Windows 7: Avast URL:Mal Alarm beim Laden von Websites

Felicibus · 16.07.2015, 10:09

Hallo,
Seit gestern Abend bekomme ich jedes mal beim Laden jeglicher Websites einen Avast Alarm. Es spielt dabei keine Rolle auf welcher Seite im Internet ich mich befinde. Sobald irgendeine Internetseite geladen wird, ertönt der Avast Alarm. Leider konnte ich kein Logfile der Fehlermeldung finden, was vermutlich auf mangelnde Kenntnisse meinerseits zurück geht.

Die Meldung sieht wie folgt aus:
"Infektion blockiert.
Objekt: hxxps://securityutility.net/public/AddOn2/p/atakohapu17121346/gc.js
Infektion: URL:Mal
Prozess: D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe"

Ich wäre wirklich sehr dankbar, wenn mir jemand helfen könnte.

Hier die defogger_disable Logfile:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:59 on 16/07/2015 (Felix)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Im Anschluss die FRST Logfiles:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Felix (administrator) on FELIX-PC on 16-07-2015 01:02:23
Running from C:\Users\Felix\Desktop
Loaded Profiles: Felix (Available Profiles: Felix)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Avast Software s.r.o.) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Carl Zeiss) C:\Program Files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software) D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Spotify Ltd) C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) D:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [EaseUS EPM tray] => D:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Spotify Web Helper] => C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Dropbox Update] => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Google Update] => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-05-18] (Google Inc.)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\MountPoints2: {316f455f-df36-11e2-baaa-b4749ff98f96} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\MountPoints2: {5a648b53-ceb1-11e2-a76c-b4749ff98f96} - H:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\MountPoints2: {8c7fbb17-fe54-11e0-95fe-806e6f6e6963} - E:\SecSWMgrGuide.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-27] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-27] (Avast Software s.r.o.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22BC01CC-A483-4BCD-8B21-E468E5275910}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ACA8EA50-5F74-40EB-9766-7D9CFA94FB3F}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default
FF Homepage: hxxp://abo.spiegel.de/de/c/abo-service/spiegel-abo-agb
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((url.indexOf(\"proxmate=us\") != -1)) { return 'PROXY us01.sq.proxmate.me:8000; PROXY us08.sq.proxmate.me:8000; PROXY us09.sq.proxmate.me:8000; PROXY us03.sq.proxmate.me:8000; PROXY us06.sq.proxmate.me:8000; PROXY us14.sq.proxmate.me:8000; PROXY us10.sq.proxmate.me:8000; PROXY us05.sq.proxmate.me:8000; PROXY us02.sq.proxmate.me:8000; PROXY us12.sq.proxmate.me:8000; PROXY us11.sq.proxmate.me:8000; PROXY us13.sq.proxmate.me:8000; PROXY us07.sq.proxmate.me:8000' } else { return 'DIRECT'; }}"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-09-27] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-27] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-09-27] (Tracker Software Products Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-27] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @talk.google.com/O1DPlugin -> C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Felix\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Felix\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\searchplugins\downloadhelper-adult-videos.xml [2014-05-27]
FF Extension: FoxyProxy Standard - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: AdBeaver - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\adbeaver@adbeaver.org.xpi [2015-06-02]
FF Extension: Ghostery - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\firefox@ghostery.com.xpi [2014-11-16]
FF Extension: ProxMate - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-11-16]
FF Extension: LeechBlock - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-11-16]
FF Extension: Video DownloadHelper - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-09]
FF Extension: DownThemAll! - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-11-16]
FF Extension: Adblock Edge - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-27] (Avast Software)
S3 CZCanSrv; C:\Program Files (x86)\Common Files\Carl Zeiss\CZCanSrv.exe [258048 2012-09-26] (Carl Zeiss MicroImaging GmbH) [File not signed]
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [77904 2011-05-26] (Diskeeper Corporation)
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30969208 2010-03-25] (Microsoft Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MTBService_2.1.0.8; C:\Program Files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe [20480 2013-02-15] (Carl Zeiss) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-09-01] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S2 RtlService; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-27] ()
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [76368 2011-05-26] (Diskeeper Corporation)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R2 VBoxAswDrv; D:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-27] (Avast Software)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 SBIOSIO; \??\C:\Users\Felix\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 01:02 - 2015-07-16 01:03 - 00020116 _____ C:\Users\Felix\Desktop\FRST.txt
2015-07-16 01:02 - 2015-07-16 01:02 - 00000000 ___SH C:\DkHyperbootSync
2015-07-16 01:02 - 2015-07-16 01:02 - 00000000 ____D C:\FRST
2015-07-16 01:01 - 2015-07-16 01:01 - 02133504 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2015-07-16 00:59 - 2015-07-16 00:59 - 00000472 _____ C:\Users\Felix\Desktop\defogger_disable.log
2015-07-16 00:59 - 2015-07-16 00:59 - 00000000 _____ C:\Users\Felix\defogger_reenable
2015-07-16 00:58 - 2015-07-16 00:58 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2015-07-16 00:19 - 2015-07-16 00:20 - 29296256 _____ (EaseUS ) C:\Windows\SysWOW64\epm.exe
2015-07-15 07:45 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 07:45 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 07:45 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 07:45 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 07:45 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 07:45 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 07:45 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 07:45 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 07:45 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 07:45 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 07:45 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 07:45 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 07:45 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 07:45 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 07:45 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 07:45 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 07:45 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 07:45 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 07:45 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 07:45 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 07:45 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 07:45 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 07:45 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 07:45 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 07:45 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 07:45 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 07:45 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 07:45 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 07:45 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 07:45 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 07:45 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 07:45 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 07:45 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 07:45 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 07:45 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 07:45 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 07:45 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 07:45 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 07:45 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 07:45 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 07:45 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 07:45 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 07:45 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 07:45 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 07:45 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 07:45 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 07:45 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 07:45 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 07:45 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 07:45 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 07:45 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 07:45 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 07:45 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 07:45 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 07:45 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 07:45 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 07:45 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 07:45 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 07:45 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 07:45 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 07:45 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 07:45 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 07:45 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 07:45 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 07:45 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 07:45 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 07:45 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 07:44 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 07:44 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 07:44 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 07:44 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 07:44 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 07:44 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 07:44 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 07:44 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 07:44 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 07:44 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 07:44 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 07:44 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 07:44 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 07:44 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 07:44 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 07:44 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 07:44 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 07:44 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 07:44 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 07:44 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 07:44 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 07:44 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 07:44 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 07:44 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 07:44 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 07:44 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 07:44 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 07:44 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 07:44 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 07:44 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 07:44 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-14 09:35 - 2015-07-14 09:35 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-04 15:08 - 2015-07-15 20:24 - 00001120 _____ C:\Windows\setupact.log
2015-07-04 15:08 - 2015-07-04 15:08 - 00000000 _____ C:\Windows\setuperr.log
2015-06-18 09:29 - 2015-07-16 00:34 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
2015-06-18 09:29 - 2015-07-14 09:34 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
2015-06-18 09:29 - 2015-06-18 09:29 - 00004194 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA
2015-06-18 09:29 - 2015-06-18 09:29 - 00003798 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core
2015-06-18 09:29 - 2015-06-18 09:29 - 00000000 ____D C:\Users\Felix\AppData\Local\Dropbox
2015-06-18 09:29 - 2015-06-18 09:29 - 00000000 ____D C:\ProgramData\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 00:59 - 2011-10-24 19:15 - 00000000 ____D C:\Users\Felix
2015-07-16 00:25 - 2014-02-25 21:35 - 00000000 ____D C:\Users\Felix\AppData\Local\Spotify
2015-07-15 23:03 - 2014-10-29 22:04 - 00000000 ____D C:\Users\Felix\AppData\Local\Adobe
2015-07-15 23:03 - 2012-07-13 00:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 23:03 - 2011-10-24 20:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 22:55 - 2014-02-25 21:34 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Spotify
2015-07-15 21:22 - 2014-05-18 14:50 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
2015-07-15 21:17 - 2014-05-18 14:50 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA
2015-07-15 21:17 - 2014-05-18 14:50 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core
2015-07-15 21:17 - 2014-05-18 14:50 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
2015-07-15 20:34 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 20:34 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 20:33 - 2011-10-24 17:30 - 01322891 _____ C:\Windows\WindowsUpdate.log
2015-07-15 20:31 - 2013-04-21 02:23 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0721377F-5ED3-4460-B868-74C39FF481FC}
2015-07-15 20:27 - 2011-12-29 12:40 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2015-07-15 20:25 - 2014-03-25 14:33 - 00000000 ____D C:\Temp
2015-07-15 20:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-15 20:22 - 2009-07-14 06:45 - 00421536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-15 09:25 - 2013-07-12 15:49 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 00:20 - 2009-07-14 19:58 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-07-15 00:20 - 2009-07-14 19:58 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-07-15 00:20 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 17:37 - 2015-02-12 11:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 17:36 - 2015-02-13 12:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-14 14:06 - 2012-07-08 18:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-13 10:01 - 2014-08-18 01:34 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2015-07-11 18:18 - 2015-01-07 23:20 - 00000000 ____D C:\Users\Felix\Desktop\Medizinbewerbung_SS15
2015-07-07 11:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-04 17:38 - 2014-05-11 00:30 - 00653824 ___SH C:\Users\Felix\Thumbs.db
2015-07-03 08:43 - 2011-12-27 21:56 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-27 22:13 - 2011-12-29 16:08 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 13:30 - 2011-10-24 20:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-01-24 15:46 - 2015-01-24 15:46 - 0000907 _____ () C:\Users\Felix\AppData\Local\recently-used.xbel
2012-10-11 09:34 - 2012-10-11 09:34 - 0007606 _____ () C:\Users\Felix\AppData\Local\Resmon.ResmonCfg
2012-07-21 16:55 - 2012-07-21 16:55 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Felix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd77tja.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 23:14

==================== End of log ============================

--- --- ---

FRST Addition Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Felix at 2015-07-16 01:03:49
Running from C:\Users\Felix\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2371084783-2400266815-74821208-500 - Administrator - Disabled)
Felix (S-1-5-21-2371084783-2400266815-74821208-1000 - Administrator - Enabled) => C:\Users\Felix
Gast (S-1-5-21-2371084783-2400266815-74821208-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2371084783-2400266815-74821208-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACD/Labs Software in D:\Program Files (x86)\ACDFREE11\ (HKLM-x32\...\ACDLabs in D__Program_Files_(x86)_ACDFREE11_) (Version: v11.00, FREE - ACD/Labs)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7A1A59F3-66FE-96DC-C300-B8F4A6103D3A}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
calibre 64bit (HKLM\...\{F914E24C-BFF9-4D72-9775-60126B4BC51E}) (Version: 2.15.0 - Kovid Goyal)
Carl Zeiss AxioVision SE64 Rel. 4.9.1 (HKLM\...\{F927FC22-CD4E-477D-80BA-D63F5F75ED64}) (Version: 4.9.1.1 - Carl Zeiss Microscopy GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{77EDCFE0-4431-40B1-93AD-BF1F4C55D131}) (Version: 1.0.46 - Diskeeper Corporation)
eXtra Buttons (HKLM-x32\...\eXtra Buttons) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3086 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
JMP 10 (HKLM-x32\...\{188BB63B-35C8-47EE-AEBF-5EA826CAA74D}) (Version: 10.0 - SAS Institute Inc.)
JMP Profiler Core (HKLM-x32\...\{38A15D11-05F8-4ECE-AC47-A85DC6FFA197}) (Version: 1.10.0 - SAS Institute Inc.)
JMP Profiler GUI (HKLM-x32\...\{EC0782E1-D80F-44A3-A181-C1170B279993}) (Version: 1.10.0 - SAS Institute Inc.)
LightCycler® 480 (HKLM-x32\...\{8F07FAB0-5BBA-43EF-979E-6E7C9E4F811E}) (Version:  - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.199.0 - Tracker Software Products Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PyMOL (32 bit) (HKLM-x32\...\{82B39CBA-144C-4D34-8C5D-31D2CAEC2AFB}) (Version: 1.3.0.0 - Schrodinger LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - )
S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
TeXstudio 2.3 (HKLM-x32\...\TeXstudio_is1) (Version: 2.3.0 - Benito van der Zander)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8800 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

15-07-2015 02:01:40 Geplanter Prüfpunkt
15-07-2015 09:19:34 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00846688-578A-4C0A-AE99-5D14C940938B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {10887BC6-E781-49A7-98FF-BEF0C755CE7C} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {1D6F3F69-2F89-43B0-972C-0B5E5D67E643} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {23F485AA-18C1-4137-87DF-B800839A9C5F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {2A779B3E-18FD-4712-9889-3EB6F4AC879B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {31AA077E-022D-4EA3-A3E0-6328BD527343} - System32\Tasks\{25D957C8-AEC6-4A74-B086-B787F8728C65} => pcalua.exe -a H:\kdewin-installer-gui-latest.exe -d "D:\Program Files (x86)\Mozilla\Mozilla Firefox"
Task: {51345CBF-0185-4BC0-87B6-48446F1497DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5B2B5D45-0733-4D72-ACC8-E499810B7414} - System32\Tasks\{50E44413-1BDA-4A7E-99B0-97E460C1A93E} => pcalua.exe -a "C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\UserCom.exe" -d "C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility"
Task: {5E6A2316-07D2-4066-9884-32E7A9AB3CA2} - System32\Tasks\{AF6A88AB-805C-4305-AB9C-15ED74714B97} => pcalua.exe -a "D:\Program Files (x86)\KDE\bin\kdewin-installer-gui-latest.exe" -d "D:\Program Files (x86)\KDE\bin\"
Task: {60D48E58-0DC0-4F16-9DD0-141ED81D2ECE} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2013-01-22] (Samsung Electronics CO., LTD.)
Task: {6F81CDC2-9D78-4923-94A9-86E0CC67AFC8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {86069D2A-9CE4-4797-A515-EE2772CD9BE2} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {91864A53-05B1-4BB5-9297-7B93F866F610} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {963B5E4D-AF87-440E-B673-4ECED6456731} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {9869F326-BE45-4631-BA04-B46ABBE3924B} - System32\Tasks\{D8A60C21-00B0-41DD-91A5-5DBA885EDCFF} => pcalua.exe -a "D:\Program Files (x86)\Bethesda Softworks\Fallout 3\Uninstall.exe" -d "D:\Program Files (x86)\Bethesda Softworks\Fallout 3"
Task: {9AB7678A-72A6-4AD4-AF5E-E2D2F0FE1ACF} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.)
Task: {9D5A6623-6113-4405-A407-F155F42ADC28} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A2188297-3350-4570-8EDB-FD393F33A572} - System32\Tasks\{CF1FE001-BA5E-4C95-8667-EC08B265AE08} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {A7D96676-7348-4E4D-8AE2-AA4922A1F19B} - System32\Tasks\{265170B0-997D-4167-81CD-89BA20CDB519} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {B43299F5-9E25-4F82-8EC7-394BFC0388E8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {C3323DC6-197A-425E-8893-9335360A550B} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {C6688C57-4A6A-42B8-884C-49CA7221B58C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {C6CCA375-5DC4-4671-A193-887F6CA2DC55} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {D42538A9-F0B7-48E8-8A57-0C81DF88B869} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DCF033BD-0AAC-454C-A7CA-E48E5554B689} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {E45E71DB-9CE3-40CA-BFAE-A83C078BF6BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {E8ED7480-14B9-4953-83C1-AD438BB81175} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {F9A4183F-8EB0-46C7-93B6-D69A56D62EE3} - System32\Tasks\{81D76A8C-6E9E-4624-8CE3-32E7D474BB08} => pcalua.exe -a D:\ACDFREE11\setup\SETUP.EXE -d D:\ACDFREE11\setup

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-08-05 15:49 - 2003-04-18 19:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2012-08-05 15:49 - 2010-04-10 09:03 - 00077824 _____ () C:\Windows\KMService.exe
2014-03-24 02:59 - 2014-09-01 20:03 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-13 20:06 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2010-01-30 03:40 - 2010-01-30 03:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-01-27 16:28 - 2011-01-27 16:28 - 00706048 _____ () C:\Windows\system32\SnMinDrv.dll
2011-04-05 08:18 - 2011-04-05 08:18 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-03-30 16:43 - 2012-03-30 16:43 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-04-18 06:38 - 2012-04-18 06:38 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 00104400 _____ () D:\Program Files\AVAST Software\Avast\log.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 00081728 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-15 20:23 - 2015-07-15 20:23 - 02956800 _____ () D:\Program Files\AVAST Software\Avast\defs\15071501\algo.dll
2013-10-31 17:05 - 2013-10-31 17:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-07-13 20:06 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-07-13 20:06 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2015-07-15 20:27 - 2015-07-15 20:27 - 00043008 _____ () c:\users\felix\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpd77tja.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00750080 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00047616 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00865280 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00200704 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00726016 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-03-04 23:45 - 2015-03-19 09:15 - 00010240 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 40540672 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-12 14:33 - 2011-09-08 20:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2010-01-30 03:41 - 2010-01-30 03:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exor4 for XDMS_R.lnk => C:\Windows\pss\Exor4 for XDMS_R.lnk.CommonStartup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Felix\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Felix\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "D:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C34A8DF3-9217-4A64-9068-A52F6FBE2453}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1CB44EF5-A38B-48BF-AF64-7F3BA9F5F2AD}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{713DBB41-1DCA-415D-AEDC-48C0618F03CB}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{35F5AE32-807B-4FF8-9851-7E46F84BBB72}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D80614D7-4A0E-4D32-830A-87635D43D536}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F3DC6820-2DC4-4340-9E3F-E44F20DB386A}] => (Allow) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{45D2F162-AA26-438C-988A-D9D852C859F0}] => (Allow) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EF7BABA5-8FBF-4783-97AC-4D90F2AF8925}C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B5CF0349-73EE-4B18-B37E-7C187799B061}C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A3FDEBCC-A47E-4E0E-AD5D-4A9434A8A486}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{CC2D6F8C-DA92-47F0-89DA-45B17FB0D86D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{FC0E53AB-1787-4D64-B46E-C1E742BC3E5B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{EAB17ABB-98CB-4144-A1CF-A3E49C121816}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [TCP Query User{48B5C764-6421-4DF2-82DC-A801C1D265B0}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{C97CA6E8-F37E-4537-8502-1728F362429B}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{6E8D02E3-A545-4C3E-9C73-ACD62B5A6DCC}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{14EC7B72-647E-4010-93BB-3662B8BD22F8}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{3D949E5E-65FB-4833-B444-86142D966029}] => (Allow) LPort=1542
FirewallRules: [{3C2CD8C3-6E03-42FD-992D-B30BD41446CF}] => (Allow) LPort=1542
FirewallRules: [{7B938F6B-0643-43C2-9EBC-29E360B82280}] => (Allow) LPort=53
FirewallRules: [TCP Query User{D914CD34-0741-45FC-8CD3-03A8F00B6825}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{CB356E18-2979-432E-851F-A84855E784E5}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{E69D975D-0FB6-4834-9801-7F3993E00DA8}D:\program files (x86)\guild wars 2\gw2.exe] => (Block) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{F1CDC5C4-AC41-4DAE-A263-00E55F9F51CA}D:\program files (x86)\guild wars 2\gw2.exe] => (Block) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{94CBF18A-5725-4E3A-A043-C59322623F36}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{0CCA5055-B765-4FC0-B25F-DAAC4116EE6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [TCP Query User{B323AF3A-9862-42CA-8147-53B36F97D4D8}C:\program files (x86)\samsung\easy file share\connectionmanager32.exe] => (Allow) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [UDP Query User{92C926F6-3192-440E-BA8E-F52669C01D66}C:\program files (x86)\samsung\easy file share\connectionmanager32.exe] => (Allow) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [{711BC575-3A05-4CE8-9A43-DE45E04FC344}] => (Block) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [{5F6D9819-8BEE-4F28-81E4-1DD78B271292}] => (Block) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [TCP Query User{54E97C33-328B-4075-9F02-AF989F86E26E}H:\games\cad\cod 4 lan\iw3mp.exe] => (Block) H:\games\cad\cod 4 lan\iw3mp.exe
FirewallRules: [UDP Query User{D447AC97-ACBA-4AD3-84E7-D953406B633C}H:\games\cad\cod 4 lan\iw3mp.exe] => (Block) H:\games\cad\cod 4 lan\iw3mp.exe
FirewallRules: [TCP Query User{ADC51B79-ACE8-4828-A435-C19047C1D653}D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe] => (Allow) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{ED4452F8-A16F-48BD-8AD2-D4868AF25C7A}D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe] => (Allow) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [{BB201351-2E51-4C2D-8B1C-6A8EE3ED4EBB}] => (Block) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [{935CD4CD-DC40-431F-8D87-3E57682C8E44}] => (Block) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{427164A0-B971-4D8B-8678-4D60551BC1F0}D:\program files\cod 4 lan\iw3mp.exe] => (Allow) D:\program files\cod 4 lan\iw3mp.exe
FirewallRules: [UDP Query User{1703707A-B822-402E-A1E7-9F3FDDAAAD77}D:\program files\cod 4 lan\iw3mp.exe] => (Allow) D:\program files\cod 4 lan\iw3mp.exe
FirewallRules: [TCP Query User{4F0FCFBB-E474-4636-BD68-0FA296E4623E}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF85A6AC-5C50-4B9B-90ED-6498ABFEDB4A}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{76E49650-6C5B-4585-A6B0-B3A1922C0864}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4B0951A8-451D-45FF-BB1D-D7D8433DEC7D}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [{58B8D1C4-57E3-4C0D-B879-02BD4D5EC564}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{7AFF7F8C-0B24-4ED4-95D1-633FF03DF261}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{D4092CD3-4DD9-4862-A9D0-0B68631328AE}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{73CE7FC4-C842-4206-A000-66C46251608E}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{8066EDAC-FA64-45E2-853A-F0F13496C260}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{1FEAF269-0E7F-4AC9-B544-08D48F78F6FE}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{3469FB40-1E1A-4142-9907-041095DE9BD4}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{AFB96924-C01A-489D-A21D-451C3CA3CFB4}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{477EB8CD-AA11-40EA-9262-18172431BD79}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{AD2D59CD-4FE2-4350-A0F1-E01034F27993}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{0A436D5D-9B09-4B5E-9D93-4D383401E26D}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{4CB32201-C09B-4BC7-957D-C64AEB321589}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{ECCFCB0B-8E4F-4F45-90E2-2112281D9E2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0E23AD27-8C26-4C3F-B442-8F2164F60BA2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9AB974E9-AAA9-4697-9A45-0BC5A3EFFB4C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F0154C5B-9A5F-4F1D-8701-68F36519C994}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{41770466-E5D9-4E32-8FE9-D3B340AFA220}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{36192D84-22CA-4BFD-B448-5AA5968C9D1E}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{245F9149-58DF-4532-8673-1597376A25D7}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{CD8BFC70-A341-41D0-A7D2-D0BC131C0778}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{EDB5D85D-B5AE-47E0-9C6D-18526FE4652B}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{6E9FB0D4-98D0-4B8F-A827-0AA740C8AF23}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{EB06049D-2C8C-4DAC-B996-1F1969A15D02}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{91DF83A0-682B-475F-870A-9733D5ED19EB}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{D83E509C-E8F8-4FA1-B70B-64F4F5559362}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{421CEE2A-FE12-4E50-A608-049C0264BB94}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{4875E736-65AB-4BFF-8692-587DDBAB1EA2}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{BCF7B8F7-D8A1-418B-B3FD-BF0B14094BB6}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{58ECE18C-443C-486F-AA7C-47B6751316F1}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{45EEFF88-25BC-4FE0-97ED-3A669872CB95}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [TCP Query User{DDCE6671-CD5E-458E-AE7A-1B0FD9A81D6F}D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe] => (Allow) D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe
FirewallRules: [UDP Query User{2E8E411B-409B-4CC2-964C-4B0A01E42EAA}D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe] => (Allow) D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe
FirewallRules: [{7D62D8CD-9BEF-48B0-B2CE-4C44F00930FC}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{7F6F2309-C285-4C03-9081-21463E2CA970}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [TCP Query User{8E6FD174-DDD4-44E7-AFA4-DDD3143E862B}D:\program files (x86)\roche\exor4\bin\exor4.exe] => (Allow) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [UDP Query User{112AD554-6776-4BB5-B438-5585A84BBB8B}D:\program files (x86)\roche\exor4\bin\exor4.exe] => (Allow) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [{1C5649DE-E0D5-461A-9F7B-186E0D414133}] => (Block) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [{2AF9D080-C712-4BAC-AEF9-D62D9864C236}] => (Block) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [TCP Query User{6B554A3B-86F7-4372-AC62-A9B16D73A9A3}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8C787D7F-704B-49DF-A37E-2C13BC80FA89}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3D642B63-70A2-4379-9248-A505A02F1DB6}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{455D7987-ACAA-40CA-93AB-FD578111E3FE}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [{7F33520E-63E8-4E51-8800-A87C54076591}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4F5E6C43-F542-4AA8-9192-9F42B1AD60BD}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2015 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x948
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/15/2015 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x964
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/15/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x954
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/15/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x938
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/14/2015 10:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x958
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/14/2015 10:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x974
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/14/2015 09:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x988
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/14/2015 09:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/13/2015 01:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SWMAgent.exe, Version: 2.2.1.13, Zeitstempel: 0x5535d759
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00039e03
ID des fehlerhaften Prozesses: 0x9d8
Startzeit der fehlerhaften Anwendung: 0xSWMAgent.exe0
Pfad der fehlerhaften Anwendung: SWMAgent.exe1
Pfad des fehlerhaften Moduls: SWMAgent.exe2
Berichtskennung: SWMAgent.exe3

Error: (07/11/2015 01:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x95c
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3


System errors:
=============
Error: (07/16/2015 12:31:08 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (07/16/2015 12:25:33 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004

Error: (07/15/2015 08:26:48 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/15/2015 08:25:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Realtek87B" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/15/2015 08:25:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RtlService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/15/2015 08:23:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Realtek87B" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/15/2015 08:23:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RtlService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/15/2015 09:19:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (07/14/2015 10:29:39 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (07/14/2015 10:28:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RtlService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/15/2015 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df394801d0bf2b963a2ffdC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlld91237f5-2b1e-11e5-92bd-e81132cb8454

Error: (07/15/2015 08:25:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df396401d0bf2b963ef2bdC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlld90fd695-2b1e-11e5-92bd-e81132cb8454

Error: (07/15/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df395401d0bf2b49db39b9C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll8cc673c3-2b1e-11e5-b652-e81132cb8454

Error: (07/15/2015 08:23:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df393801d0bf2b49d8d858C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll8cc64cb3-2b1e-11e5-b652-e81132cb8454

Error: (07/14/2015 10:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df395801d0be73a98cb016C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlleebef434-2a66-11e5-b5b0-e81132cb8454

Error: (07/14/2015 10:28:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df397401d0be73a99172d7C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlleebf1b44-2a66-11e5-b5b0-e81132cb8454

Error: (07/14/2015 09:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df398801d0be07164f0d95C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll5924b42d-29fa-11e5-a469-9337258cbccf

Error: (07/14/2015 09:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df395c01d0be07161aaf4fC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll5924db3d-29fa-11e5-a469-9337258cbccf

Error: (07/13/2015 01:44:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SWMAgent.exe2.2.1.135535d759ntdll.dll6.1.7601.187985507b3e0c000000500039e039d801d0bbcfb70fa482C:\ProgramData\Samsung\SW Update Service\SWMAgent.exeC:\Windows\SysWOW64\ntdll.dll8a84543c-2954-11e5-a1ed-e81132cb8454

Error: (07/11/2015 01:50:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df395c01d0bbcfb6c83b3aC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dllfa0202ad-27c2-11e5-a1ed-e81132cb8454


CodeIntegrity Errors:
===================================
  Date: 2012-08-24 00:12:12.032
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-24 00:12:11.798
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-13 19:51:22.396
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-13 19:51:22.021
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 6057.55 MB
Available physical RAM: 3602.61 MB
Total Virtual: 12113.29 MB
Available Virtual: 9341.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:87 GB) (Free:34.2 GB) NTFS
Drive d: () (Fixed) (Total:587.9 GB) (Free:296.69 GB) NTFS
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 071697A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=587.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.6 GB) - (Type=27)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)

==================== End of log ============================

--- --- ---

Zuletzt das GMER logfile:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-07-16 01:22:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JF4O 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Felix\AppData\Local\Temp\ugloypod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077031401 2 bytes JMP 764eb21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077031419 2 bytes JMP 764eb346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077031431 2 bytes JMP 76568f29 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007703144a 2 bytes CALL 764c489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                       * 9
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000770314dd 2 bytes JMP 76568822 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000770314f5 2 bytes JMP 765689f8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007703150d 2 bytes JMP 76568718 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077031525 2 bytes JMP 76568ae2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007703153d 2 bytes JMP 764dfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077031555 2 bytes JMP 764e68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007703156d 2 bytes JMP 76568fe3 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077031585 2 bytes JMP 76568b42 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007703159d 2 bytes JMP 765686dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000770315b5 2 bytes JMP 764dfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000770315cd 2 bytes JMP 764eb2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000770316b2 2 bytes JMP 76568ea4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000770316bd 2 bytes JMP 76568671 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2296] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82                                                                          00000000745f17fa 2 bytes CALL 764c11a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2296] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88                                                                      00000000745f1860 2 bytes CALL 764c11a9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2296] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98                                                                    00000000745f1942 2 bytes JMP 76057089 C:\Windows\syswow64\WS2_32.dll
.text  C:\Windows\SysWOW64\PnkBstrA.exe[2296] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109                                                                   00000000745f194d 2 bytes JMP 7605cba6 C:\Windows\syswow64\WS2_32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                                      00000000764c8781 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                           0000000077031401 2 bytes JMP 764eb21b C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                             0000000077031419 2 bytes JMP 764eb346 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                           0000000077031431 2 bytes JMP 76568f29 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                           000000007703144a 2 bytes CALL 764c489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                       * 9
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                              00000000770314dd 2 bytes JMP 76568822 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                       00000000770314f5 2 bytes JMP 765689f8 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                              000000007703150d 2 bytes JMP 76568718 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                       0000000077031525 2 bytes JMP 76568ae2 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                             000000007703153d 2 bytes JMP 764dfca8 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                  0000000077031555 2 bytes JMP 764e68ef C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                           000000007703156d 2 bytes JMP 76568fe3 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                             0000000077031585 2 bytes JMP 76568b42 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                000000007703159d 2 bytes JMP 765686dc C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                             00000000770315b5 2 bytes JMP 764dfd41 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                           00000000770315cd 2 bytes JMP 764eb2dc C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                       00000000770316b2 2 bytes JMP 76568ea4 C:\Windows\syswow64\kernel32.dll
.text  D:\Program Files\AVAST Software\Avast\avastui.exe[1640] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                       00000000770316bd 2 bytes JMP 76568671 C:\Windows\syswow64\kernel32.dll

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749ff98f96                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749ff98f96@00223702b59f                                                                  0xDA 0xC0 0x25 0x63 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749ff98f96@0017ea81650f                                                                  0x21 0x5B 0xEC 0x03 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749ff98f96 (not active ControlSet)                                                           
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749ff98f96@00223702b59f                                                                      0xDA 0xC0 0x25 0x63 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749ff98f96@0017ea81650f                                                                      0x21 0x5B 0xEC 0x03 ...

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                                                     unknown MBR code

---- EOF - GMER 2.1 ----

schrauber · 16.07.2015, 10:12

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Felicibus · 16.07.2015, 13:12

Hallo schrauber,
Vielen Dank schonmal für die schnelle Hilfe.
Ich habe das Malwarebytes Anti-Rootkit 2-mal laufen lassen. Beim ersten mal wurden 2 Treffer gefunden. Nach Cleanup und Neustart des Systems wurde nichts mehr gefunden.
Im Anschluss daran habe ich dann den TDSSKiller laufen lassen. Dieser hat ebenfalls 2 Treffer gefunden.

Hier die Logfiles in chronologischer Reihenfolge:

1. Malwarebytes Logfile: 2 Treffer

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.16.02
  rootkit: v2015.07.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
Felix :: FELIX-PC [administrator]

16.07.2015 12:24:05
mbar-log-2015-07-16 (12-24-05).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 355843
Time elapsed: 26 minute(s), 41 second(s)

Memory Processes Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> 2236 -> Delete on reboot. [086a5f834b3f4ee83cde5ca2907106fa]

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\KMService.exe (RiskWare.Tool.CK) -> Delete on reboot. [086a5f834b3f4ee83cde5ca2907106fa]

Physical Sectors Detected: 0
(No malicious items detected)

(end)

2. Malwarebytes Logfile nach Cleanup und Neustart: 0 Treffer

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.07.16.02
  rootkit: v2015.07.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17914
Felix :: FELIX-PC [administrator]

16.07.2015 12:59:12
mbar-log-2015-07-16 (12-59-12).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 355433
Time elapsed: 27 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

3. TDSSKiller Logfile: 2 Treffer

Code:

ATTFilter

13:33:16.0455 0x1374  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
13:33:22.0773 0x1374  ============================================================
13:33:22.0773 0x1374  Current date / time: 2015/07/16 13:33:22.0773
13:33:22.0773 0x1374  SystemInfo:
13:33:22.0773 0x1374  
13:33:22.0773 0x1374  OS Version: 6.1.7601 ServicePack: 1.0
13:33:22.0773 0x1374  Product type: Workstation
13:33:22.0773 0x1374  ComputerName: FELIX-PC
13:33:22.0773 0x1374  UserName: Felix
13:33:22.0773 0x1374  Windows directory: C:\Windows
13:33:22.0773 0x1374  System windows directory: C:\Windows
13:33:22.0773 0x1374  Running under WOW64
13:33:22.0773 0x1374  Processor architecture: Intel x64
13:33:22.0773 0x1374  Number of processors: 4
13:33:22.0773 0x1374  Page size: 0x1000
13:33:22.0773 0x1374  Boot type: Normal boot
13:33:22.0773 0x1374  ============================================================
13:33:23.0428 0x1374  KLMD registered as C:\Windows\system32\drivers\36628923.sys
13:33:24.0208 0x1374  System UUID: {9B026B03-D073-EC02-0028-DAE7F4C60901}
13:33:25.0472 0x1374  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x162DD1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
13:33:25.0472 0x1374  Drive \Device\Harddisk1\DR1 - Size: 0x1DD936000 ( 7.46 Gb ), SectorSize: 0x200, Cylinders: 0x3CA5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
13:33:25.0487 0x1374  ============================================================
13:33:25.0487 0x1374  \Device\Harddisk0\DR0:
13:33:25.0487 0x1374  MBR partitions:
13:33:25.0487 0x1374  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:33:25.0487 0x1374  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAE00000
13:33:25.0487 0x1374  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAE33000, BlocksNum 0x497CE000
13:33:25.0487 0x1374  \Device\Harddisk1\DR1:
13:33:25.0503 0x1374  MBR partitions:
13:33:25.0503 0x1374  ============================================================
13:33:25.0518 0x1374  C: <-> \Device\Harddisk0\DR0\Partition2
13:33:25.0565 0x1374  D: <-> \Device\Harddisk0\DR0\Partition3
13:33:25.0596 0x1374  F: <-> \Device\Harddisk0\DR0\Partition1
13:33:25.0596 0x1374  ============================================================
13:33:25.0596 0x1374  Initialize success
13:33:25.0596 0x1374  ============================================================
13:34:36.0202 0x0f40  ============================================================
13:34:36.0202 0x0f40  Scan started
13:34:36.0202 0x0f40  Mode: Manual; SigCheck; TDLFS; 
13:34:36.0202 0x0f40  ============================================================
13:34:36.0202 0x0f40  KSN ping started
13:34:38.0995 0x0f40  KSN ping finished: true
13:34:40.0055 0x0f40  ================ Scan system memory ========================
13:34:40.0055 0x0f40  System memory - ok
13:34:40.0055 0x0f40  ================ Scan services =============================
13:34:40.0274 0x0f40  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:34:40.0461 0x0f40  1394ohci - ok
13:34:40.0555 0x0f40  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:34:40.0601 0x0f40  ACPI - ok
13:34:40.0648 0x0f40  [ 12C5274CD87449A2A37A607CDB321922, 50FA524E66A8FA04037DC954D3AB5383C633898F111A3B7488630B649B897370 ] acpials         C:\Windows\system32\DRIVERS\acpials.sys
13:34:40.0711 0x0f40  acpials - ok
13:34:40.0742 0x0f40  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:34:40.0789 0x0f40  AcpiPmi - ok
13:34:40.0851 0x0f40  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
13:34:40.0898 0x0f40  acsock - ok
13:34:41.0038 0x0f40  [ 013697369EAFFA675D0671607F036020, 65611C775AC4681E46A6565E5A7A4FF3363C66EBDC98C4C58AFB365D40BE23B6 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:34:41.0069 0x0f40  AdobeARMservice - ok
13:34:41.0147 0x0f40  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:34:41.0225 0x0f40  adp94xx - ok
13:34:41.0272 0x0f40  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:34:41.0335 0x0f40  adpahci - ok
13:34:41.0350 0x0f40  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:34:41.0397 0x0f40  adpu320 - ok
13:34:41.0444 0x0f40  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:34:41.0569 0x0f40  AeLookupSvc - ok
13:34:41.0631 0x0f40  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:34:41.0725 0x0f40  AFD - ok
13:34:41.0771 0x0f40  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:34:41.0803 0x0f40  agp440 - ok
13:34:41.0849 0x0f40  [ 89CD44C10D9B4D87725FF07F18A5702F, 6FB4CA3E8D9D65ED341F97DD7CF792CFACC5EAD4296DFC4E22D770B2383DFB91 ] aksdf           C:\Windows\system32\drivers\aksdf.sys
13:34:41.0896 0x0f40  aksdf - ok
13:34:41.0927 0x0f40  [ BA0B6FD78AE88D39B9D3D984F295A137, 87185242D18C9BE6A763E7849F0F2968B7313BB81A4E44FC4E021A36284D0D0C ] aksfridge       C:\Windows\system32\drivers\aksfridge.sys
13:34:41.0974 0x0f40  aksfridge - ok
13:34:42.0037 0x0f40  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:34:42.0099 0x0f40  ALG - ok
13:34:42.0146 0x0f40  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:34:42.0177 0x0f40  aliide - ok
13:34:42.0255 0x0f40  [ A423FABC58A7B17CDCE783A4AA8BB170, 56DC4B849C7AED9C5860C3C812360426D6A18D87732606B7BCA09F0D01B5173C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:34:42.0317 0x0f40  AMD External Events Utility - ok
13:34:42.0364 0x0f40  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:34:42.0395 0x0f40  amdide - ok
13:34:42.0427 0x0f40  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:34:42.0473 0x0f40  AmdK8 - ok
13:34:43.0253 0x0f40  [ 3CF80AF339FBA0FCF0875941D562B24C, FE4335A701658DE274EEF71CE1C7A45B9FEE285E73BF1DBAFA06774382BCDD55 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
13:34:44.0189 0x0f40  amdkmdag - ok
13:34:44.0283 0x0f40  [ 8E42DD898956FEFD47A2689FDA7DA0D3, B9D9C9ECDF91F58E54F83EAB8D3EA715BBFDEE83B99E8196959A44DB513939FB ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
13:34:44.0377 0x0f40  amdkmdap - ok
13:34:44.0392 0x0f40  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:34:44.0439 0x0f40  AmdPPM - ok
13:34:44.0486 0x0f40  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:34:44.0533 0x0f40  amdsata - ok
13:34:44.0564 0x0f40  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:34:44.0611 0x0f40  amdsbs - ok
13:34:44.0626 0x0f40  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:34:44.0657 0x0f40  amdxata - ok
13:34:44.0689 0x0f40  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys
13:34:44.0735 0x0f40  AppID - ok
13:34:44.0767 0x0f40  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:34:44.0813 0x0f40  AppIDSvc - ok
13:34:44.0829 0x0f40  [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo         C:\Windows\System32\appinfo.dll
13:34:44.0891 0x0f40  Appinfo - ok
13:34:44.0938 0x0f40  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:34:45.0001 0x0f40  AppMgmt - ok
13:34:45.0032 0x0f40  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:34:45.0079 0x0f40  arc - ok
13:34:45.0094 0x0f40  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:34:45.0125 0x0f40  arcsas - ok
13:34:45.0172 0x0f40  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
13:34:45.0235 0x0f40  asmthub3 - ok
13:34:45.0281 0x0f40  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
13:34:45.0344 0x0f40  asmtxhci - ok
13:34:45.0469 0x0f40  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:34:45.0500 0x0f40  aspnet_state - ok
13:34:45.0593 0x0f40  [ B5B4C90E9F52DA8586F1E5461AD90A5D, D1EAA34E6AEB014E942D22F8CB5FB19BF1E2EADE5B5357274C001F44FDC25F05 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:34:45.0625 0x0f40  aswHwid - ok
13:34:45.0656 0x0f40  [ 300CB8E510855189CAD0B72FFB5590CB, EB50DC553FA8FD9DE3F60AAFED20702EAFBB1498EBD3220A39CC52A12F694246 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:34:45.0703 0x0f40  aswMonFlt - ok
13:34:45.0749 0x0f40  [ 6D37D8DB30D086739507C5F6E542656A, 746D9E32E729138EA19062F4E6B6C98B6833504020A296E3E2A9CD92E0FED0B9 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:34:45.0781 0x0f40  aswRdr - ok
13:34:45.0843 0x0f40  [ 07E32DFCA422A2920482D762D01957EC, A6502D26266D708E55EB2883897673AD3087C41D9EA0B41CD6BF6BD923EBDCB8 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:34:45.0874 0x0f40  aswRvrt - ok
13:34:45.0983 0x0f40  [ 3B4AC2DBFC86F7247C1FF1FAF2860530, A54A693D01C02AAE2B78BFE9B3900B5A6DD0C2C37C8FA58B14B5F57107032FF5 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:34:46.0093 0x0f40  aswSnx - ok
13:34:46.0171 0x0f40  [ A04F190FCD762E7BCC9BFC70563C52DB, 2BF6823F2EADBDA28DF1CCECCAC84D9FF37D3CFB66A7B402575C6B9FCFB45EB3 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:34:46.0233 0x0f40  aswSP - ok
13:34:46.0280 0x0f40  [ 6E53278ECCFFBC2ACC2A5006745ED4BB, 392170073A8933DB43CD1D64AD087F972F1971BF83BCAFE5B8FA1273C02026CE ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:34:46.0311 0x0f40  aswStm - ok
13:34:46.0342 0x0f40  [ 91782404718C6352C26B3242BAC3F0F1, 84B1CDD1EBC83FAEBDCC8F67B13CA405C6CF0C518FC016603889EBE48FC91AB9 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:34:46.0389 0x0f40  aswVmm - ok
13:34:46.0420 0x0f40  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:34:46.0529 0x0f40  AsyncMac - ok
13:34:46.0561 0x0f40  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:34:46.0592 0x0f40  atapi - ok
13:34:46.0685 0x0f40  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:34:46.0779 0x0f40  AudioEndpointBuilder - ok
13:34:46.0826 0x0f40  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:34:46.0904 0x0f40  AudioSrv - ok
13:34:47.0013 0x0f40  [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus D:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:34:47.0075 0x0f40  avast! Antivirus - ok
13:34:47.0434 0x0f40  [ 46C430FE178028F7AD151B62EBA3EEC5, C883B7A974A629549470B28532640C1FD2166CC4F95C69E4C4A1596AF5A5A331 ] AvastVBoxSvc    D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
13:34:47.0746 0x0f40  AvastVBoxSvc - ok
13:34:47.0809 0x0f40  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:34:47.0871 0x0f40  AxInstSV - ok
13:34:47.0949 0x0f40  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:34:48.0027 0x0f40  b06bdrv - ok
13:34:48.0074 0x0f40  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:34:48.0136 0x0f40  b57nd60a - ok
13:34:48.0495 0x0f40  [ 43AD3D3E7674833FCA9A7C4E7180AD54, 81CBF3146853FCCA26C14D23160892BD892269C5BB8B2167837339372BD38DA2 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
13:34:48.0885 0x0f40  BCM43XX - ok
13:34:48.0932 0x0f40  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:34:48.0979 0x0f40  BDESVC - ok
13:34:49.0025 0x0f40  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:34:49.0119 0x0f40  Beep - ok
13:34:49.0213 0x0f40  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:34:49.0322 0x0f40  BFE - ok
13:34:49.0400 0x0f40  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:34:49.0603 0x0f40  BITS - ok
13:34:49.0618 0x0f40  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:34:49.0665 0x0f40  blbdrive - ok
13:34:49.0712 0x0f40  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:34:49.0759 0x0f40  bowser - ok
13:34:49.0790 0x0f40  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:34:49.0837 0x0f40  BrFiltLo - ok
13:34:49.0852 0x0f40  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:34:49.0899 0x0f40  BrFiltUp - ok
13:34:49.0946 0x0f40  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:34:49.0993 0x0f40  Browser - ok
13:34:50.0055 0x0f40  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:34:50.0102 0x0f40  Brserid - ok
13:34:50.0133 0x0f40  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:34:50.0180 0x0f40  BrSerWdm - ok
13:34:50.0195 0x0f40  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:34:50.0242 0x0f40  BrUsbMdm - ok
13:34:50.0273 0x0f40  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:34:50.0320 0x0f40  BrUsbSer - ok
13:34:50.0367 0x0f40  [ 21A583678FD814794BC3E8E32E5A6BD3, 4EC67E35BAC69A66B480DA50FBB176104C7294744B3F7B7F4C05F2B351FE62DE ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
13:34:50.0429 0x0f40  BTCFilterService - ok
13:34:50.0461 0x0f40  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
13:34:50.0507 0x0f40  BthEnum - ok
13:34:50.0539 0x0f40  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:34:50.0585 0x0f40  BTHMODEM - ok
13:34:50.0617 0x0f40  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:34:50.0679 0x0f40  BthPan - ok
13:34:50.0757 0x0f40  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:34:50.0851 0x0f40  BTHPORT - ok
13:34:50.0882 0x0f40  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:34:50.0991 0x0f40  bthserv - ok
13:34:51.0038 0x0f40  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:34:51.0069 0x0f40  BTHUSB - ok
13:34:51.0147 0x0f40  [ A0DFB69ADE3444C78B17636FCF28E898, 21B1E76F056C2AFD5DEAFD620D2F90F4F617F8E76A88CEA2196E69D2CFBEE88B ] BTWAMPFL        C:\Windows\system32\DRIVERS\btwampfl.sys
13:34:51.0194 0x0f40  BTWAMPFL - ok
13:34:51.0225 0x0f40  [ 7CF028CE78696882B327FF13D2DFA534, 624C88C3CB511DE5F8279B7E982632F81FDFCAC8F2B038B69FEB686400E0C4F8 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
13:34:51.0256 0x0f40  btwaudio - ok
13:34:51.0303 0x0f40  [ 3DEF2370E414B4E299673558BA171A51, 5A0923D9F941ABD34EC9BEE0EB62A62F135CBF128061239CC6EA0E6752791636 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
13:34:51.0334 0x0f40  btwavdt - ok
13:34:51.0475 0x0f40  [ ADE88DFC9049B2842E7EC2F14B85FB79, 5C67A8AEFE3FAAF4DFF7C934680079F2B3B65030529F4201CB2C793A1D634C9C ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:34:51.0568 0x0f40  btwdins - ok
13:34:51.0584 0x0f40  [ 346B4051B3D7FF70E8F027869B8ECA6E, 7C0485F592368016C6BAB8B1BC24C89454D4B305C3E6DFB8AAF4CDB26062D4EB ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
13:34:51.0615 0x0f40  btwl2cap - ok
13:34:51.0631 0x0f40  [ 9937E0E4DFC0030560A6DFE9D3A94B39, 0B9CF1932D4534BD7B1F5D7B7BD5FBF9C8D156838D24ABBDE475E79EEF1150F1 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
13:34:51.0662 0x0f40  btwrchid - ok
13:34:51.0693 0x0f40  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:34:51.0802 0x0f40  cdfs - ok
13:34:51.0880 0x0f40  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:34:51.0927 0x0f40  cdrom - ok
13:34:51.0974 0x0f40  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:34:52.0083 0x0f40  CertPropSvc - ok
13:34:52.0114 0x0f40  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:34:52.0161 0x0f40  circlass - ok
13:34:52.0223 0x0f40  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
13:34:52.0286 0x0f40  CLFS - ok
13:34:52.0348 0x0f40  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:34:52.0379 0x0f40  clr_optimization_v2.0.50727_32 - ok
13:34:52.0426 0x0f40  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:34:52.0457 0x0f40  clr_optimization_v2.0.50727_64 - ok
13:34:52.0582 0x0f40  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:34:52.0613 0x0f40  clr_optimization_v4.0.30319_32 - ok
13:34:52.0660 0x0f40  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:34:52.0707 0x0f40  clr_optimization_v4.0.30319_64 - ok
13:34:52.0723 0x0f40  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:34:52.0769 0x0f40  CmBatt - ok
13:34:52.0801 0x0f40  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:34:52.0832 0x0f40  cmdide - ok
13:34:52.0910 0x0f40  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys
13:34:53.0003 0x0f40  CNG - ok
13:34:53.0019 0x0f40  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:34:53.0050 0x0f40  Compbatt - ok
13:34:53.0113 0x0f40  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:34:53.0159 0x0f40  CompositeBus - ok
13:34:53.0175 0x0f40  COMSysApp - ok
13:34:53.0206 0x0f40  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:34:53.0237 0x0f40  crcdisk - ok
13:34:53.0284 0x0f40  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:34:53.0331 0x0f40  CryptSvc - ok
13:34:53.0409 0x0f40  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:34:53.0487 0x0f40  CSC - ok
13:34:53.0534 0x0f40  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:34:53.0627 0x0f40  CscService - ok
13:34:53.0674 0x0f40  [ 3E26199DB3208FA1CF16CB89929537A9, 453C3BE1FD14ADD14EE90F205692A390499B619FD7B331F26A6225F098B80CA2 ] CZCanSrv        C:\Program Files (x86)\Common Files\Carl Zeiss\CZCanSrv.exe
13:34:53.0705 0x0f40  CZCanSrv - detected UnsignedFile.Multi.Generic ( 1 )
13:34:56.0311 0x0f40  CZCanSrv ( UnsignedFile.Multi.Generic ) - warning
13:34:58.0791 0x0f40  [ C7259495924D21F1AFA26467D9F4DAE0, 7FF991D7FE660E7CAC682FC82B9C44EC38E267A0C3AAE0C4FAEE0853756AF5C8 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
13:34:58.0822 0x0f40  dc3d - ok
13:34:58.0916 0x0f40  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:34:59.0072 0x0f40  DcomLaunch - ok
13:34:59.0134 0x0f40  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:34:59.0228 0x0f40  defragsvc - ok
13:34:59.0275 0x0f40  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:34:59.0384 0x0f40  DfsC - ok
13:34:59.0431 0x0f40  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:34:59.0493 0x0f40  Dhcp - ok
13:34:59.0509 0x0f40  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:34:59.0602 0x0f40  discache - ok
13:34:59.0633 0x0f40  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:34:59.0665 0x0f40  Disk - ok
13:34:59.0727 0x0f40  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:34:59.0789 0x0f40  Dnscache - ok
13:34:59.0836 0x0f40  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:34:59.0961 0x0f40  dot3svc - ok
13:34:59.0977 0x0f40  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:35:00.0101 0x0f40  DPS - ok
13:35:00.0148 0x0f40  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:35:00.0195 0x0f40  drmkaud - ok
13:35:00.0273 0x0f40  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:35:00.0351 0x0f40  DXGKrnl - ok
13:35:00.0398 0x0f40  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:35:00.0507 0x0f40  EapHost - ok
13:35:00.0725 0x0f40  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:35:01.0006 0x0f40  ebdrv - ok
13:35:01.0037 0x0f40  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS             C:\Windows\System32\lsass.exe
13:35:01.0069 0x0f40  EFS - ok
13:35:01.0162 0x0f40  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:35:01.0256 0x0f40  ehRecvr - ok
13:35:01.0287 0x0f40  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:35:01.0334 0x0f40  ehSched - ok
13:35:01.0396 0x0f40  [ A05FC7ECA0966EBB70E4D17B855A853B, 16A0C8138A3BBD8BE2658261131F9777940CFB1431018A10710E5C1A88AB70EA ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
13:35:01.0427 0x0f40  ElbyCDIO - ok
13:35:01.0505 0x0f40  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:35:01.0568 0x0f40  elxstor - ok
13:35:01.0599 0x0f40  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:35:01.0646 0x0f40  ErrDev - ok
13:35:01.0708 0x0f40  [ F9B5EFCE2A856BBA9DA2A28252180036, 40AAD9FB5E05596FF0181352C08475FEB2F495E54EEBF20623358F90EDE7189B ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
13:35:01.0755 0x0f40  ETD - ok
13:35:01.0833 0x0f40  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:35:01.0973 0x0f40  EventSystem - ok
13:35:02.0020 0x0f40  [ 05D55FFF90551E3E24F206A17AF36492, DF6C9F09A4CFE1EA88D6370E64F11232FA17ADD497AA2E62C18FBC206B7BFE51 ] excsd           C:\Windows\system32\DRIVERS\excsd.sys
13:35:02.0051 0x0f40  excsd - ok
13:35:02.0098 0x0f40  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:35:02.0223 0x0f40  exfat - ok
13:35:02.0270 0x0f40  [ 85C334928BC7DDB2736B7EF27120452E, FF5EA57C6E925C731976E34D2847A79D6BC6BF917BDF5757F514518C8346E5FA ] ExpressCache    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
13:35:02.0285 0x0f40  ExpressCache - ok
13:35:02.0317 0x0f40  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:35:02.0441 0x0f40  fastfat - ok
13:35:02.0519 0x0f40  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:35:02.0613 0x0f40  Fax - ok
13:35:02.0644 0x0f40  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:35:02.0691 0x0f40  fdc - ok
13:35:02.0707 0x0f40  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:35:02.0816 0x0f40  fdPHost - ok
13:35:02.0831 0x0f40  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:35:02.0925 0x0f40  FDResPub - ok
13:35:02.0956 0x0f40  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:35:02.0987 0x0f40  FileInfo - ok
13:35:03.0003 0x0f40  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:35:03.0097 0x0f40  Filetrace - ok
13:35:03.0128 0x0f40  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:35:03.0175 0x0f40  flpydisk - ok
13:35:03.0221 0x0f40  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:35:03.0268 0x0f40  FltMgr - ok
13:35:03.0377 0x0f40  [ E612E86FA15EA1EF9A52433A2743C447, 8A66164541D2EE2334B6DE3995C31138EA85E3A06BC7FD901E60D345E4E1E8A8 ] FontCache       C:\Windows\system32\FntCache.dll
13:35:03.0518 0x0f40  FontCache - ok
13:35:03.0580 0x0f40  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:35:03.0611 0x0f40  FontCache3.0.0.0 - ok
13:35:03.0643 0x0f40  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:35:03.0674 0x0f40  FsDepends - ok
13:35:03.0705 0x0f40  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:35:03.0736 0x0f40  Fs_Rec - ok
13:35:03.0799 0x0f40  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:35:03.0845 0x0f40  fvevol - ok
13:35:03.0908 0x0f40  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:35:03.0955 0x0f40  gagp30kx - ok
13:35:04.0033 0x0f40  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:35:04.0220 0x0f40  gpsvc - ok
13:35:04.0282 0x0f40  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:35:04.0313 0x0f40  gusvc - ok
13:35:04.0438 0x0f40  [ 78FAD9117E4527F2CA82259DA10F40BD, 9CE5102C681B8147BFC189897C19852D2BF82A9B95DE6301EBBCD13A604A41F3 ] hardlock        C:\Windows\system32\drivers\hardlock.sys
13:35:04.0501 0x0f40  hardlock - ok
13:35:04.0516 0x0f40  hasplms - ok
13:35:04.0547 0x0f40  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:35:04.0594 0x0f40  hcw85cir - ok
13:35:04.0657 0x0f40  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:35:04.0735 0x0f40  HdAudAddService - ok
13:35:04.0797 0x0f40  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:35:04.0859 0x0f40  HDAudBus - ok
13:35:04.0906 0x0f40  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:35:04.0953 0x0f40  HidBatt - ok
13:35:05.0015 0x0f40  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:35:05.0062 0x0f40  HidBth - ok
13:35:05.0093 0x0f40  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:35:05.0156 0x0f40  HidIr - ok
13:35:05.0171 0x0f40  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:35:05.0265 0x0f40  hidserv - ok
13:35:05.0327 0x0f40  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:35:05.0359 0x0f40  HidUsb - ok
13:35:05.0390 0x0f40  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:35:05.0499 0x0f40  hkmsvc - ok
13:35:05.0577 0x0f40  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:35:05.0655 0x0f40  HomeGroupListener - ok
13:35:05.0702 0x0f40  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:35:05.0764 0x0f40  HomeGroupProvider - ok
13:35:05.0811 0x0f40  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:35:05.0842 0x0f40  HpSAMD - ok
13:35:05.0936 0x0f40  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:35:06.0045 0x0f40  HTTP - ok
13:35:06.0061 0x0f40  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:35:06.0092 0x0f40  hwpolicy - ok
13:35:06.0139 0x0f40  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:35:06.0185 0x0f40  i8042prt - ok
13:35:06.0232 0x0f40  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:35:06.0295 0x0f40  iaStor - ok
13:35:06.0373 0x0f40  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:35:06.0435 0x0f40  iaStorV - ok
13:35:06.0653 0x0f40  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:35:06.0794 0x0f40  idsvc - ok
13:35:06.0825 0x0f40  IEEtwCollectorService - ok
13:35:06.0872 0x0f40  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:35:06.0919 0x0f40  iirsp - ok
13:35:06.0997 0x0f40  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:35:07.0106 0x0f40  IKEEXT - ok
13:35:07.0371 0x0f40  [ 5205DE9BD47F633E06EF3EF3DE11EF99, B2E9F6A776A5EEFF565478321FF1A83E22C4391E877E2D8F16BDF5D7778A5863 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:35:07.0621 0x0f40  IntcAzAudAddService - ok
13:35:07.0699 0x0f40  [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:35:07.0761 0x0f40  IntcDAud - ok
13:35:07.0792 0x0f40  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:35:07.0808 0x0f40  intelide - ok
13:35:08.0681 0x0f40  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
13:35:09.0664 0x0f40  intelkmd - ok
13:35:09.0758 0x0f40  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:35:09.0789 0x0f40  intelppm - ok
13:35:09.0851 0x0f40  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:35:09.0961 0x0f40  IPBusEnum - ok
13:35:10.0023 0x0f40  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:35:10.0132 0x0f40  IpFilterDriver - ok
13:35:10.0195 0x0f40  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:35:10.0288 0x0f40  iphlpsvc - ok
13:35:10.0335 0x0f40  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:35:10.0382 0x0f40  IPMIDRV - ok
13:35:10.0413 0x0f40  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:35:10.0507 0x0f40  IPNAT - ok
13:35:10.0538 0x0f40  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:35:10.0585 0x0f40  IRENUM - ok
13:35:10.0616 0x0f40  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:35:10.0647 0x0f40  isapnp - ok
13:35:10.0694 0x0f40  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:35:10.0741 0x0f40  iScsiPrt - ok
13:35:10.0756 0x0f40  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:35:10.0787 0x0f40  kbdclass - ok
13:35:10.0819 0x0f40  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:35:10.0850 0x0f40  kbdhid - ok
13:35:10.0881 0x0f40  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso          C:\Windows\system32\lsass.exe
13:35:10.0912 0x0f40  KeyIso - ok
13:35:10.0943 0x0f40  KMService - ok
13:35:10.0959 0x0f40  [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:35:10.0990 0x0f40  KSecDD - ok
13:35:11.0021 0x0f40  [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:35:11.0068 0x0f40  KSecPkg - ok
13:35:11.0115 0x0f40  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:35:11.0209 0x0f40  ksthunk - ok
13:35:11.0271 0x0f40  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:35:11.0411 0x0f40  KtmRm - ok
13:35:11.0474 0x0f40  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:35:11.0599 0x0f40  LanmanServer - ok
13:35:11.0614 0x0f40  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:35:11.0723 0x0f40  LanmanWorkstation - ok
13:35:11.0786 0x0f40  [ 015BABFCD2E911C505204257DAB5ADC5, 94239919E967ABA12394D445E2D126447B5B7FB042DB95B1CCB280AF02D93833 ] LEqdUsb         C:\Windows\system32\DRIVERS\LEqdUsb.Sys
13:35:11.0817 0x0f40  LEqdUsb - ok
13:35:11.0848 0x0f40  [ 20A23B8863AAA8A23EEB9E2919F529FD, 5DD7C780346DA6A36AB55B38109167B3BE138713C5A7C913BFED2B61F34E8BA1 ] LHidEqd         C:\Windows\system32\DRIVERS\LHidEqd.Sys
13:35:11.0879 0x0f40  LHidEqd - ok
13:35:11.0911 0x0f40  [ 77D5786C6A7765503884E38706C9FD5E, 827DC2069AA0997DB87E118AAAA53575D97A89147C1451464986F8D68A329D41 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:35:11.0942 0x0f40  LHidFilt - ok
13:35:11.0989 0x0f40  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:35:12.0082 0x0f40  lltdio - ok
13:35:12.0145 0x0f40  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:35:12.0285 0x0f40  lltdsvc - ok
13:35:12.0301 0x0f40  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:35:12.0410 0x0f40  lmhosts - ok
13:35:12.0503 0x0f40  [ F4A17DCAB576267C85663E64F3ACE5A4, 6E1231740492480DB0ACD28BF7168547EA114037E3CF2F3869C5FADF3D859BAE ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:35:12.0535 0x0f40  LMS - ok
13:35:12.0566 0x0f40  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:35:12.0597 0x0f40  LSI_FC - ok
13:35:12.0628 0x0f40  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:35:12.0675 0x0f40  LSI_SAS - ok
13:35:12.0691 0x0f40  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:35:12.0722 0x0f40  LSI_SAS2 - ok
13:35:12.0753 0x0f40  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:35:12.0784 0x0f40  LSI_SCSI - ok
13:35:12.0815 0x0f40  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:35:12.0925 0x0f40  luafv - ok
13:35:12.0956 0x0f40  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:35:13.0003 0x0f40  Mcx2Svc - ok
13:35:13.0034 0x0f40  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:35:13.0065 0x0f40  megasas - ok
13:35:13.0096 0x0f40  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:35:13.0143 0x0f40  MegaSR - ok
13:35:13.0190 0x0f40  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
13:35:13.0221 0x0f40  MEIx64 - ok
13:35:13.0299 0x0f40  Microsoft SharePoint Workspace Audit Service - ok
13:35:13.0377 0x0f40  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:35:13.0486 0x0f40  MMCSS - ok
13:35:13.0517 0x0f40  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:35:13.0611 0x0f40  Modem - ok
13:35:13.0642 0x0f40  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:35:13.0705 0x0f40  monitor - ok
13:35:13.0751 0x0f40  [ 12588483F1A69AB2970D36D96B07F71B, CDC044F2FDAD3B22B295528A117D93B7DF464DE63E421DAE9C19E7A1535E3743 ] motccgp         C:\Windows\system32\DRIVERS\motccgp.sys
13:35:13.0798 0x0f40  motccgp - ok
13:35:13.0876 0x0f40  [ 7ED3A9C3763725BD700946971215EE77, 6150D52945E10B69CFA5E3E637DCEBA67158092C6350B4AFE456EA846CA90C18 ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
13:35:13.0907 0x0f40  Motorola Device Manager - ok
13:35:13.0939 0x0f40  [ 19BC2161C3FCCED802F1BCD9B78C3466, 2EA39F23C49191A4651CD785A742554801A4AC59AACE1993B3A30EA137B4A321 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
13:35:13.0985 0x0f40  MotoSwitchService - ok
13:35:14.0032 0x0f40  [ 6A3C0B01551B614B6C6BC9743DEF60D9, 9144C0149A764355045711B36C12F87B2F914B76809407F46FB7BA72F83DDB9D ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
13:35:14.0079 0x0f40  Motousbnet - ok
13:35:14.0110 0x0f40  [ 1D19770F88FA22DACB7F488EA8F8EE6B, AD100C774058CF878B6006518F3DCDBDEE475F3C9808FC5D844947D9C305FAE5 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
13:35:14.0157 0x0f40  motusbdevice - ok
13:35:14.0204 0x0f40  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:35:14.0235 0x0f40  mouclass - ok
13:35:14.0266 0x0f40  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:35:14.0313 0x0f40  mouhid - ok
13:35:14.0360 0x0f40  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:35:14.0391 0x0f40  mountmgr - ok
13:35:14.0438 0x0f40  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:35:14.0485 0x0f40  mpio - ok
13:35:14.0547 0x0f40  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:35:14.0641 0x0f40  mpsdrv - ok
13:35:14.0781 0x0f40  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:35:14.0984 0x0f40  MpsSvc - ok
13:35:15.0046 0x0f40  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:35:15.0109 0x0f40  MRxDAV - ok
13:35:15.0233 0x0f40  [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:35:15.0327 0x0f40  mrxsmb - ok
13:35:15.0358 0x0f40  [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:35:15.0436 0x0f40  mrxsmb10 - ok
13:35:15.0561 0x0f40  [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:35:15.0639 0x0f40  mrxsmb20 - ok
13:35:15.0686 0x0f40  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:35:15.0717 0x0f40  msahci - ok
13:35:15.0764 0x0f40  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:35:15.0811 0x0f40  msdsm - ok
13:35:15.0873 0x0f40  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:35:15.0935 0x0f40  MSDTC - ok
13:35:16.0013 0x0f40  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:35:16.0123 0x0f40  Msfs - ok
13:35:16.0138 0x0f40  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:35:16.0247 0x0f40  mshidkmdf - ok
13:35:16.0357 0x0f40  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:35:16.0419 0x0f40  msisadrv - ok
13:35:16.0450 0x0f40  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:35:16.0606 0x0f40  MSiSCSI - ok
13:35:16.0606 0x0f40  msiserver - ok
13:35:16.0653 0x0f40  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:35:16.0747 0x0f40  MSKSSRV - ok
13:35:16.0778 0x0f40  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:35:16.0887 0x0f40  MSPCLOCK - ok
13:35:16.0918 0x0f40  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:35:17.0027 0x0f40  MSPQM - ok
13:35:17.0090 0x0f40  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:35:17.0152 0x0f40  MsRPC - ok
13:35:17.0183 0x0f40  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:35:17.0215 0x0f40  mssmbios - ok
13:35:17.0261 0x0f40  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:35:17.0371 0x0f40  MSTEE - ok
13:35:17.0417 0x0f40  [ 5BA37D56F7DEA339913E2068E68DE9E4, 4088D4EC7F633DF272979FAE0EE75888DF61231BDAF0D383A5302DB21F0535EE ] MTBService_2.1.0.8 C:\Program Files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe
13:35:17.0449 0x0f40  MTBService_2.1.0.8 - detected UnsignedFile.Multi.Generic ( 1 )
13:35:19.0835 0x0f40  MTBService_2.1.0.8 ( UnsignedFile.Multi.Generic ) - warning
13:35:22.0300 0x0f40  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:35:22.0331 0x0f40  MTConfig - ok
13:35:22.0347 0x0f40  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:35:22.0394 0x0f40  Mup - ok
13:35:22.0456 0x0f40  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:35:22.0597 0x0f40  napagent - ok
13:35:22.0675 0x0f40  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:35:22.0753 0x0f40  NativeWifiP - ok
13:35:22.0846 0x0f40  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:35:22.0940 0x0f40  NDIS - ok
13:35:22.0987 0x0f40  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:35:23.0080 0x0f40  NdisCap - ok
13:35:23.0096 0x0f40  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:35:23.0205 0x0f40  NdisTapi - ok
13:35:23.0252 0x0f40  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:35:23.0345 0x0f40  Ndisuio - ok
13:35:23.0392 0x0f40  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:35:23.0533 0x0f40  NdisWan - ok
13:35:23.0564 0x0f40  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:35:23.0673 0x0f40  NDProxy - ok
13:35:23.0704 0x0f40  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:35:23.0798 0x0f40  NetBIOS - ok
13:35:23.0860 0x0f40  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:35:23.0969 0x0f40  NetBT - ok
13:35:23.0985 0x0f40  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon        C:\Windows\system32\lsass.exe
13:35:24.0032 0x0f40  Netlogon - ok
13:35:24.0079 0x0f40  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:35:24.0203 0x0f40  Netman - ok
13:35:24.0250 0x0f40  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:35:24.0281 0x0f40  NetMsmqActivator - ok
13:35:24.0297 0x0f40  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:35:24.0344 0x0f40  NetPipeActivator - ok
13:35:24.0375 0x0f40  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:35:24.0515 0x0f40  netprofm - ok
13:35:24.0531 0x0f40  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:35:24.0578 0x0f40  NetTcpActivator - ok
13:35:24.0593 0x0f40  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:35:24.0625 0x0f40  NetTcpPortSharing - ok
13:35:24.0671 0x0f40  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:35:24.0703 0x0f40  nfrd960 - ok
13:35:24.0765 0x0f40  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:35:24.0827 0x0f40  NlaSvc - ok
13:35:24.0843 0x0f40  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:35:24.0937 0x0f40  Npfs - ok
13:35:24.0968 0x0f40  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:35:25.0077 0x0f40  nsi - ok
13:35:25.0108 0x0f40  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:35:25.0202 0x0f40  nsiproxy - ok
13:35:25.0358 0x0f40  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:35:25.0514 0x0f40  Ntfs - ok
13:35:25.0529 0x0f40  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:35:25.0623 0x0f40  Null - ok
13:35:25.0670 0x0f40  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:35:25.0701 0x0f40  nvraid - ok
13:35:25.0717 0x0f40  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:35:25.0763 0x0f40  nvstor - ok
13:35:25.0795 0x0f40  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:35:25.0826 0x0f40  nv_agp - ok
13:35:25.0873 0x0f40  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:35:25.0904 0x0f40  ohci1394 - ok
13:35:25.0966 0x0f40  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:35:25.0997 0x0f40  ose - ok
13:35:26.0372 0x0f40  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:35:26.0762 0x0f40  osppsvc - ok
13:35:26.0824 0x0f40  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:35:26.0902 0x0f40  p2pimsvc - ok
13:35:26.0933 0x0f40  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:35:27.0011 0x0f40  p2psvc - ok
13:35:27.0027 0x0f40  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:35:27.0089 0x0f40  Parport - ok
13:35:27.0121 0x0f40  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:35:27.0152 0x0f40  partmgr - ok
13:35:27.0199 0x0f40  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:35:27.0277 0x0f40  PcaSvc - ok
13:35:27.0308 0x0f40  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:35:27.0355 0x0f40  pci - ok
13:35:27.0386 0x0f40  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:35:27.0433 0x0f40  pciide - ok
13:35:27.0479 0x0f40  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:35:27.0526 0x0f40  pcmcia - ok
13:35:27.0526 0x0f40  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:35:27.0573 0x0f40  pcw - ok
13:35:27.0635 0x0f40  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:35:27.0729 0x0f40  PEAUTH - ok
13:35:27.0854 0x0f40  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:35:27.0994 0x0f40  PeerDistSvc - ok
13:35:28.0119 0x0f40  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:35:28.0166 0x0f40  PerfHost - ok
13:35:28.0291 0x0f40  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:35:28.0493 0x0f40  pla - ok
13:35:28.0556 0x0f40  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:35:28.0634 0x0f40  PlugPlay - ok
13:35:28.0665 0x0f40  PnkBstrA - ok
13:35:28.0696 0x0f40  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:35:28.0743 0x0f40  PNRPAutoReg - ok
13:35:28.0790 0x0f40  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:35:28.0852 0x0f40  PNRPsvc - ok
13:35:28.0915 0x0f40  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:35:29.0071 0x0f40  PolicyAgent - ok
13:35:29.0102 0x0f40  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:35:29.0227 0x0f40  Power - ok
13:35:29.0273 0x0f40  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:35:29.0367 0x0f40  PptpMiniport - ok
13:35:29.0414 0x0f40  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:35:29.0461 0x0f40  Processor - ok
13:35:29.0492 0x0f40  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:35:29.0554 0x0f40  ProfSvc - ok
13:35:29.0570 0x0f40  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\Windows\system32\lsass.exe
13:35:29.0601 0x0f40  ProtectedStorage - ok
13:35:29.0663 0x0f40  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:35:29.0757 0x0f40  Psched - ok
13:35:29.0804 0x0f40  [ EA735BF6DF13A857A83C99BF27A422AD, 026A57155FB9E01CFAFD8613980CDF0F3D744ABBBC66EFDC6C20B89980FB45CF ] PST Service     C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
13:35:29.0835 0x0f40  PST Service - detected UnsignedFile.Multi.Generic ( 1 )
13:35:32.0206 0x0f40  Detect skipped due to KSN trusted
13:35:32.0206 0x0f40  PST Service - ok
13:35:32.0331 0x0f40  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:35:32.0471 0x0f40  ql2300 - ok
13:35:32.0534 0x0f40  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:35:32.0565 0x0f40  ql40xx - ok
13:35:32.0612 0x0f40  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:35:32.0690 0x0f40  QWAVE - ok
13:35:32.0705 0x0f40  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:35:32.0752 0x0f40  QWAVEdrv - ok
13:35:32.0768 0x0f40  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:35:32.0877 0x0f40  RasAcd - ok
13:35:32.0924 0x0f40  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:35:33.0033 0x0f40  RasAgileVpn - ok
13:35:33.0080 0x0f40  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:35:33.0189 0x0f40  RasAuto - ok
13:35:33.0205 0x0f40  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:35:33.0298 0x0f40  Rasl2tp - ok
13:35:33.0345 0x0f40  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:35:33.0470 0x0f40  RasMan - ok
13:35:33.0517 0x0f40  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:35:33.0626 0x0f40  RasPppoe - ok
13:35:33.0641 0x0f40  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:35:33.0751 0x0f40  RasSstp - ok
13:35:33.0797 0x0f40  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:35:33.0922 0x0f40  rdbss - ok
13:35:33.0953 0x0f40  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:35:34.0000 0x0f40  rdpbus - ok
13:35:34.0016 0x0f40  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:35:34.0109 0x0f40  RDPCDD - ok
13:35:34.0156 0x0f40  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:35:34.0203 0x0f40  RDPDR - ok
13:35:34.0203 0x0f40  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:35:34.0312 0x0f40  RDPENCDD - ok
13:35:34.0328 0x0f40  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:35:34.0421 0x0f40  RDPREFMP - ok
13:35:34.0499 0x0f40  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:35:34.0546 0x0f40  RdpVideoMiniport - ok
13:35:34.0577 0x0f40  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:35:34.0640 0x0f40  RDPWD - ok
13:35:34.0702 0x0f40  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:35:34.0749 0x0f40  rdyboost - ok
13:35:34.0827 0x0f40  [ BBFCAC1C23B867AE5D7EF96DF40680C5, D7A60D2B1AA96F93A797778B6B2D2663C1F18CA0990298EC4D7B6F4E959481F4 ] Realtek87B      C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
13:35:34.0843 0x0f40  Realtek87B - detected UnsignedFile.Multi.Generic ( 1 )
13:35:37.0214 0x0f40  Detect skipped due to KSN trusted
13:35:37.0214 0x0f40  Realtek87B - ok
13:35:37.0276 0x0f40  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:35:37.0354 0x0f40  RemoteAccess - ok
13:35:37.0401 0x0f40  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:35:37.0495 0x0f40  RemoteRegistry - ok
13:35:37.0541 0x0f40  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:35:37.0588 0x0f40  RFCOMM - ok
13:35:37.0619 0x0f40  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:35:37.0713 0x0f40  RpcEptMapper - ok
13:35:37.0729 0x0f40  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:35:37.0775 0x0f40  RpcLocator - ok
13:35:37.0838 0x0f40  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:35:37.0947 0x0f40  RpcSs - ok
13:35:37.0994 0x0f40  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:35:38.0072 0x0f40  rspndr - ok
13:35:38.0119 0x0f40  [ E50CFB92986DCAB49DE93788FD695813, EAE103008B967B0F064EDDA551AA553EE7C22D39D14FA0BBFEF41C4D1B6C99E5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:35:38.0165 0x0f40  RTL8167 - ok
13:35:38.0212 0x0f40  [ 333224D4D25F9BCCA488E08345083E1C, 368CA50C6791849A029F0E55036D0F2952922D5D17BE3C35D1195C6AFED0D94F ] RTL8187         C:\Windows\system32\DRIVERS\rtl8187.sys
13:35:38.0259 0x0f40  RTL8187 - ok
13:35:38.0290 0x0f40  [ BBFCAC1C23B867AE5D7EF96DF40680C5, D7A60D2B1AA96F93A797778B6B2D2663C1F18CA0990298EC4D7B6F4E959481F4 ] RtlService      C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
13:35:38.0306 0x0f40  RtlService - detected UnsignedFile.Multi.Generic ( 1 )
13:35:38.0306 0x0f40  Detect skipped due to KSN trusted
13:35:38.0306 0x0f40  RtlService - ok
13:35:38.0321 0x0f40  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:35:38.0337 0x0f40  s3cap - ok
13:35:38.0399 0x0f40  [ 62DB6CC4B0818F1B5F3441241B098F12, 7A53B3FBA3F82EDE6FA688E531FBE7EC9E1AE329090C0AFE0DCD64F65BD90F21 ] SABI            C:\Windows\system32\Drivers\SABI.sys
13:35:38.0415 0x0f40  SABI - ok
13:35:38.0431 0x0f40  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs           C:\Windows\system32\lsass.exe
13:35:38.0462 0x0f40  SamSs - ok
13:35:38.0524 0x0f40  [ 5E66ABD041D76C46CBF55AEF910FCA56, AA275FE0506EE47EB717451F8415E29757C813F29F5C4B5D1629902B15831966 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
13:35:38.0555 0x0f40  SamsungDeviceConfigurationWinService - detected UnsignedFile.Multi.Generic ( 1 )
13:35:40.0958 0x0f40  Detect skipped due to KSN trusted
13:35:40.0958 0x0f40  SamsungDeviceConfigurationWinService - ok
13:35:41.0176 0x0f40  SBIOSIO - ok
13:35:41.0223 0x0f40  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:35:41.0270 0x0f40  sbp2port - ok
13:35:41.0332 0x0f40  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:35:41.0457 0x0f40  SCardSvr - ok
13:35:41.0519 0x0f40  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:35:41.0644 0x0f40  scfilter - ok
13:35:41.0753 0x0f40  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:35:41.0956 0x0f40  Schedule - ok
13:35:42.0003 0x0f40  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:35:42.0081 0x0f40  SCPolicySvc - ok
13:35:42.0128 0x0f40  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:35:42.0190 0x0f40  SDRSVC - ok
13:35:42.0221 0x0f40  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:35:42.0315 0x0f40  secdrv - ok
13:35:42.0346 0x0f40  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:35:42.0440 0x0f40  seclogon - ok
13:35:42.0487 0x0f40  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:35:42.0580 0x0f40  SENS - ok
13:35:42.0596 0x0f40  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:35:42.0627 0x0f40  SensrSvc - ok
13:35:42.0658 0x0f40  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:35:42.0689 0x0f40  Serenum - ok
13:35:42.0721 0x0f40  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:35:42.0767 0x0f40  Serial - ok
13:35:42.0799 0x0f40  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:35:42.0830 0x0f40  sermouse - ok
13:35:42.0908 0x0f40  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:35:43.0001 0x0f40  SessionEnv - ok
13:35:43.0048 0x0f40  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:35:43.0111 0x0f40  sffdisk - ok
13:35:43.0126 0x0f40  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:35:43.0189 0x0f40  sffp_mmc - ok
13:35:43.0220 0x0f40  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:35:43.0267 0x0f40  sffp_sd - ok
13:35:43.0298 0x0f40  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:35:43.0345 0x0f40  sfloppy - ok
13:35:43.0376 0x0f40  [ 2FE1CD3AA602414841DB10AD96C95A5E, 1A2489DF37C13B578E69AA0D3D5DB3627C77750C45D78BB2872E29DD10253326 ] SGDrv           C:\Windows\system32\DRIVERS\SGdrv64.sys
13:35:43.0423 0x0f40  SGDrv - ok
13:35:43.0501 0x0f40  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:35:43.0625 0x0f40  SharedAccess - ok
13:35:43.0672 0x0f40  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:35:43.0797 0x0f40  ShellHWDetection - ok
13:35:43.0828 0x0f40  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:35:43.0859 0x0f40  SiSRaid2 - ok
13:35:43.0891 0x0f40  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:35:43.0937 0x0f40  SiSRaid4 - ok
13:35:44.0000 0x0f40  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:35:44.0031 0x0f40  SkypeUpdate - ok
13:35:44.0078 0x0f40  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:35:44.0187 0x0f40  Smb - ok
13:35:44.0218 0x0f40  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:35:44.0281 0x0f40  SNMPTRAP - ok
13:35:44.0312 0x0f40  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:35:44.0343 0x0f40  spldr - ok
13:35:44.0390 0x0f40  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:35:44.0483 0x0f40  Spooler - ok
13:35:44.0733 0x0f40  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:35:45.0092 0x0f40  sppsvc - ok
13:35:45.0139 0x0f40  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:35:45.0248 0x0f40  sppuinotify - ok
13:35:45.0310 0x0f40  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:35:45.0388 0x0f40  srv - ok
13:35:45.0420 0x0f40  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:35:45.0498 0x0f40  srv2 - ok
13:35:45.0513 0x0f40  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:35:45.0560 0x0f40  srvnet - ok
13:35:45.0607 0x0f40  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:35:45.0716 0x0f40  SSDPSRV - ok
13:35:45.0747 0x0f40  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:35:45.0856 0x0f40  SstpSvc - ok
13:35:45.0888 0x0f40  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:35:45.0919 0x0f40  stexstor - ok
13:35:45.0981 0x0f40  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:35:46.0028 0x0f40  StillCam - ok
13:35:46.0122 0x0f40  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:35:46.0215 0x0f40  stisvc - ok
13:35:46.0231 0x0f40  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:35:46.0262 0x0f40  storflt - ok
13:35:46.0278 0x0f40  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
13:35:46.0324 0x0f40  StorSvc - ok
13:35:46.0340 0x0f40  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:35:46.0387 0x0f40  storvsc - ok
13:35:46.0418 0x0f40  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:35:46.0434 0x0f40  swenum - ok
13:35:46.0496 0x0f40  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:35:46.0605 0x0f40  swprv - ok
13:35:46.0699 0x0f40  SWUpdateService - ok
13:35:46.0839 0x0f40  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:35:47.0026 0x0f40  SysMain - ok
13:35:47.0042 0x0f40  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:35:47.0120 0x0f40  TabletInputService - ok
13:35:47.0151 0x0f40  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:35:47.0276 0x0f40  TapiSrv - ok
13:35:47.0307 0x0f40  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:35:47.0416 0x0f40  TBS - ok
13:35:47.0572 0x0f40  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:35:47.0744 0x0f40  Tcpip - ok
13:35:47.0884 0x0f40  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:35:48.0056 0x0f40  TCPIP6 - ok
13:35:48.0103 0x0f40  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:35:48.0150 0x0f40  tcpipreg - ok
13:35:48.0181 0x0f40  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:35:48.0228 0x0f40  TDPIPE - ok
13:35:48.0259 0x0f40  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:35:48.0290 0x0f40  TDTCP - ok
13:35:48.0337 0x0f40  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:35:48.0384 0x0f40  tdx - ok
13:35:48.0415 0x0f40  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:35:48.0446 0x0f40  TermDD - ok
13:35:48.0524 0x0f40  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
13:35:48.0618 0x0f40  TermService - ok
13:35:48.0649 0x0f40  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:35:48.0696 0x0f40  Themes - ok
13:35:48.0727 0x0f40  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:35:48.0836 0x0f40  THREADORDER - ok
13:35:48.0867 0x0f40  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:35:48.0976 0x0f40  TrkWks - ok
13:35:49.0054 0x0f40  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:35:49.0148 0x0f40  TrustedInstaller - ok
13:35:49.0179 0x0f40  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:35:49.0210 0x0f40  tssecsrv - ok
13:35:49.0288 0x0f40  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:35:49.0335 0x0f40  TsUsbFlt - ok
13:35:49.0382 0x0f40  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:35:49.0491 0x0f40  tunnel - ok
13:35:49.0522 0x0f40  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:35:49.0554 0x0f40  uagp35 - ok
13:35:49.0600 0x0f40  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:35:49.0710 0x0f40  udfs - ok
13:35:49.0756 0x0f40  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:35:49.0803 0x0f40  UI0Detect - ok
13:35:49.0834 0x0f40  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:35:49.0866 0x0f40  uliagpkx - ok
13:35:49.0912 0x0f40  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:35:49.0959 0x0f40  umbus - ok
13:35:49.0990 0x0f40  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:35:50.0022 0x0f40  UmPass - ok
13:35:50.0068 0x0f40  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:35:50.0131 0x0f40  UmRdpService - ok
13:35:50.0380 0x0f40  [ DB641944F7E4B14C13C3FEFC89843F69, C106F10E802A67D43C9F0591A4A2477F7EF7911C3313C3844A02E3C061FD3EAA ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:35:50.0583 0x0f40  UNS - ok
13:35:50.0646 0x0f40  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:35:50.0770 0x0f40  upnphost - ok
13:35:50.0817 0x0f40  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:35:50.0848 0x0f40  usbccgp - ok
13:35:50.0895 0x0f40  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:35:50.0942 0x0f40  usbcir - ok
13:35:50.0989 0x0f40  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:35:51.0051 0x0f40  usbehci - ok
13:35:51.0114 0x0f40  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:35:51.0176 0x0f40  usbhub - ok
13:35:51.0238 0x0f40  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:35:51.0285 0x0f40  usbohci - ok
13:35:51.0332 0x0f40  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:35:51.0379 0x0f40  usbprint - ok
13:35:51.0488 0x0f40  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
13:35:51.0535 0x0f40  usbscan - ok
13:35:51.0582 0x0f40  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:35:51.0628 0x0f40  USBSTOR - ok
13:35:51.0660 0x0f40  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:35:51.0691 0x0f40  usbuhci - ok
13:35:51.0769 0x0f40  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:35:51.0816 0x0f40  usbvideo - ok
13:35:51.0847 0x0f40  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:35:51.0956 0x0f40  UxSms - ok
13:35:51.0987 0x0f40  [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc        C:\Windows\system32\lsass.exe
13:35:52.0034 0x0f40  VaultSvc - ok
13:35:52.0065 0x0f40  [ EB2461E88E1E9F2243FAA3F167BFB94E, 1A7E51BC964CC42A2839FE6DB20A7E2E695E827B62851B0B25CCDB091A144D24 ] VBoxAswDrv      D:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
13:35:52.0112 0x0f40  VBoxAswDrv - ok
13:35:52.0159 0x0f40  [ FD911873C0BB6945FA38C16E9A2B58F9, EF8C833321449A6E8B671890F2EBC82ABC276B890D274AADDB626D763EE98964 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
13:35:52.0206 0x0f40  VClone - ok
13:35:52.0237 0x0f40  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:35:52.0268 0x0f40  vdrvroot - ok
13:35:52.0330 0x0f40  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:35:52.0486 0x0f40  vds - ok
13:35:52.0518 0x0f40  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:35:52.0564 0x0f40  vga - ok
13:35:52.0596 0x0f40  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:35:52.0689 0x0f40  VgaSave - ok
13:35:52.0736 0x0f40  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:35:52.0783 0x0f40  vhdmp - ok
13:35:52.0798 0x0f40  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:35:52.0845 0x0f40  viaide - ok
13:35:52.0876 0x0f40  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:35:52.0923 0x0f40  vmbus - ok
13:35:52.0939 0x0f40  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:35:52.0986 0x0f40  VMBusHID - ok
13:35:53.0001 0x0f40  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:35:53.0032 0x0f40  volmgr - ok
13:35:53.0095 0x0f40  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:35:53.0157 0x0f40  volmgrx - ok
13:35:53.0188 0x0f40  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:35:53.0235 0x0f40  volsnap - ok
13:35:53.0360 0x0f40  [ 78836108CF5AC6A0B365AC50A72F16D6, 53130B29A84E1CB5E96B81137DF7CFA69BF2A3C7E884ED45069BA9F5438776C1 ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
13:35:53.0422 0x0f40  vpnagent - ok
13:35:53.0454 0x0f40  [ 0F42C39016F82F345C0F2DB2D5B90EB4, 2E957E72BB8D0293F61FA7385BA9400DF7759E1E3D35FE24F3877A6460988F4D ] vpnva           C:\Windows\system32\DRIVERS\vpnva64-6.sys
13:35:53.0485 0x0f40  vpnva - ok
13:35:53.0547 0x0f40  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:35:53.0578 0x0f40  vsmraid - ok
13:35:53.0719 0x0f40  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:35:53.0937 0x0f40  VSS - ok
13:35:53.0968 0x0f40  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:35:54.0000 0x0f40  vwifibus - ok
13:35:54.0046 0x0f40  [ 13A0DECD1794DE60A8427862C8669D27, 4024AF9F2F052BC80C85F5B9A671499C20AF38838206CC649E6EFE37C380D3BF ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:35:54.0093 0x0f40  vwififlt - ok
13:35:54.0124 0x0f40  [ 49003B357D101CDC474937437ECF5ABC, D3EC570D616DC39FE6BF02DA1CD6C30CD07C27CC5B4B6FD6DACB5D8A4F1596A6 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
13:35:54.0171 0x0f40  vwifimp - ok
13:35:54.0234 0x0f40  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:35:54.0390 0x0f40  W32Time - ok
13:35:54.0421 0x0f40  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:35:54.0468 0x0f40  WacomPen - ok
13:35:54.0514 0x0f40  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:35:54.0608 0x0f40  WANARP - ok
13:35:54.0624 0x0f40  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:35:54.0717 0x0f40  Wanarpv6 - ok
13:35:54.0842 0x0f40  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:35:54.0967 0x0f40  WatAdminSvc - ok
13:35:55.0107 0x0f40  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:35:55.0263 0x0f40  wbengine - ok
13:35:55.0310 0x0f40  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:35:55.0372 0x0f40  WbioSrvc - ok
13:35:55.0419 0x0f40  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:35:55.0497 0x0f40  wcncsvc - ok
13:35:55.0513 0x0f40  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:35:55.0560 0x0f40  WcsPlugInService - ok
13:35:55.0591 0x0f40  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:35:55.0622 0x0f40  Wd - ok
13:35:55.0700 0x0f40  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:35:55.0794 0x0f40  Wdf01000 - ok
13:35:55.0825 0x0f40  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:35:55.0887 0x0f40  WdiServiceHost - ok
13:35:55.0903 0x0f40  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:35:55.0950 0x0f40  WdiSystemHost - ok
13:35:55.0996 0x0f40  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:35:56.0059 0x0f40  WebClient - ok
13:35:56.0106 0x0f40  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:35:56.0230 0x0f40  Wecsvc - ok
13:35:56.0246 0x0f40  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:35:56.0371 0x0f40  wercplsupport - ok
13:35:56.0386 0x0f40  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:35:56.0496 0x0f40  WerSvc - ok
13:35:56.0511 0x0f40  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:35:56.0620 0x0f40  WfpLwf - ok
13:35:56.0652 0x0f40  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:35:56.0683 0x0f40  WIMMount - ok
13:35:56.0698 0x0f40  WinDefend - ok
13:35:56.0730 0x0f40  WinHttpAutoProxySvc - ok
13:35:56.0808 0x0f40  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:35:56.0917 0x0f40  Winmgmt - ok
13:35:57.0057 0x0f40  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
13:35:57.0244 0x0f40  WinRM - ok
13:35:57.0307 0x0f40  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:35:57.0354 0x0f40  WinUsb - ok
13:35:57.0432 0x0f40  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:35:57.0572 0x0f40  Wlansvc - ok
13:35:57.0619 0x0f40  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:35:57.0650 0x0f40  WmiAcpi - ok
13:35:57.0681 0x0f40  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:35:57.0744 0x0f40  wmiApSrv - ok
13:35:57.0775 0x0f40  WMPNetworkSvc - ok
13:35:57.0806 0x0f40  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:35:57.0853 0x0f40  WPCSvc - ok
13:35:57.0884 0x0f40  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:35:57.0931 0x0f40  WPDBusEnum - ok
13:35:57.0946 0x0f40  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:35:58.0040 0x0f40  ws2ifsl - ok
13:35:58.0056 0x0f40  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:35:58.0118 0x0f40  wscsvc - ok
13:35:58.0165 0x0f40  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
13:35:58.0212 0x0f40  WSDPrintDevice - ok
13:35:58.0227 0x0f40  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
13:35:58.0258 0x0f40  WSDScan - ok
13:35:58.0274 0x0f40  WSearch - ok
13:35:58.0461 0x0f40  [ 0814A74C853F50B354F08F83DDA9F7FB, 0A63BAA8DE451B8C2C71FEF961718E769B9BAC305C76D24048C664CB27D0DF28 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:35:58.0711 0x0f40  wuauserv - ok
13:35:58.0742 0x0f40  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:35:58.0804 0x0f40  WudfPf - ok
13:35:58.0820 0x0f40  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:35:58.0882 0x0f40  WUDFRd - ok
13:35:58.0898 0x0f40  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:35:58.0945 0x0f40  wudfsvc - ok
13:35:58.0992 0x0f40  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:35:59.0054 0x0f40  WwanSvc - ok
13:35:59.0148 0x0f40  ================ Scan global ===============================
13:35:59.0179 0x0f40  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:35:59.0210 0x0f40  [ A171AC55EE4B4EE35C18EF0977017A72, E0E3E3B1C3708C30C7292CA09E41CA6C49EB850699126C6D2C0383A72C0097A6 ] C:\Windows\system32\winsrv.dll
13:35:59.0257 0x0f40  [ A171AC55EE4B4EE35C18EF0977017A72, E0E3E3B1C3708C30C7292CA09E41CA6C49EB850699126C6D2C0383A72C0097A6 ] C:\Windows\system32\winsrv.dll
13:35:59.0304 0x0f40  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:35:59.0366 0x0f40  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
13:35:59.0397 0x0f40  [ Global ] - ok
13:35:59.0397 0x0f40  ================ Scan MBR ==================================
13:35:59.0397 0x0f40  [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
13:36:00.0084 0x0f40  \Device\Harddisk0\DR0 - ok
13:36:00.0084 0x0f40  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:36:00.0240 0x0f40  \Device\Harddisk1\DR1 - ok
13:36:00.0240 0x0f40  ================ Scan VBR ==================================
13:36:00.0240 0x0f40  [ D874F5933214B71B4EFB4F8BC7BAAD7D ] \Device\Harddisk0\DR0\Partition1
13:36:00.0240 0x0f40  \Device\Harddisk0\DR0\Partition1 - ok
13:36:00.0255 0x0f40  [ EB43212DD63709DE3251E6FE5353F70C ] \Device\Harddisk0\DR0\Partition2
13:36:00.0255 0x0f40  \Device\Harddisk0\DR0\Partition2 - ok
13:36:00.0271 0x0f40  [ AD05C4BF75B0AD1CD21E7A383A667D3C ] \Device\Harddisk0\DR0\Partition3
13:36:00.0286 0x0f40  \Device\Harddisk0\DR0\Partition3 - ok
13:36:00.0286 0x0f40  ================ Scan generic autorun ======================
13:36:00.0364 0x0f40  [ 5B6E8E09BE6401A7E022F52FDFCB2FF8, 471C556CF9405BBB380A8CEFE945C126B954B7C94F79CC72441B51F80141FC5E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:36:00.0396 0x0f40  SunJavaUpdateSched - ok
13:36:00.0817 0x0f40  [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] D:\Program Files\AVAST Software\Avast\AvastUI.exe
13:36:01.0238 0x0f40  AvastUI.exe - ok
13:36:01.0254 0x0f40  EaseUS EPM tray - ok
13:36:01.0363 0x0f40  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:36:01.0488 0x0f40  Sidebar - ok
13:36:01.0534 0x0f40  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:36:01.0597 0x0f40  mctadmin - ok
13:36:01.0675 0x0f40  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:36:01.0800 0x0f40  Sidebar - ok
13:36:01.0815 0x0f40  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:36:01.0862 0x0f40  mctadmin - ok
13:36:02.0065 0x0f40  [ E602DFD7B38FFA0C4E39CA6CFBCC44F8, 8F1E2F7559606D6165C4147CD8B223FC8352AC30491B67F7F9162D51B005C40A ] C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe
13:36:02.0236 0x0f40  Spotify Web Helper - ok
13:36:02.0283 0x0f40  [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA1751A56799D1A79A5 ] C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
13:36:02.0314 0x0f40  Dropbox Update - ok
13:36:02.0346 0x0f40  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe
13:36:02.0377 0x0f40  Google Update - ok
13:36:02.0377 0x0f40  Waiting for KSN requests completion. In queue: 145
13:36:03.0391 0x0f40  Waiting for KSN requests completion. In queue: 145
13:36:04.0405 0x0f40  Waiting for KSN requests completion. In queue: 145
13:36:05.0466 0x0f40  AV detected via SS2: avast! Antivirus, D:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
13:36:05.0497 0x0f40  Win FW state via NFP2: enabled
13:36:07.0930 0x0f40  ============================================================
13:36:07.0930 0x0f40  Scan finished
13:36:07.0930 0x0f40  ============================================================
13:36:07.0946 0x05f0  Detected object count: 2
13:36:07.0946 0x05f0  Actual detected object count: 2
13:36:51.0751 0x05f0  CZCanSrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:51.0751 0x05f0  CZCanSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:36:51.0751 0x05f0  MTBService_2.1.0.8 ( UnsignedFile.Multi.Generic ) - skipped by user
13:36:51.0751 0x05f0  MTBService_2.1.0.8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:38:08.0129 0x13e4  Deinitialize success

schrauber · 17.07.2015, 07:31

warum läuft da ein Crack für MS Office?

Felicibus · 17.07.2015, 09:42

Oh, dessen war ich mir nicht bewusst. Danke für den Tipp. Habe Office umgehend deinstalliert. Damit sollte auch der Crack verschwunden sein, oder?

Wie soll ich weiter vorgehen? Das Symptom (Avast-Alarm) ist nach wie vor vorhanden.

schrauber · 18.07.2015, 07:44

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Felicibus · 18.07.2015, 15:58

Combofix lief soweit problemlos durch. Hier das dazugehörige Logfile:

Code:

ATTFilter

ComboFix 15-07-18.01 - Felix 18.07.2015  15:50:29.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6058.4390 [GMT 2:00]
ausgeführt von:: c:\users\Felix\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\Felix\1qo2.pdb
c:\users\Felix\1sz6.pdb
c:\users\Felix\1thf.pdb
c:\users\Felix\3bwr.pdb
c:\users\Felix\3owg.pdb
c:\users\Felix\3srk.pdb
c:\users\Felix\3uwu.pdb
c:\users\Felix\4owg.pdb
c:\users\Felix\6tim.pdb
c:\users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\extensions\adbeaver@adbeaver.org.xpi
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-06-18 bis 2015-07-18  ))))))))))))))))))))))))))))))
.
.
2015-07-18 14:11 . 2015-07-18 14:11	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-07-17 08:04 . 2015-06-12 07:50	12221144	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4507424-1203-4FD7-8432-4A99B2EA550A}\mpengine.dll
2015-07-16 10:24 . 2015-07-16 10:24	--------	d-----w-	c:\programdata\Malwarebytes
2015-07-16 10:23 . 2015-07-17 07:57	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-07-16 10:23 . 2015-07-16 10:59	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-16 09:33 . 2015-07-16 10:57	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-07-15 23:02 . 2015-07-15 23:04	--------	d-----w-	C:\FRST
2015-07-15 22:19 . 2015-07-15 22:20	29296256	----a-w-	c:\windows\SysWow64\epm.exe
2015-07-15 05:44 . 2015-06-11 17:56	7077376	----a-w-	c:\windows\system32\mstscax.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-15 21:03 . 2012-07-12 22:11	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-15 21:03 . 2011-10-24 18:34	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 06:43 . 2011-12-27 19:56	130333168	----a-w-	c:\windows\system32\MRT.exe
2015-06-27 20:13 . 2011-12-29 14:08	442264	----a-w-	c:\windows\system32\drivers\aswsp.sys
2015-06-23 11:30 . 2011-10-24 18:35	300704	------w-	c:\windows\system32\MpSigStub.exe
2015-05-09 03:27 . 2015-06-10 08:46	362496	----a-w-	c:\windows\system32\wow64win.dll
2015-05-09 03:27 . 2015-06-10 08:46	243712	----a-w-	c:\windows\system32\wow64.dll
2015-05-09 03:27 . 2015-06-10 08:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2015-05-09 03:27 . 2015-06-10 08:46	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2015-05-09 03:26 . 2015-06-10 08:46	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2015-05-09 03:26 . 2015-06-10 08:46	424960	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-09 03:26 . 2015-06-10 08:46	1162752	----a-w-	c:\windows\system32\kernel32.dll
2015-05-09 03:25 . 2015-06-10 08:46	338432	----a-w-	c:\windows\system32\conhost.exe
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:20 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-09 03:13 . 2015-06-10 08:46	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2015-05-09 03:13 . 2015-06-10 08:46	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-05-09 03:13 . 2015-06-10 08:46	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2015-05-09 03:12 . 2015-06-10 08:46	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2015-05-09 03:12 . 2015-06-10 08:46	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2015-05-09 03:08 . 2015-06-10 08:46	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	5120	---ha-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2015-05-09 02:01 . 2015-06-10 08:46	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2015-05-09 02:01 . 2015-06-10 08:46	2048	----a-w-	c:\windows\SysWow64\user.exe
2015-05-09 01:59 . 2015-06-10 08:46	6144	---ha-w-	c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 08:46	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 08:46	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 08:46	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-01 13:17 . 2015-05-13 23:24	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-01 13:16 . 2015-05-13 23:24	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-04-29 18:22 . 2015-06-10 08:47	14635008	----a-w-	c:\windows\system32\wmp.dll
2015-04-29 18:21 . 2015-06-10 08:47	5120	----a-w-	c:\windows\system32\msdxm.ocx
2015-04-29 18:21 . 2015-06-10 08:47	5120	----a-w-	c:\windows\system32\dxmasf.dll
2015-04-29 18:21 . 2015-06-10 08:47	9728	----a-w-	c:\windows\system32\spwmp.dll
2015-04-29 18:19 . 2015-06-10 08:46	12625920	----a-w-	c:\windows\system32\wmploc.DLL
2015-04-29 18:07 . 2015-06-10 08:47	4096	----a-w-	c:\windows\SysWow64\msdxm.ocx
2015-04-29 18:07 . 2015-06-10 08:47	4096	----a-w-	c:\windows\SysWow64\dxmasf.dll
2015-04-29 18:07 . 2015-06-10 08:47	8192	----a-w-	c:\windows\SysWow64\spwmp.dll
2015-04-29 18:05 . 2015-06-10 08:47	12625408	----a-w-	c:\windows\SysWow64\wmploc.DLL
2015-04-26 23:18 . 2015-04-26 23:18	364472	----a-w-	c:\windows\system32\aswBoot.exe
2015-04-26 23:18 . 2014-08-06 13:21	29168	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-04-26 23:18 . 2014-01-06 16:20	137288	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-04-26 23:18 . 2013-03-06 17:47	65736	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-04-26 23:18 . 2013-03-06 17:47	272248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-04-26 23:18 . 2012-02-24 15:30	93528	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-04-26 23:18 . 2011-12-29 14:07	89944	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-04-26 23:18 . 2015-04-26 23:18	43112	----a-w-	c:\windows\avastSS.scr
2015-04-26 23:17 . 2011-12-29 14:08	1047320	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-04-24 18:17 . 2015-06-10 08:46	633856	----a-w-	c:\windows\system32\comctl32.dll
2015-04-24 17:56 . 2015-06-10 08:46	530432	----a-w-	c:\windows\SysWow64\comctl32.dll
2015-04-20 03:17 . 2015-05-13 12:42	1179136	----a-w-	c:\windows\system32\FntCache.dll
2015-04-20 03:17 . 2015-05-13 12:42	1647104	----a-w-	c:\windows\system32\DWrite.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	151576	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	151576	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	151576	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [2015-07-13 2030648]
"Dropbox Update"="c:\users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-18 134512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="d:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
.
c:\users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43871968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-8-25 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 Realtek87B;Realtek87B;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x]
R2 RtlService;RtlService;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [x]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SWUpdateService;SW Update Service;c:\programdata\Samsung\SW Update Service\SWMAgent.exe;c:\programdata\Samsung\SW Update Service\SWMAgent.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 CZCanSrv;CZCanSrv;c:\program files (x86)\Common Files\Carl Zeiss\CZCanSrv.exe;c:\program files (x86)\Common Files\Carl Zeiss\CZCanSrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8187.sys [x]
R3 SBIOSIO;SBIOSIO;c:\users\Felix\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys;c:\users\Felix\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 MTBService_2.1.0.8;MTB2011 Server (2.1.0.8);c:\program files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe;c:\program files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;d:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;d:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 acpials;ALS-Sensorfilter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;d:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;d:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-07-18 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
- c:\users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 07:29]
.
2015-07-18 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
- c:\users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18 07:29]
.
2015-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18 12:50]
.
2015-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
- c:\users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18 12:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-26 23:18	722400	----a-w-	d:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	184856	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	184856	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	184856	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-06-26 18:30	184856	----a-w-	c:\users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - d:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - d:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-EaseUS EPM tray - d:\program files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*®}=+\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*!*Ái\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*l*½šh\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*uª*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*f*uª*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-07-18  16:39:51
ComboFix-quarantined-files.txt  2015-07-18 14:39
.
Vor Suchlauf: 10 Verzeichnis(se), 34.840.223.744 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 34.500.874.240 Bytes frei
.
- - End Of File - - E816CD5E5611C4721D64C17E820E54E4

schrauber · 19.07.2015, 06:00

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Felicibus · 19.07.2015, 14:18

Vielen Dank nochmals für deine Hilfe. Hier die Logfiles:

Malwarebytes Anti-Malware :

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 19.07.2015
Suchlaufzeit: 12:58
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.07.19.01
Rootkit-Datenbank: v2015.07.17.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Felix

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363688
Abgelaufene Zeit: 23 Min., 41 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-2371084783-2400266815-74821208-1000\SOFTWARE\1ClickDownload, In Quarantäne, [9c01b231bcced85e4d10e77c8c7850b0], 

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)

Adw-Cleaner:

Code:

ATTFilter

# AdwCleaner v4.208 - Bericht erstellt 19/07/2015 um 14:18:59
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Felix - FELIX-PC
# Gestarted von : C:\Users\Felix\Desktop\AdwCleaner_4.208.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\pdfforge

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v

[7ttl5b9c.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[7ttl5b9c.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

*************************

AdwCleaner[R0].txt - [1488 Bytes] - [19/07/2015 14:02:13]
AdwCleaner[S0].txt - [1326 Bytes] - [19/07/2015 14:18:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1385  Bytes] ##########

Junkware Removal Tool:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x64
Ran by Felix on 19.07.2015 at 14:35:42,73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\EasySpeedUpManager



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\ZiCtrl.ZiToolbarsCtrl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\ZiCtrl.ZiToolbarsCtrl.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ZiCtrl.ZiToolbarsCtrl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ZiCtrl.ZiToolbarsCtrl.1



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Felix\Appdata\Local\crashrpt





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.07.2015 at 14:42:36,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Als ich den FRST scan ausführen wollte hat Avast mir eine Warnung gegeben und den Vorgang abgebrochen. Anschließend war die FRST.exe vom Desktop verschwunden. Daraufhin habe ich die Datei erneut heruntergeladen und Avast vor start der FRSR.exe deaktiviert. Danach lief alles Problemlos. Hier die dazugehörigen Logfiles:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-07-2015 01
Ran by Felix (administrator) on FELIX-PC on 19-07-2015 14:55:38
Running from C:\Users\Felix\Desktop
Loaded Profiles: Felix (Available Profiles: Felix)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Avast Software) D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Avast Software s.r.o.) D:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Spotify Web Helper] => C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Dropbox Update] => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-27] (Avast Software s.r.o.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-27] (Avast Software s.r.o.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22BC01CC-A483-4BCD-8B21-E468E5275910}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ACA8EA50-5F74-40EB-9766-7D9CFA94FB3F}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default
FF Homepage: hxxp://abo.spiegel.de/de/c/abo-service/spiegel-abo-agb
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((url.indexOf(\"proxmate=us\") != -1)) { return 'PROXY us03.sq.proxmate.me:8000; PROXY us02.sq.proxmate.me:8000; PROXY us06.sq.proxmate.me:8000; PROXY us05.sq.proxmate.me:8000; PROXY us14.sq.proxmate.me:8000; PROXY us08.sq.proxmate.me:8000; PROXY us11.sq.proxmate.me:8000; PROXY us01.sq.proxmate.me:8000; PROXY us12.sq.proxmate.me:8000; PROXY us09.sq.proxmate.me:8000; PROXY us13.sq.proxmate.me:8000; PROXY us10.sq.proxmate.me:8000; PROXY us07.sq.proxmate.me:8000' } else { return 'DIRECT'; }}"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-09-27] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-27] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-09-27] (Tracker Software Products Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @talk.google.com/O1DPlugin -> C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Felix\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Felix\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\searchplugins\downloadhelper-adult-videos.xml [2014-05-27]
FF Extension: FoxyProxy Standard - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: Ghostery - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\firefox@ghostery.com.xpi [2014-11-16]
FF Extension: ProxMate - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-11-16]
FF Extension: LeechBlock - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-11-16]
FF Extension: Video DownloadHelper - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-09]
FF Extension: DownThemAll! - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-11-16]
FF Extension: Adblock Edge - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-27] (Avast Software)
S3 CZCanSrv; C:\Program Files (x86)\Common Files\Carl Zeiss\CZCanSrv.exe [258048 2012-09-26] (Carl Zeiss MicroImaging GmbH) [File not signed]
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [77904 2011-05-26] (Diskeeper Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 MTBService_2.1.0.8; C:\Program Files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe [20480 2013-02-15] (Carl Zeiss) [File not signed]
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-09-01] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S2 RtlService; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
S2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-27] ()
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [76368 2011-05-26] (Diskeeper Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R2 VBoxAswDrv; D:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-27] (Avast Software)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Users\Felix\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 14:54 - 2015-07-19 14:54 - 02134528 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2015-07-19 14:42 - 2015-07-19 14:42 - 00001210 _____ C:\Users\Felix\Desktop\JRT.txt
2015-07-19 14:34 - 2015-07-19 14:34 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Felix\Desktop\JRT.exe
2015-07-19 14:33 - 2015-07-19 14:33 - 00001469 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2015-07-19 14:02 - 2015-07-19 14:19 - 00000000 ____D C:\AdwCleaner
2015-07-19 14:01 - 2015-07-19 14:01 - 02248704 _____ C:\Users\Felix\Desktop\AdwCleaner_4.208.exe
2015-07-19 13:57 - 2015-07-19 13:56 - 00001331 _____ C:\Users\Felix\Desktop\mbam.txt
2015-07-19 13:55 - 2015-07-19 13:56 - 00001331 _____ C:\mbam.txt
2015-07-19 12:51 - 2015-07-19 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-19 12:51 - 2015-07-19 12:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-19 12:51 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-19 12:51 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-19 11:44 - 2015-07-19 11:45 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Felix\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-18 16:40 - 2015-07-18 16:40 - 00027241 _____ C:\ComboFix.txt
2015-07-18 15:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-18 15:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-18 15:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-18 15:47 - 2015-07-18 16:41 - 00000000 ____D C:\Qoobox
2015-07-18 15:47 - 2015-07-18 16:34 - 00000000 ____D C:\Windows\erdnt
2015-07-18 15:20 - 2015-07-18 15:20 - 05633411 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2015-07-16 13:32 - 2015-07-16 13:32 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Felix\Desktop\tdsskiller.exe
2015-07-16 13:30 - 2015-07-16 13:30 - 00067907 _____ C:\Users\Felix\Desktop\TDSSKiller  Google Umleitungen, TDSS, TDL3, Alureon rootkit entfernen.htm
2015-07-16 13:30 - 2015-07-16 13:30 - 00000000 ____D C:\Users\Felix\Desktop\TDSSKiller  Google Umleitungen, TDSS, TDL3, Alureon rootkit entfernen-Dateien
2015-07-16 12:24 - 2015-07-19 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 12:23 - 2015-07-19 12:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 12:23 - 2015-07-17 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-16 11:33 - 2015-07-16 13:29 - 00000000 ____D C:\Users\Felix\Desktop\mbar
2015-07-16 11:33 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 11:31 - 2015-07-16 11:31 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Felix\Desktop\mbar-1.09.1.1004.exe
2015-07-16 10:01 - 2015-07-19 14:19 - 00002534 _____ C:\Windows\PFRO.log
2015-07-16 01:22 - 2015-07-16 01:22 - 00011078 _____ C:\Users\Felix\Desktop\Gmer.txt
2015-07-16 01:09 - 2015-07-16 01:09 - 00059484 _____ C:\Users\Felix\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten.htm
2015-07-16 01:09 - 2015-07-16 01:09 - 00000000 ____D C:\Users\Felix\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten-Dateien
2015-07-16 01:06 - 2015-07-16 01:06 - 00380416 _____ C:\Users\Felix\Desktop\Gmer-19357.exe
2015-07-16 01:03 - 2015-07-16 01:04 - 00056885 _____ C:\Users\Felix\Desktop\Addition.txt
2015-07-16 01:02 - 2015-07-19 14:56 - 00016486 _____ C:\Users\Felix\Desktop\FRST.txt
2015-07-16 01:02 - 2015-07-19 14:55 - 00000000 ____D C:\FRST
2015-07-16 00:59 - 2015-07-16 00:59 - 00000472 _____ C:\Users\Felix\Desktop\defogger_disable.log
2015-07-16 00:59 - 2015-07-16 00:59 - 00000000 _____ C:\Users\Felix\defogger_reenable
2015-07-16 00:58 - 2015-07-16 00:58 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2015-07-16 00:19 - 2015-07-16 00:20 - 29296256 _____ (EaseUS ) C:\Windows\SysWOW64\epm.exe
2015-07-15 07:45 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 07:45 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 07:45 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 07:45 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 07:45 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 07:45 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 07:45 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 07:45 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 07:45 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 07:45 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 07:45 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 07:45 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 07:45 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 07:45 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 07:45 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 07:45 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 07:45 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 07:45 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 07:45 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 07:45 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 07:45 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 07:45 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 07:45 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 07:45 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 07:45 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 07:45 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 07:45 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 07:45 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 07:45 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 07:45 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 07:45 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 07:45 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 07:45 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 07:45 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 07:45 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 07:45 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 07:45 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 07:45 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 07:45 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 07:45 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 07:45 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 07:45 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 07:45 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 07:45 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 07:45 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 07:45 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 07:45 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 07:45 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 07:45 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 07:45 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 07:45 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 07:45 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 07:45 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 07:45 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 07:45 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 07:45 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 07:45 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 07:45 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 07:45 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 07:45 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 07:45 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 07:45 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 07:45 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 07:45 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 07:45 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 07:45 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 07:45 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 07:44 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 07:44 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 07:44 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 07:44 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 07:44 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 07:44 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 07:44 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 07:44 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 07:44 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 07:44 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 07:44 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 07:44 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 07:44 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 07:44 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 07:44 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 07:44 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 07:44 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 07:44 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 07:44 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 07:44 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 07:44 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 07:44 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 07:44 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 07:44 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 07:44 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 07:44 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 07:44 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 07:44 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 07:44 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 07:44 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 07:44 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-14 09:35 - 2015-07-14 09:35 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-04 15:08 - 2015-07-19 14:20 - 00002072 _____ C:\Windows\setupact.log
2015-07-04 15:08 - 2015-07-04 15:08 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-19 14:40 - 2015-06-18 09:29 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
2015-07-19 14:31 - 2011-12-29 12:40 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2015-07-19 14:30 - 2014-03-25 14:33 - 00000000 ____D C:\Temp
2015-07-19 14:28 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-19 14:28 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-19 14:24 - 2011-10-24 17:30 - 01450727 _____ C:\Windows\WindowsUpdate.log
2015-07-19 14:20 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-19 12:33 - 2014-05-18 14:50 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
2015-07-18 20:40 - 2015-06-18 09:29 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
2015-07-18 20:36 - 2014-08-18 01:34 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2015-07-18 20:35 - 2015-06-18 09:29 - 00004194 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA
2015-07-18 20:35 - 2015-06-18 09:29 - 00003798 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core
2015-07-18 16:41 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-18 16:12 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-18 16:02 - 2011-10-24 19:15 - 00000000 ____D C:\Users\Felix
2015-07-18 15:19 - 2013-04-21 02:23 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0721377F-5ED3-4460-B868-74C39FF481FC}
2015-07-18 15:19 - 2012-07-08 18:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-17 10:16 - 2011-10-24 19:18 - 00108424 _____ C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-17 10:13 - 2009-07-14 06:45 - 00418424 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 10:11 - 2011-12-27 22:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 10:10 - 2011-12-27 22:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-07-17 10:09 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2015-07-17 10:09 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-17 10:07 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-17 10:07 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2015-07-16 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 14:31 - 2014-03-01 20:17 - 00000117 _____ C:\Users\Felix\Desktop\tex.txt
2015-07-16 00:25 - 2014-02-25 21:35 - 00000000 ____D C:\Users\Felix\AppData\Local\Spotify
2015-07-15 23:03 - 2014-10-29 22:04 - 00000000 ____D C:\Users\Felix\AppData\Local\Adobe
2015-07-15 23:03 - 2012-07-13 00:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 23:03 - 2011-10-24 20:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 22:55 - 2014-02-25 21:34 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Spotify
2015-07-15 21:17 - 2014-05-18 14:50 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA
2015-07-15 21:17 - 2014-05-18 14:50 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core
2015-07-15 21:17 - 2014-05-18 14:50 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
2015-07-15 09:25 - 2013-07-12 15:49 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 00:20 - 2009-07-14 19:58 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-07-15 00:20 - 2009-07-14 19:58 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-07-15 00:20 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 17:37 - 2015-02-12 11:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 17:36 - 2015-02-13 12:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-11 18:18 - 2015-01-07 23:20 - 00000000 ____D C:\Users\Felix\Desktop\Medizinbewerbung_SS15
2015-07-07 11:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-04 17:38 - 2014-05-11 00:30 - 00653824 ___SH C:\Users\Felix\Thumbs.db
2015-07-03 08:43 - 2011-12-27 21:56 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-27 22:13 - 2011-12-29 16:08 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 13:30 - 2011-10-24 20:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-01-24 15:46 - 2015-01-24 15:46 - 0000907 _____ () C:\Users\Felix\AppData\Local\recently-used.xbel
2012-10-11 09:34 - 2012-10-11 09:34 - 0007606 _____ () C:\Users\Felix\AppData\Local\Resmon.ResmonCfg
2012-07-21 16:55 - 2012-07-21 16:55 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Felix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxloytu.dll
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe
C:\Users\Felix\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 23:14

==================== End of log ============================

--- --- ---

--- --- ---

Additional FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Felix at 2015-07-19 14:56:47
Running from C:\Users\Felix\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2371084783-2400266815-74821208-500 - Administrator - Disabled)
Felix (S-1-5-21-2371084783-2400266815-74821208-1000 - Administrator - Enabled) => C:\Users\Felix
Gast (S-1-5-21-2371084783-2400266815-74821208-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2371084783-2400266815-74821208-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACD/Labs Software in D:\Program Files (x86)\ACDFREE11\ (HKLM-x32\...\ACDLabs in D__Program_Files_(x86)_ACDFREE11_) (Version: v11.00, FREE - ACD/Labs)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7A1A59F3-66FE-96DC-C300-B8F4A6103D3A}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
calibre 64bit (HKLM\...\{F914E24C-BFF9-4D72-9775-60126B4BC51E}) (Version: 2.15.0 - Kovid Goyal)
Carl Zeiss AxioVision SE64 Rel. 4.9.1 (HKLM\...\{F927FC22-CD4E-477D-80BA-D63F5F75ED64}) (Version: 4.9.1.1 - Carl Zeiss Microscopy GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{77EDCFE0-4431-40B1-93AD-BF1F4C55D131}) (Version: 1.0.46 - Diskeeper Corporation)
eXtra Buttons (HKLM-x32\...\eXtra Buttons) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3086 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
JMP 10 (HKLM-x32\...\{188BB63B-35C8-47EE-AEBF-5EA826CAA74D}) (Version: 10.0 - SAS Institute Inc.)
JMP Profiler Core (HKLM-x32\...\{38A15D11-05F8-4ECE-AC47-A85DC6FFA197}) (Version: 1.10.0 - SAS Institute Inc.)
JMP Profiler GUI (HKLM-x32\...\{EC0782E1-D80F-44A3-A181-C1170B279993}) (Version: 1.10.0 - SAS Institute Inc.)
LightCycler® 480 (HKLM-x32\...\{8F07FAB0-5BBA-43EF-979E-6E7C9E4F811E}) (Version:  - )
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.199.0 - Tracker Software Products Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PyMOL (32 bit) (HKLM-x32\...\{82B39CBA-144C-4D34-8C5D-31D2CAEC2AFB}) (Version: 1.3.0.0 - Schrodinger LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - )
S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
TeXstudio 2.3 (HKLM-x32\...\TeXstudio_is1) (Version: 2.3.0 - Benito van der Zander)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8800 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

15-07-2015 02:01:40 Geplanter Prüfpunkt
15-07-2015 09:19:34 Windows Update
16-07-2015 12:51:47 Malwarebytes Anti-Rootkit Restore Point
17-07-2015 10:05:03 Removed Microsoft Office Professional Plus 2010
19-07-2015 14:35:46 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-18 16:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00846688-578A-4C0A-AE99-5D14C940938B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {10887BC6-E781-49A7-98FF-BEF0C755CE7C} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {1D6F3F69-2F89-43B0-972C-0B5E5D67E643} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {2A779B3E-18FD-4712-9889-3EB6F4AC879B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {31AA077E-022D-4EA3-A3E0-6328BD527343} - System32\Tasks\{25D957C8-AEC6-4A74-B086-B787F8728C65} => pcalua.exe -a H:\kdewin-installer-gui-latest.exe -d "D:\Program Files (x86)\Mozilla\Mozilla Firefox"
Task: {51345CBF-0185-4BC0-87B6-48446F1497DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5B2B5D45-0733-4D72-ACC8-E499810B7414} - System32\Tasks\{50E44413-1BDA-4A7E-99B0-97E460C1A93E} => pcalua.exe -a "C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\UserCom.exe" -d "C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility"
Task: {5E6A2316-07D2-4066-9884-32E7A9AB3CA2} - System32\Tasks\{AF6A88AB-805C-4305-AB9C-15ED74714B97} => pcalua.exe -a "D:\Program Files (x86)\KDE\bin\kdewin-installer-gui-latest.exe" -d "D:\Program Files (x86)\KDE\bin\"
Task: {60D48E58-0DC0-4F16-9DD0-141ED81D2ECE} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2013-01-22] (Samsung Electronics CO., LTD.)
Task: {6F81CDC2-9D78-4923-94A9-86E0CC67AFC8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {86069D2A-9CE4-4797-A515-EE2772CD9BE2} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {91864A53-05B1-4BB5-9297-7B93F866F610} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {963B5E4D-AF87-440E-B673-4ECED6456731} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {9869F326-BE45-4631-BA04-B46ABBE3924B} - System32\Tasks\{D8A60C21-00B0-41DD-91A5-5DBA885EDCFF} => pcalua.exe -a "D:\Program Files (x86)\Bethesda Softworks\Fallout 3\Uninstall.exe" -d "D:\Program Files (x86)\Bethesda Softworks\Fallout 3"
Task: {9AB7678A-72A6-4AD4-AF5E-E2D2F0FE1ACF} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.)
Task: {9D5A6623-6113-4405-A407-F155F42ADC28} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A2188297-3350-4570-8EDB-FD393F33A572} - System32\Tasks\{CF1FE001-BA5E-4C95-8667-EC08B265AE08} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {A7D96676-7348-4E4D-8AE2-AA4922A1F19B} - System32\Tasks\{265170B0-997D-4167-81CD-89BA20CDB519} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {B43299F5-9E25-4F82-8EC7-394BFC0388E8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {C3323DC6-197A-425E-8893-9335360A550B} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {C6688C57-4A6A-42B8-884C-49CA7221B58C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {C6CCA375-5DC4-4671-A193-887F6CA2DC55} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {D42538A9-F0B7-48E8-8A57-0C81DF88B869} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DCF033BD-0AAC-454C-A7CA-E48E5554B689} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {E45E71DB-9CE3-40CA-BFAE-A83C078BF6BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {E8ED7480-14B9-4953-83C1-AD438BB81175} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {F9A4183F-8EB0-46C7-93B6-D69A56D62EE3} - System32\Tasks\{81D76A8C-6E9E-4624-8CE3-32E7D474BB08} => pcalua.exe -a D:\ACDFREE11\setup\SETUP.EXE -d D:\ACDFREE11\setup

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-27 01:18 - 2015-04-27 01:18 - 00104400 _____ () D:\Program Files\AVAST Software\Avast\log.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 00081728 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-19 11:31 - 2015-07-19 11:31 - 02956800 _____ () D:\Program Files\AVAST Software\Avast\defs\15071804\algo.dll
2015-07-19 14:20 - 2015-07-19 14:20 - 02956800 _____ () D:\Program Files\AVAST Software\Avast\defs\15071900\algo.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 40540672 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-10-31 17:05 - 2013-10-31 17:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exor4 for XDMS_R.lnk => C:\Windows\pss\Exor4 for XDMS_R.lnk.CommonStartup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Felix\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Felix\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "D:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C34A8DF3-9217-4A64-9068-A52F6FBE2453}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1CB44EF5-A38B-48BF-AF64-7F3BA9F5F2AD}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{713DBB41-1DCA-415D-AEDC-48C0618F03CB}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{35F5AE32-807B-4FF8-9851-7E46F84BBB72}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D80614D7-4A0E-4D32-830A-87635D43D536}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F3DC6820-2DC4-4340-9E3F-E44F20DB386A}] => (Allow) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{45D2F162-AA26-438C-988A-D9D852C859F0}] => (Allow) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EF7BABA5-8FBF-4783-97AC-4D90F2AF8925}C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B5CF0349-73EE-4B18-B37E-7C187799B061}C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A3FDEBCC-A47E-4E0E-AD5D-4A9434A8A486}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{CC2D6F8C-DA92-47F0-89DA-45B17FB0D86D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{FC0E53AB-1787-4D64-B46E-C1E742BC3E5B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{EAB17ABB-98CB-4144-A1CF-A3E49C121816}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [TCP Query User{48B5C764-6421-4DF2-82DC-A801C1D265B0}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{C97CA6E8-F37E-4537-8502-1728F362429B}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{6E8D02E3-A545-4C3E-9C73-ACD62B5A6DCC}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{14EC7B72-647E-4010-93BB-3662B8BD22F8}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{3D949E5E-65FB-4833-B444-86142D966029}] => (Allow) LPort=1542
FirewallRules: [{3C2CD8C3-6E03-42FD-992D-B30BD41446CF}] => (Allow) LPort=1542
FirewallRules: [{7B938F6B-0643-43C2-9EBC-29E360B82280}] => (Allow) LPort=53
FirewallRules: [TCP Query User{D914CD34-0741-45FC-8CD3-03A8F00B6825}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{CB356E18-2979-432E-851F-A84855E784E5}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{E69D975D-0FB6-4834-9801-7F3993E00DA8}D:\program files (x86)\guild wars 2\gw2.exe] => (Block) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{F1CDC5C4-AC41-4DAE-A263-00E55F9F51CA}D:\program files (x86)\guild wars 2\gw2.exe] => (Block) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{94CBF18A-5725-4E3A-A043-C59322623F36}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{0CCA5055-B765-4FC0-B25F-DAAC4116EE6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [TCP Query User{B323AF3A-9862-42CA-8147-53B36F97D4D8}C:\program files (x86)\samsung\easy file share\connectionmanager32.exe] => (Allow) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [UDP Query User{92C926F6-3192-440E-BA8E-F52669C01D66}C:\program files (x86)\samsung\easy file share\connectionmanager32.exe] => (Allow) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [{711BC575-3A05-4CE8-9A43-DE45E04FC344}] => (Block) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [{5F6D9819-8BEE-4F28-81E4-1DD78B271292}] => (Block) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [TCP Query User{54E97C33-328B-4075-9F02-AF989F86E26E}H:\games\cad\cod 4 lan\iw3mp.exe] => (Block) H:\games\cad\cod 4 lan\iw3mp.exe
FirewallRules: [UDP Query User{D447AC97-ACBA-4AD3-84E7-D953406B633C}H:\games\cad\cod 4 lan\iw3mp.exe] => (Block) H:\games\cad\cod 4 lan\iw3mp.exe
FirewallRules: [TCP Query User{ADC51B79-ACE8-4828-A435-C19047C1D653}D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe] => (Allow) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{ED4452F8-A16F-48BD-8AD2-D4868AF25C7A}D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe] => (Allow) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [{BB201351-2E51-4C2D-8B1C-6A8EE3ED4EBB}] => (Block) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [{935CD4CD-DC40-431F-8D87-3E57682C8E44}] => (Block) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{427164A0-B971-4D8B-8678-4D60551BC1F0}D:\program files\cod 4 lan\iw3mp.exe] => (Allow) D:\program files\cod 4 lan\iw3mp.exe
FirewallRules: [UDP Query User{1703707A-B822-402E-A1E7-9F3FDDAAAD77}D:\program files\cod 4 lan\iw3mp.exe] => (Allow) D:\program files\cod 4 lan\iw3mp.exe
FirewallRules: [TCP Query User{4F0FCFBB-E474-4636-BD68-0FA296E4623E}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF85A6AC-5C50-4B9B-90ED-6498ABFEDB4A}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{76E49650-6C5B-4585-A6B0-B3A1922C0864}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4B0951A8-451D-45FF-BB1D-D7D8433DEC7D}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [{58B8D1C4-57E3-4C0D-B879-02BD4D5EC564}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{7AFF7F8C-0B24-4ED4-95D1-633FF03DF261}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{D4092CD3-4DD9-4862-A9D0-0B68631328AE}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{73CE7FC4-C842-4206-A000-66C46251608E}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{8066EDAC-FA64-45E2-853A-F0F13496C260}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{1FEAF269-0E7F-4AC9-B544-08D48F78F6FE}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{3469FB40-1E1A-4142-9907-041095DE9BD4}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{AFB96924-C01A-489D-A21D-451C3CA3CFB4}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{477EB8CD-AA11-40EA-9262-18172431BD79}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{AD2D59CD-4FE2-4350-A0F1-E01034F27993}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{0A436D5D-9B09-4B5E-9D93-4D383401E26D}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{4CB32201-C09B-4BC7-957D-C64AEB321589}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{ECCFCB0B-8E4F-4F45-90E2-2112281D9E2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0E23AD27-8C26-4C3F-B442-8F2164F60BA2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9AB974E9-AAA9-4697-9A45-0BC5A3EFFB4C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F0154C5B-9A5F-4F1D-8701-68F36519C994}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{41770466-E5D9-4E32-8FE9-D3B340AFA220}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{36192D84-22CA-4BFD-B448-5AA5968C9D1E}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{245F9149-58DF-4532-8673-1597376A25D7}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{CD8BFC70-A341-41D0-A7D2-D0BC131C0778}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{EDB5D85D-B5AE-47E0-9C6D-18526FE4652B}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{6E9FB0D4-98D0-4B8F-A827-0AA740C8AF23}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{EB06049D-2C8C-4DAC-B996-1F1969A15D02}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{91DF83A0-682B-475F-870A-9733D5ED19EB}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{D83E509C-E8F8-4FA1-B70B-64F4F5559362}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{421CEE2A-FE12-4E50-A608-049C0264BB94}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{4875E736-65AB-4BFF-8692-587DDBAB1EA2}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{BCF7B8F7-D8A1-418B-B3FD-BF0B14094BB6}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{58ECE18C-443C-486F-AA7C-47B6751316F1}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{45EEFF88-25BC-4FE0-97ED-3A669872CB95}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [TCP Query User{DDCE6671-CD5E-458E-AE7A-1B0FD9A81D6F}D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe] => (Allow) D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe
FirewallRules: [UDP Query User{2E8E411B-409B-4CC2-964C-4B0A01E42EAA}D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe] => (Allow) D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe
FirewallRules: [{7D62D8CD-9BEF-48B0-B2CE-4C44F00930FC}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{7F6F2309-C285-4C03-9081-21463E2CA970}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [TCP Query User{8E6FD174-DDD4-44E7-AFA4-DDD3143E862B}D:\program files (x86)\roche\exor4\bin\exor4.exe] => (Allow) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [UDP Query User{112AD554-6776-4BB5-B438-5585A84BBB8B}D:\program files (x86)\roche\exor4\bin\exor4.exe] => (Allow) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [{1C5649DE-E0D5-461A-9F7B-186E0D414133}] => (Block) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [{2AF9D080-C712-4BAC-AEF9-D62D9864C236}] => (Block) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [TCP Query User{6B554A3B-86F7-4372-AC62-A9B16D73A9A3}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8C787D7F-704B-49DF-A37E-2C13BC80FA89}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3D642B63-70A2-4379-9248-A505A02F1DB6}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{455D7987-ACAA-40CA-93AB-FD578111E3FE}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [{7F33520E-63E8-4E51-8800-A87C54076591}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4F5E6C43-F542-4AA8-9192-9F42B1AD60BD}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2015 02:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0xa2c
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/19/2015 02:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0xa10
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/19/2015 12:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0xb84
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/19/2015 12:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0xb9c
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/18/2015 08:36:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: vlc.exe, Version: 2.1.5.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b864
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000001883d
ID des fehlerhaften Prozesses: 0x90c
Startzeit der fehlerhaften Anwendung: 0xvlc.exe0
Pfad der fehlerhaften Anwendung: vlc.exe1
Pfad des fehlerhaften Moduls: vlc.exe2
Berichtskennung: vlc.exe3

Error: (07/17/2015 05:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x91c
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/17/2015 05:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x904
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/17/2015 10:13:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x908
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/17/2015 10:13:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0x920
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3

Error: (07/17/2015 09:58:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RtlService.exe, Version: 700.1004.1207.2009, Zeitstempel: 0x4b1c9763
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18798, Zeitstempel: 0x5507b3e0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00040df3
ID des fehlerhaften Prozesses: 0xa88
Startzeit der fehlerhaften Anwendung: 0xRtlService.exe0
Pfad der fehlerhaften Anwendung: RtlService.exe1
Pfad des fehlerhaften Moduls: RtlService.exe2
Berichtskennung: RtlService.exe3


System errors:
=============
Error: (07/19/2015 02:36:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 02:36:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 02:36:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 02:36:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SW Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 02:36:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SamsungDeviceConfiguration" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 02:36:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "PST Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 02:36:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 02:36:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MTB2011 Server (2.1.0.8)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/19/2015 02:36:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Motorola Device Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/19/2015 02:36:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ExpressCache" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office:
=========================
Error: (07/19/2015 02:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df3a2c01d0c21d484c6c92C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll902518de-2e10-11e5-b6a9-e81132cb8454

Error: (07/19/2015 02:20:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df3a1001d0c21d483e2450C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll90253fee-2e10-11e5-b6a9-e81132cb8454

Error: (07/19/2015 12:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df3b8401d0c20e8bbb7234C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlld6a5cbab-2e01-11e5-9afe-e81132cb8454

Error: (07/19/2015 12:35:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df3b9c01d0c20e8bc034f5C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlld6a5a49b-2e01-11e5-9afe-e81132cb8454

Error: (07/18/2015 08:36:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: vlc.exe2.1.5.000000000ntdll.dll6.1.7601.187985507b864c0000005000000000001883d90c01d0c18897ada3deD:\Program Files\VideoLAN\VLC\vlc.exeC:\Windows\SYSTEM32\ntdll.dlldf6753f5-2d7b-11e5-a39e-e81132cb8454

Error: (07/17/2015 05:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df391c01d0c0a957b9db2dC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll97fead0a-2c9c-11e5-a39e-b035e11c2cce

Error: (07/17/2015 05:57:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df390401d0c0a957b2b70cC:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dll97fe85fa-2c9c-11e5-a39e-b035e11c2cce

Error: (07/17/2015 10:13:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df390801d0c068757027c6C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dllb845f56f-2c5b-11e5-966b-9b65d3bd61c3

Error: (07/17/2015 10:13:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df392001d0c06875e269d4C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dllb845ce5f-2c5b-11e5-966b-9b65d3bd61c3

Error: (07/17/2015 09:58:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: RtlService.exe700.1004.1207.20094b1c9763ntdll.dll6.1.7601.187985507b3e0c000000500040df3a8801d0c066595c8339C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exeC:\Windows\SysWOW64\ntdll.dlla9cf2f73-2c59-11e5-a447-e81132cb8454


CodeIntegrity Errors:
===================================
  Date: 2015-07-18 16:00:45.164
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-18 16:00:45.008
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-24 00:12:12.032
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-24 00:12:11.798
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-13 19:51:22.396
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-13 19:51:22.021
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 28%
Total physical RAM: 6057.55 MB
Available physical RAM: 4344.43 MB
Total Virtual: 12113.29 MB
Available Virtual: 10391.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:87 GB) (Free:30.95 GB) NTFS
Drive d: () (Fixed) (Total:587.9 GB) (Free:299.94 GB) NTFS
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 071697A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=587.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.6 GB) - (Type=27)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)

==================== End of log ============================

--- --- ---

schrauber · 20.07.2015, 07:37

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Felicibus · 21.07.2015, 08:53

Avast sagt mittlerweile nichts mehr, allerdings hat ESET noch 3 Dateien gefunden:

D:\Users\Felix\Documents\Installationsdateien\CCleaner Portable - CHIP-Downloader.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\Users\Felix\Documents\Installationsdateien\Texmaker - CHIP-Installer.exe Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung
D:\Users\Felix\Downloads\NewFileTime_CB-DL-Manager.exe Variante von Win32/DownloadGuide.H evtl. unerwünschte Anwendung

Hier die Logfiles:

ESET log.txt:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=875b3f8a4949be4bb040b6e18cadc7cc
# end=init
# utc_time=2015-07-20 05:35:43
# local_time=2015-07-20 07:35:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24890
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=875b3f8a4949be4bb040b6e18cadc7cc
# end=updated
# utc_time=2015-07-20 05:41:15
# local_time=2015-07-20 07:41:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=875b3f8a4949be4bb040b6e18cadc7cc
# engine=24890
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-20 07:11:20
# local_time=2015-07-20 09:11:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 299203 189049329 0 0
# scanned=118819
# found=0
# cleaned=0
# scan_time=5403
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=875b3f8a4949be4bb040b6e18cadc7cc
# end=init
# utc_time=2015-07-20 10:26:59
# local_time=2015-07-21 12:26:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 24896
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=875b3f8a4949be4bb040b6e18cadc7cc
# end=updated
# utc_time=2015-07-20 10:28:19
# local_time=2015-07-21 12:28:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=875b3f8a4949be4bb040b6e18cadc7cc
# engine=24896
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-07-21 02:43:19
# local_time=2015-07-21 04:43:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 326323 189076449 0 0
# scanned=357625
# found=3
# cleaned=0
# scan_time=15299
sh=ABA37AF1D1891C9720466C73A924823A9B00E7FF ft=1 fh=fd6a67222cbfd13e vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Users\Felix\Documents\Installationsdateien\CCleaner Portable - CHIP-Downloader.exe"
sh=F7E419F52317DC26B769DC4DBFC24A3692AAE5D1 ft=1 fh=737261b1224e8f57 vn="Variante von Win32/DownloadSponsor.C evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Users\Felix\Documents\Installationsdateien\Texmaker - CHIP-Installer.exe"
sh=1E8F214B88A6F475A3AAA7FF930B302C9E5D96AB ft=1 fh=4b1dfc010e2d0a03 vn="Variante von Win32/DownloadGuide.H evtl. unerwÃ¼nschte Anwendung" ac=I fn="D:\Users\Felix\Downloads\NewFileTime_CB-DL-Manager.exe"

Security Check checkup:

Code:

ATTFilter

 Results of screen317's Security Check version 1.004  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version 32-bit out of Date! 
 Adobe Flash Player 18.0.0.209  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Frisches FRST: FRST.text

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-07-2015
Ran by Felix (administrator) on FELIX-PC on 21-07-2015 09:55:58
Running from C:\Users\Felix\Desktop
Loaded Profiles: Felix (Available Profiles: Felix)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) D:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Carl Zeiss) C:\Program Files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Avast Software) D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) D:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Spotify Ltd) C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) D:\Program Files\AVAST Software\Avast\avastui.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => D:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Spotify Web Helper] => C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2030648 2015-07-13] (Spotify Ltd)
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Run: [Dropbox Update] => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-06-28]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012-05-23]
ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-06-26] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-27] (Avast Software s.r.o.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-27] (Avast Software s.r.o.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-04-08] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 134.2.200.1 134.2.200.2
Tcpip\..\Interfaces\{22BC01CC-A483-4BCD-8B21-E468E5275910}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ACA8EA50-5F74-40EB-9766-7D9CFA94FB3F}: [DhcpNameServer] 134.2.200.1 134.2.200.2

FireFox:
========
FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default
FF Homepage: hxxp://abo.spiegel.de/de/c/abo-service/spiegel-abo-agb
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((url.indexOf(\"proxmate=us\") != -1)) { return 'PROXY us08.sq.proxmate.me:8000; PROXY us13.sq.proxmate.me:8000; PROXY us03.sq.proxmate.me:8000; PROXY us14.sq.proxmate.me:8000; PROXY us05.sq.proxmate.me:8000; PROXY us07.sq.proxmate.me:8000; PROXY us02.sq.proxmate.me:8000; PROXY us01.sq.proxmate.me:8000; PROXY us09.sq.proxmate.me:8000; PROXY us06.sq.proxmate.me:8000; PROXY us11.sq.proxmate.me:8000; PROXY us10.sq.proxmate.me:8000; PROXY us12.sq.proxmate.me:8000' } else { return 'DIRECT'; }}"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\PDF-XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-09-27] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-27] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll [2012-07-05] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-13] (DivX, LLC)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\PDF-XChange Viewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-09-27] (Tracker Software Products Ltd.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @talk.google.com/O1DPlugin -> C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2371084783-2400266815-74821208-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Plugin ProgramFiles/Appdata: C:\Users\Felix\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Felix\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\searchplugins\downloadhelper-adult-videos.xml [2014-05-27]
FF SearchPlugin: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\searchplugins\ixquick-https.xml [2015-07-19]
FF Extension: FoxyProxy Standard - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: Ghostery - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\firefox@ghostery.com.xpi [2014-11-16]
FF Extension: ProxMate - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-11-16]
FF Extension: LeechBlock - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2014-11-16]
FF Extension: Video DownloadHelper - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Adblock Plus - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-06-09]
FF Extension: DownThemAll! - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-11-16]
FF Extension: Adblock Edge - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\7ttl5b9c.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - D:\Program Files\AVAST Software\Avast\WebRep\FF [2011-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; D:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-04-27] (Avast Software)
S3 CZCanSrv; C:\Program Files (x86)\Common Files\Carl Zeiss\CZCanSrv.exe [258048 2012-09-26] (Carl Zeiss MicroImaging GmbH) [File not signed]
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [77904 2011-05-26] (Diskeeper Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 MTBService_2.1.0.8; C:\Program Files\Carl Zeiss\MTB 2011 - 2.1.0.8\MTB Server Console\MTBService.exe [20480 2013-02-15] (Carl Zeiss) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-09-01] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S2 Realtek87B; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
S2 RtlService; C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-27] ()
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [76368 2011-05-26] (Diskeeper Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
R2 VBoxAswDrv; D:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-04-27] (Avast Software)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 SBIOSIO; \??\C:\Users\Felix\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 09:55 - 2015-07-21 09:55 - 00000000 ____D C:\Users\Felix\Desktop\FRST-OlderVersion
2015-07-21 09:50 - 2015-07-21 09:50 - 00000867 _____ C:\Users\Felix\Desktop\checkup.txt
2015-07-21 09:45 - 2015-07-21 09:45 - 00852662 _____ C:\Users\Felix\Desktop\SecurityCheck.exe
2015-07-21 08:44 - 2015-07-21 08:44 - 00000834 _____ C:\Users\Felix\Desktop\Eset_findings.txt
2015-07-20 19:32 - 2015-07-20 19:32 - 02870984 _____ (ESET) C:\Users\Felix\Desktop\esetsmartinstaller_deu.exe
2015-07-19 14:54 - 2015-07-21 09:55 - 02135552 _____ (Farbar) C:\Users\Felix\Desktop\FRST64.exe
2015-07-19 14:42 - 2015-07-19 14:42 - 00001210 _____ C:\Users\Felix\Desktop\JRT.txt
2015-07-19 14:34 - 2015-07-19 14:34 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Felix\Desktop\JRT.exe
2015-07-19 14:33 - 2015-07-19 14:33 - 00001469 _____ C:\Users\Felix\Desktop\AdwCleaner[S0].txt
2015-07-19 14:02 - 2015-07-19 14:19 - 00000000 ____D C:\AdwCleaner
2015-07-19 14:01 - 2015-07-19 14:01 - 02248704 _____ C:\Users\Felix\Desktop\AdwCleaner_4.208.exe
2015-07-19 13:57 - 2015-07-19 13:56 - 00001331 _____ C:\Users\Felix\Desktop\mbam.txt
2015-07-19 13:55 - 2015-07-19 13:56 - 00001331 _____ C:\mbam.txt
2015-07-19 12:51 - 2015-07-19 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-19 12:51 - 2015-07-19 12:54 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-07-19 12:51 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-19 12:51 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-19 11:44 - 2015-07-19 11:45 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Felix\Desktop\mbam-setup-2.1.6.1022.exe
2015-07-18 16:40 - 2015-07-18 16:40 - 00027241 _____ C:\ComboFix.txt
2015-07-18 15:48 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-18 15:48 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-18 15:48 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-18 15:48 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-18 15:47 - 2015-07-18 16:41 - 00000000 ____D C:\Qoobox
2015-07-18 15:47 - 2015-07-18 16:34 - 00000000 ____D C:\Windows\erdnt
2015-07-18 15:20 - 2015-07-18 15:20 - 05633411 ____R (Swearware) C:\Users\Felix\Desktop\ComboFix.exe
2015-07-16 13:32 - 2015-07-16 13:32 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Felix\Desktop\tdsskiller.exe
2015-07-16 13:30 - 2015-07-16 13:30 - 00067907 _____ C:\Users\Felix\Desktop\TDSSKiller  Google Umleitungen, TDSS, TDL3, Alureon rootkit entfernen.htm
2015-07-16 13:30 - 2015-07-16 13:30 - 00000000 ____D C:\Users\Felix\Desktop\TDSSKiller  Google Umleitungen, TDSS, TDL3, Alureon rootkit entfernen-Dateien
2015-07-16 12:24 - 2015-07-19 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-16 12:23 - 2015-07-19 12:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-16 12:23 - 2015-07-17 09:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-16 11:33 - 2015-07-16 13:29 - 00000000 ____D C:\Users\Felix\Desktop\mbar
2015-07-16 11:33 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-16 11:31 - 2015-07-16 11:31 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Felix\Desktop\mbar-1.09.1.1004.exe
2015-07-16 10:01 - 2015-07-19 14:19 - 00002534 _____ C:\Windows\PFRO.log
2015-07-16 01:22 - 2015-07-16 01:22 - 00011078 _____ C:\Users\Felix\Desktop\Gmer.txt
2015-07-16 01:09 - 2015-07-16 01:09 - 00059484 _____ C:\Users\Felix\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten.htm
2015-07-16 01:09 - 2015-07-16 01:09 - 00000000 ____D C:\Users\Felix\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten-Dateien
2015-07-16 01:06 - 2015-07-16 01:06 - 00380416 _____ C:\Users\Felix\Desktop\Gmer-19357.exe
2015-07-16 01:03 - 2015-07-19 14:57 - 00055851 _____ C:\Users\Felix\Desktop\Addition.txt
2015-07-16 01:02 - 2015-07-21 09:56 - 00000000 ____D C:\FRST
2015-07-16 01:02 - 2015-07-21 09:55 - 00018981 _____ C:\Users\Felix\Desktop\FRST.txt
2015-07-16 00:59 - 2015-07-16 00:59 - 00000472 _____ C:\Users\Felix\Desktop\defogger_disable.log
2015-07-16 00:59 - 2015-07-16 00:59 - 00000000 _____ C:\Users\Felix\defogger_reenable
2015-07-16 00:58 - 2015-07-16 00:58 - 00050477 _____ C:\Users\Felix\Desktop\Defogger.exe
2015-07-16 00:19 - 2015-07-16 00:20 - 29296256 _____ (EaseUS ) C:\Windows\SysWOW64\epm.exe
2015-07-15 07:45 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 07:45 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 07:45 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 07:45 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 07:45 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 07:45 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 07:45 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 07:45 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 07:45 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 07:45 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 07:45 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 07:45 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 07:45 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 07:45 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 07:45 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 07:45 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 07:45 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 07:45 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 07:45 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 07:45 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 07:45 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 07:45 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 07:45 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 07:45 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 07:45 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 07:45 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 07:45 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 07:45 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 07:45 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 07:45 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 07:45 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 07:45 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 07:45 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 07:45 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 07:45 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 07:45 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 07:45 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 07:45 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 07:45 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 07:45 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 07:45 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 07:45 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 07:45 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 07:45 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 07:45 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 07:45 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 07:45 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 07:45 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 07:45 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 07:45 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 07:45 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 07:45 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 07:45 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 07:45 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 07:45 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 07:45 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 07:45 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 07:45 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 07:45 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 07:45 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 07:45 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 07:45 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 07:45 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 07:45 - 2015-06-09 20:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 07:45 - 2015-06-09 20:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 07:45 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 07:45 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 07:44 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 07:44 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-15 07:44 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-15 07:44 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-15 07:44 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-15 07:44 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-15 07:44 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 07:44 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 07:44 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 07:44 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 07:44 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 07:44 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 07:44 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 07:44 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 07:44 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 07:44 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 07:44 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 07:44 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 07:44 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 07:44 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 07:44 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 07:44 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 07:44 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 07:44 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 07:44 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 07:44 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 07:44 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 07:44 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 07:44 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 07:44 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 07:44 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 07:44 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 07:44 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 07:44 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 07:44 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 07:44 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-15 07:44 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 07:44 - 2015-06-11 19:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 07:44 - 2015-06-11 15:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-14 09:35 - 2015-07-14 09:35 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-07-04 15:08 - 2015-07-20 19:21 - 00002240 _____ C:\Windows\setupact.log
2015-07-04 15:08 - 2015-07-04 15:08 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-21 09:43 - 2011-10-24 17:30 - 01503522 _____ C:\Windows\WindowsUpdate.log
2015-07-21 09:42 - 2015-06-18 09:29 - 00001224 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
2015-07-20 22:01 - 2013-04-21 02:23 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{0721377F-5ED3-4460-B868-74C39FF481FC}
2015-07-20 21:22 - 2014-05-18 14:50 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
2015-07-20 20:40 - 2015-06-18 09:29 - 00001172 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job
2015-07-20 19:31 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-20 19:31 - 2009-07-14 06:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-20 19:24 - 2011-12-29 12:40 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox
2015-07-20 19:21 - 2014-03-25 14:33 - 00000000 ____D C:\Temp
2015-07-20 19:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-19 23:30 - 2009-07-14 19:58 - 00699666 _____ C:\Windows\system32\perfh007.dat
2015-07-19 23:30 - 2009-07-14 19:58 - 00149774 _____ C:\Windows\system32\perfc007.dat
2015-07-19 23:30 - 2009-07-14 07:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-18 20:36 - 2014-08-18 01:34 - 00000000 ____D C:\Users\Felix\AppData\Roaming\vlc
2015-07-18 20:35 - 2015-06-18 09:29 - 00004194 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA
2015-07-18 20:35 - 2015-06-18 09:29 - 00003798 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core
2015-07-18 16:41 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2015-07-18 16:12 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-07-18 16:02 - 2011-10-24 19:15 - 00000000 ____D C:\Users\Felix
2015-07-18 15:19 - 2012-07-08 18:21 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-17 10:16 - 2011-10-24 19:18 - 00108424 _____ C:\Users\Felix\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-17 10:13 - 2009-07-14 06:45 - 00418424 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-17 10:11 - 2011-12-27 22:38 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-17 10:10 - 2011-12-27 22:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2015-07-17 10:09 - 2009-07-14 20:18 - 00000000 ____D C:\Windows\ShellNew
2015-07-17 10:09 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-07-17 10:07 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-17 10:07 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2015-07-16 16:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 14:31 - 2014-03-01 20:17 - 00000117 _____ C:\Users\Felix\Desktop\tex.txt
2015-07-16 00:25 - 2014-02-25 21:35 - 00000000 ____D C:\Users\Felix\AppData\Local\Spotify
2015-07-15 23:03 - 2014-10-29 22:04 - 00000000 ____D C:\Users\Felix\AppData\Local\Adobe
2015-07-15 23:03 - 2012-07-13 00:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 23:03 - 2011-10-24 20:34 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 22:55 - 2014-02-25 21:34 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Spotify
2015-07-15 21:17 - 2014-05-18 14:50 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA
2015-07-15 21:17 - 2014-05-18 14:50 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core
2015-07-15 21:17 - 2014-05-18 14:50 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job
2015-07-15 09:25 - 2013-07-12 15:49 - 00000000 ____D C:\Windows\system32\MRT
2015-07-14 17:37 - 2015-02-12 11:18 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-14 17:36 - 2015-02-13 12:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-11 18:18 - 2015-01-07 23:20 - 00000000 ____D C:\Users\Felix\Desktop\Medizinbewerbung_SS15
2015-07-07 11:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-07-04 17:38 - 2014-05-11 00:30 - 00653824 ___SH C:\Users\Felix\Thumbs.db
2015-07-03 08:43 - 2011-12-27 21:56 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-27 22:13 - 2011-12-29 16:08 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-23 13:30 - 2011-10-24 20:35 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2015-01-24 15:46 - 2015-01-24 15:46 - 0000907 _____ () C:\Users\Felix\AppData\Local\recently-used.xbel
2012-10-11 09:34 - 2012-10-11 09:34 - 0007606 _____ () C:\Users\Felix\AppData\Local\Resmon.ResmonCfg
2012-07-21 16:55 - 2012-07-21 16:55 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

Some files in TEMP:
====================
C:\Users\Felix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0bbdmw.dll
C:\Users\Felix\AppData\Local\Temp\Quarantine.exe
C:\Users\Felix\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-13 23:14

==================== End of log ============================

--- --- ---

FRST Addition.txt
[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Felix at 2015-07-21 09:57:15
Running from C:\Users\Felix\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2371084783-2400266815-74821208-500 - Administrator - Disabled)
Felix (S-1-5-21-2371084783-2400266815-74821208-1000 - Administrator - Enabled) => C:\Users\Felix
Gast (S-1-5-21-2371084783-2400266815-74821208-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2371084783-2400266815-74821208-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACD/Labs Software in D:\Program Files (x86)\ACDFREE11\ (HKLM-x32\...\ACDLabs in D__Program_Files_(x86)_ACDFREE11_) (Version: v11.00, FREE - ACD/Labs)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{7A1A59F3-66FE-96DC-C300-B8F4A6103D3A}) (Version: 3.0.868.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations 1.03 (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
calibre 64bit (HKLM\...\{F914E24C-BFF9-4D72-9775-60126B4BC51E}) (Version: 2.15.0 - Kovid Goyal)
Carl Zeiss AxioVision SE64 Rel. 4.9.1 (HKLM\...\{F927FC22-CD4E-477D-80BA-D63F5F75ED64}) (Version: 4.9.1.1 - Carl Zeiss Microscopy GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
Dropbox (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Dropbox) (Version: 3.6.8 - Dropbox, Inc.)
Easy File Share (HKLM-x32\...\{12F81925-F3C1-40DB-91F7-777817974319}) (Version: 1.3.1 - Samsung Electronics CO., LTD.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.32 - Samsung Electronics CO., LTD.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 10.7.16.1_WHQL (HKLM\...\Elantech) (Version: 10.7.16.1 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{77EDCFE0-4431-40B1-93AD-BF1F4C55D131}) (Version: 1.0.46 - Diskeeper Corporation)
eXtra Buttons (HKLM-x32\...\eXtra Buttons) (Version:  - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GUILD WARS (HKLM-x32\...\Guild Wars) (Version:  - )
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät (HKLM\...\{8F4884F1-488D-4738-8F71-65A378BB484C}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710a-f Hilfe (HKLM-x32\...\{037CD593-D760-4A00-B030-7BBAFA1123FE}) (Version: 140.0.2.2 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3086 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
JMP 10 (HKLM-x32\...\{188BB63B-35C8-47EE-AEBF-5EA826CAA74D}) (Version: 10.0 - SAS Institute Inc.)
JMP Profiler Core (HKLM-x32\...\{38A15D11-05F8-4ECE-AC47-A85DC6FFA197}) (Version: 1.10.0 - SAS Institute Inc.)
JMP Profiler GUI (HKLM-x32\...\{EC0782E1-D80F-44A3-A181-C1170B279993}) (Version: 1.10.0 - SAS Institute Inc.)
LightCycler® 480 (HKLM-x32\...\{8F07FAB0-5BBA-43EF-979E-6E7C9E4F811E}) (Version:  - )
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{FD052FB9-FE90-4438-B355-15EDC89D8FB1}) (Version: 2.0.673.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
Mozilla Firefox 39.0 (x86 de) (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Mozilla Firefox 39.0 (x86 de)) (Version: 39.0 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin 2015 (HKLM-x32\...\{919C759D-DA8F-4B02-A9F1-75CE8B31CBDB}) (Version: 9.20.00 - OriginLab Corporation)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
OriginPro 8 (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLab Corporation)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.199.0 - Tracker Software Products Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
PyMOL (32 bit) (HKLM-x32\...\{82B39CBA-144C-4D34-8C5D-31D2CAEC2AFB}) (Version: 1.3.0.0 - Schrodinger LLC)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6428 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{0DF70CB6-553A-4C57-8E6D-87635EECFB78}) (Version: 1.00.0145 - )
S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.6.0.2 - Samsung Electronics CO., LTD.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.6.0 - Samsung Electronics Co., Ltd.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung)
Spotify (HKU\S-1-5-21-2371084783-2400266815-74821208-1000\...\Spotify) (Version: 1.0.8.59.gee82e7e6 - Spotify AB)
SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
Texmaker (HKLM-x32\...\Texmaker) (Version:  - )
TeXstudio 2.3 (HKLM-x32\...\TeXstudio_is1) (Version: 2.3.0 - Benito van der Zander)
The Witcher 2 (HKLM-x32\...\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}) (Version: 1.00.0000 - CD Projekt Red)
Uplay (HKLM-x32\...\Uplay) (Version: 4.7 - Ubisoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.2 - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8800 - Broadcom Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Felix\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2371084783-2400266815-74821208-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\DropboxExt64.26.dll (Dropbox, Inc.)

==================== Restore Points =========================

15-07-2015 02:01:40 Geplanter Prüfpunkt
15-07-2015 09:19:34 Windows Update
16-07-2015 12:51:47 Malwarebytes Anti-Rootkit Restore Point
17-07-2015 10:05:03 Removed Microsoft Office Professional Plus 2010
19-07-2015 14:35:46 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-07-18 16:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00846688-578A-4C0A-AE99-5D14C940938B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {10887BC6-E781-49A7-98FF-BEF0C755CE7C} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2012-10-30] (SEC)
Task: {1D6F3F69-2F89-43B0-972C-0B5E5D67E643} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {2A779B3E-18FD-4712-9889-3EB6F4AC879B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {31AA077E-022D-4EA3-A3E0-6328BD527343} - System32\Tasks\{25D957C8-AEC6-4A74-B086-B787F8728C65} => pcalua.exe -a H:\kdewin-installer-gui-latest.exe -d "D:\Program Files (x86)\Mozilla\Mozilla Firefox"
Task: {51345CBF-0185-4BC0-87B6-48446F1497DE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {5B2B5D45-0733-4D72-ACC8-E499810B7414} - System32\Tasks\{50E44413-1BDA-4A7E-99B0-97E460C1A93E} => pcalua.exe -a "C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\UserCom.exe" -d "C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility"
Task: {5E6A2316-07D2-4066-9884-32E7A9AB3CA2} - System32\Tasks\{AF6A88AB-805C-4305-AB9C-15ED74714B97} => pcalua.exe -a "D:\Program Files (x86)\KDE\bin\kdewin-installer-gui-latest.exe" -d "D:\Program Files (x86)\KDE\bin\"
Task: {60D48E58-0DC0-4F16-9DD0-141ED81D2ECE} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2013-01-22] (Samsung Electronics CO., LTD.)
Task: {6F81CDC2-9D78-4923-94A9-86E0CC67AFC8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-30] (Samsung Electronics Co., Ltd.)
Task: {86069D2A-9CE4-4797-A515-EE2772CD9BE2} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {91864A53-05B1-4BB5-9297-7B93F866F610} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {963B5E4D-AF87-440E-B673-4ECED6456731} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {9869F326-BE45-4631-BA04-B46ABBE3924B} - System32\Tasks\{D8A60C21-00B0-41DD-91A5-5DBA885EDCFF} => pcalua.exe -a "D:\Program Files (x86)\Bethesda Softworks\Fallout 3\Uninstall.exe" -d "D:\Program Files (x86)\Bethesda Softworks\Fallout 3"
Task: {9AB7678A-72A6-4AD4-AF5E-E2D2F0FE1ACF} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.)
Task: {9D5A6623-6113-4405-A407-F155F42ADC28} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A2188297-3350-4570-8EDB-FD393F33A572} - System32\Tasks\{CF1FE001-BA5E-4C95-8667-EC08B265AE08} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {A7D96676-7348-4E4D-8AE2-AA4922A1F19B} - System32\Tasks\{265170B0-997D-4167-81CD-89BA20CDB519} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {B43299F5-9E25-4F82-8EC7-394BFC0388E8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.)
Task: {C3323DC6-197A-425E-8893-9335360A550B} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {C6688C57-4A6A-42B8-884C-49CA7221B58C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {C6CCA375-5DC4-4671-A193-887F6CA2DC55} - System32\Tasks\avast! Emergency Update => D:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {D42538A9-F0B7-48E8-8A57-0C81DF88B869} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {DCF033BD-0AAC-454C-A7CA-E48E5554B689} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {E45E71DB-9CE3-40CA-BFAE-A83C078BF6BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {E8ED7480-14B9-4953-83C1-AD438BB81175} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2014-05-18] (Google Inc.)
Task: {F9A4183F-8EB0-46C7-93B6-D69A56D62EE3} - System32\Tasks\{81D76A8C-6E9E-4624-8CE3-32E7D474BB08} => pcalua.exe -a D:\ACDFREE11\setup\SETUP.EXE -d D:\ACDFREE11\setup

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job => C:\Users\Felix\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000Core.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371084783-2400266815-74821208-1000UA.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-24 02:59 - 2014-09-01 20:03 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-13 20:06 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2011-01-27 16:28 - 2011-01-27 16:28 - 00706048 _____ () C:\Windows\system32\SnMinDrv.dll
2011-04-05 08:18 - 2011-04-05 08:18 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2012-03-30 16:43 - 2012-03-30 16:43 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-04-18 06:38 - 2012-04-18 06:38 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 00104400 _____ () D:\Program Files\AVAST Software\Avast\log.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 00081728 _____ () D:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-20 18:00 - 2015-07-20 18:00 - 02956800 _____ () D:\Program Files\AVAST Software\Avast\defs\15072000\algo.dll
2015-07-21 09:48 - 2015-07-21 09:48 - 02957312 _____ () D:\Program Files\AVAST Software\Avast\defs\15072100\algo.dll
2013-10-31 17:05 - 2013-10-31 17:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-07-13 20:06 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2012-07-13 20:06 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2015-04-27 01:18 - 2015-04-27 01:18 - 40540672 _____ () D:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-12 14:33 - 2011-09-08 20:40 - 01645056 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2371084783-2400266815-74821208-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 134.2.200.1 - 134.2.200.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Exor4 for XDMS_R.lnk => C:\Windows\pss\Exor4 for XDMS_R.lnk.CommonStartup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Google Update => "C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\Felix\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
MSCONFIG\startupreg: Spotify => "C:\Users\Felix\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Felix\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "D:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C34A8DF3-9217-4A64-9068-A52F6FBE2453}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1CB44EF5-A38B-48BF-AF64-7F3BA9F5F2AD}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{713DBB41-1DCA-415D-AEDC-48C0618F03CB}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe
FirewallRules: [{35F5AE32-807B-4FF8-9851-7E46F84BBB72}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D80614D7-4A0E-4D32-830A-87635D43D536}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe
FirewallRules: [{F3DC6820-2DC4-4340-9E3F-E44F20DB386A}] => (Allow) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{45D2F162-AA26-438C-988A-D9D852C859F0}] => (Allow) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{EF7BABA5-8FBF-4783-97AC-4D90F2AF8925}C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{B5CF0349-73EE-4B18-B37E-7C187799B061}C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\felix\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{A3FDEBCC-A47E-4E0E-AD5D-4A9434A8A486}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{CC2D6F8C-DA92-47F0-89DA-45B17FB0D86D}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{FC0E53AB-1787-4D64-B46E-C1E742BC3E5B}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{EAB17ABB-98CB-4144-A1CF-A3E49C121816}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [TCP Query User{48B5C764-6421-4DF2-82DC-A801C1D265B0}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{C97CA6E8-F37E-4537-8502-1728F362429B}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Allow) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{6E8D02E3-A545-4C3E-9C73-ACD62B5A6DCC}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{14EC7B72-647E-4010-93BB-3662B8BD22F8}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => (Block) D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{3D949E5E-65FB-4833-B444-86142D966029}] => (Allow) LPort=1542
FirewallRules: [{3C2CD8C3-6E03-42FD-992D-B30BD41446CF}] => (Allow) LPort=1542
FirewallRules: [{7B938F6B-0643-43C2-9EBC-29E360B82280}] => (Allow) LPort=53
FirewallRules: [TCP Query User{D914CD34-0741-45FC-8CD3-03A8F00B6825}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{CB356E18-2979-432E-851F-A84855E784E5}D:\program files (x86)\guild wars 2\gw2.exe] => (Allow) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{E69D975D-0FB6-4834-9801-7F3993E00DA8}D:\program files (x86)\guild wars 2\gw2.exe] => (Block) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{F1CDC5C4-AC41-4DAE-A263-00E55F9F51CA}D:\program files (x86)\guild wars 2\gw2.exe] => (Block) D:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{94CBF18A-5725-4E3A-A043-C59322623F36}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [{0CCA5055-B765-4FC0-B25F-DAAC4116EE6D}] => (Allow) C:\Program Files (x86)\Samsung\Easy File Share\EasyFileShare.EXE
FirewallRules: [TCP Query User{B323AF3A-9862-42CA-8147-53B36F97D4D8}C:\program files (x86)\samsung\easy file share\connectionmanager32.exe] => (Allow) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [UDP Query User{92C926F6-3192-440E-BA8E-F52669C01D66}C:\program files (x86)\samsung\easy file share\connectionmanager32.exe] => (Allow) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [{711BC575-3A05-4CE8-9A43-DE45E04FC344}] => (Block) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [{5F6D9819-8BEE-4F28-81E4-1DD78B271292}] => (Block) C:\program files (x86)\samsung\easy file share\connectionmanager32.exe
FirewallRules: [TCP Query User{54E97C33-328B-4075-9F02-AF989F86E26E}H:\games\cad\cod 4 lan\iw3mp.exe] => (Block) H:\games\cad\cod 4 lan\iw3mp.exe
FirewallRules: [UDP Query User{D447AC97-ACBA-4AD3-84E7-D953406B633C}H:\games\cad\cod 4 lan\iw3mp.exe] => (Block) H:\games\cad\cod 4 lan\iw3mp.exe
FirewallRules: [TCP Query User{ADC51B79-ACE8-4828-A435-C19047C1D653}D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe] => (Allow) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [UDP Query User{ED4452F8-A16F-48BD-8AD2-D4868AF25C7A}D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe] => (Allow) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [{BB201351-2E51-4C2D-8B1C-6A8EE3ED4EBB}] => (Block) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [{935CD4CD-DC40-431F-8D87-3E57682C8E44}] => (Block) D:\program files\call of duty 4 - modern warfare\cod 4\iw3mp.exe
FirewallRules: [TCP Query User{427164A0-B971-4D8B-8678-4D60551BC1F0}D:\program files\cod 4 lan\iw3mp.exe] => (Allow) D:\program files\cod 4 lan\iw3mp.exe
FirewallRules: [UDP Query User{1703707A-B822-402E-A1E7-9F3FDDAAAD77}D:\program files\cod 4 lan\iw3mp.exe] => (Allow) D:\program files\cod 4 lan\iw3mp.exe
FirewallRules: [TCP Query User{4F0FCFBB-E474-4636-BD68-0FA296E4623E}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FF85A6AC-5C50-4B9B-90ED-6498ABFEDB4A}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{76E49650-6C5B-4585-A6B0-B3A1922C0864}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4B0951A8-451D-45FF-BB1D-D7D8433DEC7D}C:\users\felix\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\felix\appdata\roaming\spotify\spotify.exe
FirewallRules: [{58B8D1C4-57E3-4C0D-B879-02BD4D5EC564}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{7AFF7F8C-0B24-4ED4-95D1-633FF03DF261}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe
FirewallRules: [{D4092CD3-4DD9-4862-A9D0-0B68631328AE}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{73CE7FC4-C842-4206-A000-66C46251608E}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe
FirewallRules: [{8066EDAC-FA64-45E2-853A-F0F13496C260}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{1FEAF269-0E7F-4AC9-B544-08D48F78F6FE}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe
FirewallRules: [{3469FB40-1E1A-4142-9907-041095DE9BD4}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{AFB96924-C01A-489D-A21D-451C3CA3CFB4}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{477EB8CD-AA11-40EA-9262-18172431BD79}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{AD2D59CD-4FE2-4350-A0F1-E01034F27993}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{0A436D5D-9B09-4B5E-9D93-4D383401E26D}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{4CB32201-C09B-4BC7-957D-C64AEB321589}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{ECCFCB0B-8E4F-4F45-90E2-2112281D9E2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{0E23AD27-8C26-4C3F-B442-8F2164F60BA2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9AB974E9-AAA9-4697-9A45-0BC5A3EFFB4C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F0154C5B-9A5F-4F1D-8701-68F36519C994}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{41770466-E5D9-4E32-8FE9-D3B340AFA220}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{36192D84-22CA-4BFD-B448-5AA5968C9D1E}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe
FirewallRules: [{245F9149-58DF-4532-8673-1597376A25D7}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{CD8BFC70-A341-41D0-A7D2-D0BC131C0778}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe
FirewallRules: [{EDB5D85D-B5AE-47E0-9C6D-18526FE4652B}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{6E9FB0D4-98D0-4B8F-A827-0AA740C8AF23}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe
FirewallRules: [{EB06049D-2C8C-4DAC-B996-1F1969A15D02}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{91DF83A0-682B-475F-870A-9733D5ED19EB}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe
FirewallRules: [{D83E509C-E8F8-4FA1-B70B-64F4F5559362}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{421CEE2A-FE12-4E50-A608-049C0264BB94}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe
FirewallRules: [{4875E736-65AB-4BFF-8692-587DDBAB1EA2}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{BCF7B8F7-D8A1-418B-B3FD-BF0B14094BB6}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe
FirewallRules: [{58ECE18C-443C-486F-AA7C-47B6751316F1}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [{45EEFF88-25BC-4FE0-97ED-3A669872CB95}] => (Allow) D:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe
FirewallRules: [TCP Query User{DDCE6671-CD5E-458E-AE7A-1B0FD9A81D6F}D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe] => (Allow) D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe
FirewallRules: [UDP Query User{2E8E411B-409B-4CC2-964C-4B0A01E42EAA}D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe] => (Allow) D:\program files\imagej\fiji-win64-20140602\fiji.app\imagej-win64.exe
FirewallRules: [{7D62D8CD-9BEF-48B0-B2CE-4C44F00930FC}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [{7F6F2309-C285-4C03-9081-21463E2CA970}] => (Allow) C:\Windows\System32\hasplms.exe
FirewallRules: [TCP Query User{8E6FD174-DDD4-44E7-AFA4-DDD3143E862B}D:\program files (x86)\roche\exor4\bin\exor4.exe] => (Allow) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [UDP Query User{112AD554-6776-4BB5-B438-5585A84BBB8B}D:\program files (x86)\roche\exor4\bin\exor4.exe] => (Allow) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [{1C5649DE-E0D5-461A-9F7B-186E0D414133}] => (Block) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [{2AF9D080-C712-4BAC-AEF9-D62D9864C236}] => (Block) D:\program files (x86)\roche\exor4\bin\exor4.exe
FirewallRules: [TCP Query User{6B554A3B-86F7-4372-AC62-A9B16D73A9A3}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8C787D7F-704B-49DF-A37E-2C13BC80FA89}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{3D642B63-70A2-4379-9248-A505A02F1DB6}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{455D7987-ACAA-40CA-93AB-FD578111E3FE}D:\program files (x86)\mozilla\mozilla firefox\firefox.exe] => (Block) D:\program files (x86)\mozilla\mozilla firefox\firefox.exe
FirewallRules: [{7F33520E-63E8-4E51-8800-A87C54076591}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{4F5E6C43-F542-4AA8-9192-9F42B1AD60BD}] => (Allow) D:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2015 08:45:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2015 05:23:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2015 05:22:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "AceDAO,language="*",processorArchitecture="X86",type="win32",version="14.0.0.0"1".
Die abhängige Assemblierung "AceDAO,language="*",processorArchitecture="X86",type="win32",version="14.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2015 12:26:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2015 12:26:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/21/2015 12:26:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/20/2015 07:35:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/20/2015 07:35:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/20/2015 07:35:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (07/20/2015 07:32:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.


System errors:
=============
Error: (07/21/2015 02:18:30 AM) (Source: iaStor) (EventID: 9) (User: )
Description: Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet.

Error: (07/21/2015 12:28:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/21/2015 12:28:12 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Felix\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/21/2015 12:28:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/21/2015 12:28:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Felix\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/21/2015 12:28:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/21/2015 12:28:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Felix\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/21/2015 12:27:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (07/21/2015 12:27:28 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Felix\AppData\Local\Temp\ehdrv.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (07/21/2015 12:27:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275


Microsoft Office:
=========================
Error: (07/21/2015 08:45:17 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/21/2015 05:23:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/21/2015 05:22:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: AceDAO,language="*",processorArchitecture="X86",type="win32",version="14.0.0.0"D:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE.Manifest

Error: (07/21/2015 12:26:46 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Felix\Desktop\esetsmartinstaller_deu.exe

Error: (07/21/2015 12:26:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Felix\Desktop\esetsmartinstaller_deu.exe

Error: (07/21/2015 12:26:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Felix\Desktop\esetsmartinstaller_deu.exe

Error: (07/20/2015 07:35:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Felix\Desktop\esetsmartinstaller_deu.exe

Error: (07/20/2015 07:35:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Felix\Desktop\esetsmartinstaller_deu.exe

Error: (07/20/2015 07:35:18 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Felix\Desktop\esetsmartinstaller_deu.exe

Error: (07/20/2015 07:32:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Felix\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2015-07-18 16:00:45.164
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-07-18 16:00:45.008
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-24 00:12:12.032
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-08-24 00:12:11.798
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-13 19:51:22.396
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2012-07-13 19:51:22.021
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\igdpmd64.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 6057.55 MB
Available physical RAM: 3607.15 MB
Total Virtual: 12113.29 MB
Available Virtual: 9502.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:87 GB) (Free:27.21 GB) NTFS
Drive d: () (Fixed) (Total:587.9 GB) (Free:299.72 GB) NTFS
Drive f: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 071697A3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=587.9 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=23.6 GB) - (Type=27)

========================================================
Disk: 1 (Size: 7.5 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=73)

==================== End of log ============================

--- --- ---

schrauber · 21.07.2015, 17:27

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

D:\Users\Felix\Documents\Installationsdateien\CCleaner Portable - CHIP-Downloader.exe

D:\Users\Felix\Documents\Installationsdateien\Texmaker - CHIP-Installer.exe

D:\Users\Felix\Downloads\NewFileTime_CB-DL-Manager.exe
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((url.indexOf(\"proxmate=us\") != -1)) { return 'PROXY us08.sq.proxmate.me:8000; PROXY us13.sq.proxmate.me:8000; PROXY us03.sq.proxmate.me:8000; PROXY us14.sq.proxmate.me:8000; PROXY us05.sq.proxmate.me:8000; PROXY us07.sq.proxmate.me:8000; PROXY us02.sq.proxmate.me:8000; PROXY us01.sq.proxmate.me:8000; PROXY us09.sq.proxmate.me:8000; PROXY us06.sq.proxmate.me:8000; PROXY us11.sq.proxmate.me:8000; PROXY us10.sq.proxmate.me:8000; PROXY us12.sq.proxmate.me:8000' } else { return 'DIRECT'; }}"
FF NetworkProxy: "type", 2
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloadverhalten überdenken:
CHIP-Installer - was ist das? - Anleitungen

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Felicibus · 22.07.2015, 10:13

Hier das FRST-Fix logfile:

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:20-07-2015
Ran by Felix at 2015-07-22 11:01:37 Run:1
Running from C:\Users\Felix\Desktop
Loaded Profiles: Felix (Available Profiles: Felix)
Boot Mode: Normal
==============================================

fixlist content:
*****************
D:\Users\Felix\Documents\Installationsdateien\CCleaner Portable - CHIP-Downloader.exe

D:\Users\Felix\Documents\Installationsdateien\Texmaker - CHIP-Installer.exe

D:\Users\Felix\Downloads\NewFileTime_CB-DL-Manager.exe
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((url.indexOf(\"proxmate=us\") != -1)) { return 'PROXY us08.sq.proxmate.me:8000; PROXY us13.sq.proxmate.me:8000; PROXY us03.sq.proxmate.me:8000; PROXY us14.sq.proxmate.me:8000; PROXY us05.sq.proxmate.me:8000; PROXY us07.sq.proxmate.me:8000; PROXY us02.sq.proxmate.me:8000; PROXY us01.sq.proxmate.me:8000; PROXY us09.sq.proxmate.me:8000; PROXY us06.sq.proxmate.me:8000; PROXY us11.sq.proxmate.me:8000; PROXY us10.sq.proxmate.me:8000; PROXY us12.sq.proxmate.me:8000' } else { return 'DIRECT'; }}"
FF NetworkProxy: "type", 2
Emptytemp:
*****************

D:\Users\Felix\Documents\Installationsdateien\CCleaner Portable - CHIP-Downloader.exe => moved successfully.
D:\Users\Felix\Documents\Installationsdateien\Texmaker - CHIP-Installer.exe => moved successfully.
D:\Users\Felix\Downloads\NewFileTime_CB-DL-Manager.exe => moved successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
EmptyTemp: => 473.9 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 11:01:54 ====

Vielen Dank nochmal für deine Hilfe! Du hast mir wirklich sehr geholfen. Kann ich davon ausgehen dass das System jetzt wieder "sauber" ist?

schrauber · 23.07.2015, 05:44

ja

17.07.2015, 07:31	#4
schrauber /// the machine /// TB-Ausbilder	Windows 7: Avast URL:Mal Alarm beim Laden von Websites warum läuft da ein Crack für MS Office? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

23.07.2015, 05:44	#14
schrauber /// the machine /// TB-Ausbilder	Windows 7: Avast URL:Mal Alarm beim Laden von Websites ja __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Windows 7: Avast URL:Mal Alarm beim Laden von Websites

Log-Analyse und Auswertung: Windows 7: Avast URL:Mal Alarm beim Laden von Websites