064938114DF2EFC5B219EB0D30A7D9E574924E9CED054462505AF0 ] C:\Windows\WindowsMobile\wmdc.exe
18:39:42.0838 0x0bac  Windows Mobile Device Center - ok
18:39:42.0910 0x0bac  [ 38D198A2DD54A67120040566A38103BA, 01604BD91A5B2C0DDC7B52036511F8219952626716E75979D8464F2C56BA0114 ] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
18:39:42.0910 0x0bac  GrooveMonitor - ok
18:39:43.0050 0x0bac  [ 0B807BD923FEAF4503A60CA960BEEA90, F8F6284D563BF56A2F5E2FE340DA53B5A32A69D83F8AB006852C26ECCD0CE4C1 ] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
18:39:43.0147 0x0bac  NBKeyScan - ok
18:39:43.0478 0x0bac  [ 44ADDA5FB88EE14F57A246285775AC2F, 2776225BA9F22C553453541DA0285E093B4F2019DB6FE640D033BA45045299C8 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
18:39:43.0619 0x0bac  AvastUI.exe - ok
18:39:43.0806 0x0bac  [ EB2CC7A2441AA4477BCE761800168CCC, CF915812549A1185FF8EB12D07883CA53E47C044071E7EF20C54AF18FD8232A7 ] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
18:39:43.0850 0x0bac  IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
18:39:43.0859 0x0bac  Waiting for KSN requests completion. In queue: 211
18:39:44.0860 0x0bac  Waiting for KSN requests completion. In queue: 211
18:39:45.0862 0x0bac  Waiting for KSN requests completion. In queue: 211
18:39:46.0864 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:47.0864 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:48.0864 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:49.0866 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:50.0866 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:51.0866 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:52.0866 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:53.0866 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:54.0866 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:55.0868 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:56.0868 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:57.0868 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:58.0868 0x0bac  Waiting for KSN requests completion. In queue: 168
18:39:59.0868 0x0bac  Waiting for KSN requests completion. In queue: 168
18:40:00.0876 0x0bac  Waiting for KSN requests completion. In queue: 168
18:40:01.0876 0x0bac  Waiting for KSN requests completion. In queue: 168
18:40:02.0766 0x08f4  Object send P2P result: false
18:40:02.0776 0x08f4  Object required for P2P: [ 0A92CB65770442ED0DC44834632F66AD ] nvraid
18:40:02.0878 0x0bac  Waiting for KSN requests completion. In queue: 139
18:40:03.0878 0x0bac  Waiting for KSN requests completion. In queue: 139
18:40:04.0878 0x0bac  Waiting for KSN requests completion. In queue: 139
18:40:05.0842 0x08f4  Object send P2P result: true
18:40:05.0842 0x08f4  Object required for P2P: [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia
18:40:05.0882 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:06.0886 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:07.0886 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:08.0888 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:09.0888 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:10.0890 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:11.0890 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:12.0890 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:13.0890 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:14.0892 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:15.0894 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:16.0894 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:17.0894 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:18.0894 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:19.0896 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:20.0898 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:21.0898 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:22.0898 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:23.0898 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:24.0898 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:25.0900 0x0bac  Waiting for KSN requests completion. In queue: 125
18:40:26.0150 0x08f4  Object send P2P result: false
18:40:26.0150 0x08f4  Object required for P2P: [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx
18:40:26.0902 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:27.0906 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:28.0906 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:29.0906 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:30.0914 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:31.0916 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:32.0916 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:33.0918 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:34.0918 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:35.0920 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:36.0920 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:37.0922 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:38.0924 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:39.0924 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:40.0928 0x0bac  Waiting for KSN requests completion. In queue: 110
18:40:40.0988 0x08f4  Object send P2P result: true
18:40:40.0998 0x08f4  Object required for P2P: [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci
18:40:41.0928 0x0bac  Waiting for KSN requests completion. In queue: 20
18:40:42.0928 0x0bac  Waiting for KSN requests completion. In queue: 20
18:40:43.0930 0x0bac  Waiting for KSN requests completion. In queue: 20
18:40:43.0950 0x08f4  Object send P2P result: true
18:40:45.0270 0x0bac  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
18:40:45.0350 0x0bac  Win FW state via NFP2: enabled
18:40:48.0122 0x0bac  ============================================================
18:40:48.0122 0x0bac  Scan finished
18:40:48.0122 0x0bac  ============================================================
18:40:48.0122 0x0708  Detected object count: 0
18:40:48.0122 0x0708  Actual detected object count: 0

Hallo ist fertig lg

schrauber · 08.02.2015, 18:51

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Mandalas · 08.02.2015, 18:54

Hallo Schrauber, noch mal eine Beobachtung beim runterfahren des PC.
Man könnte denken beim ausgehen des Bildschirms ist dahinter wie ein Bild schwarz mit weiser Schrift ...kurz erscheint nicht alle Programme geschlossen und ist gleich weg

schrauber · 08.02.2015, 18:55

Mach einfach obiges

Mandalas · 08.02.2015, 19:30

Code:

ATTFilter

ComboFix 15-02-08.01 - Bruni 08.02.2015  19:01:45.3.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.1977.1134 [GMT 1:00]
ausgeführt von:: c:\users\Bruni\Downloads\Combofix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-01-08 bis 2015-02-08  ))))))))))))))))))))))))))))))
.
.
2015-02-08 18:13 . 2015-02-08 18:13	--------	d-----w-	c:\users\Public\AppData\Local\temp
2015-02-08 18:13 . 2015-02-08 18:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-02-08 17:12 . 2015-02-08 17:12	--------	d-----w-	c:\programdata\Malwarebytes
2015-02-08 17:12 . 2015-02-08 17:30	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-08 17:12 . 2015-02-08 17:12	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-08 17:09 . 2015-02-08 17:09	97496	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-02-06 19:43 . 2015-02-06 19:49	--------	d-----w-	C:\FRST
2015-02-06 19:19 . 2014-12-02 10:26	11870360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{63EA5C57-D5AA-4241-B52F-FD7706A21D02}\mpengine.dll
2015-02-06 19:19 . 2015-02-06 19:19	5070512	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-01-12 22:30 . 2015-01-11 15:30	364512	----a-w-	c:\windows\system32\aswBoot.exe
2015-01-11 15:30 . 2015-01-11 15:30	43152	----a-w-	c:\windows\avastSS.scr
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-06 19:19 . 2012-07-04 17:01	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-06 19:19 . 2012-07-04 17:01	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-12 22:31 . 2012-07-04 17:06	1050432	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2015-01-11 15:30 . 2014-01-19 13:29	116728	----a-w-	c:\windows\system32\drivers\aswstm.sys
2015-01-11 15:30 . 2013-04-16 19:14	267632	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-01-11 15:30 . 2013-04-16 19:14	65776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-01-11 15:30 . 2012-07-04 17:06	436624	----a-w-	c:\windows\system32\drivers\aswsp.sys
2015-01-11 15:30 . 2014-05-18 11:54	29208	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-01-11 15:30 . 2012-07-04 17:06	83280	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-01-11 15:30 . 2012-07-04 17:06	93568	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-01-08 08:55 . 2010-11-21 03:27	298120	------w-	c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-26 16:37	144384	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-26 16:37	115712	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-11-27 01:43 . 2014-12-15 11:48	389296	----a-w-	c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-15 11:48	25059840	----a-w-	c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-15 11:48	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-15 11:48	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-15 11:48	66560	----a-w-	c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-15 11:48	580096	----a-w-	c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-15 11:48	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-15 11:48	2885120	----a-w-	c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-15 11:48	88064	----a-w-	c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-15 11:48	54784	----a-w-	c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-15 11:48	34304	----a-w-	c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-15 11:48	633856	----a-w-	c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-15 11:48	114688	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-15 11:48	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-15 11:48	6039552	----a-w-	c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-15 11:48	968704	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-15 11:48	490496	----a-w-	c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-15 11:48	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-15 11:48	77824	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-15 11:48	199680	----a-w-	c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-15 11:48	92160	----a-w-	c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-15 11:48	501248	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-15 11:48	62464	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-15 11:48	47616	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-15 11:48	64000	----a-w-	c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-15 11:48	316928	----a-w-	c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-15 11:48	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-15 11:48	718848	----a-w-	c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-15 11:48	800768	----a-w-	c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-15 11:48	1359360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-15 11:48	2125312	----a-w-	c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-15 11:48	14412800	----a-w-	c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-15 11:48	60416	----a-w-	c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-15 11:48	4299264	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-15 11:48	2358272	----a-w-	c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-15 11:48	2052096	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-15 11:48	1155072	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-15 11:48	1548288	----a-w-	c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-15 11:48	800768	----a-w-	c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-15 11:48	1888256	----a-w-	c:\windows\SysWow64\wininet.dll
2014-11-11 03:09 . 2014-12-15 11:47	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-12-04 19:05	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-12-04 19:05	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-15 11:47	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-12-04 19:05	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-12-04 19:05	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2011-07-11 20:20 . 2013-07-03 17:17	3208568	----a-w-	c:\program files\TeamViewer_Setup_de.exe
2008-02-11 10:33 . 2013-07-03 17:14	418816	----a-w-	c:\program files\h2testw.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-30 5227112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R0 AFS;AFS; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\l1c51x64.sys;c:\windows\SYSNATIVE\DRIVERS\l1c51x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56568144
*Deregistered* - 56568144
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-08 16:11	1086280	----a-w-	c:\program files (x86)\Google\Chrome\Application\40.0.2214.111\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-02-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 19:19]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 12:10]
.
2015-02-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 12:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-11 15:30	860984	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 15:59	776520	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59	776520	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59	776520	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 15:59	776520	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 15:59	776520	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 15:59	776520	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?trackid=sp-006
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.117.1.25 89.16.129.25
FF - ProfilePath - c:\users\Bruni\AppData\Roaming\Mozilla\Firefox\Profiles\dysprlty.default\
FF - prefs.js: browser.search.selectedEngine - StartWeb
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-02-08  19:27:11
ComboFix-quarantined-files.txt  2015-02-08 18:27
ComboFix2.txt  2014-09-15 21:10
ComboFix3.txt  2014-09-15 20:01
.
Vor Suchlauf: 15 Verzeichnis(se), 41.692.610.560 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 41.698.263.040 Bytes frei
.
- - End Of File - - BB4219E62167586962D68DC4CE3BC41B
A36C5E4F47E84449FF07ED3517B43A31

schrauber · 09.02.2015, 06:41

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Mandalas · 09.02.2015, 21:51

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 09.02.2015
Scan Time: 20:44:06
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.09.09
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bruni

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345067
Time Elapsed: 17 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.SmootherWeb.A, HKU\S-1-5-21-1768843665-64091385-3868669945-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\FFHELPER\SmootherWeb, , [ee7fc25a90fa2412747f9003c2417d83], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-1768843665-64091385-3868669945-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, , [a4c93fddb7d3df5711417d40e91a46ba], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.SmootherWeb.A, C:\Users\Bruni\AppData\Roaming\Mozilla\Firefox\Profiles\dysprlty.default\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack, , [d39aaa728efccb6b2f135c21da29c040], 
PUP.Optional.SmootherWeb.A, C:\Users\Bruni\AppData\Roaming\Mozilla\Firefox\Profiles\dysprlty.default\jetpack\jid1-U7omKQ6kQfxMaQ@jetpack\simple-storage, , [d39aaa728efccb6b2f135c21da29c040], 

Files: 4
PUP.Optional.Solimba, C:\Users\Bruni\Downloads\AdwCleaner.exe, , [9cd1c4588efc3204204bb826768bb64a], 
PUP.Optional.Iminent.A, C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ehhlaekjfiiojlddgndcnefflngfmhen_0.localstorage, , [5518fa22f09acb6b0c46871bd3303cc4], 
PUP.Optional.Iminent.A, C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_nbljechdpodpbchbmjcoamidppmpnmlc_0.localstorage, , [5a13e933fa90dd59272c970b2ad98c74], 
PUP.Optional.Iminent.A, C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jdkokpcldhneihjdhigfjmoeojkdcbmg_0.localstorage, , [f6770d0f602abb7bb6b4b7f3f310619f], 

Physical Sectors: 0
(No malicious items detected)


(end):singsing:

Code:

ATTFilter

# AdwCleaner v4.110 - Bericht erstellt 09/02/2015 um 21:16:19
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-09.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Bruni - BRUNI-PC
# Gestarted von : C:\Users\Bruni\Downloads\AdwCleaner_4.110.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 de)

[dysprlty.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

-\\ Google Chrome v40.0.2214.111

[C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://start.iminent.com/?appId=28184617-7AA7-45FB-B148-70748EC1D1C0&ref=toolbox&q={searchTerms}

*************************

AdwCleaner[R0].txt - [7494 Bytes] - [15/09/2014 21:13:16]
AdwCleaner[R1].txt - [1091 Bytes] - [15/09/2014 21:19:33]
AdwCleaner[R2].txt - [1336 Bytes] - [09/02/2015 21:12:59]
AdwCleaner[S0].txt - [7225 Bytes] - [15/09/2014 21:14:42]
AdwCleaner[S1].txt - [1267 Bytes] - [09/02/2015 21:16:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1326  Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Bruni on 09.02.2015 at 21:28:53,04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Bruni\AppData\Roaming\mozilla\firefox\profiles\dysprlty.default\extensions\toolbar@web.de
Emptied folder: C:\Users\Bruni\AppData\Roaming\mozilla\firefox\profiles\dysprlty.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 21:42:47,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Bruni (administrator) on BRUNI-PC on 09-02-2015 21:46:53
Running from C:\Users\Bruni\Downloads
Loaded Profiles: Bruni (Available profiles: Bruni)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-12-12] (Nero AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1768843665-64091385-3868669945-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1768843665-64091385-3868669945-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25

FireFox:
========
FF ProfilePath: C:\Users\Bruni\AppData\Roaming\Mozilla\Firefox\Profiles\dysprlty.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: StartWeb
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-04]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Profile: C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-11] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-11] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-11] ()
R3 L1C; C:\Windows\System32\DRIVERS\l1c51x64.sys [52224 2009-07-27] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\combofix-14.8.5.1-multi\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 21:42 - 2015-02-09 21:42 - 00001021 _____ () C:\Users\Bruni\Desktop\JRT.txt
2015-02-09 21:12 - 2015-02-09 21:12 - 02112512 _____ () C:\Users\Bruni\Downloads\AdwCleaner_4.110.exe
2015-02-09 21:03 - 2015-02-09 21:03 - 00002461 _____ () C:\Users\Bruni\Desktop\mbam.txt
2015-02-09 20:42 - 2015-02-09 20:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-09 20:42 - 2015-02-09 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-09 20:42 - 2015-02-09 20:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-09 20:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 20:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 20:40 - 2015-02-09 20:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bruni\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-08 19:27 - 2015-02-08 19:27 - 00015256 _____ () C:\ComboFix.txt
2015-02-08 18:35 - 2015-02-08 18:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bruni\Downloads\tdsskiller.exe
2015-02-08 18:12 - 2015-02-09 21:19 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 18:12 - 2015-02-09 20:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 18:12 - 2015-02-08 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-08 18:09 - 2015-02-08 18:30 - 00000000 ____D () C:\Users\Bruni\Desktop\mbar
2015-02-08 18:09 - 2015-02-08 18:09 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Bruni\Downloads\mbar-1.08.3.1004.exe
2015-02-08 18:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 20:45 - 2015-02-06 20:49 - 00020840 _____ () C:\Users\Bruni\Downloads\Addition.txt
2015-02-06 20:44 - 2015-02-09 21:47 - 00011505 _____ () C:\Users\Bruni\Downloads\FRST.txt
2015-02-06 20:43 - 2015-02-09 21:46 - 00000000 ____D () C:\FRST
2015-02-06 20:42 - 2015-02-09 21:46 - 02132992 _____ (Farbar) C:\Users\Bruni\Downloads\FRST64.exe
2015-02-06 20:19 - 2015-02-06 20:19 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-04 18:40 - 2015-02-04 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 13:32 - 2015-01-23 13:33 - 00000010 _____ () C:\Users\Bruni\Desktop\Neues Textdokument.txt
2015-01-15 20:24 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 20:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 20:24 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 20:24 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 20:24 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 20:24 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 20:24 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 20:24 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 20:24 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 20:24 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 20:24 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 20:24 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 20:24 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 23:35 - 2015-02-09 21:17 - 00004814 _____ () C:\Windows\PFRO.log
2015-01-12 23:35 - 2015-02-09 21:17 - 00001693 _____ () C:\Windows\setupact.log
2015-01-12 23:35 - 2015-01-12 23:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 23:31 - 2015-01-12 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-12 23:30 - 2015-01-11 16:30 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-12 23:26 - 2015-01-12 23:27 - 132469808 _____ (AVAST Software) C:\Users\Bruni\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-01-12 23:07 - 2015-01-12 23:07 - 04086376 _____ (PCRx.com, LLC ) C:\Users\Bruni\Downloads\PCRxSetup.exe
2015-01-12 21:30 - 2015-01-12 21:30 - 01883584 _____ (Avanquest Software ) C:\Users\Bruni\Downloads\PCSpeedMaximizer_PIH.exe
2015-01-11 16:31 - 2015-01-12 23:31 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-11 16:30 - 2015-01-11 16:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 21:26 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 21:26 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 21:25 - 2012-06-29 08:59 - 01085950 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 21:24 - 2014-09-15 21:26 - 01388274 _____ (Thisisu) C:\Users\Bruni\Downloads\JRT.exe
2015-02-09 21:19 - 2012-12-09 19:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 21:18 - 2012-11-25 19:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 21:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 21:16 - 2014-09-15 21:13 - 00000000 ____D () C:\AdwCleaner
2015-02-09 21:11 - 2012-11-25 19:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 21:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2015-02-09 20:26 - 2012-07-04 18:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-08 19:27 - 2014-09-15 20:41 - 00000000 ____D () C:\Qoobox
2015-02-08 19:17 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-08 18:56 - 2014-09-15 20:36 - 05609947 ____R (Swearware) C:\Users\Bruni\Downloads\Combofix.exe
2015-02-08 17:05 - 2012-11-25 19:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 17:05 - 2012-11-25 19:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 20:19 - 2012-12-09 19:10 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 20:19 - 2012-07-04 18:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 20:19 - 2012-07-04 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 20:09 - 2012-07-04 18:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 16:06 - 2013-06-02 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-23 13:32 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-22 12:14 - 2012-06-29 18:53 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-22 12:14 - 2012-06-29 18:53 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-22 12:14 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 23:31 - 2012-07-04 18:06 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 16:30 - 2014-05-18 12:54 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-11 16:30 - 2014-01-19 14:29 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 16:30 - 2013-04-16 20:14 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-11 16:30 - 2013-04-16 20:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

==================== Files in the root of some directories =======

2013-07-03 18:14 - 2008-02-11 11:33 - 0418816 _____ (c't Magazin für Computertechnik) C:\Program Files\h2testw.exe
2013-07-03 18:17 - 2011-07-11 21:20 - 3208568 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Setup_de.exe
2012-07-22 21:39 - 2013-08-11 08:46 - 0000128 _____ () C:\Users\Bruni\AppData\Roaming\default.pls
2013-05-07 19:51 - 2013-07-03 18:26 - 0000235 _____ () C:\Users\Bruni\AppData\Roaming\devices.xml
2013-05-07 19:51 - 2013-07-03 18:26 - 0000012 _____ () C:\Users\Bruni\AppData\Roaming\settings.xml
2012-07-04 18:12 - 2013-07-08 18:03 - 0001550 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Bruni\hpothb07.dat


Some content of TEMP:
====================
C:\Users\Bruni\AppData\Local\Temp\Quarantine.exe
C:\Users\Bruni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 18:44

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Bruni at 2015-02-09 21:48:03
Running from C:\Users\Bruni\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Speicher-Disc (HKLM-x32\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEDION GoPal Assistant (HKLM-x32\...\{B9D45A76-61DF-4387-B0FE-CA165D582B57}) (Version: 6.3.6.13143 - MEDION)
Medion GoPal Assistant 4.01.028 (HKLM-x32\...\Medion GoPal Assistant) (Version: 4.1.28.0 - Medion)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}) (Version: 8.3.465 - Nero AG)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-01-2015 20:23:14 Windows Update
15-01-2015 21:35:55 Windows Update
26-01-2015 19:57:50 Windows Update
30-01-2015 15:58:27 Windows Update
04-02-2015 17:50:10 Windows Update
08-02-2015 18:59:12 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-15 20:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {42CA35A5-B623-47A0-859A-3DD17DC58B58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ADEB0B5B-D8CC-45DE-82E2-AFAF04CF33AA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-11] (AVAST Software)
Task: {D723A22D-0290-4457-B1D5-2F9CAE2614AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {E02A367A-8484-487E-B27D-4F78F7EA012E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {E74C9270-ABF3-4654-ABFE-CD832E946201} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-09 20:28 - 2015-02-09 20:28 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020900\algo.dll
2015-01-11 16:29 - 2015-01-11 16:29 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-04 18:40 - 2015-02-04 18:41 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bruni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1768843665-64091385-3868669945-500 - Administrator - Disabled)
Bruni (S-1-5-21-1768843665-64091385-3868669945-1000 - Administrator - Enabled) => C:\Users\Bruni
Gast (S-1-5-21-1768843665-64091385-3868669945-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1768843665-64091385-3868669945-1079 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/31/2014 05:13:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 275 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (05/29/2014 09:01:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 681 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/13/2014 09:39:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 76 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/09/2014 01:41:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 349 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (02/09/2014 01:34:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1238 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (12/11/2013 08:33:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/02/2013 09:10:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/27/2013 08:37:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/16/2013 07:53:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2970 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (08/08/2013 04:55:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-15 21:56:47.850
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\combofix-14.8.5.1-multi\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-15 21:56:47.569
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\combofix-14.8.5.1-multi\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU 575 @ 2.00GHz
Percentage of memory in use: 53%
Total physical RAM: 1976.94 MB
Available physical RAM: 914.64 MB
Total Pagefile: 3953.88 MB
Available Pagefile: 2537.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.83 GB) (Free:38.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:74.22 GB) (Free:69.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 000E4006)
Partition 1: (Active) - (Size=74.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

ich bedanke mich für deine schnelle arbeit und hilfe.

schrauber · 10.02.2015, 07:07

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Mandalas · 10.02.2015, 22:19

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5131536cf8f67e4381c975352dcd93e7
# engine=22407
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-10 08:35:08
# local_time=2015-02-10 09:35:08 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 74 536016 188024598 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 353713 175230358 0 0
# scanned=119172
# found=12
# cleaned=12
# scan_time=4356
sh=02E1E58BE25BC656589C5DC5AF311B9F2E5EA6E2 ft=1 fh=a94b1d23b6435b2a vn="Win32/Toolbar.Iminent.G evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe.vir"
sh=99FA7A8433AC017F72D23939870DC727E6E02D00 ft=1 fh=1616812b022cf358 vn="Variante von Win32/Toolbar.Iminent.J evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Umbrella\Umbrella209.exe.vir"
sh=642716AFDDFCAA41EEDB11070CE3191070ED685B ft=1 fh=2fd62bfc8ca2e705 vn="Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FLVM Player\FLVPlayerUninstaller.exe.vir"
sh=96E1EA2C11DE1424C32D13A43506EB98BA83B514 ft=1 fh=339137e86119377b vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll.vir"
sh=87025736EFC9193C3774000DCE73A169AE9A494F ft=1 fh=71796607ca60e87b vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll.vir"
sh=B5E8B7E254079A5BC6EBF6F930B9073D4058D881 ft=1 fh=c71c00116c452475 vn="Win32/Toolbar.Iminent.D evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\inst\Bootstrapper\CustomActionsIminent.dll.vir"
sh=91C45E16A830548CC423AA01C18E456844DBB6B6 ft=1 fh=0d441bdf7e3fb258 vn="Win32/Toolbar.Iminent.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Iminent\inst\Bootstrapper\IminentUninstall.exe.vir"
sh=744A0640927DA7065DC79212074BF7D69FDD316F ft=1 fh=0394227f5f901456 vn="Win32/SmootherWeb.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\SmootherWeb\Uninstall.exe.vir"
sh=E0D6D1FF58D574D55D3082CBD821F79AE5C1595F ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Bruni\AppData\Roaming\Mozilla\Firefox\Profiles\dysprlty.default\Extensions\firefoxmini@go.im.xpi.vir"
sh=3CE220267FC578E52294B849851F3558C40466DF ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Bruni\AppData\Roaming\SmootherWeb\jid1-U7omKQ6kQfxMaQ@jetpack.xpi.vir"
sh=123BF904451F768195056EB3E6747C4575342DDD ft=0 fh=0000000000000000 vn="Win32/SmootherWeb.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\Bruni\AppData\Local\Mozilla\Firefox\Profiles\dysprlty.default\cache2\entries\92F7B22B70571E7899BD6027BEA30AEBA8504EAB"
sh=7CD0BAF0CE1BAF99CA21CD861AA1388B537820F3 ft=1 fh=da0bb244a02fa625 vn="Variante von Win32/AdWare.SpeedingUpMyPC.S Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Bruni\Downloads\PCSpeedMaximizer_PIH.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.96  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (35.0.1) 
 Google Chrome (40.0.2214.111) 
 Google Chrome (40.0.2214.94) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015
Ran by Bruni (administrator) on BRUNI-PC on 10-02-2015 22:12:42
Running from C:\Users\Bruni\Downloads
Loaded Profiles: Bruni (Available profiles: Bruni)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2221352 2008-12-02] (Nero AG)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1840424 2008-12-12] (Nero AG)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1768843665-64091385-3868669945-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1768843665-64091385-3868669945-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Tcpip\Parameters: [DhcpNameServer] 62.117.1.25 89.16.129.25

FireFox:
========
FF ProfilePath: C:\Users\Bruni\AppData\Roaming\Mozilla\Firefox\Profiles\dysprlty.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SelectedSearchEngine: StartWeb
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-04]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
CHR Profile: C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\Bruni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-11] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-11] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-11] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-11] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-11] ()
R3 L1C; C:\Windows\System32\DRIVERS\l1c51x64.sys [52224 2009-07-27] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\combofix-14.8.5.1-multi\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 20:17 - 2015-02-10 20:17 - 02347384 _____ (ESET) C:\Users\Bruni\Downloads\esetsmartinstaller_deu.exe
2015-02-09 21:42 - 2015-02-09 21:42 - 00001021 _____ () C:\Users\Bruni\Desktop\JRT.txt
2015-02-09 21:12 - 2015-02-09 21:12 - 02112512 _____ () C:\Users\Bruni\Downloads\AdwCleaner_4.110.exe
2015-02-09 21:03 - 2015-02-09 21:03 - 00002461 _____ () C:\Users\Bruni\Desktop\mbam.txt
2015-02-09 20:42 - 2015-02-09 20:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-02-09 20:42 - 2015-02-09 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-02-09 20:42 - 2015-02-09 20:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-02-09 20:42 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 20:42 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 20:40 - 2015-02-09 20:40 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bruni\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-08 19:27 - 2015-02-08 19:27 - 00015256 _____ () C:\ComboFix.txt
2015-02-08 18:35 - 2015-02-08 18:35 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Bruni\Downloads\tdsskiller.exe
2015-02-08 18:12 - 2015-02-10 20:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 18:12 - 2015-02-09 20:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 18:12 - 2015-02-08 18:30 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-08 18:09 - 2015-02-08 18:30 - 00000000 ____D () C:\Users\Bruni\Desktop\mbar
2015-02-08 18:09 - 2015-02-08 18:09 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Bruni\Downloads\mbar-1.08.3.1004.exe
2015-02-08 18:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 20:45 - 2015-02-09 21:48 - 00013714 _____ () C:\Users\Bruni\Downloads\Addition.txt
2015-02-06 20:44 - 2015-02-10 22:13 - 00011793 _____ () C:\Users\Bruni\Downloads\FRST.txt
2015-02-06 20:43 - 2015-02-10 22:12 - 00000000 ____D () C:\FRST
2015-02-06 20:42 - 2015-02-09 21:46 - 02132992 _____ (Farbar) C:\Users\Bruni\Downloads\FRST64.exe
2015-02-06 20:19 - 2015-02-06 20:19 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-02-04 18:40 - 2015-02-04 18:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 13:32 - 2015-01-23 13:33 - 00000010 _____ () C:\Users\Bruni\Desktop\Neues Textdokument.txt
2015-01-15 20:24 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 20:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 20:24 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 20:24 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 20:24 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 20:24 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 20:24 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 20:24 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 20:24 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-15 20:24 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 20:24 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-15 20:24 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-15 20:24 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 23:35 - 2015-02-10 20:09 - 00001749 _____ () C:\Windows\setupact.log
2015-01-12 23:35 - 2015-02-09 21:17 - 00004814 _____ () C:\Windows\PFRO.log
2015-01-12 23:35 - 2015-01-12 23:35 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-12 23:31 - 2015-01-12 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-12 23:30 - 2015-01-11 16:30 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-12 23:26 - 2015-01-12 23:27 - 132469808 _____ (AVAST Software) C:\Users\Bruni\Downloads\avast_free_antivirus_setup_10.2208.712.exe
2015-01-12 23:07 - 2015-01-12 23:07 - 04086376 _____ (PCRx.com, LLC ) C:\Users\Bruni\Downloads\PCRxSetup.exe
2015-01-11 16:31 - 2015-01-12 23:31 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-11 16:30 - 2015-01-11 16:30 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-10 22:10 - 2012-11-25 19:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-10 22:06 - 2014-09-15 21:49 - 00852594 _____ () C:\Users\Bruni\Downloads\SecurityCheck.exe
2015-02-10 21:39 - 2012-06-29 08:59 - 01193786 _____ () C:\Windows\WindowsUpdate.log
2015-02-10 21:19 - 2012-12-09 19:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-10 20:19 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-10 20:19 - 2009-07-14 05:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-10 20:11 - 2012-07-04 18:06 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-10 20:10 - 2012-11-25 19:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-10 20:09 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 21:24 - 2014-09-15 21:26 - 01388274 _____ (Thisisu) C:\Users\Bruni\Downloads\JRT.exe
2015-02-09 21:16 - 2014-09-15 21:13 - 00000000 ____D () C:\AdwCleaner
2015-02-09 21:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Registration
2015-02-08 19:27 - 2014-09-15 20:41 - 00000000 ____D () C:\Qoobox
2015-02-08 19:17 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-08 18:56 - 2014-09-15 20:36 - 05609947 ____R (Swearware) C:\Users\Bruni\Downloads\Combofix.exe
2015-02-08 17:05 - 2012-11-25 19:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 17:05 - 2012-11-25 19:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-06 20:19 - 2012-12-09 19:10 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-06 20:19 - 2012-07-04 18:01 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-06 20:19 - 2012-07-04 18:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-06 20:09 - 2012-07-04 18:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-30 16:06 - 2013-06-02 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-23 13:32 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-22 12:14 - 2012-06-29 18:53 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-22 12:14 - 2012-06-29 18:53 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-22 12:14 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 23:31 - 2012-07-04 18:06 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-11 16:30 - 2014-05-18 12:54 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-11 16:30 - 2014-01-19 14:29 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2015-01-11 16:30 - 2013-04-16 20:14 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-11 16:30 - 2013-04-16 20:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-11 16:30 - 2012-07-04 18:06 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys

==================== Files in the root of some directories =======

2013-07-03 18:14 - 2008-02-11 11:33 - 0418816 _____ (c't Magazin für Computertechnik) C:\Program Files\h2testw.exe
2013-07-03 18:17 - 2011-07-11 21:20 - 3208568 _____ (TeamViewer GmbH) C:\Program Files\TeamViewer_Setup_de.exe
2012-07-22 21:39 - 2013-08-11 08:46 - 0000128 _____ () C:\Users\Bruni\AppData\Roaming\default.pls
2013-05-07 19:51 - 2013-07-03 18:26 - 0000235 _____ () C:\Users\Bruni\AppData\Roaming\devices.xml
2013-05-07 19:51 - 2013-07-03 18:26 - 0000012 _____ () C:\Users\Bruni\AppData\Roaming\settings.xml
2012-07-04 18:12 - 2013-07-08 18:03 - 0001550 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Bruni\hpothb07.dat


Some content of TEMP:
====================
C:\Users\Bruni\AppData\Local\Temp\Quarantine.exe
C:\Users\Bruni\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 18:44

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015
Ran by Bruni at 2015-02-10 22:14:01
Running from C:\Users\Bruni\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Speicher-Disc (HKLM-x32\...\{B376402D-58EA-45EA-BD50-DD924EB67A70}) (Version: 1.0.4.805 - Hewlett-Packard Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MEDION GoPal Assistant (HKLM-x32\...\{B9D45A76-61DF-4387-B0FE-CA165D582B57}) (Version: 6.3.6.13143 - MEDION)
Medion GoPal Assistant 4.01.028 (HKLM-x32\...\Medion GoPal Assistant) (Version: 4.1.28.0 - Medion)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 8 (HKLM-x32\...\{1CA7ACD6-B21B-4240-AA05-4FC55F6E1031}) (Version: 8.3.465 - Nero AG)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

15-01-2015 20:23:14 Windows Update
15-01-2015 21:35:55 Windows Update
26-01-2015 19:57:50 Windows Update
30-01-2015 15:58:27 Windows Update
04-02-2015 17:50:10 Windows Update
08-02-2015 18:59:12 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-09-15 20:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {42CA35A5-B623-47A0-859A-3DD17DC58B58} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {ADEB0B5B-D8CC-45DE-82E2-AFAF04CF33AA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-11] (AVAST Software)
Task: {D723A22D-0290-4457-B1D5-2F9CAE2614AD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {E02A367A-8484-487E-B27D-4F78F7EA012E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: {E74C9270-ABF3-4654-ABFE-CD832E946201} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-26] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-09 20:28 - 2015-02-09 20:28 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020900\algo.dll
2015-02-10 20:13 - 2015-02-10 20:13 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15021001\algo.dll
2015-01-11 16:29 - 2015-01-11 16:29 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-04 18:40 - 2015-02-04 18:41 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-06 20:19 - 2015-02-06 20:19 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1768843665-64091385-3868669945-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Bruni\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1768843665-64091385-3868669945-500 - Administrator - Disabled)
Bruni (S-1-5-21-1768843665-64091385-3868669945-1000 - Administrator - Enabled) => C:\Users\Bruni
Gast (S-1-5-21-1768843665-64091385-3868669945-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1768843665-64091385-3868669945-1079 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2015 10:12:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2015 09:58:23 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2015 08:17:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2015 08:17:19 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/10/2015 08:10:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/10/2015 09:11:51 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (02/10/2015 08:10:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
AFS


Microsoft Office Sessions:
=========================
Error: (08/31/2014 05:13:09 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 275 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (05/29/2014 09:01:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 681 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (02/13/2014 09:39:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 76 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/09/2014 01:41:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 349 seconds with 240 seconds of active time.  This session ended with a crash.

Error: (02/09/2014 01:34:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1238 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (12/11/2013 08:33:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (12/02/2013 09:10:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (11/27/2013 08:37:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/16/2013 07:53:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2970 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (08/08/2013 04:55:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 30 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-09-15 21:56:47.850
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\combofix-14.8.5.1-multi\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-09-15 21:56:47.569
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\combofix-14.8.5.1-multi\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Genuine Intel(R) CPU 575 @ 2.00GHz
Percentage of memory in use: 58%
Total physical RAM: 1976.94 MB
Available physical RAM: 823.77 MB
Total Pagefile: 3953.88 MB
Available Pagefile: 2369.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.83 GB) (Free:37.87 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:74.22 GB) (Free:69.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 000E4006)
Partition 1: (Active) - (Size=74.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Hallo Schrauber,
ich teste erst mal, ob alles in Ordnung ist.

Vielen dank für Deine Hilfe. Hast Du Probleme? Ich könnte Dir Fernreiki schicken.
Schlafe schön.

08.02.2015, 18:47	#6
schrauber /// the machine /// TB-Ausbilder	Verdacht auf Vieren oder Trojaner Dann noch TDSSKiller bitte __________________ --> Verdacht auf Vieren oder Trojaner

08.02.2015, 18:55	#10
schrauber /// the machine /// TB-Ausbilder	Verdacht auf Vieren oder Trojaner Mach einfach obiges __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Verdacht auf Vieren oder Trojaner

Plagegeister aller Art und deren Bekämpfung: Verdacht auf Vieren oder Trojaner