Avast bringt laufend etliche Meldungen zu URL:Mal

wbartuli · 31.07.2015, 12:37

Seit 1 Tag bringt Avast laufende Meldungen mit Infektion: URL:Mal

Habe Malwarebytes durchlaufen lassen, dann adwcleaner, dann jrt.

Nix hat bis jetzt geholfen.

Brauche DRINGEND HILFE!

Besten Dank im Voraus.

schrauber · 31.07.2015, 12:53

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

wbartuli · 31.07.2015, 13:39

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2015
durchgeführt von Binefeld (Administrator) auf BINEFELD-PC (31-07-2015 14:17:40)
Gestartet von C:\Users\Binefeld\Desktop
Geladene Profile: Binefeld &  (Verfügbare Profile: Binefeld)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_190_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTwinAssist] => C:\ProgramData\iTwin\iTwinAssist.exe [395016 2013-06-14] (iTwin)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM\...\Run: [SfWinStartInfoV3] => C:\Program Files\SFirmV3\Programm\sfWinStartupInfo.exe [198232 2015-04-30] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1219488 2011-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1219488 2011-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Das Telefonbuch Browserlösung.lnk [2012-11-28]
ShortcutTarget: Das Telefonbuch Browserlösung.lnk -> C:\Program Files\TVG\DasTelefonbuch Deutschland\http_tfd.exe (TVG Telefon-und Verzeichnisverlag GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE [2011-01-04] (Microsoft Corporation)
Startup: C:\Users\Binefeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk [2014-04-15]
ShortcutTarget: Zahlungserinnerung.lnk -> C:\Proficash\wzed.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [111iTwinBaseOverlay] -> {EE51C01F-4739-4A52-9637-F00E146C6AC3} => C:\ProgramData\iTwin\iTwin.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [112iTwinMobileOverlay] -> {DB2EFAD3-CC3D-48a6-A9B2-5FFD1833EE57} => C:\ProgramData\iTwin\iTwinRemote.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [113iTwinSyncOverlay] -> {200D94BA-1B4B-4c64-972A-6010FAF8A0DB} => C:\ProgramData\iTwin\iTwinRemote.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [114iTwinSDOverlay] -> {A015AAB7-AA75-41a4-B203-846963D222AE} => C:\ProgramData\iTwin\iTwinSb.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [123iTwinSyncOverlay] -> {3ACADF8A-D4E9-4858-8A33-0C84DAD3AE76} => C:\ProgramData\iTwin\iTwinSb.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000 -> {BF8D9E70-BAED-4BE9-8BCA-EBC7D5765923} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BF8D9E70-BAED-4BE9-8BCA-EBC7D5765923} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  Keine Datei
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF SearchPlugin: C:\Users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default\searchplugins\Search Provided by Yahoo.xml [2015-07-13]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-15]
FF HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:30-07-2015
durchgeführt von Binefeld (Administrator) auf BINEFELD-PC (31-07-2015 14:17:40)
Gestartet von C:\Users\Binefeld\Desktop
Geladene Profile: Binefeld &  (Verfügbare Profile: Binefeld)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_190_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTwinAssist] => C:\ProgramData\iTwin\iTwinAssist.exe [395016 2013-06-14] (iTwin)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-20] (AVAST Software)
HKLM\...\Run: [SfWinStartInfoV3] => C:\Program Files\SFirmV3\Programm\sfWinStartupInfo.exe [198232 2015-04-30] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1219488 2011-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1219488 2011-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Das Telefonbuch Browserlösung.lnk [2012-11-28]
ShortcutTarget: Das Telefonbuch Browserlösung.lnk -> C:\Program Files\TVG\DasTelefonbuch Deutschland\http_tfd.exe (TVG Telefon-und Verzeichnisverlag GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE [2011-01-04] (Microsoft Corporation)
Startup: C:\Users\Binefeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk [2014-04-15]
ShortcutTarget: Zahlungserinnerung.lnk -> C:\Proficash\wzed.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-20] (AVAST Software)
ShellIconOverlayIdentifiers: [111iTwinBaseOverlay] -> {EE51C01F-4739-4A52-9637-F00E146C6AC3} => C:\ProgramData\iTwin\iTwin.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [112iTwinMobileOverlay] -> {DB2EFAD3-CC3D-48a6-A9B2-5FFD1833EE57} => C:\ProgramData\iTwin\iTwinRemote.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [113iTwinSyncOverlay] -> {200D94BA-1B4B-4c64-972A-6010FAF8A0DB} => C:\ProgramData\iTwin\iTwinRemote.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [114iTwinSDOverlay] -> {A015AAB7-AA75-41a4-B203-846963D222AE} => C:\ProgramData\iTwin\iTwinSb.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [123iTwinSyncOverlay] -> {3ACADF8A-D4E9-4858-8A33-0C84DAD3AE76} => C:\ProgramData\iTwin\iTwinSb.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000 -> {BF8D9E70-BAED-4BE9-8BCA-EBC7D5765923} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {BF8D9E70-BAED-4BE9-8BCA-EBC7D5765923} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  Keine Datei
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-20] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2010-04-16] (Microsoft Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF SearchPlugin: C:\Users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default\searchplugins\Search Provided by Yahoo.xml [2015-07-13]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-15]
FF HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-11-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-20] (Avast Software)
S2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [125440 2011-01-14] (SEIKO EPSON CORPORATION)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 TVGOnlineUpdateSvc; C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [398128 2010-12-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-07-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-07-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-07-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-07-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-07-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-07-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-07-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-07-20] (AVAST Software)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-07-20] (AVAST Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-20] (Avast Software)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
U3 mbr; \??\C:\Users\Binefeld\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-31 14:17 - 2015-07-31 14:24 - 00018838 _____ C:\Users\Binefeld\Desktop\FRST.txt
2015-07-31 14:15 - 2015-07-31 14:17 - 00000000 ____D C:\FRST
2015-07-31 14:11 - 2015-07-31 14:11 - 01673216 _____ (Farbar) C:\Users\Binefeld\Desktop\FRST.exe
2015-07-31 12:36 - 2015-07-31 12:36 - 00006000 _____ C:\Users\Binefeld\Desktop\attach.txt
2015-07-31 12:36 - 2015-07-31 12:35 - 00015319 _____ C:\Users\Binefeld\Desktop\dds.txt
2015-07-31 12:33 - 2015-07-31 12:33 - 00688992 ____R (Swearware) C:\Users\Binefeld\Desktop\dds.exe
2015-07-31 12:26 - 2015-07-31 12:27 - 00002049 _____ C:\Users\Binefeld\Desktop\JRT.txt
2015-07-31 12:18 - 2015-07-31 12:18 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Binefeld\Desktop\JRT.exe
2015-07-31 12:17 - 2015-07-31 12:17 - 00003594 _____ C:\Users\Binefeld\Desktop\AdwCleaner[S0].txt
2015-07-31 12:07 - 2015-07-31 12:11 - 00000000 ____D C:\AdwCleaner
2015-07-30 19:10 - 2015-07-30 19:48 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-30 19:10 - 2015-07-30 19:10 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-30 19:09 - 2015-07-30 19:09 - 00000000 ____D C:\Users\Binefeld\Downloads\RogueKiller10940
2015-07-30 19:06 - 2015-07-30 19:08 - 20959689 _____ C:\Users\Binefeld\Downloads\RogueKiller10940.zip
2015-07-30 18:53 - 2015-07-30 18:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-07-30 18:35 - 2015-07-30 18:54 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-30 18:14 - 2015-07-31 13:35 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 18:13 - 2015-07-30 18:13 - 00001024 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-30 18:13 - 2015-07-30 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-30 18:13 - 2015-07-30 18:13 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-07-30 18:13 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 18:13 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 18:13 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 18:02 - 2015-07-30 17:10 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-30 17:29 - 2015-07-30 18:07 - 00012855 _____ C:\zoek-results.log
2015-07-30 17:10 - 2015-07-30 17:56 - 00000000 ____D C:\zoek_backup
2015-07-30 17:00 - 2015-07-30 17:00 - 433217620 _____ C:\Windows\MEMORY.DMP
2015-07-30 17:00 - 2015-07-30 17:00 - 01032280 _____ C:\Windows\Minidump\073015-30747-01.dmp
2015-07-30 17:00 - 2015-07-30 17:00 - 00000000 ____D C:\Windows\Minidump
2015-07-30 16:23 - 2015-07-30 16:23 - 00000000 ___HD C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-07-20 15:33 - 2015-07-20 15:32 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-07-20 15:33 - 2015-07-20 15:31 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-20 15:32 - 2015-07-20 15:32 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-13 15:03 - 2015-07-13 15:04 - 00000000 ____D C:\Users\Binefeld\Desktop\WB
2015-07-13 13:05 - 2015-07-13 13:05 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\SunODFPluginforMicrosoftOffice
2015-07-13 12:55 - 2015-07-31 11:52 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Opera Software
2015-07-13 12:55 - 2015-07-31 11:52 - 00000000 ____D C:\Users\Binefeld\AppData\Local\Opera Software
2015-07-13 12:55 - 2015-07-13 12:55 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Shortcut

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-07-31 14:13 - 2013-03-22 14:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-31 13:57 - 2013-01-29 13:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-31 12:30 - 2009-07-14 06:34 - 00018704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-31 12:30 - 2009-07-14 06:34 - 00018704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-31 12:21 - 2010-12-23 15:05 - 01704041 _____ C:\Windows\WindowsUpdate.log
2015-07-31 12:15 - 2013-01-29 13:26 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-31 12:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-31 12:13 - 2009-07-14 06:39 - 00117739 _____ C:\Windows\setupact.log
2015-07-31 12:04 - 2015-06-24 08:53 - 00000000 ____D C:\Users\Binefeld\AppData\Local\Dropbox
2015-07-31 11:53 - 2011-01-19 12:07 - 00000000 ___RD C:\Users\Binefeld\Dropbox
2015-07-31 11:53 - 2011-01-19 12:06 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Dropbox
2015-07-30 19:02 - 2012-02-23 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-30 19:02 - 2012-02-23 19:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-30 18:58 - 2010-12-23 16:13 - 00813874 _____ C:\Windows\PFRO.log
2015-07-30 18:55 - 2010-12-23 15:21 - 00001383 _____ C:\Users\Binefeld\Desktop\Internet Explorer.lnk
2015-07-30 18:13 - 2012-02-23 18:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-30 16:23 - 2012-04-16 17:31 - 00000000 ____D C:\Users\Binefeld\AppData\Local\CrashDumps
2015-07-29 14:24 - 2014-04-15 14:46 - 00000000 ____D C:\Proficash
2015-07-23 18:57 - 2015-02-18 15:16 - 00000000 ____D C:\Windows\system32\vbox
2015-07-20 15:33 - 2014-05-05 14:42 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-20 15:33 - 2014-03-05 13:26 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-20 15:33 - 2013-03-14 19:36 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-20 15:33 - 2013-03-14 19:36 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-20 15:33 - 2012-10-15 12:58 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-20 15:33 - 2012-10-15 12:58 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-20 15:33 - 2012-10-15 12:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-20 15:31 - 2012-10-15 12:58 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-15 18:19 - 2011-01-11 19:05 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2015-07-10 12:45 - 2012-07-04 13:30 - 00000000 ____D C:\Users\Binefeld\Desktop\AT
2015-07-09 17:13 - 2015-06-24 20:13 - 17582768 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-07-03 11:20 - 2015-01-15 14:09 - 00000000 ____D C:\Users\Binefeld\Desktop\Rechtsanwälte

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-09-01 17:38 - 2014-11-12 11:49 - 0004096 ____H () C:\Users\Binefeld\AppData\Local\keyfile3.drm
2015-01-26 12:59 - 2015-01-26 12:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-23 15:58 - 2015-01-26 13:20 - 0007321 _____ () C:\ProgramData\hpzinstall.log
2011-01-11 19:05 - 2015-07-15 18:19 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Einige Dateien in TEMP:
====================
C:\Users\Binefeld\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Binefeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppr6prz.dll
C:\Users\Binefeld\AppData\Local\Temp\MSNC0BF.exe
C:\Users\Binefeld\AppData\Local\Temp\Quarantine.exe
C:\Users\Binefeld\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-07-23 00:31

==================== Ende vom log ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x86) Version:30-07-2015
durchgeführt von Binefeld (2015-07-31 14:26:29)
Gestartet von C:\Users\Binefeld\Desktop
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-4166735963-708740759-1224411194-500 - Administrator - Disabled)
Binefeld (S-1-5-21-4166735963-708740759-1224411194-1000 - Administrator - Enabled) => C:\Users\Binefeld
Gast (S-1-5-21-4166735963-708740759-1224411194-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4166735963-708740759-1224411194-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709a (Version: 140.0.000.000 - Hewlett-Packard) Hidden
7000E809a (Version: 140.0.000.000 - Hewlett-Packard) Hidden
7000E809a_eDocs (Version: 140.0.000.000 - Hewlett-Packard) Hidden
7000E809a_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2223 - AVAST Software)
Benutzerhandbuch EPSON WF-7015 Series (HKLM\...\EPSON WF-7015 Series Useg) (Version:  - )
bpd_scan (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (Version: 140.0.213.000 - Hewlett-Packard) Hidden
ccc-core-static (Version: 2010.0527.1242.20909 - ATI) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3184 - CDBurnerXP)
CIB pdf brewer (HKLM\...\{DF71EB8A-6E59-4249-BCB8-38EC406E4353}) (Version: 2.6.0034 - CIB software GmbH)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - IPM - No VBA (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden
CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden
CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden
CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)
CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
Das Telefonbuch Deutschland (HKLM\...\DasTelefonbuch Deutschland) (Version:  - TVG Telefonbuch- und Verzeichnisverlag GmbH & Co. KG)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.213.000 - Hewlett-Packard) Hidden
DocMgr (Version: 140.0.65.000 - Ihr Firmenname) Hidden
DocProc (Version: 140.0.100.000 - Hewlett-Packard) Hidden
Download Navigator (HKLM\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
ElsterFormular (HKLM\...\ElsterFormular 13.0.0.8086p) (Version: 13.0.0.8086p - Landesfinanzdirektion Thüringen)
EPSON WF-7015 Series Printer Uninstall (HKLM\...\EPSON WF-7015 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Fax (Version: 140.0.213.000 - Hewlett-Packard) Hidden
FGK AirPlan Version 1.9.6 (HKLM\...\0F3D7DB6-38F5-4DEF-B1DC-79616E5D8BFF_is1) (Version: 1.9.6 - FGK)
FGS Kassenbuch (HKLM\...\FGS Kassenbuch5.2.0) (Version: 5.2.0 - FGS Software)
FGS_Cashbook (HKLM\...\FGS_Cashbook6.0.3) (Version: 6.0.3 - FGS-Software)
FILEminimizer PDF (HKLM\...\FILEminimizer PDF_is1) (Version:  - balesio AG)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.1 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.02) (Version: 9.02 - Artifex Software Inc.)
GPL Ghostscript 9.00 (HKLM\...\GPL Ghostscript 9.00) (Version:  - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{E5360B00-4DEF-4F6E-8ED9-B2C31875D813}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 7000 E809a Series (HKLM\...\{44E1D9AA-2A0E-48B8-BA26-136C2149C8AD}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
iTwin (HKLM\...\iTwin) (Version: 2.0.0.61 - iTwin Pte Ltd)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Korean Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5670-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Medion Home Cinema (HKLM\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (Version: 6.0.0000 - CyberLink Corp.) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access database engine 2010 (German) (HKLM\...\{90140000-00D1-0407-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0 (x86 de) (HKLM\...\Mozilla Firefox 27.0 (x86 de)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\MyFreeCodec) (Version:  - )
MyFreeCodec (HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MyFreeCodec) (Version:  - )
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Netzwerkhandbuch EPSON WF-7015 Series (HKLM\...\EPSON WF-7015 Series Netg) (Version:  - )
Nice PDF Compressor 3.0 (HKLM\...\Nice PDF Compressor_is1) (Version: 3.0 - NicePDF Software, Inc.)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PDF Blender (HKLM\...\PDF Blender) (Version:  - )
PDF Reader 3 (HKLM\...\PDF Reader 3) (Version:  - )
pdfsam (HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\pdfsam) (Version: 2.2.1 - )
pdfsam (HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\pdfsam) (Version: 2.2.1 - )
Planungstool Lüftungskonzept - Deinstallieren (HKLM\...\Planungstool Lüftungskonzept_is1) (Version:  - )
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
ProductContext (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Profi cash (HKLM\...\Profi cash) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 140.0.167.000 - Hewlett-Packard) Hidden
SFirm (HKLM\...\{0A792FE7-9E46-4474-9978-6C0A912FAFBF}) (Version: 3.42.3.300.1 - Star Finanz GmbH)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SPIF205 USB to ATA Bridge 98 Driver Installer (HKLM\...\{AB3F9E62-1C4A-45DA-96E4-BFEB26C73F18}) (Version: 1.0.0.2 - Sunplus Technology Co., Ltd.)
Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1144 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.213.000 - Hewlett-Packard) Hidden
VeryPDF PDF2Word v3.1 (HKLM\...\VeryPDF PDF2Word v3.1_is1) (Version:  - VeryPDF.com Inc.)
WebReg (Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\scksp.dll (Microsoft Corporation) <==== ACHTUNG
CustomCLSID: HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Binefeld\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll Keine Datei
CustomCLSID: HKU\S-1-5-21-4166735963-708740759-1224411194-1000_Classes\CLSID\{56CBD3CF-BF99-4DF5-851F-F5B9B57496A1}\InprocServer32 -> C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}\scksp.dll (Microsoft Corporation) <==== ACHTUNG
CustomCLSID: HKU\S-1-5-21-4166735963-708740759-1224411194-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Binefeld\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll Keine Datei

==================== Wiederherstellungspunkte =========================

23-07-2015 19:06:07 Geplanter Prüfpunkt
29-07-2015 02:39:24 Windows Update
30-07-2015 17:29:19 zoek.exe restore point
30-07-2015 18:51:22 Prüfpunkt von HitmanPro
30-07-2015 18:53:19 Prüfpunkt von HitmanPro
31-07-2015 11:56:25 Removed Sun ODF Plugin for Microsoft Office 3.2
31-07-2015 12:19:23 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {16B42660-EA06-4EDB-B823-10E859FE50F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-29] (Google Inc.)
Task: {2277EA28-E34C-4928-B780-46E5AE64AC78} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-20] (AVAST Software)
Task: {3BA498F9-DDA8-42E6-A878-502984ED37D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
Task: {3F925228-22AF-4E2F-A701-9DDB31819CEE} - System32\Tasks\{95DE261E-0FCD-4AFE-AD2A-1E754FD7D0E9} => C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE [2010-06-23] (Microsoft Corporation)
Task: {E53BC0A5-7357-4D26-AF79-99CE865ABD90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-01-29] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-07-20 15:32 - 2015-07-20 15:32 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-07-20 15:32 - 2015-07-20 15:32 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-07-31 11:07 - 2015-07-31 11:07 - 02960384 _____ () C:\Program Files\AVAST Software\Avast\defs\15073005\algo.dll
2015-07-31 14:11 - 2015-07-31 14:11 - 02959872 _____ () C:\Program Files\AVAST Software\Avast\defs\15073100\algo.dll
2013-07-18 15:02 - 2011-09-26 19:03 - 00107312 _____ () C:\Program Files\FILEminimizer PDF\fmshell32.dll
2011-01-04 13:56 - 2010-03-15 12:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2003-07-11 03:09 - 2003-07-11 03:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2015-07-20 15:33 - 2015-07-20 15:33 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR250 => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer trusted/restricted ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Binefeld\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4166735963-708740759-1224411194-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Binefeld\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: )
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: Bing Bar => "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"

==================== FirewallRules (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{00B1F41A-6A3D-4D66-AB9E-68835BBD3402}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{DF82F6A4-8BED-4D6E-805B-287DCB344EDF}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{90413E8F-9730-4570-8654-8987258D6617}] => (Allow) svchost.exe
FirewallRules: [{ACA96BE3-E17F-4F27-90E9-387504B3454F}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{3CE0E2A7-0E45-42E6-B8D2-1B27CD941911}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{41F10787-537D-458A-8D37-F7FB46079B49}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{6A9CFFB2-4530-4873-A105-F61A5F25F0FA}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F12877EA-4311-487B-8A8A-56D53F527D18}] => (Allow) C:\Users\Binefeld\AppData\Local\Temp\7zS13CC\OJ6500vE709_Full_14\setup\hpznui01.exe
FirewallRules: [{89DEABA4-EB22-452E-AB53-F3BF32257547}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{CA7C17AB-AD8E-44D6-A46F-305AC1300E3B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{59F23B4A-EA84-4491-9FCD-97C1FDCC6DFF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2069CD99-207D-4E2D-9614-79053FDD7853}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D95311DA-3ABB-4B14-A20C-75DEA48E4C1D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{7F78D850-74AE-4AA0-91BF-D4B934D6B5EF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{A12F69DF-946C-433A-8F87-00246BEE5AF1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{1C15B8DD-EEB8-4990-BF09-AF57363B01DF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{07FC5F1C-4333-4FFD-BCF4-8D083C4A7DE3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{209E371C-969A-4E02-908C-A97C4067FB72}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{C29DE4B0-D1CB-4928-8517-47D35D1755C5}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{204A5778-96BC-40E1-B8F8-5BACBFAA7BE2}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C4EECC98-C70A-4EF8-A9DD-99B15EAEC719}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{873D1544-087E-404E-A586-71B16E8611C5}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{58778954-DDA2-4230-8D29-3EC597ECAA77}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{AC3E2E54-C023-4855-BC80-613265793CF5}] => (Allow) C:\Users\Binefeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{74106337-3CD8-4C47-8E51-E7878779C275}] => (Allow) C:\Users\Binefeld\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D47D2C31-D3AB-4ED8-A1DC-42CB9D2D4252}] => (Allow) C:\ProgramData\iTwin\iTwin.exe
FirewallRules: [{0BBD434B-E770-4F5A-8CD8-52DF6C5250A7}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{60FFBF87-CF07-4AAB-8E17-535F879EC799}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{80D69FB9-FD79-434D-9CAE-2F1086D97C57}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CCFB17CD-60E4-44E8-94B7-9ED65015399A}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{0F2CE1A5-E501-4282-B94A-8069A454E347}C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe] => (Allow) C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe
FirewallRules: [UDP Query User{85262DBB-1AE2-4AE1-B46C-2E151D67857E}C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe] => (Allow) C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe
FirewallRules: [TCP Query User{E9B325AF-7144-4750-8F35-B516658342A6}C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe] => (Allow) C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe
FirewallRules: [UDP Query User{078FB221-69D7-4A45-87E2-A0E526E479EC}C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe] => (Allow) C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe
FirewallRules: [TCP Query User{3E63C632-958E-4888-8412-25F8700CDCD0}C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe] => (Allow) C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe
FirewallRules: [UDP Query User{D94928A6-29AF-4269-915C-4213237868E7}C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe] => (Allow) C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe
FirewallRules: [{104D1821-EC71-4D62-98BA-F589E7A3B086}] => (Block) C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe
FirewallRules: [{39FE0B70-5478-4C19-A581-9200CD76AE6B}] => (Block) C:\program files\agfeo\tk-suite-basic\tkserver\tkmedia.exe
FirewallRules: [{5E54D44A-2CA0-4159-A39F-26379D0E1037}] => (Block) C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe
FirewallRules: [{369172AE-86C7-4D12-A580-CF7DA80A5962}] => (Block) C:\program files\agfeo\tk-suite-basic\tkserver\tksock.exe
FirewallRules: [{E9961CF5-DCC8-4340-B1F5-8B9FB530D13A}] => (Block) C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe
FirewallRules: [{FF0A95F8-66B6-4998-BD35-B4214B282BB1}] => (Block) C:\program files\agfeo\tk-suite-basic\tools\ctimon.exe
FirewallRules: [{3A683FC6-A746-4B83-B2BD-3866061703F1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{AE0B2991-24A8-4178-99AA-0C4C36300329}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{3C45A1C5-91AD-4FA6-BD60-AB69261A6F86}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe
FirewallRules: [{A2DD7C8C-C0CE-46A3-9C88-03F86A8E2CE9}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{52989D90-F4A6-4664-9F66-2C829E604366}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{92D9E939-C20C-4A61-ACFF-CF7EE49B51F2}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{55D30D04-1E7E-4110-B947-C7A61B9FC0E0}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{9997D199-877B-4E74-B13D-E8180B480B23}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3F285805-23E0-4B5C-94C9-828E31440611}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{4CDE1F9E-BC62-4667-BF76-D53CEA1AE918}C:\users\binefeld\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\binefeld\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{5AF526DE-22EE-4C55-B4DA-29DE38DE58D1}C:\users\binefeld\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\binefeld\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{55B2638E-C8B2-4041-842F-83DD5A978C77}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{8EF0F295-2856-46DD-B4B6-71926059F742}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{3F87F109-E073-4A13-8397-6A4505902A29}C:\users\binefeld\appdata\local\{282d0a8d-b28f-9c53-6a78-29a44a17e657}\syshost.exe] => (Block) C:\users\binefeld\appdata\local\{282d0a8d-b28f-9c53-6a78-29a44a17e657}\syshost.exe
FirewallRules: [UDP Query User{F60AF40D-E9E4-44D1-8CA4-74987DF13F45}C:\users\binefeld\appdata\local\{282d0a8d-b28f-9c53-6a78-29a44a17e657}\syshost.exe] => (Block) C:\users\binefeld\appdata\local\{282d0a8d-b28f-9c53-6a78-29a44a17e657}\syshost.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Officejet 6500 E710n-z
Description: Officejet 6500 E710n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (07/31/2015 01:39:06 PM) (Source: Microsoft Office 11) (EventID: 2001) (User: )
Description: Microsoft Office OutlookOutlook konnte zuletzt nicht korrekt gestartet werden.  Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, so dass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (07/31/2015 11:55:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Binefeld-PC)
Description: Die Anwendung oder der Dienst "Bing® Bar" konnte nicht heruntergefahren werden.

Error: (07/30/2015 07:52:00 PM) (Source: Microsoft Office 11) (EventID: 2000) (User: )
Description: Microsoft Office OutlookOutlook konnte zuletzt nicht korrekt gestartet werden.  Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, so dass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (07/30/2015 07:03:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm OUTLOOK.EXE, Version 11.0.5510.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 16cc

Startzeit: 01d0cae91ad80335

Endzeit: 16

Anwendungspfad: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE

Berichts-ID: bbfe1d6a-36dc-11e5-b0c9-6c626d5ce8fd

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000148,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,015FF918.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0061EE50.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c61eb362-49a6-430b-84a5-2b5e85434f79}

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000574,(null),0,REG_BINARY,0245EBC8.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {c8efa21b-00b5-42a2-9aac-36996853e88d}

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x00000b34,(null),0,REG_BINARY,0443EC80.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Generatorname: MSSearch Service Writer
   Generatorinstanz-ID: {0bdac8d4-b7ad-4d17-8c2e-0dd50a006474}

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001b4,(null),0,REG_BINARY,0163F638.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Generatorname: COM+ REGDB Writer
   Generatorinstanz-ID: {7056b9da-3007-4249-9f9a-c583e24a904e}

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "RegSetValueExW(0x000001a8,(null),0,REG_BINARY,014DF698.64)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Generatorname: Registry Writer
   Generatorinstanz-ID: {6de5e3b0-2133-4edb-9a28-bd3977346421}


Systemfehler:
=============
Error: (07/31/2015 01:53:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (07/31/2015 01:53:00 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (07/31/2015 01:49:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (07/31/2015 01:49:09 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (07/31/2015 01:48:21 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (07/31/2015 01:28:49 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (07/31/2015 01:28:49 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (07/31/2015 01:28:25 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (07/31/2015 01:27:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (07/31/2015 01:27:04 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.


Microsoft Office:
=========================
Error: (07/31/2015 01:39:06 PM) (Source: Microsoft Office 11) (EventID: 2001) (User: )
Description: Microsoft Office OutlookOutlook konnte zuletzt nicht korrekt gestartet werden.  Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, so dass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (07/31/2015 11:55:38 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Binefeld-PC)
Description: 1C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exeBing® Bar0211738800

Error: (07/30/2015 07:52:00 PM) (Source: Microsoft Office 11) (EventID: 2000) (User: )
Description: Microsoft Office OutlookOutlook konnte zuletzt nicht korrekt gestartet werden.  Das Starten von Outlook im abgesicherten Modus hilft Ihnen, ein Startproblem zu korrigieren oder zu isolieren, so dass Sie das Programm erfolgreich starten können. Einige Funktionen können in diesem Modus deaktiviert sein.

Möchten Sie Outlook im abgesicherten Modus starten?

Error: (07/30/2015 07:03:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE11.0.5510.016cc01d0cae91ad8033516C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXEbbfe1d6a-36dc-11e5-b0c9-6c626d5ce8fd

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000148,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,015FF918.64)0x80070005, Zugriff verweigert

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000002d8,(null),0,REG_BINARY,0061EE50.64)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {c61eb362-49a6-430b-84a5-2b5e85434f79}

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000574,(null),0,REG_BINARY,0245EBC8.64)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Generatorname: WMI Writer
   Generatorinstanz-ID: {c8efa21b-00b5-42a2-9aac-36996853e88d}

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x00000b34,(null),0,REG_BINARY,0443EC80.64)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Generatorname: MSSearch Service Writer
   Generatorinstanz-ID: {0bdac8d4-b7ad-4d17-8c2e-0dd50a006474}

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001b4,(null),0,REG_BINARY,0163F638.64)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Generatorname: COM+ REGDB Writer
   Generatorinstanz-ID: {7056b9da-3007-4249-9f9a-c583e24a904e}

Error: (07/30/2015 06:54:56 PM) (Source: VSS) (EventID: 8193) (User: )
Description: RegSetValueExW(0x000001a8,(null),0,REG_BINARY,014DF698.64)0x80070005, Zugriff verweigert


Vorgang:
   BackupShutdown-Ereignis

Kontext:
   Ausführungskontext: Writer
   Generatorklassen-ID: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Generatorname: Registry Writer
   Generatorinstanz-ID: {6de5e3b0-2133-4edb-9a28-bd3977346421}


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 78%
Total physical RAM: 3071.24 MB
Available physical RAM: 674.97 MB
Total Virtual: 6140.78 MB
Available Virtual: 2220.71 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:890.41 GB) (Free:787.08 GB) NTFS
Drive d: (Recover) (Fixed) (Total:40 GB) (Free:23.32 GB) NTFS
Drive x: (Boot) (Network) (Total:890.41 GB) (Free:796.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=890.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== Ende vom log ============================

schrauber · 01.08.2015, 12:21

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

wbartuli · 04.08.2015, 09:26

Code:

ATTFilter

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17914

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.000000 GHz
Memory total: 3220430848, free: 1525211136

Downloaded database version: v2015.08.04.01
Downloaded database version: v2015.08.03.01
Downloaded database version: v2015.07.28.01
=======================================
Initializing...
------------ Kernel report ------------
     08/04/2015 09:59:39
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\ngvss.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mwac.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.08.04.01
  rootkit: v2015.08.03.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff885d9758, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff885d9390, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff885d9758, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86708028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2BD2C32A

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 1867329536

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1867536384  Numsec = 83886080

    Partition 3 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1951422464  Numsec = 2099200

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8b540030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b535790, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b540030, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8b535ab0, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8b5289d0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b524388, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b5289d0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8abf4888, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8b521818, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b486500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b521818, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8876fcb8, DeviceName: \Device\00000087\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8b5212b0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8b4c5188, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8b5212b0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8876f940, DeviceName: \Device\00000088\, DriverName: \Driver\USBSTOR\
------------ End ----------
File "C:\ProgramData\AVAST Software\Avast\log\GrimeFighter2.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-379564FE081105505BEB2F111118C4582A369FFD.bin.VE1" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-379564FE081105505BEB2F111118C4582A369FFD.bin.VF" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Code:

ATTFilter

10:21:44.0908 0x0c9c  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
10:21:47.0279 0x0c9c  ============================================================
10:21:47.0279 0x0c9c  Current date / time: 2015/08/04 10:21:47.0279
10:21:47.0279 0x0c9c  SystemInfo:
10:21:47.0279 0x0c9c  
10:21:47.0279 0x0c9c  OS Version: 6.1.7601 ServicePack: 1.0
10:21:47.0279 0x0c9c  Product type: Workstation
10:21:47.0279 0x0c9c  ComputerName: BINEFELD-PC
10:21:47.0279 0x0c9c  UserName: Binefeld
10:21:47.0279 0x0c9c  Windows directory: C:\Windows
10:21:47.0279 0x0c9c  System windows directory: C:\Windows
10:21:47.0279 0x0c9c  Processor architecture: Intel x86
10:21:47.0279 0x0c9c  Number of processors: 2
10:21:47.0279 0x0c9c  Page size: 0x1000
10:21:47.0279 0x0c9c  Boot type: Normal boot
10:21:47.0279 0x0c9c  ============================================================
10:21:47.0841 0x0c9c  KLMD registered as C:\Windows\system32\drivers\18166467.sys
10:21:48.0325 0x0c9c  System UUID: {C81082B0-9179-A7C9-D510-8EBC1D018AAA}
10:21:49.0136 0x0c9c  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:21:49.0151 0x0c9c  ============================================================
10:21:49.0151 0x0c9c  \Device\Harddisk0\DR0:
10:21:49.0151 0x0c9c  MBR partitions:
10:21:49.0151 0x0c9c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:21:49.0151 0x0c9c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000
10:21:49.0151 0x0c9c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000
10:21:49.0151 0x0c9c  ============================================================
10:21:49.0183 0x0c9c  C: <-> \Device\Harddisk0\DR0\Partition2
10:21:49.0229 0x0c9c  D: <-> \Device\Harddisk0\DR0\Partition3
10:21:49.0229 0x0c9c  ============================================================
10:21:49.0229 0x0c9c  Initialize success
10:21:49.0229 0x0c9c  ============================================================
10:21:51.0944 0x17e0  ============================================================
10:21:51.0944 0x17e0  Scan started
10:21:51.0944 0x17e0  Mode: Manual; 
10:21:51.0944 0x17e0  ============================================================
10:21:51.0944 0x17e0  KSN ping started
10:21:54.0377 0x17e0  KSN ping finished: true
10:21:54.0939 0x17e0  ================ Scan system memory ========================
10:21:54.0939 0x17e0  System memory - ok
10:21:54.0939 0x17e0  ================ Scan services =============================
10:21:55.0001 0x17e0  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
10:21:55.0017 0x17e0  !SASCORE - ok
10:21:55.0189 0x17e0  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:21:55.0189 0x17e0  1394ohci - ok
10:21:55.0220 0x17e0  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:21:55.0235 0x17e0  ACPI - ok
10:21:55.0251 0x17e0  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:21:55.0251 0x17e0  AcpiPmi - ok
10:21:55.0313 0x17e0  [ 6259A5B669AE018A5E53247259A101C3, 1CD2102FAF1DCEB6B8278D098A7C1A85ED6D6E5DCF7F70E0E9A5166B67C8D057 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:21:55.0329 0x17e0  AdobeFlashPlayerUpdateSvc - ok
10:21:55.0376 0x17e0  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
10:21:55.0376 0x17e0  adp94xx - ok
10:21:55.0407 0x17e0  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
10:21:55.0407 0x17e0  adpahci - ok
10:21:55.0438 0x17e0  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
10:21:55.0438 0x17e0  adpu320 - ok
10:21:55.0469 0x17e0  [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:21:55.0469 0x17e0  AeLookupSvc - ok
10:21:55.0516 0x17e0  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
10:21:55.0516 0x17e0  AFD - ok
10:21:55.0547 0x17e0  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
10:21:55.0547 0x17e0  agp440 - ok
10:21:55.0579 0x17e0  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
10:21:55.0594 0x17e0  aic78xx - ok
10:21:55.0610 0x17e0  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
10:21:55.0625 0x17e0  ALG - ok
10:21:55.0657 0x17e0  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:21:55.0657 0x17e0  aliide - ok
10:21:55.0703 0x17e0  [ 60201AD353105D8C6796C1B69E6C49F0, 604D6D6C2CCED6461DEFDCD030B153F643F242EC7FF958333D3747E01E9364FA ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:21:55.0703 0x17e0  AMD External Events Utility - ok
10:21:55.0719 0x17e0  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
10:21:55.0735 0x17e0  amdagp - ok
10:21:55.0750 0x17e0  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:21:55.0750 0x17e0  amdide - ok
10:21:55.0766 0x17e0  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
10:21:55.0781 0x17e0  AmdK8 - ok
10:21:55.0937 0x17e0  [ 51610B74A9A1D84DC86FCE1019BEAFF4, F5DBB2FA37830931AE2C66A8E2FB6BE3E94EED1978C626A78FECFA158C78B0EB ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:56.0031 0x17e0  amdkmdag - ok
10:21:56.0062 0x17e0  [ CD1D86AB81EECE67D7BD6F7EF9786CCC, D48DADCDBFF5A7628A26F35B2CB2AA65FFFFE1AE95A4E274B4E312472650FA7C ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:21:56.0062 0x17e0  amdkmdap - ok
10:21:56.0093 0x17e0  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
10:21:56.0093 0x17e0  AmdPPM - ok
10:21:56.0109 0x17e0  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:21:56.0109 0x17e0  amdsata - ok
10:21:56.0140 0x17e0  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
10:21:56.0140 0x17e0  amdsbs - ok
10:21:56.0156 0x17e0  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:21:56.0156 0x17e0  amdxata - ok
10:21:56.0187 0x17e0  [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID           C:\Windows\system32\drivers\appid.sys
10:21:56.0187 0x17e0  AppID - ok
10:21:56.0203 0x17e0  [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:21:56.0203 0x17e0  AppIDSvc - ok
10:21:56.0249 0x17e0  [ 530195DA0D84D9855020F2B80D6B267F, AB36F05991530437C7B3F25441B13BC085000F07579964A4CCA0BF029DD6DE7E ] Appinfo         C:\Windows\System32\appinfo.dll
10:21:56.0249 0x17e0  Appinfo - ok
10:21:56.0265 0x17e0  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
10:21:56.0265 0x17e0  arc - ok
10:21:56.0281 0x17e0  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
10:21:56.0296 0x17e0  arcsas - ok
10:21:56.0390 0x17e0  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:21:56.0390 0x17e0  aspnet_state - ok
10:21:56.0452 0x17e0  [ CED1D37BD8E8AFDBB2DD03650C91A626, 81808C6A4862C59F2EA01BF4AC22FE4B45D5BE7C8B3770E4223CFA1859DF1833 ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
10:21:56.0452 0x17e0  aswHwid - ok
10:21:56.0499 0x17e0  [ 9663B8EE07EFFA105E6A326F3F748B0B, AA8611AD3F1E953A07ED8D0FC5CC3E5A4B7BF6DC47AEEF52C9010815BC9CB941 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
10:21:56.0515 0x17e0  aswMonFlt - ok
10:21:56.0546 0x17e0  [ 47CD8DC2CF2F4CF7F8FF9A9987272652, CA5E050CDB085959C8F82CA2490971CBE30B21CAFFB77169F7CAE7F56EAF16C0 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
10:21:56.0546 0x17e0  aswRdr - ok
10:21:56.0561 0x17e0  [ 5DE9634CF67CB34085C84BB5E52C129C, D13D57FB9027FF49BE2E581C1CFEED1DBF0DC600D319E90881852F88D6DC4D1E ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
10:21:56.0561 0x17e0  aswRvrt - ok
10:21:56.0608 0x17e0  [ B3FACD144D816F2D64FD0AB2239509AC, AF314206F65E0040EDEDE4B21699B966CC6C8B22E03E90D698928231DC39D34A ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
10:21:56.0624 0x17e0  aswSnx - ok
10:21:56.0671 0x17e0  [ E375052C5BC009245CD8DF6B52CC57C2, 02C9CCC31124CAEC3C34B6DAB504A79E0243FEB72F59F68CB3BB9568F7202FFB ] aswSP           C:\Windows\system32\drivers\aswSP.sys
10:21:56.0671 0x17e0  aswSP - ok
10:21:56.0702 0x17e0  [ 9096910AFC9AEA718FBB4EE2501CED7B, D684535E84B484602DB1BBC912567F86ABEA5D942DB444947CFDD216D15A0F73 ] aswStm          C:\Windows\system32\drivers\aswStm.sys
10:21:56.0702 0x17e0  aswStm - ok
10:21:56.0749 0x17e0  [ 24AA84A4F7694FD5C69FE1344D33A0F4, DFE207336D36E82F833F7A84D7CC28ECF3BB5D52AB572C821F3CA3170D07B86F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
10:21:56.0749 0x17e0  aswVmm - ok
10:21:56.0780 0x17e0  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:56.0780 0x17e0  AsyncMac - ok
10:21:56.0811 0x17e0  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:21:56.0811 0x17e0  atapi - ok
10:21:56.0858 0x17e0  [ 8DF873D0587596C1D35A9CECECC61DA1, 41974FCA452CE48C5A6040BF99D1AC9A1C13FF38DF341443CCE2D2ABBC4C9453 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
10:21:56.0858 0x17e0  AtiHdmiService - ok
10:21:56.0905 0x17e0  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:21:56.0920 0x17e0  AudioEndpointBuilder - ok
10:21:56.0920 0x17e0  [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
10:21:56.0936 0x17e0  Audiosrv - ok
10:21:56.0998 0x17e0  [ A97E144E84A665B22AE6E6A93E4DD465, 888D702B9B9E6C446AD7499571DAEAB072BEF141FF3300E74C6E538FA312BDCD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
10:21:56.0998 0x17e0  avast! Antivirus - ok
10:21:57.0185 0x17e0  [ A4C778C47836C9786C6A648C828DFF2B, 85E070A4C6B4D84EEE5600BA71C9A5E8C051A85033A34BBB5FB1BB56E601E93C ] AvastVBoxSvc    C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
10:21:57.0232 0x17e0  AvastVBoxSvc - ok
10:21:57.0279 0x17e0  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:21:57.0279 0x17e0  AxInstSV - ok
10:21:57.0326 0x17e0  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
10:21:57.0326 0x17e0  b06bdrv - ok
10:21:57.0357 0x17e0  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
10:21:57.0357 0x17e0  b57nd60x - ok
10:21:57.0404 0x17e0  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
10:21:57.0404 0x17e0  BDESVC - ok
10:21:57.0419 0x17e0  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:21:57.0419 0x17e0  Beep - ok
10:21:57.0451 0x17e0  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
10:21:57.0451 0x17e0  BFE - ok
10:21:57.0482 0x17e0  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
10:21:57.0497 0x17e0  BITS - ok
10:21:57.0513 0x17e0  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
10:21:57.0513 0x17e0  blbdrive - ok
10:21:57.0544 0x17e0  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:21:57.0544 0x17e0  bowser - ok
10:21:57.0560 0x17e0  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:21:57.0560 0x17e0  BrFiltLo - ok
10:21:57.0575 0x17e0  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:21:57.0575 0x17e0  BrFiltUp - ok
10:21:57.0591 0x17e0  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
10:21:57.0607 0x17e0  Browser - ok
10:21:57.0622 0x17e0  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:21:57.0622 0x17e0  Brserid - ok
10:21:57.0638 0x17e0  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:21:57.0638 0x17e0  BrSerWdm - ok
10:21:57.0669 0x17e0  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:21:57.0669 0x17e0  BrUsbMdm - ok
10:21:57.0685 0x17e0  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:21:57.0685 0x17e0  BrUsbSer - ok
10:21:57.0700 0x17e0  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
10:21:57.0700 0x17e0  BTHMODEM - ok
10:21:57.0731 0x17e0  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
10:21:57.0731 0x17e0  bthserv - ok
10:21:57.0747 0x17e0  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:21:57.0747 0x17e0  cdfs - ok
10:21:57.0794 0x17e0  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
10:21:57.0794 0x17e0  cdrom - ok
10:21:57.0825 0x17e0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:21:57.0825 0x17e0  CertPropSvc - ok
10:21:57.0841 0x17e0  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
10:21:57.0841 0x17e0  circlass - ok
10:21:57.0887 0x17e0  [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS            C:\Windows\system32\CLFS.sys
10:21:57.0887 0x17e0  CLFS - ok
10:21:57.0934 0x17e0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:57.0950 0x17e0  clr_optimization_v2.0.50727_32 - ok
10:21:57.0997 0x17e0  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:21:57.0997 0x17e0  clr_optimization_v4.0.30319_32 - ok
10:21:58.0012 0x17e0  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:58.0012 0x17e0  CmBatt - ok
10:21:58.0059 0x17e0  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:21:58.0059 0x17e0  cmdide - ok
10:21:58.0106 0x17e0  [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG             C:\Windows\system32\Drivers\cng.sys
10:21:58.0121 0x17e0  CNG - ok
10:21:58.0137 0x17e0  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
10:21:58.0137 0x17e0  Compbatt - ok
10:21:58.0168 0x17e0  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:21:58.0168 0x17e0  CompositeBus - ok
10:21:58.0184 0x17e0  COMSysApp - ok
10:21:58.0199 0x17e0  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
10:21:58.0199 0x17e0  crcdisk - ok
10:21:58.0231 0x17e0  [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:21:58.0231 0x17e0  CryptSvc - ok
10:21:58.0262 0x17e0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:21:58.0277 0x17e0  DcomLaunch - ok
10:21:58.0293 0x17e0  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
10:21:58.0293 0x17e0  defragsvc - ok
10:21:58.0324 0x17e0  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:21:58.0324 0x17e0  DfsC - ok
10:21:58.0355 0x17e0  [ 54D0B8343CE8C22412A5F29D32EFD211, D78BF09680FF19523C84E862593B45637D91A079C79CAB63A13726E7ACA8ABBF ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
10:21:58.0355 0x17e0  dg_ssudbus - ok
10:21:58.0387 0x17e0  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:21:58.0387 0x17e0  Dhcp - ok
10:21:58.0465 0x17e0  [ 7AB2DE012C88870C9274E966EC88AB61, CE2098B152B9C039C29C0573C813BFBF13B2D2E6BEE83985374160884A817133 ] DiagTrack       C:\Windows\system32\diagtrack.dll
10:21:58.0480 0x17e0  DiagTrack - ok
10:21:58.0511 0x17e0  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
10:21:58.0511 0x17e0  discache - ok
10:21:58.0543 0x17e0  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
10:21:58.0543 0x17e0  Disk - ok
10:21:58.0574 0x17e0  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:21:58.0574 0x17e0  Dnscache - ok
10:21:58.0589 0x17e0  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:21:58.0605 0x17e0  dot3svc - ok
10:21:58.0636 0x17e0  [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
10:21:58.0636 0x17e0  Dot4 - ok
10:21:58.0667 0x17e0  [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:21:58.0667 0x17e0  Dot4Print - ok
10:21:58.0683 0x17e0  [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
10:21:58.0683 0x17e0  dot4usb - ok
10:21:58.0714 0x17e0  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
10:21:58.0714 0x17e0  DPS - ok
10:21:58.0745 0x17e0  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:21:58.0745 0x17e0  drmkaud - ok
10:21:58.0792 0x17e0  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:21:58.0808 0x17e0  DXGKrnl - ok
10:21:58.0823 0x17e0  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
10:21:58.0839 0x17e0  EapHost - ok
10:21:58.0964 0x17e0  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
10:21:59.0011 0x17e0  ebdrv - ok
10:21:59.0042 0x17e0  [ DC0B4400073A404B53F571126B58F480, 022F1E8431C6299D8DFA287A570B0D24C2FFDCD8BF79420BAA1637E5366B4459 ] EFS             C:\Windows\System32\lsass.exe
10:21:59.0042 0x17e0  EFS - ok
10:21:59.0089 0x17e0  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:21:59.0104 0x17e0  ehRecvr - ok
10:21:59.0120 0x17e0  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
10:21:59.0120 0x17e0  ehSched - ok
10:21:59.0167 0x17e0  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
10:21:59.0167 0x17e0  elxstor - ok
10:21:59.0260 0x17e0  [ 59F66FC5F5A984C2060AD3363F69364A, 1B2C97F09FCE675DCF18101A1A17F2175E4AF268BF21927D2260B58CD7F441B8 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
10:21:59.0260 0x17e0  EPSON_PM_RPCV4_05 - ok
10:21:59.0323 0x17e0  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:21:59.0323 0x17e0  ErrDev - ok
10:21:59.0338 0x17e0  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
10:21:59.0354 0x17e0  EventSystem - ok
10:21:59.0369 0x17e0  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:21:59.0369 0x17e0  exfat - ok
10:21:59.0401 0x17e0  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:21:59.0401 0x17e0  fastfat - ok
10:21:59.0447 0x17e0  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
10:21:59.0463 0x17e0  Fax - ok
10:21:59.0494 0x17e0  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
10:21:59.0494 0x17e0  fdc - ok
10:21:59.0510 0x17e0  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
10:21:59.0510 0x17e0  fdPHost - ok
10:21:59.0525 0x17e0  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:21:59.0525 0x17e0  FDResPub - ok
10:21:59.0541 0x17e0  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:21:59.0541 0x17e0  FileInfo - ok
10:21:59.0557 0x17e0  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:21:59.0557 0x17e0  Filetrace - ok
10:21:59.0572 0x17e0  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:59.0588 0x17e0  flpydisk - ok
10:21:59.0603 0x17e0  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:21:59.0603 0x17e0  FltMgr - ok
10:21:59.0666 0x17e0  [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache       C:\Windows\system32\FntCache.dll
10:21:59.0681 0x17e0  FontCache - ok
10:21:59.0728 0x17e0  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:21:59.0728 0x17e0  FontCache3.0.0.0 - ok
10:21:59.0759 0x17e0  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:21:59.0759 0x17e0  FsDepends - ok
10:21:59.0791 0x17e0  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:21:59.0791 0x17e0  Fs_Rec - ok
10:21:59.0822 0x17e0  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:21:59.0837 0x17e0  fvevol - ok
10:21:59.0869 0x17e0  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
10:21:59.0869 0x17e0  gagp30kx - ok
10:21:59.0900 0x17e0  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
10:21:59.0915 0x17e0  gpsvc - ok
10:21:59.0978 0x17e0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
10:21:59.0978 0x17e0  gupdate - ok
10:21:59.0993 0x17e0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
10:21:59.0993 0x17e0  gupdatem - ok
10:22:00.0009 0x17e0  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:22:00.0009 0x17e0  hcw85cir - ok
10:22:00.0040 0x17e0  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F, 6706B8AD211A4B89B6571ACD227412026EAD87D71456B3EC6E7DD8FA15B997BE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:22:00.0056 0x17e0  HdAudAddService - ok
10:22:00.0087 0x17e0  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:22:00.0087 0x17e0  HDAudBus - ok
10:22:00.0103 0x17e0  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
10:22:00.0103 0x17e0  HidBatt - ok
10:22:00.0118 0x17e0  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
10:22:00.0134 0x17e0  HidBth - ok
10:22:00.0149 0x17e0  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
10:22:00.0149 0x17e0  HidIr - ok
10:22:00.0181 0x17e0  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
10:22:00.0181 0x17e0  hidserv - ok
10:22:00.0227 0x17e0  [ 25072FB35AC90B25F9E4E3BACF774102, EBCE089947CC5A251A517CB91E81FCB948B18405FBACA04C874D4A48AF88676D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:22:00.0227 0x17e0  HidUsb - ok
10:22:00.0243 0x17e0  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:22:00.0259 0x17e0  hkmsvc - ok
10:22:00.0274 0x17e0  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:22:00.0290 0x17e0  HomeGroupListener - ok
10:22:00.0337 0x17e0  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:22:00.0352 0x17e0  HomeGroupProvider - ok
10:22:00.0430 0x17e0  [ 97AAC45A375168C6A2297BEEB9692E31, 9C7285988D0C5DE8E3608F4E9F50A5C9398FFD0DA0F4C965C953859001FC76C8 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:22:00.0446 0x17e0  hpqcxs08 - ok
10:22:00.0461 0x17e0  [ 19A4FB67B1C97EA18EDFF44340973CD9, F1B6A7C1E450FF9A1D10F315F17D42DFE8390E88FF1AED4DE35237C4B81FC81D ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:22:00.0461 0x17e0  hpqddsvc - ok
10:22:00.0493 0x17e0  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:22:00.0493 0x17e0  HpSAMD - ok
10:22:00.0586 0x17e0  [ 56FC98F1014EA8DC51B92839C32759EC, 2F6D21ACE7901E1EC3DEFB96021E131CBEC9821240434A927D2435BBC59E80DC ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
10:22:00.0602 0x17e0  HPSLPSVC - ok
10:22:00.0664 0x17e0  [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:22:00.0664 0x17e0  HTTP - ok
10:22:00.0695 0x17e0  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:22:00.0695 0x17e0  hwpolicy - ok
10:22:00.0742 0x17e0  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
10:22:00.0742 0x17e0  i8042prt - ok
10:22:00.0773 0x17e0  [ 26541A068572F650A2FA490726FE81BE, 9D6EF745731D45C4482274BE9C56300BBE8843D6C182F0E5C621AB121DBE371E ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:22:00.0773 0x17e0  iaStor - ok
10:22:00.0820 0x17e0  [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:22:00.0820 0x17e0  IAStorDataMgrSvc - ok
10:22:00.0836 0x17e0  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:22:00.0851 0x17e0  iaStorV - ok
10:22:00.0929 0x17e0  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:22:00.0945 0x17e0  idsvc - ok
10:22:00.0961 0x17e0  IEEtwCollectorService - ok
10:22:01.0117 0x17e0  [ AD626F6964F4D364D226C39E06872DD3, 5D52F89930BB07D4D2D0FC12143BD233B5D2C238527B3B4CAD74736D1EC84218 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
10:22:01.0210 0x17e0  igfx - ok
10:22:01.0241 0x17e0  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
10:22:01.0241 0x17e0  iirsp - ok
10:22:01.0304 0x17e0  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:22:01.0319 0x17e0  IKEEXT - ok
10:22:01.0351 0x17e0  [ D6782400E92C62ED2BF3AF8ED4753738, F393DED20A7F3E53BEBD832CD3158B539879B7E7E9DA3F94D64215072A5B050E ] InputFilter_Hid_FlexDef2b C:\Windows\system32\DRIVERS\InputFilter_FlexDef2b.sys
10:22:01.0351 0x17e0  InputFilter_Hid_FlexDef2b - ok
10:22:01.0507 0x17e0  [ F4427E5DF32CDE359B2E2E5512D18001, 37660CB81A656F793224381E145CFE6D173EFBA3C58E17669E34D5BA239FF776 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:22:01.0569 0x17e0  IntcAzAudAddService - ok
10:22:01.0600 0x17e0  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:22:01.0600 0x17e0  intelide - ok
10:22:01.0631 0x17e0  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:22:01.0631 0x17e0  intelppm - ok
10:22:01.0663 0x17e0  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:22:01.0678 0x17e0  IPBusEnum - ok
10:22:01.0694 0x17e0  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:22:01.0694 0x17e0  IpFilterDriver - ok
10:22:01.0741 0x17e0  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:22:01.0772 0x17e0  iphlpsvc - ok
10:22:01.0787 0x17e0  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:22:01.0787 0x17e0  IPMIDRV - ok
10:22:01.0803 0x17e0  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:22:01.0819 0x17e0  IPNAT - ok
10:22:01.0834 0x17e0  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:22:01.0850 0x17e0  IRENUM - ok
10:22:01.0865 0x17e0  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:22:01.0865 0x17e0  isapnp - ok
10:22:01.0881 0x17e0  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:22:01.0881 0x17e0  iScsiPrt - ok
10:22:01.0912 0x17e0  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:22:01.0912 0x17e0  kbdclass - ok
10:22:01.0943 0x17e0  [ 3D9F0EBF350EDCFD6498057301455964, B3CB5F0C045B06C86E683F3C67DC0D4E37AF16E20B189B05C926A5A7011438FB ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:22:01.0943 0x17e0  kbdhid - ok
10:22:01.0959 0x17e0  [ DC0B4400073A404B53F571126B58F480, 022F1E8431C6299D8DFA287A570B0D24C2FFDCD8BF79420BAA1637E5366B4459 ] KeyIso          C:\Windows\system32\lsass.exe
10:22:01.0959 0x17e0  KeyIso - ok
10:22:01.0990 0x17e0  [ A1F4064171DB9F314BDABA0B43014CA4, DFAB60F6C8D00DC4AC55D32D797095E82C00F71E33F6EE989B03EE0A1D340FEF ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:22:02.0006 0x17e0  KSecDD - ok
10:22:02.0006 0x17e0  [ 8A8BA57DF21630B36B2FAA229AC5B1D1, D6B407D23453E8547B9F64BC8B484A593347E8252A25B9637BA8F8C067B1E057 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:22:02.0021 0x17e0  KSecPkg - ok
10:22:02.0053 0x17e0  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:22:02.0053 0x17e0  KtmRm - ok
10:22:02.0068 0x17e0  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
10:22:02.0084 0x17e0  LanmanServer - ok
10:22:02.0099 0x17e0  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:22:02.0099 0x17e0  LanmanWorkstation - ok
10:22:02.0146 0x17e0  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:22:02.0146 0x17e0  lltdio - ok
10:22:02.0193 0x17e0  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:22:02.0209 0x17e0  lltdsvc - ok
10:22:02.0224 0x17e0  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:22:02.0224 0x17e0  lmhosts - ok
10:22:02.0240 0x17e0  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
10:22:02.0255 0x17e0  LSI_FC - ok
10:22:02.0271 0x17e0  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
10:22:02.0271 0x17e0  LSI_SAS - ok
10:22:02.0302 0x17e0  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:22:02.0302 0x17e0  LSI_SAS2 - ok
10:22:02.0318 0x17e0  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:22:02.0318 0x17e0  LSI_SCSI - ok
10:22:02.0333 0x17e0  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:22:02.0333 0x17e0  luafv - ok
10:22:02.0349 0x17e0  massfilter - ok
10:22:02.0365 0x17e0  massfilter_hs - ok
10:22:02.0380 0x17e0  [ B4CD87E78A01562E3DA67FE1C2779204, 536AC01C53A18E7B43F02F345FC3088C189A2D01F5E060714C0534FE7ECA2356 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
10:22:02.0380 0x17e0  MBAMProtector - ok
10:22:02.0458 0x17e0  [ 301E3FDFCF33640BB8763BA444BC5093, 362B069BB9A313A06B376CE27E6F7F8D569F6CA39A8ABC96D9DF231EE462C604 ] MBAMScheduler   C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
10:22:02.0489 0x17e0  MBAMScheduler - ok
10:22:02.0536 0x17e0  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
10:22:02.0552 0x17e0  MBAMService - ok
10:22:02.0661 0x17e0  [ 739164A8B8FB2F1B50A498F20AF7B21E, 8E7A387C3726A863BF251E638D072FA472B698EF6868E9A7A00EF1272F809C64 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
10:22:02.0661 0x17e0  MBAMSwissArmy - ok
10:22:02.0677 0x17e0  [ 490F0F3ED8A970E2BAA38F719242B8F7, 03F902365372639424AB654AEBF6EB2B6B73363275435ADC2D086EAA7112AC3D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
10:22:02.0677 0x17e0  MBAMWebAccessControl - ok
10:22:02.0708 0x17e0  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:22:02.0723 0x17e0  Mcx2Svc - ok
10:22:02.0739 0x17e0  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
10:22:02.0755 0x17e0  megasas - ok
10:22:02.0786 0x17e0  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
10:22:02.0786 0x17e0  MegaSR - ok
10:22:02.0817 0x17e0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
10:22:02.0833 0x17e0  MMCSS - ok
10:22:02.0848 0x17e0  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
10:22:02.0848 0x17e0  Modem - ok
10:22:02.0879 0x17e0  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:22:02.0879 0x17e0  monitor - ok
10:22:02.0911 0x17e0  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:22:02.0911 0x17e0  mouclass - ok
10:22:02.0926 0x17e0  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:22:02.0926 0x17e0  mouhid - ok
10:22:02.0973 0x17e0  [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:22:02.0973 0x17e0  mountmgr - ok
10:22:03.0004 0x17e0  [ A7A117CB1104D0829466F48E17BE0A71, 040F18FC1AF72BE2B7123170C2F5F131A9518B8AA57C20F23203625D213C792B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:22:03.0004 0x17e0  MozillaMaintenance - ok
10:22:03.0035 0x17e0  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:22:03.0035 0x17e0  mpio - ok
10:22:03.0051 0x17e0  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:22:03.0051 0x17e0  mpsdrv - ok
10:22:03.0082 0x17e0  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:22:03.0098 0x17e0  MpsSvc - ok
10:22:03.0129 0x17e0  [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:22:03.0129 0x17e0  MRxDAV - ok
10:22:03.0176 0x17e0  [ 01C5B803F6E1FDF8F16F0763DA9B997D, 721B5C6E8E71453D6494971C14CFD93F1A180098D4EE35572EAACEF6FC6B0442 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:22:03.0191 0x17e0  mrxsmb - ok
10:22:03.0207 0x17e0  [ C48A8284F018BEAAFC7A027A570D9C84, DD29ACC08E9F57ED426D11F8A3E2F0EA53F373200D249225627124F65D1EC1BD ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:22:03.0223 0x17e0  mrxsmb10 - ok
10:22:03.0238 0x17e0  [ C1CC047CE391BB88350379153BC1C8FA, 2DC83A61F871A87CFC6E56BF5F164271E7E72694B33E58D842F5759A3DE8F4C7 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:22:03.0238 0x17e0  mrxsmb20 - ok
10:22:03.0269 0x17e0  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:22:03.0269 0x17e0  msahci - ok
10:22:03.0301 0x17e0  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:22:03.0301 0x17e0  msdsm - ok
10:22:03.0316 0x17e0  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
10:22:03.0332 0x17e0  MSDTC - ok
10:22:03.0347 0x17e0  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:22:03.0347 0x17e0  Msfs - ok
10:22:03.0363 0x17e0  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:22:03.0363 0x17e0  mshidkmdf - ok
10:22:03.0379 0x17e0  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:22:03.0379 0x17e0  msisadrv - ok
10:22:03.0410 0x17e0  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:22:03.0410 0x17e0  MSiSCSI - ok
10:22:03.0425 0x17e0  msiserver - ok
10:22:03.0441 0x17e0  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:22:03.0441 0x17e0  MSKSSRV - ok
10:22:03.0457 0x17e0  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:22:03.0457 0x17e0  MSPCLOCK - ok
10:22:03.0472 0x17e0  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:22:03.0472 0x17e0  MSPQM - ok
10:22:03.0488 0x17e0  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:22:03.0488 0x17e0  MsRPC - ok
10:22:03.0503 0x17e0  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:22:03.0519 0x17e0  mssmbios - ok
10:22:03.0519 0x17e0  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:22:03.0535 0x17e0  MSTEE - ok
10:22:03.0535 0x17e0  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
10:22:03.0535 0x17e0  MTConfig - ok
10:22:03.0566 0x17e0  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
10:22:03.0566 0x17e0  Mup - ok
10:22:03.0613 0x17e0  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
10:22:03.0628 0x17e0  napagent - ok
10:22:03.0659 0x17e0  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:22:03.0659 0x17e0  NativeWifiP - ok
10:22:03.0706 0x17e0  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:22:03.0722 0x17e0  NDIS - ok
10:22:03.0737 0x17e0  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:22:03.0737 0x17e0  NdisCap - ok
10:22:03.0769 0x17e0  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:22:03.0769 0x17e0  NdisTapi - ok
10:22:03.0784 0x17e0  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:22:03.0784 0x17e0  Ndisuio - ok
10:22:03.0815 0x17e0  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:22:03.0815 0x17e0  NdisWan - ok
10:22:03.0831 0x17e0  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:22:03.0831 0x17e0  NDProxy - ok
10:22:03.0878 0x17e0  [ A081CB6FB9A12668F233EB5414BE3A0E, EE2A1311B51D1FEBAF79F45E568A927D8EA7704AFC8495AED2D26927566F61E3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:22:03.0878 0x17e0  Net Driver HPZ12 - ok
10:22:03.0909 0x17e0  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:22:03.0909 0x17e0  NetBIOS - ok
10:22:03.0940 0x17e0  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:22:03.0940 0x17e0  NetBT - ok
10:22:03.0956 0x17e0  [ DC0B4400073A404B53F571126B58F480, 022F1E8431C6299D8DFA287A570B0D24C2FFDCD8BF79420BAA1637E5366B4459 ] Netlogon        C:\Windows\system32\lsass.exe
10:22:03.0971 0x17e0  Netlogon - ok
10:22:04.0003 0x17e0  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
10:22:04.0018 0x17e0  Netman - ok
10:22:04.0049 0x17e0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:22:04.0065 0x17e0  NetMsmqActivator - ok
10:22:04.0065 0x17e0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:22:04.0065 0x17e0  NetPipeActivator - ok
10:22:04.0096 0x17e0  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
10:22:04.0096 0x17e0  netprofm - ok
10:22:04.0112 0x17e0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:22:04.0112 0x17e0  NetTcpActivator - ok
10:22:04.0112 0x17e0  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:22:04.0127 0x17e0  NetTcpPortSharing - ok
10:22:04.0143 0x17e0  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
10:22:04.0143 0x17e0  nfrd960 - ok
10:22:04.0174 0x17e0  [ 11D101C6EDE012E018F37275CD3DAA3C, DD97E2032BB7B70B5C60B26B0DC57A28A7CC9B817E664963D3213E756B03A1DF ] ngvss           C:\Windows\system32\drivers\ngvss.sys
10:22:04.0174 0x17e0  ngvss - ok
10:22:04.0221 0x17e0  [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:22:04.0221 0x17e0  NlaSvc - ok
10:22:04.0252 0x17e0  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:22:04.0252 0x17e0  Npfs - ok
10:22:04.0268 0x17e0  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
10:22:04.0268 0x17e0  nsi - ok
10:22:04.0283 0x17e0  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:22:04.0283 0x17e0  nsiproxy - ok
10:22:04.0330 0x17e0  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:22:04.0346 0x17e0  Ntfs - ok
10:22:04.0361 0x17e0  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
10:22:04.0361 0x17e0  Null - ok
10:22:04.0393 0x17e0  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:22:04.0393 0x17e0  nvraid - ok
10:22:04.0408 0x17e0  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:22:04.0408 0x17e0  nvstor - ok
10:22:04.0439 0x17e0  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:22:04.0439 0x17e0  nv_agp - ok
10:22:04.0455 0x17e0  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:22:04.0455 0x17e0  ohci1394 - ok
10:22:04.0502 0x17e0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:22:04.0517 0x17e0  ose - ok
10:22:04.0549 0x17e0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:22:04.0564 0x17e0  p2pimsvc - ok
10:22:04.0580 0x17e0  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:22:04.0595 0x17e0  p2psvc - ok
10:22:04.0611 0x17e0  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
10:22:04.0611 0x17e0  Parport - ok
10:22:04.0627 0x17e0  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:22:04.0627 0x17e0  partmgr - ok
10:22:04.0642 0x17e0  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
10:22:04.0642 0x17e0  Parvdm - ok
10:22:04.0673 0x17e0  [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:22:04.0689 0x17e0  PcaSvc - ok
10:22:04.0689 0x17e0  pccsmcfd - ok
10:22:04.0720 0x17e0  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
10:22:04.0720 0x17e0  pci - ok
10:22:04.0767 0x17e0  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:22:04.0767 0x17e0  pciide - ok
10:22:04.0783 0x17e0  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
10:22:04.0798 0x17e0  pcmcia - ok
10:22:04.0829 0x17e0  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:22:04.0829 0x17e0  pcw - ok
10:22:04.0861 0x17e0  [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:22:04.0876 0x17e0  PEAUTH - ok
10:22:04.0954 0x17e0  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
10:22:04.0985 0x17e0  pla - ok
10:22:05.0017 0x17e0  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:22:05.0017 0x17e0  PlugPlay - ok
10:22:05.0063 0x17e0  [ 65BC271F337637731D3C71455AE1F476, DAD32B61FE0147F8D2DA4C8F016920CD6BB2098F16E3CC2768009763E71DEFBC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:22:05.0063 0x17e0  Pml Driver HPZ12 - ok
10:22:05.0095 0x17e0  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:22:05.0095 0x17e0  PNRPAutoReg - ok
10:22:05.0126 0x17e0  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:22:05.0126 0x17e0  PNRPsvc - ok
10:22:05.0157 0x17e0  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:22:05.0157 0x17e0  PolicyAgent - ok
10:22:05.0188 0x17e0  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
10:22:05.0188 0x17e0  Power - ok
10:22:05.0204 0x17e0  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:22:05.0219 0x17e0  PptpMiniport - ok
10:22:05.0235 0x17e0  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
10:22:05.0235 0x17e0  Processor - ok
10:22:05.0266 0x17e0  [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:22:05.0282 0x17e0  ProfSvc - ok
10:22:05.0297 0x17e0  [ DC0B4400073A404B53F571126B58F480, 022F1E8431C6299D8DFA287A570B0D24C2FFDCD8BF79420BAA1637E5366B4459 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:22:05.0297 0x17e0  ProtectedStorage - ok
10:22:05.0329 0x17e0  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:22:05.0329 0x17e0  Psched - ok
10:22:05.0375 0x17e0  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
10:22:05.0375 0x17e0  PSI_SVC_2 - ok
10:22:05.0453 0x17e0  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
10:22:05.0485 0x17e0  ql2300 - ok
10:22:05.0500 0x17e0  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
10:22:05.0516 0x17e0  ql40xx - ok
10:22:05.0547 0x17e0  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
10:22:05.0578 0x17e0  QWAVE - ok
10:22:05.0594 0x17e0  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:22:05.0594 0x17e0  QWAVEdrv - ok
10:22:05.0609 0x17e0  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:22:05.0609 0x17e0  RasAcd - ok
10:22:05.0641 0x17e0  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:22:05.0641 0x17e0  RasAgileVpn - ok
10:22:05.0656 0x17e0  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
10:22:05.0656 0x17e0  RasAuto - ok
10:22:05.0672 0x17e0  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:22:05.0672 0x17e0  Rasl2tp - ok
10:22:05.0719 0x17e0  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
10:22:05.0719 0x17e0  RasMan - ok
10:22:05.0734 0x17e0  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:22:05.0734 0x17e0  RasPppoe - ok
10:22:05.0750 0x17e0  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:22:05.0750 0x17e0  RasSstp - ok
10:22:05.0765 0x17e0  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:22:05.0781 0x17e0  rdbss - ok
10:22:05.0797 0x17e0  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
10:22:05.0797 0x17e0  rdpbus - ok
10:22:05.0828 0x17e0  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:22:05.0828 0x17e0  RDPCDD - ok
10:22:05.0859 0x17e0  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:22:05.0859 0x17e0  RDPENCDD - ok
10:22:05.0859 0x17e0  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:22:05.0875 0x17e0  RDPREFMP - ok
10:22:05.0921 0x17e0  [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:22:05.0921 0x17e0  RdpVideoMiniport - ok
10:22:05.0968 0x17e0  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:22:05.0984 0x17e0  RDPWD - ok
10:22:06.0031 0x17e0  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:22:06.0046 0x17e0  rdyboost - ok
10:22:06.0062 0x17e0  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:22:06.0077 0x17e0  RemoteAccess - ok
10:22:06.0093 0x17e0  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:22:06.0109 0x17e0  RemoteRegistry - ok
10:22:06.0124 0x17e0  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:22:06.0124 0x17e0  RpcEptMapper - ok
10:22:06.0155 0x17e0  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
10:22:06.0155 0x17e0  RpcLocator - ok
10:22:06.0171 0x17e0  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
10:22:06.0187 0x17e0  RpcSs - ok
10:22:06.0202 0x17e0  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:22:06.0218 0x17e0  rspndr - ok
10:22:06.0249 0x17e0  [ BCEBD5D1AABCE4EFB7597635E347C44B, AB26EA1A028D30C4D1763EAB1991E2BABD44A78BDD4E06B6A1F101756860B1D4 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
10:22:06.0249 0x17e0  RTL8167 - ok
10:22:06.0311 0x17e0  [ 51ADEF77E4C929535FD50DA153774E79, A02C501D6582DE2E450840E187285678A42087519C232AA20A7ECA1E218ED179 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
10:22:06.0327 0x17e0  RTL8192su - ok
10:22:06.0343 0x17e0  [ DC0B4400073A404B53F571126B58F480, 022F1E8431C6299D8DFA287A570B0D24C2FFDCD8BF79420BAA1637E5366B4459 ] SamSs           C:\Windows\system32\lsass.exe
10:22:06.0343 0x17e0  SamSs - ok
10:22:06.0405 0x17e0  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
10:22:06.0405 0x17e0  SASDIFSV - ok
10:22:06.0436 0x17e0  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
10:22:06.0436 0x17e0  SASKUTIL - ok
10:22:06.0467 0x17e0  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:22:06.0467 0x17e0  sbp2port - ok
10:22:06.0499 0x17e0  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:22:06.0514 0x17e0  SCardSvr - ok
10:22:06.0530 0x17e0  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:22:06.0530 0x17e0  scfilter - ok
10:22:06.0577 0x17e0  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
10:22:06.0592 0x17e0  Schedule - ok
10:22:06.0623 0x17e0  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:22:06.0623 0x17e0  SCPolicySvc - ok
10:22:06.0639 0x17e0  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:22:06.0655 0x17e0  SDRSVC - ok
10:22:06.0701 0x17e0  [ 4A5809A1D796E2675AC0332BF7B0CB11, 7EEEC85A397F04A9460DC37A070D115E19114D9A3E5D9D7E8021F60A7986C8C1 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:22:06.0701 0x17e0  SeaPort - ok
10:22:06.0733 0x17e0  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:22:06.0748 0x17e0  secdrv - ok
10:22:06.0764 0x17e0  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
10:22:06.0779 0x17e0  seclogon - ok
10:22:06.0811 0x17e0  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
10:22:06.0811 0x17e0  SENS - ok
10:22:06.0826 0x17e0  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:22:06.0826 0x17e0  SensrSvc - ok
10:22:06.0842 0x17e0  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
10:22:06.0857 0x17e0  Serenum - ok
10:22:06.0857 0x17e0  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
10:22:06.0873 0x17e0  Serial - ok
10:22:06.0889 0x17e0  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
10:22:06.0889 0x17e0  sermouse - ok
10:22:06.0920 0x17e0  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:22:06.0920 0x17e0  SessionEnv - ok
10:22:06.0951 0x17e0  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:22:06.0951 0x17e0  sffdisk - ok
10:22:06.0951 0x17e0  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:22:06.0951 0x17e0  sffp_mmc - ok
10:22:06.0967 0x17e0  [ A0708BBD07D245C06FF9DE549CA47185, 6A95ACD63A3E7CE6065D0A8B5C182C5B3F4540B8345AB5DCCBD3AC77E9D6CEAC ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:22:06.0967 0x17e0  sffp_sd - ok
10:22:06.0982 0x17e0  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
10:22:06.0982 0x17e0  sfloppy - ok
10:22:07.0029 0x17e0  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:22:07.0029 0x17e0  SharedAccess - ok
10:22:07.0060 0x17e0  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:22:07.0060 0x17e0  ShellHWDetection - ok
10:22:07.0091 0x17e0  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
10:22:07.0091 0x17e0  sisagp - ok
10:22:07.0123 0x17e0  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:22:07.0123 0x17e0  SiSRaid2 - ok
10:22:07.0138 0x17e0  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
10:22:07.0138 0x17e0  SiSRaid4 - ok
10:22:07.0169 0x17e0  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:22:07.0169 0x17e0  Smb - ok
10:22:07.0201 0x17e0  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:22:07.0201 0x17e0  SNMPTRAP - ok
10:22:07.0216 0x17e0  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:22:07.0216 0x17e0  spldr - ok
10:22:07.0263 0x17e0  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
10:22:07.0294 0x17e0  Spooler - ok
10:22:07.0388 0x17e0  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
10:22:07.0450 0x17e0  sppsvc - ok
10:22:07.0481 0x17e0  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:22:07.0497 0x17e0  sppuinotify - ok
10:22:07.0513 0x17e0  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:22:07.0528 0x17e0  srv - ok
10:22:07.0544 0x17e0  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:22:07.0544 0x17e0  srv2 - ok
10:22:07.0559 0x17e0  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:22:07.0575 0x17e0  srvnet - ok
10:22:07.0606 0x17e0  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:22:07.0606 0x17e0  SSDPSRV - ok
10:22:07.0637 0x17e0  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:22:07.0637 0x17e0  SstpSvc - ok
10:22:07.0669 0x17e0  [ D2C02234E3E87EA5FE420F045068099B, A5BFB342FFF50E6EAF5586A72BCBE56E9DA4F7AE612EDE7D20D77DB59472D3FE ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
10:22:07.0684 0x17e0  ssudmdm - ok
10:22:07.0715 0x17e0  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
10:22:07.0715 0x17e0  stexstor - ok
10:22:07.0778 0x17e0  [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
10:22:07.0778 0x17e0  StillCam - ok
10:22:07.0840 0x17e0  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
10:22:07.0856 0x17e0  StiSvc - ok
10:22:07.0887 0x17e0  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:22:07.0887 0x17e0  swenum - ok
10:22:07.0903 0x17e0  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
10:22:07.0918 0x17e0  swprv - ok
10:22:07.0965 0x17e0  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
10:22:07.0996 0x17e0  SysMain - ok
10:22:08.0012 0x17e0  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
10:22:08.0012 0x17e0  TabletInputService - ok
10:22:08.0043 0x17e0  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:22:08.0059 0x17e0  TapiSrv - ok
10:22:08.0074 0x17e0  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
10:22:08.0090 0x17e0  TBS - ok
10:22:08.0137 0x17e0  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:22:08.0168 0x17e0  Tcpip - ok
10:22:08.0199 0x17e0  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:22:08.0230 0x17e0  TCPIP6 - ok
10:22:08.0246 0x17e0  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:22:08.0246 0x17e0  tcpipreg - ok
10:22:08.0277 0x17e0  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:22:08.0277 0x17e0  TDPIPE - ok
10:22:08.0293 0x17e0  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:22:08.0293 0x17e0  TDTCP - ok
10:22:08.0324 0x17e0  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:22:08.0324 0x17e0  tdx - ok
10:22:08.0339 0x17e0  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:22:08.0339 0x17e0  TermDD - ok
10:22:08.0386 0x17e0  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
10:22:08.0402 0x17e0  TermService - ok
10:22:08.0433 0x17e0  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
10:22:08.0433 0x17e0  Themes - ok
10:22:08.0449 0x17e0  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
10:22:08.0449 0x17e0  THREADORDER - ok
10:22:08.0464 0x17e0  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
10:22:08.0464 0x17e0  TrkWks - ok
10:22:08.0511 0x17e0  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:22:08.0511 0x17e0  TrustedInstaller - ok
10:22:08.0542 0x17e0  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:22:08.0558 0x17e0  tssecsrv - ok
10:22:08.0589 0x17e0  [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:22:08.0589 0x17e0  TsUsbFlt - ok
10:22:08.0636 0x17e0  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:22:08.0651 0x17e0  tunnel - ok
10:22:08.0698 0x17e0  [ F26BC69340E88A8A2824651149FF949C, 66A9E34F4E32AE54E0AE9A7520107F953E9434CA00D522D37519531D8C92D292 ] TVGOnlineUpdateSvc C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe
10:22:08.0714 0x17e0  TVGOnlineUpdateSvc - ok
10:22:08.0745 0x17e0  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
10:22:08.0745 0x17e0  uagp35 - ok
10:22:08.0776 0x17e0  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:22:08.0776 0x17e0  udfs - ok
10:22:08.0807 0x17e0  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:22:08.0823 0x17e0  UI0Detect - ok
10:22:08.0854 0x17e0  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:22:08.0854 0x17e0  uliagpkx - ok
10:22:08.0870 0x17e0  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:22:08.0870 0x17e0  umbus - ok
10:22:08.0901 0x17e0  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
10:22:08.0901 0x17e0  UmPass - ok
10:22:08.0917 0x17e0  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
10:22:08.0932 0x17e0  upnphost - ok
10:22:08.0948 0x17e0  [ 8455C4ED038EFD09E99327F9D2D48FFA, D166F98EA3D85F7DD6B5258949C186714A17EF89B6FDC9804165F7B4FA811C30 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
10:22:08.0948 0x17e0  usbccgp - ok
10:22:08.0979 0x17e0  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:22:08.0979 0x17e0  usbcir - ok
10:22:08.0995 0x17e0  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
10:22:09.0010 0x17e0  usbehci - ok
10:22:09.0041 0x17e0  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
10:22:09.0041 0x17e0  usbhub - ok
10:22:09.0057 0x17e0  [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:22:09.0057 0x17e0  usbohci - ok
10:22:09.0088 0x17e0  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:22:09.0088 0x17e0  usbprint - ok
10:22:09.0104 0x17e0  [ FC6B21DB4B5B398AB93DBE59CBF11036, A94094C208F376405C07822A6143001EF1B12AE93205CD8002E87F6EB45F6374 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:22:09.0104 0x17e0  usbscan - ok
10:22:09.0119 0x17e0  [ 88701ECA76145E2C011C0EEFF0F7B70E, 1902E901E0E2548F100872F7E59C6A7FADA9E8A9F28810D7405B4F51B44FD4B4 ] usbser          C:\Windows\system32\drivers\usbser.sys
10:22:09.0119 0x17e0  usbser - ok
10:22:09.0135 0x17e0  [ D8889D56E0D27E57ED4591837FE71D27, DB1B65EEBFB036086EC3347C1181D9D01FF65870EAEC4A1BA08AF43C35075647 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:22:09.0151 0x17e0  USBSTOR - ok
10:22:09.0166 0x17e0  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
10:22:09.0166 0x17e0  usbuhci - ok
10:22:09.0182 0x17e0  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
10:22:09.0197 0x17e0  UxSms - ok
10:22:09.0197 0x17e0  [ DC0B4400073A404B53F571126B58F480, 022F1E8431C6299D8DFA287A570B0D24C2FFDCD8BF79420BAA1637E5366B4459 ] VaultSvc        C:\Windows\system32\lsass.exe
10:22:09.0213 0x17e0  VaultSvc - ok
10:22:09.0307 0x17e0  [ 53D2D97E86482E0BF46462D9DCFEEC9D, 12328968129F3DEC989F4BEDE603DB0D574540B68CBF8537E070165600ABDBBA ] VBoxAswDrv      C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
10:22:09.0322 0x17e0  VBoxAswDrv - ok
10:22:09.0338 0x17e0  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:22:09.0338 0x17e0  vdrvroot - ok
10:22:09.0369 0x17e0  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
10:22:09.0385 0x17e0  vds - ok
10:22:09.0400 0x17e0  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:22:09.0400 0x17e0  vga - ok
10:22:09.0431 0x17e0  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:22:09.0431 0x17e0  VgaSave - ok
10:22:09.0447 0x17e0  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:22:09.0463 0x17e0  vhdmp - ok
10:22:09.0478 0x17e0  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
10:22:09.0478 0x17e0  viaagp - ok
10:22:09.0509 0x17e0  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
10:22:09.0509 0x17e0  ViaC7 - ok
10:22:09.0541 0x17e0  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:22:09.0541 0x17e0  viaide - ok
10:22:09.0556 0x17e0  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:22:09.0556 0x17e0  volmgr - ok
10:22:09.0572 0x17e0  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:22:09.0587 0x17e0  volmgrx - ok
10:22:09.0603 0x17e0  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:22:09.0603 0x17e0  volsnap - ok
10:22:09.0634 0x17e0  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
10:22:09.0634 0x17e0  vsmraid - ok
10:22:09.0681 0x17e0  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
10:22:09.0712 0x17e0  VSS - ok
10:22:09.0728 0x17e0  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
10:22:09.0728 0x17e0  vwifibus - ok
10:22:09.0743 0x17e0  [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:22:09.0743 0x17e0  vwififlt - ok
10:22:09.0759 0x17e0  [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:22:09.0759 0x17e0  vwifimp - ok
10:22:09.0775 0x17e0  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
10:22:09.0790 0x17e0  W32Time - ok
10:22:09.0821 0x17e0  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
10:22:09.0821 0x17e0  WacomPen - ok
10:22:09.0837 0x17e0  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:22:09.0853 0x17e0  WANARP - ok
10:22:09.0853 0x17e0  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:22:09.0853 0x17e0  Wanarpv6 - ok
10:22:09.0899 0x17e0  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
10:22:09.0931 0x17e0  wbengine - ok
10:22:09.0946 0x17e0  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:22:09.0962 0x17e0  WbioSrvc - ok
10:22:09.0977 0x17e0  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:22:09.0993 0x17e0  wcncsvc - ok
10:22:09.0993 0x17e0  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:22:10.0009 0x17e0  WcsPlugInService - ok
10:22:10.0024 0x17e0  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
10:22:10.0024 0x17e0  Wd - ok
10:22:10.0071 0x17e0  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:22:10.0071 0x17e0  Wdf01000 - ok
10:22:10.0102 0x17e0  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:22:10.0118 0x17e0  WdiServiceHost - ok
10:22:10.0118 0x17e0  [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:22:10.0118 0x17e0  WdiSystemHost - ok
10:22:10.0149 0x17e0  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
10:22:10.0149 0x17e0  WebClient - ok
10:22:10.0180 0x17e0  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:22:10.0180 0x17e0  Wecsvc - ok
10:22:10.0196 0x17e0  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:22:10.0196 0x17e0  wercplsupport - ok
10:22:10.0211 0x17e0  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
10:22:10.0227 0x17e0  WerSvc - ok
10:22:10.0258 0x17e0  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:22:10.0258 0x17e0  WfpLwf - ok
10:22:10.0274 0x17e0  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:22:10.0274 0x17e0  WIMMount - ok
10:22:10.0352 0x17e0  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
10:22:10.0383 0x17e0  WinDefend - ok
10:22:10.0383 0x17e0  WinHttpAutoProxySvc - ok
10:22:10.0445 0x17e0  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:22:10.0461 0x17e0  Winmgmt - ok
10:22:10.0539 0x17e0  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:22:10.0570 0x17e0  WinRM - ok
10:22:10.0601 0x17e0  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
10:22:10.0601 0x17e0  WinUsb - ok
10:22:10.0633 0x17e0  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:22:10.0648 0x17e0  Wlansvc - ok
10:22:10.0757 0x17e0  [ 5144AE67D60EC653F97DDF3FEED29E77, F6238767284B2356A9F502E2ACCFAAC283FA13CBF238E98B5115A55179526B10 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:22:10.0789 0x17e0  wlidsvc - ok
10:22:10.0820 0x17e0  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:22:10.0820 0x17e0  WmiAcpi - ok
10:22:10.0835 0x17e0  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:22:10.0835 0x17e0  wmiApSrv - ok
10:22:10.0913 0x17e0  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
10:22:10.0960 0x17e0  WMPNetworkSvc - ok
10:22:10.0991 0x17e0  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:22:11.0007 0x17e0  WPCSvc - ok
10:22:11.0023 0x17e0  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:22:11.0023 0x17e0  WPDBusEnum - ok
10:22:11.0038 0x17e0  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:22:11.0054 0x17e0  ws2ifsl - ok
10:22:11.0054 0x17e0  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
10:22:11.0069 0x17e0  wscsvc - ok
10:22:11.0085 0x17e0  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
10:22:11.0085 0x17e0  WSDPrintDevice - ok
10:22:11.0085 0x17e0  WSearch - ok
10:22:11.0179 0x17e0  [ B5DCDEF119A729CB493E9070BF9A7E9D, D7706CFE8521206B38F5F1B57EA2F046E14DB4C893868862BEAFC2A83E2E9098 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:22:11.0225 0x17e0  wuauserv - ok
10:22:11.0257 0x17e0  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:22:11.0257 0x17e0  WudfPf - ok
10:22:11.0272 0x17e0  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
10:22:11.0272 0x17e0  WUDFRd - ok
10:22:11.0303 0x17e0  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:22:11.0303 0x17e0  wudfsvc - ok
10:22:11.0335 0x17e0  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:22:11.0335 0x17e0  WwanSvc - ok
10:22:11.0350 0x17e0  ZTEusbmdm6k - ok
10:22:11.0350 0x17e0  ZTEusbnmea - ok
10:22:11.0366 0x17e0  ZTEusbser6k - ok
10:22:11.0381 0x17e0  ================ Scan global ===============================
10:22:11.0397 0x17e0  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
10:22:11.0428 0x17e0  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
10:22:11.0444 0x17e0  [ A83DD77AC941A8B1B2652035EA589149, 8F879178E154B3F9F367FB3D6F9A21B129F36796CD3B6A76A9E7CFDD0F63332C ] C:\Windows\system32\winsrv.dll
10:22:11.0475 0x17e0  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
10:22:11.0506 0x17e0  [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
10:22:11.0522 0x17e0  [ Global ] - ok
10:22:11.0522 0x17e0  ================ Scan MBR ==================================
10:22:11.0522 0x17e0  [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0
10:22:13.0784 0x17e0  \Device\Harddisk0\DR0 - ok
10:22:13.0784 0x17e0  ================ Scan VBR ==================================
10:22:13.0784 0x17e0  [ A96290B5401C2DA5A08BB9471D76D503 ] \Device\Harddisk0\DR0\Partition1
10:22:13.0846 0x17e0  \Device\Harddisk0\DR0\Partition1 - ok
10:22:13.0846 0x17e0  [ 046BBD7303F14EB983A3F0C302651470 ] \Device\Harddisk0\DR0\Partition2
10:22:13.0893 0x17e0  \Device\Harddisk0\DR0\Partition2 - ok
10:22:13.0909 0x17e0  [ 376B50B18DD730F4A63E4B8227F4638C ] \Device\Harddisk0\DR0\Partition3
10:22:13.0909 0x17e0  \Device\Harddisk0\DR0\Partition3 - ok
10:22:13.0909 0x17e0  ================ Scan generic autorun ======================
10:22:13.0987 0x17e0  [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
10:22:14.0002 0x17e0  IAStorIcon - ok
10:22:14.0065 0x17e0  [ 57B4D34232852BFE4453BE571DF90D21, 3D329499D7BCACAE5F6377F988B90714F5A8301784CDB22D5B54A2266AC50D79 ] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
10:22:14.0065 0x17e0  CLMLServer - ok
10:22:14.0314 0x17e0  [ 59D29EF36C6712AAA8607E3484E75259, 48FFDE24C55FF45F8DA47A5D9D0E6ED8F375D683753A0CF0CCC9602D7332A55A ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
10:22:14.0501 0x17e0  RtHDVCpl - ok
10:22:14.0564 0x17e0  [ D3B5015D8AE7B02284E94EA13CCBC41A, 625F2450D5ADF0C0EEDCF9F96360814D4B96304158FAF6792E42893DFEB2A671 ] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
10:22:14.0564 0x17e0  StartCCC - ok
10:22:14.0611 0x17e0  [ 8A6683AC1DAFA824615BB3857EF8C709, 3E0C4A19E9DC29D74DBCE53A58E5E196BBA2D4603C9D0CDE73FACE6C214A4154 ] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
10:22:14.0611 0x17e0  Adobe Reader Speed Launcher - ok
10:22:14.0657 0x17e0  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:22:14.0689 0x17e0  Adobe ARM - ok
10:22:14.0767 0x17e0  [ F03F9BCB7415097969CA8E2068F0CA6B, AC32D25599FCBB8E56AF5C7BDCC52C34BCBCBBE03635645406F2E16B5F445799 ] C:\ProgramData\iTwin\iTwinAssist.exe
10:22:14.0767 0x17e0  iTwinAssist - ok
10:22:14.0829 0x17e0  [ F6B028380423B1C498984ED5CE873A47, 8339A1FFA43E7A7388F56FAC11326182B90E49FC22A24F48CFBB0D85F9002CE4 ] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
10:22:14.0829 0x17e0  KiesTrayAgent - ok
10:22:15.0016 0x17e0  [ 799450710D1B09FAF0D220B4DA3BF431, EE77DE14BC91D9A26D08AF4507071BB13F9D7F835AE6616B7D313F4FAF877793 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
10:22:15.0157 0x17e0  AvastUI.exe - ok
10:22:15.0266 0x17e0  [ CDF2861F97D24F74B667C8439316A581, 58660630E806C66949B4BFE2DB7824D599DC703F3F6E051122D520DAE1FD17DD ] C:\Program Files\SFirmV3\Programm\sfWinStartupInfo.exe
10:22:15.0281 0x17e0  SfWinStartInfoV3 - ok
10:22:15.0328 0x17e0  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
10:22:15.0344 0x17e0  HP Software Update - ok
10:22:15.0406 0x17e0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
10:22:15.0422 0x17e0  Sidebar - ok
10:22:15.0453 0x17e0  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
10:22:15.0453 0x17e0  mctadmin - ok
10:22:15.0484 0x17e0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
10:22:15.0500 0x17e0  Sidebar - ok
10:22:15.0500 0x17e0  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
10:22:15.0515 0x17e0  mctadmin - ok
10:22:15.0578 0x17e0  [ 7738C9F1318EA2E747330008C42B9473, 5CA5D17D6E2A5416B12411883F4DE18703C175B8FCA5FD61772018B1CE5AB51E ] C:\Program Files\Samsung\Kies\Kies.exe
10:22:15.0609 0x17e0  KiesPreload - ok
10:22:15.0656 0x17e0  [ 760ACD103FFB86AD65DC41CDEB08ABCF, 518DBEA24FB54D54BD17E0940ADD49134525D161A62C2E9D71FD876CE3E97D7B ] C:\Program Files\Samsung\Kies\KiesAirMessage.exe
10:22:15.0656 0x17e0  KiesAirMessage - ok
10:22:15.0703 0x17e0  [ F778E9136AB0DB9DE9802A7043DE50A7, 90803A583E9F693DE5E7B8A196832436F6F648B27FB82E55904C256F30CC8B3A ] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
10:22:15.0734 0x17e0  Adobe Reader Synchronizer - ok
10:22:15.0859 0x17e0  [ 395BCC9122E705F6586217E32CD01CC9, 0A2E3BF0E626A65B9FF1BEFB35FFBC9CCAA3C75DB395D175AAE2DD014A8E8A34 ] C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
10:22:15.0905 0x17e0  HP Officejet 6500 E710n-z (NET) - ok
10:22:15.0905 0x17e0  Waiting for KSN requests completion. In queue: 55
10:22:16.0919 0x17e0  Waiting for KSN requests completion. In queue: 55
10:22:17.0933 0x17e0  Waiting for KSN requests completion. In queue: 55
10:22:18.0994 0x17e0  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2223.1143 ), 0x41000 ( enabled : updated )
10:22:18.0994 0x17e0  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.3.2223.1143 ), 0x40010 ( disabled )
10:22:19.0010 0x17e0  Win FW state via NFP2: enabled ( trusted )
10:22:21.0490 0x17e0  ============================================================
10:22:21.0490 0x17e0  Scan finished
10:22:21.0490 0x17e0  ============================================================
10:22:21.0506 0x1760  Detected object count: 0
10:22:21.0506 0x1760  Actual detected object count: 0

Seit gestern sind komischerweise keine Meldungen mehr gekommen. Ich hoffe es bleibt dabei! Besten Dank an Schrauber für die Hilfe.

schrauber · 04.08.2015, 14:46

wir haben noch Arbeit

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

wbartuli · 05.08.2015, 07:26

Code:

ATTFilter

ComboFix 15-08-03.01 - Binefeld 05.08.2015   8:07.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3071.1543 [GMT 2:00]
ausgeführt von:: c:\users\Binefeld\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Binefeld\AppData\Local\assembly\tmp
c:\users\Binefeld\AppData\Local\assembly\tmp\DKUBJJZ4\__AssemblyInfo__.ini
c:\users\Binefeld\AppData\Local\assembly\tmp\DKUBJJZ4\Extensibility.DLL
c:\users\Binefeld\AppData\Local\assembly\tmp\UONOUWQW\__AssemblyInfo__.ini
c:\users\Binefeld\AppData\Local\assembly\tmp\UONOUWQW\AddinExpress.MSO.2005.DLL
c:\users\Binefeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkibt2q.dll
c:\users\Binefeld\Desktop\Internet Explorer.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-07-05 bis 2015-08-05  ))))))))))))))))))))))))))))))
.
.
2015-08-05 06:15 . 2015-08-05 06:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-08-05 02:09 . 2015-08-05 02:09	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A44560CC-FB06-4957-AA80-9C7141936C99}\offreg.2396.dll
2015-08-05 02:08 . 2015-07-15 01:33	9252608	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A44560CC-FB06-4957-AA80-9C7141936C99}\mpengine.dll
2015-08-04 10:13 . 2015-08-04 10:13	313472	----a-w-	c:\windows\system32\aswBoot.exe
2015-08-04 10:13 . 2015-08-04 10:13	43112	----a-w-	c:\windows\avastSS.scr
2015-08-04 10:12 . 2015-08-04 10:15	--------	d-----w-	c:\program files\Dropbox
2015-08-04 07:59 . 2015-08-04 08:18	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-08-04 06:56 . 2015-05-01 13:16	102608	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-02 12:28 . 2015-08-02 12:28	--------	d-----w-	c:\users\Binefeld\AppData\Local\GWX
2015-08-01 08:31 . 2015-05-09 18:09	715200	----a-w-	c:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-01 08:31 . 2015-03-14 03:04	67584	----a-w-	c:\windows\system32\dwmapi.dll
2015-08-01 08:31 . 2015-03-14 03:04	1372160	----a-w-	c:\windows\system32\dwmcore.dll
2015-07-31 18:11 . 2015-07-31 18:11	--------	d-----w-	c:\users\Binefeld\AppData\Roaming\TVG
2015-07-31 12:15 . 2015-07-31 12:30	--------	d-----w-	C:\FRST
2015-07-31 10:07 . 2015-07-31 10:11	--------	d-----w-	C:\AdwCleaner
2015-07-30 17:10 . 2015-07-30 17:10	35064	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2015-07-30 17:10 . 2015-07-30 17:48	--------	d-----w-	c:\programdata\RogueKiller
2015-07-30 16:53 . 2015-07-30 16:53	12872	----a-w-	c:\windows\system32\bootdelete.exe
2015-07-30 16:35 . 2015-07-30 16:54	--------	d-----w-	c:\programdata\HitmanPro
2015-07-30 16:14 . 2015-08-05 06:16	98520	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-30 16:13 . 2015-08-04 07:58	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-07-30 16:13 . 2015-06-18 06:41	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-07-30 16:13 . 2015-06-18 06:41	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-07-30 16:13 . 2015-07-30 16:13	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-07-30 16:02 . 2015-07-30 15:10	24064	----a-w-	c:\windows\zoek-delete.exe
2015-07-30 16:02 . 2015-08-05 06:18	--------	d-----w-	c:\users\Binefeld\AppData\Local\Temp
2015-07-30 15:10 . 2015-07-30 15:56	--------	d-----w-	C:\zoek_backup
2015-07-30 14:23 . 2015-08-01 07:36	--------	d--h--w-	c:\programdata\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-07-28 08:02 . 2015-07-25 17:47	587264	----a-w-	c:\windows\system32\generaltel.dll
2015-07-28 08:02 . 2015-07-25 17:47	628736	----a-w-	c:\windows\system32\invagent.dll
2015-07-28 08:02 . 2015-07-25 17:46	342016	----a-w-	c:\windows\system32\devinv.dll
2015-07-28 08:02 . 2015-07-25 17:46	924160	----a-w-	c:\windows\system32\appraiser.dll
2015-07-28 08:02 . 2015-07-25 17:46	58880	----a-w-	c:\windows\system32\acmigration.dll
2015-07-28 08:02 . 2015-07-25 17:40	932864	----a-w-	c:\windows\system32\aeinv.dll
2015-07-28 08:02 . 2015-06-03 20:17	163840	----a-w-	c:\windows\system32\aepic.dll
2015-07-28 08:02 . 2015-07-25 17:51	15808	----a-w-	c:\windows\system32\CompatTelRunner.exe
2015-07-28 08:02 . 2015-07-25 17:46	202752	----a-w-	c:\windows\system32\aepdu.dll
2015-07-21 12:09 . 2015-07-15 02:55	26624	----a-w-	c:\windows\system32\lpk.dll
2015-07-21 12:09 . 2015-07-15 02:55	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-07-21 12:09 . 2015-07-15 01:52	299008	----a-w-	c:\windows\system32\atmfd.dll
2015-07-21 12:09 . 2015-07-15 02:55	70656	----a-w-	c:\windows\system32\fontsub.dll
2015-07-21 12:09 . 2015-07-15 02:55	10240	----a-w-	c:\windows\system32\dciman32.dll
2015-07-20 13:33 . 2015-08-04 10:13	95112	----a-w-	c:\windows\system32\drivers\ngvss.sys
2015-07-15 20:18 . 2015-07-09 17:42	11776	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-07-15 20:18 . 2015-07-09 17:42	34816	----a-w-	c:\windows\system32\wuapp.exe
2015-07-15 20:18 . 2015-07-09 17:43	2943488	----a-w-	c:\windows\system32\wucltux.dll
2015-07-15 20:18 . 2015-07-09 17:42	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-07-15 20:18 . 2015-07-09 17:43	93184	----a-w-	c:\windows\system32\wudriver.dll
2015-07-15 20:18 . 2015-07-09 17:43	35840	----a-w-	c:\windows\system32\wups2.dll
2015-07-15 20:18 . 2015-07-09 17:43	30208	----a-w-	c:\windows\system32\wups.dll
2015-07-15 20:18 . 2015-07-09 17:43	173056	----a-w-	c:\windows\system32\wuwebv.dll
2015-07-15 20:18 . 2015-07-09 17:43	566784	----a-w-	c:\windows\system32\wuapi.dll
2015-07-15 20:18 . 2015-07-09 17:43	73728	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-07-15 20:18 . 2015-07-09 17:43	2057216	----a-w-	c:\windows\system32\wuaueng.dll
2015-07-15 02:13 . 2015-07-04 17:48	1414656	----a-w-	c:\windows\system32\ole32.dll
2015-07-15 02:13 . 2015-06-17 17:39	305664	----a-w-	c:\windows\system32\gdi32.dll
2015-07-15 02:12 . 2015-04-27 19:04	143872	----a-w-	c:\windows\system32\cryptsvc.dll
2015-07-15 02:12 . 2015-04-27 19:04	1174528	----a-w-	c:\windows\system32\crypt32.dll
2015-07-15 02:12 . 2015-04-27 19:05	179200	----a-w-	c:\windows\system32\wintrust.dll
2015-07-15 02:12 . 2015-04-27 19:04	103936	----a-w-	c:\windows\system32\cryptnet.dll
2015-07-15 02:12 . 2015-06-09 19:35	2745856	----a-w-	c:\windows\system32\rdpcorets.dll
2015-07-15 02:12 . 2015-06-09 19:35	13824	----a-w-	c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 02:12 . 2015-06-01 23:47	210432	----a-w-	c:\windows\system32\cewmdm.dll
2015-07-15 02:12 . 2015-06-27 01:39	4520448	----a-w-	c:\windows\system32\jscript9.dll
2015-07-15 02:12 . 2015-06-27 01:58	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2015-07-15 02:09 . 2015-07-02 21:08	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2015-07-15 02:09 . 2015-07-02 20:27	473600	----a-w-	c:\program files\Internet Explorer\ieinstal.exe
2015-07-15 02:09 . 2015-07-03 05:56	235216	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2015-07-13 11:05 . 2015-07-13 11:05	--------	d-----w-	c:\users\Binefeld\AppData\Roaming\SunODFPluginforMicrosoftOffice
2015-07-13 10:55 . 2015-07-13 10:55	--------	d-----w-	c:\users\Binefeld\AppData\Roaming\Shortcut
2015-07-13 10:55 . 2015-07-31 09:52	--------	d-----w-	c:\users\Binefeld\AppData\Local\Opera Software
2015-07-13 10:55 . 2015-07-31 09:52	--------	d-----w-	c:\users\Binefeld\AppData\Roaming\Opera Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-05 00:29 . 2015-03-04 10:19	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2015-08-04 10:13 . 2014-03-05 11:26	113592	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-08-04 10:13 . 2014-05-05 12:42	24016	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-08-04 10:13 . 2013-03-14 17:36	208664	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-08-04 10:13 . 2013-03-14 17:36	49776	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-08-04 10:13 . 2012-10-15 10:58	433264	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-08-04 10:13 . 2012-10-15 10:58	81728	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-08-04 10:13 . 2012-10-15 10:58	76000	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-08-04 10:13 . 2012-10-15 10:58	788784	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-07-15 16:19 . 2011-01-11 17:05	952	--sha-w-	c:\programdata\KGyGaAvL.sys
2015-07-09 15:13 . 2015-06-24 18:13	17582768	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2015-06-24 18:13 . 2012-06-21 13:08	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-06-24 18:13 . 2012-06-21 13:08	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-06-23 11:27 . 2010-06-29 13:41	246952	------w-	c:\windows\system32\MpSigStub.exe
2015-05-25 18:07 . 2015-06-10 08:24	3989440	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-05-25 18:07 . 2015-06-10 08:24	3934144	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-05-25 18:04 . 2015-06-10 08:24	1307648	----a-w-	c:\windows\system32\ntdll.dll
2015-05-25 18:01 . 2015-06-10 08:24	853504	----a-w-	c:\windows\system32\diagtrack.dll
2015-05-25 18:01 . 2015-06-10 08:24	635392	----a-w-	c:\windows\system32\tdh.dll
2015-05-25 18:01 . 2015-06-10 08:24	400896	----a-w-	c:\windows\system32\srcore.dll
2015-05-25 18:01 . 2015-06-10 08:24	43008	----a-w-	c:\windows\system32\srclient.dll
2015-05-25 18:01 . 2015-06-10 08:24	92160	----a-w-	c:\windows\system32\sechost.dll
2015-05-25 18:01 . 2015-06-10 08:24	38912	----a-w-	c:\windows\system32\csrsrv.dll
2015-05-25 18:01 . 2015-06-10 08:24	641536	----a-w-	c:\windows\system32\advapi32.dll
2015-05-25 18:00 . 2015-06-10 08:24	40448	----a-w-	c:\windows\system32\typeperf.exe
2015-05-25 18:00 . 2015-06-10 08:24	364544	----a-w-	c:\windows\system32\tracerpt.exe
2015-05-25 18:00 . 2015-06-10 08:24	69632	----a-w-	c:\windows\system32\smss.exe
2015-05-25 18:00 . 2015-06-10 08:24	262656	----a-w-	c:\windows\system32\rstrui.exe
2015-05-25 18:00 . 2015-06-10 08:24	37888	----a-w-	c:\windows\system32\relog.exe
2015-05-25 18:00 . 2015-06-10 08:24	82944	----a-w-	c:\windows\system32\logman.exe
2015-05-25 18:00 . 2015-06-10 08:24	17408	----a-w-	c:\windows\system32\diskperf.exe
2015-05-25 17:55 . 2015-06-10 08:24	6656	----a-w-	c:\windows\system32\apisetschema.dll
2015-05-25 16:53 . 2015-06-10 08:24	36864	----a-w-	c:\windows\system32\UtcResources.dll
2015-05-09 03:14 . 2015-06-10 08:23	169984	----a-w-	c:\windows\system32\winsrv.dll
2015-05-09 03:13 . 2015-06-10 08:23	293376	----a-w-	c:\windows\system32\KernelBase.dll
2015-05-09 03:12 . 2015-06-10 08:23	271360	----a-w-	c:\windows\system32\conhost.exe
2015-05-09 03:08 . 2015-06-10 08:23	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	4096	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-09 03:08 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 08:23	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 08:23	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 08:23	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-09 01:59 . 2015-06-10 08:23	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-04 10:13	695096	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\111iTwinBaseOverlay]
@="{EE51C01F-4739-4A52-9637-F00E146C6AC3}"
[HKEY_CLASSES_ROOT\CLSID\{EE51C01F-4739-4A52-9637-F00E146C6AC3}]
2013-02-01 11:08	704264	----a-w-	c:\programdata\iTwin\iTwin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\112iTwinMobileOverlay]
@="{DB2EFAD3-CC3D-48a6-A9B2-5FFD1833EE57}"
[HKEY_CLASSES_ROOT\CLSID\{DB2EFAD3-CC3D-48a6-A9B2-5FFD1833EE57}]
2013-02-01 11:08	809224	----a-w-	c:\programdata\iTwin\iTwinRemote.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\113iTwinSyncOverlay]
@="{200D94BA-1B4B-4c64-972A-6010FAF8A0DB}"
[HKEY_CLASSES_ROOT\CLSID\{200D94BA-1B4B-4c64-972A-6010FAF8A0DB}]
2013-02-01 11:08	809224	----a-w-	c:\programdata\iTwin\iTwinRemote.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\114iTwinSDOverlay]
@="{A015AAB7-AA75-41a4-B203-846963D222AE}"
[HKEY_CLASSES_ROOT\CLSID\{A015AAB7-AA75-41a4-B203-846963D222AE}]
2013-02-01 11:08	681736	----a-w-	c:\programdata\iTwin\iTwinSb.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\123iTwinSyncOverlay]
@="{3ACADF8A-D4E9-4858-8A33-0C84DAD3AE76}"
[HKEY_CLASSES_ROOT\CLSID\{3ACADF8A-D4E9-4858-8A33-0C84DAD3AE76}]
2013-02-01 11:08	681736	----a-w-	c:\programdata\iTwin\iTwinSb.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-07-24 01:44	189464	----a-w-	c:\program files\Dropbox\Client\DropboxExt.27.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-05-22 578560]
"Adobe Reader Synchronizer"="c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" [2011-01-30 1219488]
"HP Officejet 6500 E710n-z (NET)"="c:\program files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"iTwinAssist"="c:\programdata\iTwin\iTwinAssist.exe" [2013-06-14 395016]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-04 6109776]
"SfWinStartInfoV3"="c:\program files\SFirmV3\Programm\sfWinStartupInfo.exe" [2015-04-30 198232]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"Dropbox"="c:\program files\Dropbox\Client\Dropbox.exe" [2015-07-24 39179912]
.
c:\users\Binefeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Zahlungserinnerung.lnk - c:\proficash\wzed.exe [2015-5-6 47616]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Das Telefonbuch Browserlösung.lnk - c:\program files\TVG\DasTelefonbuch Deutschland\http_tfd.exe [2012-11-28 20992]
OUTLOOK.EXE [2003-7-14 196152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 dbupdate;Dropbox-Update-Service (dbupdate);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-08-04 136048]
R3 dbupdatem;Dropbox-Update-Service (dbupdatem);c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-08-04 136048]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-06-04 84248]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-06-19 102912]
R3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys [2010-06-18 14848]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-06-04 181912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-08-04 788784]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-08-04 433264]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-11-24 142648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 176128]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-08-04 24016]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-08-04 76000]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-08-04 113592]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2011-01-14 125440]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2015-06-18 1871160]
S2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2015-06-18 1133880]
S2 TVGOnlineUpdateSvc;TVG OnlineUpdate-Service;c:\program files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [2010-12-14 398128]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-07-20 220752]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-07-20 3218624]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-06-18 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-08-05 98520]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
utcsvc	REG_MULTI_SZ   	DiagTrack
.
Inhalt des "geplante Tasks" Ordners
.
2015-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 18:13]
.
2015-08-05 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-08-04 10:12]
.
2015-08-05 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job
- c:\program files\Dropbox\Update\DropboxUpdate.exe [2015-08-04 10:12]
.
2015-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-29 11:26]
.
2015-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-29 11:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default\
FF - prefs.js: browser.search.selectedEngine - Search Provided by Yahoo
FF - prefs.js: browser.startup.homepage - about:homeabout:home
FF - ExtSQL: !HIDDEN! 2010-12-23 16:20; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
MSConfigStartUp-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
AddRemove-ElsterFormular 13.0.0.8086p - c:\programdata\elsterformular\setup\uninstall.exe
AddRemove-{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} - c:\program files\SUPERAntiSpyware\Uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-MyFreeCodec - c:\program files\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5596)
c:\programdata\iTwin\iTwin.dll
c:\programdata\iTwin\iTwinRemote.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
c:\program files\ Malwarebytes Anti-Malware \mbam.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\GWX\GWX.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-08-05  08:23:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-08-05 06:23
.
Vor Suchlauf: 13 Verzeichnis(se), 850.095.919.104 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 850.389.635.072 Bytes frei
.
- - End Of File - - 922111997E0F1AB25178420EC4F8FC9E
C79B30CB8852157F6F908E4698CFE0D0

schrauber · 05.08.2015, 15:12

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

wbartuli · 06.08.2015, 08:21

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 06.08.2015
Suchlaufzeit: 08:35
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.1.8.1057
Malware-Datenbank: v2015.08.06.01
Rootkit-Datenbank: v2015.08.04.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Binefeld

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 356176
Abgelaufene Zeit: 15 Min., 39 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Code:

ATTFilter

# AdwCleaner v4.208 - Bericht erstellt 06/08/2015 um 09:07:14
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-08-01.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Binefeld - BINEFELD-PC
# Gestarted von : C:\Users\Binefeld\Desktop\AdwCleaner_4.208.exe
# Option : Suchlauf

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v27.0 (de)


*************************

AdwCleaner[R0].txt - [3481 Bytes] - [31/07/2015 12:07:44]
AdwCleaner[R1].txt - [718 Bytes] - [06/08/2015 09:07:14]
AdwCleaner[S0].txt - [3594 Bytes] - [31/07/2015 12:11:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [835 Bytes] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.5 (08.05.2015:1)
OS: Windows 7 Home Premium x86
Ran by Binefeld on 06.08.2015 at  9:13:14,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.08.2015 at  9:15:09,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
durchgeführt von Binefeld (Administrator) auf BINEFELD-PC (06-08-2015 09:20:42)
Gestartet von C:\Users\Binefeld\Desktop\Antivirus-Programme
Geladene Profile: Binefeld (Verfügbare Profile: Binefeld)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_190_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTwinAssist] => C:\ProgramData\iTwin\iTwinAssist.exe [395016 2013-06-14] (iTwin)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-04] (AVAST Software)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [39179912 2015-07-24] (Dropbox, Inc.)
HKLM\...\Run: [SfWinStartInfoV3] => C:\Program Files\SFirmV3-1\Programm\sfWinStartupInfo.exe [198232 2015-08-05] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1219488 2011-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Das Telefonbuch Browserlösung.lnk [2012-11-28]
ShortcutTarget: Das Telefonbuch Browserlösung.lnk -> C:\Program Files\TVG\DasTelefonbuch Deutschland\http_tfd.exe (TVG Telefon-und Verzeichnisverlag GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE [2011-01-04] (Microsoft Corporation)
Startup: C:\Users\Binefeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk [2014-04-15]
ShortcutTarget: Zahlungserinnerung.lnk -> C:\Proficash\wzed.exe ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-04] (AVAST Software)
ShellIconOverlayIdentifiers: [111iTwinBaseOverlay] -> {EE51C01F-4739-4A52-9637-F00E146C6AC3} => C:\ProgramData\iTwin\iTwin.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [112iTwinMobileOverlay] -> {DB2EFAD3-CC3D-48a6-A9B2-5FFD1833EE57} => C:\ProgramData\iTwin\iTwinRemote.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [113iTwinSyncOverlay] -> {200D94BA-1B4B-4c64-972A-6010FAF8A0DB} => C:\ProgramData\iTwin\iTwinRemote.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [114iTwinSDOverlay] -> {A015AAB7-AA75-41a4-B203-846963D222AE} => C:\ProgramData\iTwin\iTwinSb.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [123iTwinSyncOverlay] -> {3ACADF8A-D4E9-4858-8A33-0C84DAD3AE76} => C:\ProgramData\iTwin\iTwinSb.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-07-24] (Dropbox, Inc.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000 -> {BF8D9E70-BAED-4BE9-8BCA-EBC7D5765923} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  Keine Datei
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF SearchPlugin: C:\Users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default\searchplugins\Search Provided by Yahoo.xml [2015-07-13]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-15]
FF HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-11-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-04] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-20] (Avast Software)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-04] (Dropbox, Inc.)
S2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [125440 2011-01-14] (SEIKO EPSON CORPORATION)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S2 TVGOnlineUpdateSvc; C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [398128 2010-12-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-04] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-04] (AVAST Software)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-04] (AVAST Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-20] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Binefeld\AppData\Local\Temp\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-06 09:15 - 2015-08-06 09:16 - 00000712 _____ C:\Users\Binefeld\Desktop\JRT.txt
2015-08-06 09:12 - 2015-08-06 09:12 - 01797896 _____ (Malwarebytes Corporation) C:\Users\Binefeld\Desktop\JRT.exe
2015-08-06 09:10 - 2015-08-06 09:10 - 00000913 _____ C:\Users\Binefeld\Desktop\AdwCleaner[R1].txt
2015-08-06 09:06 - 2015-08-06 09:06 - 02248704 _____ C:\Users\Binefeld\Desktop\AdwCleaner_4.208.exe
2015-08-06 09:05 - 2015-08-06 09:05 - 00001202 _____ C:\Users\Binefeld\Desktop\mbam.txt
2015-08-06 08:30 - 2015-08-06 08:31 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Binefeld\Desktop\mbam-setup-2.1.8.1057.exe
2015-08-05 12:10 - 2015-08-05 12:16 - 00000000 ____D C:\Program Files\SFirmV3-1
2015-08-05 12:10 - 2015-08-05 12:15 - 00000000 ____D C:\ProgramData\SFirmV3-1
2015-08-05 12:10 - 2015-08-05 12:10 - 00001084 _____ C:\Users\Public\Desktop\SFirm 3.0.lnk
2015-08-05 12:10 - 2015-08-05 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 3.0
2015-08-05 12:00 - 2015-08-05 12:00 - 00000000 ____D C:\Neuer Ordner
2015-08-05 08:23 - 2015-08-05 08:23 - 00032097 _____ C:\ComboFix.txt
2015-08-05 08:04 - 2015-08-05 08:23 - 00000000 ____D C:\Qoobox
2015-08-05 08:04 - 2015-08-05 08:22 - 00000000 ____D C:\Windows\erdnt
2015-08-05 08:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-05 08:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-05 08:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-05 08:03 - 2015-08-05 08:03 - 05634591 ____R (Swearware) C:\Users\Binefeld\Desktop\ComboFix.exe
2015-08-04 12:16 - 2015-08-04 12:16 - 00001188 _____ C:\Users\Binefeld\Desktop\Dropbox.lnk
2015-08-04 12:15 - 2015-08-04 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-04 12:13 - 2015-08-04 12:13 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-04 12:13 - 2015-08-04 12:13 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-04 12:12 - 2015-08-06 09:17 - 00001206 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-08-04 12:12 - 2015-08-05 12:17 - 00001202 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-08-04 12:12 - 2015-08-04 12:15 - 00000000 ____D C:\Program Files\Dropbox
2015-08-04 10:26 - 2015-08-06 09:16 - 00000000 ____D C:\Users\Binefeld\Desktop\Antivirus-Programme
2015-08-04 09:59 - 2015-08-04 10:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-04 08:56 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-02 14:28 - 2015-08-02 14:28 - 00000000 ____D C:\Users\Binefeld\AppData\Local\GWX
2015-08-01 10:31 - 2015-05-09 20:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-01 10:31 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-01 10:31 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-31 20:11 - 2015-07-31 20:11 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\TVG
2015-07-31 14:15 - 2015-08-06 09:20 - 00000000 ____D C:\FRST
2015-07-31 12:07 - 2015-08-06 09:11 - 00000000 ____D C:\AdwCleaner
2015-07-30 19:10 - 2015-07-30 19:48 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-30 19:10 - 2015-07-30 19:10 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-30 19:09 - 2015-07-30 19:09 - 00000000 ____D C:\Users\Binefeld\Downloads\RogueKiller10940
2015-07-30 19:06 - 2015-07-30 19:08 - 20959689 _____ C:\Users\Binefeld\Downloads\RogueKiller10940.zip
2015-07-30 18:53 - 2015-07-30 18:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-07-30 18:35 - 2015-07-30 18:54 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-30 18:14 - 2015-08-06 08:35 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 18:13 - 2015-08-06 08:32 - 00001024 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-30 18:13 - 2015-08-06 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-30 18:13 - 2015-08-06 08:32 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-07-30 18:13 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 18:13 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 18:13 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 18:02 - 2015-07-30 17:10 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-30 17:29 - 2015-07-30 18:07 - 00012855 _____ C:\zoek-results.log
2015-07-30 17:10 - 2015-07-30 17:56 - 00000000 ____D C:\zoek_backup
2015-07-30 17:00 - 2015-07-30 17:00 - 433217620 _____ C:\Windows\MEMORY.DMP
2015-07-30 17:00 - 2015-07-30 17:00 - 01032280 _____ C:\Windows\Minidump\073015-30747-01.dmp
2015-07-30 17:00 - 2015-07-30 17:00 - 00000000 ____D C:\Windows\Minidump
2015-07-30 16:23 - 2015-08-01 09:36 - 00000000 ___HD C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-07-28 10:02 - 2015-07-25 19:51 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 10:02 - 2015-07-25 19:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 10:02 - 2015-07-25 19:47 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 10:02 - 2015-07-25 19:46 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 10:02 - 2015-07-25 19:46 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 10:02 - 2015-07-25 19:46 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 10:02 - 2015-07-25 19:46 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 10:02 - 2015-07-25 19:40 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-28 10:02 - 2015-06-03 22:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-21 14:09 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 14:09 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 14:09 - 2015-07-15 04:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 14:09 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 14:09 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 15:33 - 2015-08-04 12:13 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-15 22:18 - 2015-07-09 19:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 22:18 - 2015-07-09 19:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 22:18 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 22:18 - 2015-07-09 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 04:14 - 2015-07-01 22:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 04:14 - 2015-07-01 22:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 04:14 - 2015-07-01 22:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 04:14 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 04:14 - 2015-07-01 22:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 04:14 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 04:14 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 04:14 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 04:14 - 2015-07-01 21:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 04:14 - 2015-07-01 21:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 04:14 - 2015-07-01 21:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 04:14 - 2015-06-25 10:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 04:14 - 2015-06-15 23:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 04:14 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 04:14 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 04:14 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 04:14 - 2015-06-15 23:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 04:14 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 04:14 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 04:14 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 04:14 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 04:14 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 04:14 - 2015-06-11 17:20 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 04:13 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 04:13 - 2015-06-17 19:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 04:12 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 04:12 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 04:12 - 2015-06-09 21:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 04:12 - 2015-06-09 21:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 04:12 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 04:12 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 04:12 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 04:12 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 04:12 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 04:09 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 04:09 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 04:09 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 04:09 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 04:09 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 04:09 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 04:07 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 04:07 - 2015-06-19 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 04:07 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 04:07 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 04:07 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 04:07 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 04:07 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 04:07 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 04:07 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 04:07 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 04:07 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 04:07 - 2015-06-19 20:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 04:07 - 2015-06-19 20:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 04:07 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 04:07 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 04:07 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 04:07 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 04:07 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 04:07 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 04:07 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 04:07 - 2015-06-19 19:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 04:07 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 04:07 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 04:07 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-13 15:03 - 2015-07-13 15:04 - 00000000 ____D C:\Users\Binefeld\Desktop\WB
2015-07-13 13:05 - 2015-07-13 13:05 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\SunODFPluginforMicrosoftOffice
2015-07-13 12:55 - 2015-07-31 11:52 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Opera Software
2015-07-13 12:55 - 2015-07-31 11:52 - 00000000 ____D C:\Users\Binefeld\AppData\Local\Opera Software
2015-07-13 12:55 - 2015-07-13 12:55 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Shortcut

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-06 09:13 - 2013-03-22 14:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-06 08:57 - 2013-01-29 13:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-06 08:47 - 2012-07-04 13:30 - 00000000 ____D C:\Users\Binefeld\Desktop\AT
2015-08-06 05:49 - 2009-07-14 06:34 - 00018704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-06 05:49 - 2009-07-14 06:34 - 00018704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-06 05:27 - 2010-12-23 15:05 - 01196811 _____ C:\Windows\WindowsUpdate.log
2015-08-06 02:57 - 2013-01-29 13:26 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 12:09 - 2014-10-13 14:37 - 00000000 ____D C:\ProgramData\SFirmV3
2015-08-05 12:09 - 2014-10-13 14:37 - 00000000 ____D C:\Program Files\SFirmV3
2015-08-05 12:09 - 2014-10-13 14:35 - 00000099 _____ C:\Windows\Setup_tmp.ini
2015-08-05 11:56 - 2011-01-19 12:07 - 00000000 ___RD C:\Users\Binefeld\Dropbox
2015-08-05 11:55 - 2015-06-24 08:53 - 00000000 ____D C:\Users\Binefeld\AppData\Local\Dropbox
2015-08-05 11:54 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-05 11:54 - 2009-07-14 06:39 - 00118243 _____ C:\Windows\setupact.log
2015-08-05 11:43 - 2012-04-16 17:31 - 00000000 ____D C:\Users\Binefeld\AppData\Local\CrashDumps
2015-08-05 11:35 - 2011-01-11 19:05 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2015-08-05 08:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-08-05 08:23 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-08-05 08:18 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-08-05 08:16 - 2010-12-23 16:13 - 00903918 _____ C:\Windows\PFRO.log
2015-08-04 14:49 - 2014-04-15 14:46 - 00000000 ____D C:\Proficash
2015-08-04 12:13 - 2014-05-05 14:42 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-04 12:13 - 2014-03-05 13:26 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-04 12:13 - 2013-03-14 19:36 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-04 12:13 - 2013-03-14 19:36 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-04 12:13 - 2012-10-15 12:58 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-04 12:13 - 2012-10-15 12:58 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-04 12:13 - 2012-10-15 12:58 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-04 12:13 - 2012-10-15 12:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-04 09:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-04 08:59 - 2010-06-30 10:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-04 08:55 - 2010-06-30 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-04 08:05 - 2010-12-23 17:19 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\HpUpdate
2015-08-01 21:18 - 2015-04-14 14:30 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-01 12:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-08-01 11:25 - 2014-11-13 13:21 - 00000000 __SHD C:\Users\Binefeld\AppData\Local\EmieBrowserModeList
2015-08-01 11:25 - 2014-09-16 14:07 - 00000000 __SHD C:\Users\Binefeld\AppData\Local\EmieUserList
2015-08-01 11:25 - 2014-09-16 14:07 - 00000000 __SHD C:\Users\Binefeld\AppData\Local\EmieSiteList
2015-08-01 11:17 - 2010-06-29 15:26 - 01629442 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-01 11:07 - 2009-07-14 06:33 - 00369208 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-01 11:04 - 2015-02-19 10:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-01 11:04 - 2014-05-16 08:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-01 11:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-01 11:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-01 10:45 - 2013-10-18 12:45 - 00000000 ____D C:\Windows\system32\MRT
2015-08-01 09:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2015-07-31 11:53 - 2011-01-19 12:06 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Dropbox
2015-07-30 19:02 - 2012-02-23 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-30 19:02 - 2012-02-23 19:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-30 18:13 - 2012-02-23 18:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-23 18:57 - 2015-02-18 15:16 - 00000000 ____D C:\Windows\system32\vbox
2015-07-09 17:13 - 2015-06-24 20:13 - 17582768 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-09-01 17:38 - 2014-11-12 11:49 - 0004096 ____H () C:\Users\Binefeld\AppData\Local\keyfile3.drm
2015-01-26 12:59 - 2015-01-26 12:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-23 15:58 - 2015-01-26 13:20 - 0007321 _____ () C:\ProgramData\hpzinstall.log
2011-01-11 19:05 - 2015-08-05 11:35 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Einige Dateien in TEMP:
====================
C:\Users\Binefeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiho_ju.dll
C:\Users\Binefeld\AppData\Local\Temp\SFRESTART.EXE
C:\Users\Binefeld\AppData\Local\Temp\sfupd32.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-02 00:11

==================== Ende vom log ============================

schrauber · 07.08.2015, 07:08

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

wbartuli · 12.08.2015, 14:39

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ea8cba1935746947a6e88ea125a418ef
# end=init
# utc_time=2015-08-12 11:18:00
# local_time=2015-08-12 01:18:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=37126
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 25244
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ea8cba1935746947a6e88ea125a418ef
# end=updated
# utc_time=2015-08-12 11:25:55
# local_time=2015-08-12 01:25:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ea8cba1935746947a6e88ea125a418ef
# engine=25244
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-08-12 12:51:38
# local_time=2015-08-12 02:51:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 700318 203804388 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34805 191015089 0 0
# scanned=233748
# found=7
# cleaned=0
# scan_time=5143
sh=E0C5E31B4A4DAA88C64BB4CA1E304C4D70481F1F ft=1 fh=626d7421e12db363 vn="Variante von Win32/CNETInstaller.B evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Binefeld\Downloads\cbsidlm-cbsi145-Brutus-ORG-10455770.exe"
sh=F711D2AA2F4CC4C6DA8C668A566152517DA39F1B ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Binefeld\Downloads\wz180gev-32.msi"
sh=D511331D524DBFD8F809C24194B823D357F30B08 ft=1 fh=b4437f3733ebef54 vn="Variante von Win32/SoftonicDownloader.F evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Binefeld_Downloads_SoftonicDownloader_fuer_excel-kassenbuch.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\zoek_backup\C_PROGRA~2_DSearchLink\DSearchLink.exe"
sh=F90BF42246EAA9837153D88D9883EE07684840DD ft=1 fh=6fe305305386515c vn="Variante von Win32/InstallCore.YX evtl. unerwÃ¼nschte Anwendung" ac=I fn="C:\zoek_backup\C_Users_Binefeld_AppData_Local_WSE_Astromenda\uninstall.exe"
sh=0A819EE746A9F62F2CC3BFDC3B3E0B963E8A66C4 ft=1 fh=aec9a88827f7cbaa vn="Variante von Win32/Kryptik.DSID Trojaner" ac=I fn="C:\zoek_backup\C_Users_Binefeld_AppData_Local_{282D0A8D-B28F-9C53-6A78-29A44A17E657}\syshost.exe"
sh=629A8B377C33218C39C514679F616182359EA23A ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY Trojaner" ac=I fn="C:\zoek_backup\C_Users_Binefeld_AppData_Roaming_WSE_Astromenda\UpdateProc\bkup.dat"

Code:

ATTFilter

Results of screen317's Security Check version 1.006  
 Windows 7 Service Pack 1 x86   
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java 8 Update 45  
 Java version 32-bit out of Date! 
  Adobe Flash Player 	17.0.0.190 Flash Player out of Date!  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 27.0 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 TVG OnlineUpdate OnlineUpdateSvc.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x86) Version:11-08-2015 02
durchgeführt von Binefeld (Administrator) auf BINEFELD-PC (12-08-2015 15:38:36)
Gestartet von C:\Users\Binefeld\Desktop\Antivirus-Programme
Geladene Profile: Binefeld (Verfügbare Profile: Binefeld)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: IE)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
() C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(iTwin) C:\ProgramData\iTwin\iTwinAssist.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(TVG Telefon-und Verzeichnisverlag GmbH & Co. KG) C:\Program Files\TVG\DasTelefonbuch Deutschland\http_tfd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_190_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-07] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTwinAssist] => C:\ProgramData\iTwin\iTwinAssist.exe [395016 2013-06-14] (iTwin)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-08-04] (AVAST Software)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [39179912 2015-08-06] (Dropbox, Inc.)
HKLM\...\Run: [SfWinStartInfoV3] => C:\Program Files\SFirmV3-1\Programm\sfWinStartupInfo.exe [198232 2015-08-05] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1219488 2011-01-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_190_ActiveX.exe [927920 2015-06-24] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Das Telefonbuch Browserlösung.lnk [2012-11-28]
ShortcutTarget: Das Telefonbuch Browserlösung.lnk -> C:\Program Files\TVG\DasTelefonbuch Deutschland\http_tfd.exe (TVG Telefon-und Verzeichnisverlag GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OUTLOOK.EXE [2011-01-04] (Microsoft Corporation)
Startup: C:\Users\Binefeld\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zahlungserinnerung.lnk [2014-04-15]
ShortcutTarget: Zahlungserinnerung.lnk -> C:\Proficash\wzed.exe ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.27.dll [2015-08-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-04] (AVAST Software)
ShellIconOverlayIdentifiers: [111iTwinBaseOverlay] -> {EE51C01F-4739-4A52-9637-F00E146C6AC3} => C:\ProgramData\iTwin\iTwin.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [112iTwinMobileOverlay] -> {DB2EFAD3-CC3D-48a6-A9B2-5FFD1833EE57} => C:\ProgramData\iTwin\iTwinRemote.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [113iTwinSyncOverlay] -> {200D94BA-1B4B-4c64-972A-6010FAF8A0DB} => C:\ProgramData\iTwin\iTwinRemote.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [114iTwinSDOverlay] -> {A015AAB7-AA75-41a4-B203-846963D222AE} => C:\ProgramData\iTwin\iTwinSb.dll [2013-02-01] (iTwin)
ShellIconOverlayIdentifiers: [123iTwinSyncOverlay] -> {3ACADF8A-D4E9-4858-8A33-0C84DAD3AE76} => C:\ProgramData\iTwin\iTwinSb.dll [2013-02-01] (iTwin)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-4166735963-708740759-1224411194-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-4166735963-708740759-1224411194-1000 -> {BF8D9E70-BAED-4BE9-8BCA-EBC7D5765923} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2010-05-28] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
BHO: Kein Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  Keine Datei
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-15] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-04] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-15] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2010-05-28] (Hewlett-Packard Co.)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default
FF SelectedSearchEngine: Search Provided by Yahoo
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2011-06-10] (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF SearchPlugin: C:\Users\Binefeld\AppData\Roaming\Mozilla\Firefox\Profiles\f84f2dlo.default\searchplugins\Search Provided by Yahoo.xml [2015-07-13]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-10-15]
FF HKU\S-1-5-21-4166735963-708740759-1224411194-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-11-24] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-04] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-20] (Avast Software)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-04] (Dropbox, Inc.)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [125440 2011-01-14] (SEIKO EPSON CORPORATION)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 TVGOnlineUpdateSvc; C:\Program Files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [398128 2010-12-14] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-04] (AVAST Software)
R3 eapihdrv; C:\Users\Binefeld\AppData\Local\Temp\ehdrv.sys [135760 2015-08-12] (ESET)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [14848 2010-06-19] (Siliten)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-08-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-04] (AVAST Software)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-20] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Binefeld\AppData\Local\Temp\catchme.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-12 13:17 - 2015-08-12 13:17 - 00000000 ____D C:\Program Files\ESET
2015-08-12 13:16 - 2015-08-12 13:16 - 02870984 _____ (ESET) C:\Users\Binefeld\Downloads\esetsmartinstaller_deu.exe
2015-08-11 01:27 - 2015-08-11 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-05 12:10 - 2015-08-05 12:16 - 00000000 ____D C:\Program Files\SFirmV3-1
2015-08-05 12:10 - 2015-08-05 12:15 - 00000000 ____D C:\ProgramData\SFirmV3-1
2015-08-05 12:10 - 2015-08-05 12:10 - 00001084 _____ C:\Users\Public\Desktop\SFirm 3.0.lnk
2015-08-05 12:10 - 2015-08-05 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 3.0
2015-08-05 12:00 - 2015-08-05 12:00 - 00000000 ____D C:\Neuer Ordner
2015-08-05 08:23 - 2015-08-05 08:23 - 00032097 _____ C:\ComboFix.txt
2015-08-05 08:04 - 2015-08-05 08:23 - 00000000 ____D C:\Qoobox
2015-08-05 08:04 - 2015-08-05 08:22 - 00000000 ____D C:\Windows\erdnt
2015-08-05 08:04 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-08-05 08:04 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-08-05 08:04 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-08-05 08:04 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-08-05 08:03 - 2015-08-05 08:03 - 05634591 ____R (Swearware) C:\Users\Binefeld\Desktop\ComboFix.exe
2015-08-04 12:16 - 2015-08-04 12:16 - 00001188 _____ C:\Users\Binefeld\Desktop\Dropbox.lnk
2015-08-04 12:13 - 2015-08-04 12:13 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-04 12:13 - 2015-08-04 12:13 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-04 12:12 - 2015-08-12 15:17 - 00001206 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-08-04 12:12 - 2015-08-12 12:17 - 00001202 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-08-04 12:12 - 2015-08-11 01:27 - 00000000 ____D C:\Program Files\Dropbox
2015-08-04 10:26 - 2015-08-12 15:38 - 00000000 ____D C:\Users\Binefeld\Desktop\Antivirus-Programme
2015-08-04 09:59 - 2015-08-04 10:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-04 08:56 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-02 14:28 - 2015-08-02 14:28 - 00000000 ____D C:\Users\Binefeld\AppData\Local\GWX
2015-08-01 10:31 - 2015-05-09 20:09 - 00715200 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-08-01 10:31 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-01 10:31 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-31 20:11 - 2015-07-31 20:11 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\TVG
2015-07-31 14:15 - 2015-08-12 15:38 - 00000000 ____D C:\FRST
2015-07-31 12:07 - 2015-08-06 09:11 - 00000000 ____D C:\AdwCleaner
2015-07-30 19:10 - 2015-07-30 19:48 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-30 19:10 - 2015-07-30 19:10 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-30 19:09 - 2015-07-30 19:09 - 00000000 ____D C:\Users\Binefeld\Downloads\RogueKiller10940
2015-07-30 19:06 - 2015-07-30 19:08 - 20959689 _____ C:\Users\Binefeld\Downloads\RogueKiller10940.zip
2015-07-30 18:53 - 2015-07-30 18:53 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2015-07-30 18:35 - 2015-07-30 18:54 - 00000000 ____D C:\ProgramData\HitmanPro
2015-07-30 18:14 - 2015-08-12 15:38 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-30 18:13 - 2015-08-06 08:32 - 00001024 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-07-30 18:13 - 2015-08-06 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-07-30 18:13 - 2015-08-06 08:32 - 00000000 ____D C:\Program Files\ Malwarebytes Anti-Malware 
2015-07-30 18:13 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-30 18:13 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-30 18:13 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-30 18:02 - 2015-07-30 17:10 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-07-30 17:29 - 2015-07-30 18:07 - 00012855 _____ C:\zoek-results.log
2015-07-30 17:10 - 2015-07-30 17:56 - 00000000 ____D C:\zoek_backup
2015-07-30 17:00 - 2015-07-30 17:00 - 433217620 _____ C:\Windows\MEMORY.DMP
2015-07-30 17:00 - 2015-07-30 17:00 - 01032280 _____ C:\Windows\Minidump\073015-30747-01.dmp
2015-07-30 17:00 - 2015-07-30 17:00 - 00000000 ____D C:\Windows\Minidump
2015-07-30 16:23 - 2015-08-01 09:36 - 00000000 ___HD C:\ProgramData\{D9E629DC-CB1C-4A97-9900-81922B4EFFD4}
2015-07-28 10:02 - 2015-07-25 19:51 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 10:02 - 2015-07-25 19:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 10:02 - 2015-07-25 19:47 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 10:02 - 2015-07-25 19:46 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 10:02 - 2015-07-25 19:46 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 10:02 - 2015-07-25 19:46 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 10:02 - 2015-07-25 19:46 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 10:02 - 2015-07-25 19:40 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-28 10:02 - 2015-06-03 22:17 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-21 14:09 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 14:09 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 14:09 - 2015-07-15 04:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 14:09 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 14:09 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 15:33 - 2015-08-04 12:13 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-07-15 22:18 - 2015-07-09 19:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 22:18 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 22:18 - 2015-07-09 19:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 22:18 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 22:18 - 2015-07-09 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 04:14 - 2015-07-01 22:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 04:14 - 2015-07-01 22:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 04:14 - 2015-07-01 22:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 04:14 - 2015-07-01 22:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 04:14 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 04:14 - 2015-07-01 22:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 04:14 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 04:14 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 04:14 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 04:14 - 2015-07-01 21:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 04:14 - 2015-07-01 21:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 04:14 - 2015-07-01 21:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 04:14 - 2015-06-25 10:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 04:14 - 2015-06-15 23:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 04:14 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 04:14 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 04:14 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 04:14 - 2015-06-15 23:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 04:14 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 04:14 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 04:14 - 2015-06-11 19:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-15 04:14 - 2015-06-11 19:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-15 04:14 - 2015-06-11 19:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-15 04:14 - 2015-06-11 17:20 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-15 04:13 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 04:13 - 2015-06-17 19:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 04:12 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 04:12 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 04:12 - 2015-06-09 21:35 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-15 04:12 - 2015-06-09 21:35 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-15 04:12 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 04:12 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 04:12 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 04:12 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 04:12 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 04:09 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 04:09 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 04:09 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 04:09 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 04:09 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 04:09 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 04:07 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 04:07 - 2015-06-19 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 04:07 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 04:07 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 04:07 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 04:07 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 04:07 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 04:07 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 04:07 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 04:07 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 04:07 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 04:07 - 2015-06-19 20:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 04:07 - 2015-06-19 20:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 04:07 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 04:07 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 04:07 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 04:07 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 04:07 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 04:07 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 04:07 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 04:07 - 2015-06-19 19:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 04:07 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 04:07 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 04:07 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-13 15:03 - 2015-07-13 15:04 - 00000000 ____D C:\Users\Binefeld\Desktop\WB
2015-07-13 13:05 - 2015-07-13 13:05 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\SunODFPluginforMicrosoftOffice
2015-07-13 12:55 - 2015-07-31 11:52 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Opera Software
2015-07-13 12:55 - 2015-07-31 11:52 - 00000000 ____D C:\Users\Binefeld\AppData\Local\Opera Software
2015-07-13 12:55 - 2015-07-13 12:55 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Shortcut

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-08-12 15:21 - 2010-12-23 15:05 - 01617928 _____ C:\Windows\WindowsUpdate.log
2015-08-12 15:13 - 2013-03-22 14:19 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-12 14:59 - 2009-07-14 06:34 - 00018704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-12 14:59 - 2009-07-14 06:34 - 00018704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-12 14:57 - 2013-01-29 13:26 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-12 02:57 - 2013-01-29 13:26 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-11 16:27 - 2014-04-15 14:46 - 00000000 ____D C:\Proficash
2015-08-11 10:31 - 2015-01-15 14:09 - 00000000 ____D C:\Users\Binefeld\Desktop\Rechtsanwälte
2015-08-11 01:28 - 2015-06-24 08:53 - 00000000 ____D C:\Users\Binefeld\AppData\Local\Dropbox
2015-08-11 01:28 - 2011-01-19 12:07 - 00000000 ___RD C:\Users\Binefeld\Dropbox
2015-08-08 20:20 - 2010-12-23 17:19 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\HpUpdate
2015-08-07 18:05 - 2012-04-16 17:31 - 00000000 ____D C:\Users\Binefeld\AppData\Local\CrashDumps
2015-08-07 16:46 - 2014-09-01 17:38 - 00004096 ____H C:\Users\Binefeld\AppData\Local\keyfile3.drm
2015-08-06 17:14 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-06 17:14 - 2009-07-14 06:39 - 00118299 _____ C:\Windows\setupact.log
2015-08-06 08:47 - 2012-07-04 13:30 - 00000000 ____D C:\Users\Binefeld\Desktop\AT
2015-08-05 12:09 - 2014-10-13 14:37 - 00000000 ____D C:\ProgramData\SFirmV3
2015-08-05 12:09 - 2014-10-13 14:37 - 00000000 ____D C:\Program Files\SFirmV3
2015-08-05 12:09 - 2014-10-13 14:35 - 00000099 _____ C:\Windows\Setup_tmp.ini
2015-08-05 11:35 - 2011-01-11 19:05 - 00000952 ___SH C:\ProgramData\KGyGaAvL.sys
2015-08-05 08:23 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-08-05 08:23 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-08-05 08:18 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-08-05 08:16 - 2010-12-23 16:13 - 00903918 _____ C:\Windows\PFRO.log
2015-08-04 12:13 - 2014-05-05 14:42 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-04 12:13 - 2014-03-05 13:26 - 00113592 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-08-04 12:13 - 2013-03-14 19:36 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-04 12:13 - 2013-03-14 19:36 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-04 12:13 - 2012-10-15 12:58 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-04 12:13 - 2012-10-15 12:58 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-04 12:13 - 2012-10-15 12:58 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-08-04 12:13 - 2012-10-15 12:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-04 09:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-04 08:59 - 2010-06-30 10:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-04 08:55 - 2010-06-30 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-01 21:18 - 2015-04-14 14:30 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-01 12:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-08-01 11:25 - 2014-11-13 13:21 - 00000000 __SHD C:\Users\Binefeld\AppData\Local\EmieBrowserModeList
2015-08-01 11:25 - 2014-09-16 14:07 - 00000000 __SHD C:\Users\Binefeld\AppData\Local\EmieUserList
2015-08-01 11:25 - 2014-09-16 14:07 - 00000000 __SHD C:\Users\Binefeld\AppData\Local\EmieSiteList
2015-08-01 11:17 - 2010-06-29 15:26 - 01629442 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-01 11:07 - 2009-07-14 06:33 - 00369208 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-01 11:04 - 2015-02-19 10:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-01 11:04 - 2014-05-16 08:36 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-01 11:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-08-01 11:04 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-01 10:45 - 2013-10-18 12:45 - 00000000 ____D C:\Windows\system32\MRT
2015-08-01 09:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2015-07-31 11:53 - 2011-01-19 12:06 - 00000000 ____D C:\Users\Binefeld\AppData\Roaming\Dropbox
2015-07-30 19:02 - 2012-02-23 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-30 19:02 - 2012-02-23 19:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-30 18:13 - 2012-02-23 18:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-23 18:57 - 2015-02-18 15:16 - 00000000 ____D C:\Windows\system32\vbox

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-09-01 17:38 - 2015-08-07 16:46 - 0004096 ____H () C:\Users\Binefeld\AppData\Local\keyfile3.drm
2015-01-26 12:59 - 2015-01-26 12:59 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-12-23 15:58 - 2015-01-26 13:20 - 0007321 _____ () C:\ProgramData\hpzinstall.log
2011-01-11 19:05 - 2015-08-05 11:35 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

Einige Dateien in TEMP:
====================
C:\Users\Binefeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgm5h2h.dll
C:\Users\Binefeld\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpltlvjd.dll
C:\Users\Binefeld\AppData\Local\Temp\SFRESTART.EXE
C:\Users\Binefeld\AppData\Local\Temp\sfupd32.dll


==================== Bamital & volsnap Check =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-08-12 00:57

==================== Ende vom raportu ============================

schrauber · 13.08.2015, 09:45

Java, FLash, Adobe und Firefox updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Binefeld\Downloads\cbsidlm-cbsi145-Brutus-ORG-10455770.exe

C:\Users\Binefeld\Downloads\wz180gev-32.msi

C:\zoek_backup\C_Users_Binefeld_Downloads_SoftonicDownloader_fuer_excel-kassenbuch.exe.vir

C:\zoek_backup\C_PROGRA~2_DSearchLink\DSearchLink.exe

C:\zoek_backup\C_Users_Binefeld_AppData_Local_WSE_Astromenda\uninstall.exe

C:\zoek_backup\C_Users_Binefeld_AppData_Local_{282D0A8D-B28F-9C53-6A78-29A44A17E657}\syshost.exe

C:\zoek_backup\C_Users_Binefeld_AppData_Roaming_WSE_Astromenda\UpdateProc\bkup.dat
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

wbartuli · 13.08.2015, 11:37

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x86) Version:12-08-2015
durchgeführt von Binefeld (2015-08-13 12:21:05) Run:1
Gestartet von C:\Users\Binefeld\Desktop\Antivirus-Programme
Geladene Profile: Binefeld (Verfügbare Profile: Binefeld)
Start-Modus: Normal

==============================================

fixlist Inhalt:
*****************
C:\Users\Binefeld\Downloads\cbsidlm-cbsi145-Brutus-ORG-10455770.exe

C:\Users\Binefeld\Downloads\wz180gev-32.msi

C:\zoek_backup\C_Users_Binefeld_Downloads_SoftonicDownloader_fuer_excel-kassenbuch.exe.vir

C:\zoek_backup\C_PROGRA~2_DSearchLink\DSearchLink.exe

C:\zoek_backup\C_Users_Binefeld_AppData_Local_WSE_Astromenda\uninstall.exe

C:\zoek_backup\C_Users_Binefeld_AppData_Local_{282D0A8D-B28F-9C53-6A78-29A44A17E657}\syshost.exe

C:\zoek_backup\C_Users_Binefeld_AppData_Roaming_WSE_Astromenda\UpdateProc\bkup.dat
Emptytemp:

*****************

C:\Users\Binefeld\Downloads\cbsidlm-cbsi145-Brutus-ORG-10455770.exe => erfolgreich verschoben.
C:\Users\Binefeld\Downloads\wz180gev-32.msi => erfolgreich verschoben.
C:\zoek_backup\C_Users_Binefeld_Downloads_SoftonicDownloader_fuer_excel-kassenbuch.exe.vir => erfolgreich verschoben.
C:\zoek_backup\C_PROGRA~2_DSearchLink\DSearchLink.exe => erfolgreich verschoben.
C:\zoek_backup\C_Users_Binefeld_AppData_Local_WSE_Astromenda\uninstall.exe => erfolgreich verschoben.
C:\zoek_backup\C_Users_Binefeld_AppData_Local_{282D0A8D-B28F-9C53-6A78-29A44A17E657}\syshost.exe => erfolgreich verschoben.
C:\zoek_backup\C_Users_Binefeld_AppData_Roaming_WSE_Astromenda\UpdateProc\bkup.dat => erfolgreich verschoben.
EmptyTemp: => 3.6 GB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende vom Fixlog 12:24:21 ====

Code:

ATTFilter

# DelFix v1.010 - Datei am 13/08/2015 um 12:36:16 erstellt
# Aktualisiert am 26/04/2015 von Xplode
# Benutzer : Binefeld - BINEFELD-PC
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Aktiviere die Benutzerkontensteuerung ... OK

~ Entferne die Bereinigungsprogramme ...

Gelöscht : C:\FRST
Gelöscht : C:\zoek_backup
Gelöscht : C:\AdwCleaner
Gelöscht : C:\ComboFix.txt
Gelöscht : C:\TDSSKiller.3.1.0.5_04.08.2015_10.20.43_log.txt
Gelöscht : C:\TDSSKiller.3.1.0.5_04.08.2015_10.21.44_log.txt
Gelöscht : C:\zoek-results.log
Gelöscht : C:\Users\Binefeld\Downloads\esetsmartinstaller_deu.exe
Gelöscht : C:\Users\Binefeld\Downloads\RogueKiller10940.zip
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SOFTWARE\Swearware

~ Erstelle ein Backup der Registrierungsdatenbank ... OK

~ Lösche die Wiederherstellungspunkte ...

Gelöscht : RP #592 [ComboFix created restore point | 08/13/2015 10:34:28]

Ein neuer Wiederherstellungspunkt wurde erstellt !

~ Stelle die Systemeinstellungen wieder her ... OK

########## - EOF - ##########

schrauber · 14.08.2015, 08:40

fertig

14.08.2015, 08:40	#14
schrauber /// the machine /// TB-Ausbilder	Avast bringt laufend etliche Meldungen zu URL:Mal fertig __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Avast bringt laufend etliche Meldungen zu URL:Mal

Plagegeister aller Art und deren Bekämpfung: Avast bringt laufend etliche Meldungen zu URL:Mal