Firefox spinnt - 'Man-in-the-Browser' ?

Dirknash · 07.06.2014, 21:01

Liebes Trojaner-Board-Team,

mein Browser Mozilla Firefox ist zur Zeit am rumspinnen, ich bin froh das ich gerade in eurem Forum posten kann.

Problem: Sobald ich mehrere Tabs aufmache laden die Tabs nicht mehr, es sieht aus wie ein Disconnect vom Internet. Aber mein Internet zeigt mir stetig Lokal und Internet[grüne Weltkugel, kein X für Verbindung unterbrochen]. Beispielweise nebenher skypen geht.

Auch bei Skype ist mir was komisches aufgefallen: sobald ich ein Gespräch beginne/entgegennehme steht dort irgendwie: sichere Verbindung wurde hergestellt. Kann man auf OK oder Details für Windows-Details klicken. Habe ich mir jetzt aber nichts weiter bei gedacht. MBAM hatte zwischendurch auch skype.exe als Bedrohung angezeigt, genauso wie es mir weitere Dateien, die ich im Referenzfall vor zwei Wochen mit euch in die Qarantäne verschoben habe. Ich habe die Dateien vor ein paar Tagen gelöscht, weil sie nicht brauchte und mir ständig 'Bedrohung' angezeigt wurde. War dies ein Fehler, wenn ja bitte ich dies zu entschuldigen. Wie kann er revidiert werden?

Zwischendurch möchte ich einen neuen Tab öffnen, dann laufen dort viele Internetseiten durch, die schon sehr verdächtig klingen: nix-ist-fix.XXXXXXXX oder ähnliche. Zuerst dachte ich, ich hätte Halluzinationen vom vielen arbeiten oder es liegt an meinen Kopfschmerzen. Vielleicht sind es auch speziell Internetseiten, die etwas mit AdobeFlashPlayer oder Adobe zusammen haben? Dann trifft das Problem nämlich auf. So saubere Internetseiten wie euer Forum lassen sich aufrufen. Sobald ich bpsw. auf bild.de gehe tritt der eher Fehler auf. Ich muss dann Firefox schließen. Sobald ich es wieder öffne bin ich wieder auf meiner Startseite google.

Ihr hattet mir vor gut zwei Wochen ausgezeichnet helfen können und hoffe ihr werdet es nochmal tun. Kann doch gar nicht sein, dass ich mir ständig auf irgendwelchen Zwielichtigen-Seiten die Dinger einfange?

PS: Meine CPU-Auslastung beim Taskmanager schwankt irgendwie auch ganz komisch natürlich ist mein Laptop nicht mehr der neuste, aber es geht zwischen 5-10% manchmal auf 40% hoch ohne das ich einen neuen Prozess öffne. Firefox 300.000 K + // Normalwert?

MBAM hatte mir 0 Treffer angezeigt, oder spinne ich doch einfach?

Referenzfall:
http://www.trojaner-board.de/154401-...entfernen.html

FRST
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by jules (administrator) on JULES-PC on 07-06-2014 21:19:55
Running from C:\Users\jules\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\PLFSetI.exe
(Realtek Semiconductor Corp.) C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\ib\olycamdetect.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-16] (Google Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1775808 2014-05-21] (Valve Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93376 2009-12-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Akamai NetSession Interface] => C:\Users\jules\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.4.0 - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\l92ad71y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-03]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-06-17]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Skype Toolbars) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-05-16]
CHR Extension: (DivX HiQ) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-05-16]
CHR Extension: (No Name) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj [2011-11-30]
CHR Extension: (Skype Click to Call) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-10-13]
CHR Extension: (Google Wallet) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-05-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-06-22]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\jules\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-01-29]

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-05-26] ()
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95200 2012-01-13] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] ()
S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2014-06-01] ()
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-16] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.)
S3 spc999; C:\Windows\System32\drivers\spc999.sys [487936 2009-12-14] (                                                            )
S3 spc999m; C:\Windows\System32\drivers\spc999m.sys [7680 2009-12-14] (                                                            )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-23] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\uninstall.exe\catchme.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-07 21:19 - 2014-06-07 21:20 - 00027997 _____ () C:\Users\jules\Desktop\FRST.txt
2014-06-07 21:19 - 2014-06-07 21:20 - 00000000 ___DC () C:\FRST
2014-06-07 21:09 - 2014-06-07 21:09 - 00380416 _____ () C:\Users\jules\Desktop\GMER.exe
2014-06-07 21:07 - 2014-06-07 21:07 - 01063424 _____ (Farbar) C:\Users\jules\Desktop\FRST.exe
2014-06-04 20:09 - 2014-06-04 20:20 - 00000000 ____D () C:\Users\jules\Desktop\MakroTetragon
2014-06-01 22:21 - 2014-06-01 22:21 - 00000000 ____D () C:\Users\jules\Documents\Battlefield 3
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Users\jules\AppData\Local\ESN
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-01 22:17 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-01 22:16 - 2014-06-01 22:16 - 00000967 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-01 22:16 - 2014-06-01 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-01 20:52 - 2014-06-01 20:52 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Origin
2014-06-01 20:22 - 2014-06-01 20:23 - 00002163 ____C () C:\DelFix.txt
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 __SDC () C:\32788R22FWJFW
2014-06-01 20:17 - 2014-06-07 21:20 - 00000000 ____D () C:\Users\jules\AppData\Local\temp
2014-06-01 20:17 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-01 20:17 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-01 20:17 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-01 20:17 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-29 18:35 - 2014-05-29 18:35 - 00000000 ____D () C:\Users\jules\AppData\Local\Adobe
2014-05-29 18:31 - 2014-05-29 18:33 - 00000000 ____D () C:\Program Files\Origin Games
2014-05-29 18:30 - 2014-05-29 18:31 - 00000000 ____D () C:\Users\jules\AppData\Local\Origin
2014-05-29 18:29 - 2014-06-02 01:04 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 18:29 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-29 18:29 - 2014-05-29 18:29 - 00000780 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-29 18:28 - 2014-06-01 20:51 - 00000000 ____D () C:\Program Files\Origin
2014-05-29 09:37 - 2014-05-29 09:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-28 16:28 - 2014-06-01 20:22 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 16:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-28 15:56 - 2014-06-07 18:34 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 15:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 09:48 - 2014-06-01 20:19 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 16:43 - 2014-05-26 16:46 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:54 - 2014-05-07 02:26 - 03627520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:54 - 2014-05-07 02:26 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:54 - 2014-05-07 00:58 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:54 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 22:01 - 2014-05-11 22:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-07 21:20 - 2014-06-07 21:19 - 00027997 _____ () C:\Users\jules\Desktop\FRST.txt
2014-06-07 21:20 - 2014-06-07 21:19 - 00000000 ___DC () C:\FRST
2014-06-07 21:20 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\jules\AppData\Local\temp
2014-06-07 21:09 - 2014-06-07 21:09 - 00380416 _____ () C:\Users\jules\Desktop\GMER.exe
2014-06-07 21:08 - 2012-09-02 11:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-07 21:07 - 2014-06-07 21:07 - 01063424 _____ (Farbar) C:\Users\jules\Desktop\FRST.exe
2014-06-07 21:00 - 2009-12-05 17:31 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Skype
2014-06-07 20:54 - 2014-04-29 20:37 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-06-07 20:53 - 2010-04-01 11:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-07 20:20 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-07 20:20 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-07 19:02 - 2013-06-23 21:52 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Dropbox
2014-06-07 18:34 - 2014-05-28 15:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-07 18:28 - 2009-01-19 22:35 - 01612692 _____ () C:\Windows\WindowsUpdate.log
2014-06-07 18:24 - 2013-06-23 21:57 - 00000000 ___RD () C:\Users\jules\Dropbox
2014-06-07 18:24 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Steam
2014-06-07 18:23 - 2014-05-07 09:03 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-06-07 18:23 - 2012-10-17 10:16 - 00308473 _____ () C:\Windows\AutoKMS.log
2014-06-07 18:22 - 2014-01-29 12:28 - 00000000 ___RD () C:\Users\jules\Google Drive
2014-06-07 18:21 - 2010-04-01 11:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-07 18:20 - 2008-11-20 05:53 - 00000147 _____ () C:\Windows\system32\agent.log
2014-06-07 18:20 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-07 10:15 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-04 20:20 - 2014-06-04 20:09 - 00000000 ____D () C:\Users\jules\Desktop\MakroTetragon
2014-06-04 20:07 - 2011-05-17 13:26 - 00000474 ____H () C:\Windows\Tasks\Norton Security Scan for jules.job
2014-06-04 15:54 - 2014-04-29 20:37 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job
2014-06-02 01:04 - 2014-05-29 18:29 - 00000000 ____D () C:\ProgramData\Origin
2014-06-01 23:14 - 2012-10-22 17:45 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-01 22:21 - 2014-06-01 22:21 - 00000000 ____D () C:\Users\jules\Documents\Battlefield 3
2014-06-01 22:21 - 2009-06-16 22:42 - 00280904 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-06-01 22:21 - 2009-06-16 20:50 - 00000000 ____D () C:\Users\jules\AppData\Local\PunkBuster
2014-06-01 22:21 - 2009-06-16 20:30 - 00140072 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-06-01 22:21 - 2009-06-16 20:29 - 00280904 _____ () C:\Windows\system32\PnkBstrB.exe
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Users\jules\AppData\Local\ESN
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-01 22:17 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-01 22:17 - 2014-05-29 18:29 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-01 22:16 - 2014-06-01 22:16 - 00000967 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-01 22:16 - 2014-06-01 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-01 22:16 - 2009-06-16 20:30 - 00138056 _____ () C:\Users\jules\AppData\Roaming\PnkBstrK.sys
2014-06-01 22:15 - 2009-06-16 20:29 - 00189248 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-06-01 22:15 - 2009-06-16 20:29 - 00075136 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-01 20:52 - 2014-06-01 20:52 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Origin
2014-06-01 20:51 - 2014-05-29 18:28 - 00000000 ____D () C:\Program Files\Origin
2014-06-01 20:23 - 2014-06-01 20:22 - 00002163 ____C () C:\DelFix.txt
2014-06-01 20:22 - 2014-05-28 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 __SDC () C:\32788R22FWJFW
2014-06-01 20:19 - 2014-05-27 09:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-01 20:17 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-01 20:17 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-01 20:17 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-01 20:17 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-01 20:10 - 2006-11-02 12:23 - 00000215 ____C () C:\Windows\system.ini
2014-06-01 20:08 - 2008-01-21 04:47 - 03425824 _____ () C:\Windows\PFRO.log
2014-06-01 19:33 - 2009-06-16 17:03 - 00000000 ____D () C:\Users\jules
2014-05-29 18:35 - 2014-05-29 18:35 - 00000000 ____D () C:\Users\jules\AppData\Local\Adobe
2014-05-29 18:33 - 2014-05-29 18:31 - 00000000 ____D () C:\Program Files\Origin Games
2014-05-29 18:31 - 2014-05-29 18:30 - 00000000 ____D () C:\Users\jules\AppData\Local\Origin
2014-05-29 18:29 - 2014-05-29 18:29 - 00000780 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-29 09:37 - 2014-05-29 09:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-29 09:37 - 2009-12-05 17:30 - 00000000 ___RD () C:\Program Files\Skype
2014-05-29 09:37 - 2009-10-08 15:15 - 00000000 ____D () C:\ProgramData\Skype
2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-28 21:02 - 2014-02-13 20:38 - 00001431 _____ () C:\Users\jules\Desktop\bwin Poker.lnk
2014-05-28 21:02 - 2013-03-18 02:57 - 00001437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-05-28 21:02 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-28 18:00 - 2012-08-14 14:48 - 00000000 ____D () C:\Users\jules\AppData\Local\ArmA 2 OA
2014-05-28 16:52 - 2014-03-24 01:18 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-28 16:16 - 2010-10-28 20:17 - 00000000 ____D () C:\ProgramData\ICQ
2014-05-28 16:16 - 2009-06-24 20:25 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2013-05-13 21:35 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 15:56 - 2012-05-03 15:36 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Malwarebytes
2014-05-28 15:56 - 2012-05-03 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-27 09:17 - 2010-04-05 17:25 - 00000000 ____D () C:\Users\jules\Tracing
2014-05-26 23:26 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 23:22 - 2012-04-27 21:45 - 318719702 _____ () C:\Windows\MEMORY.DMP
2014-05-26 23:22 - 2012-04-27 21:45 - 00000000 ____D () C:\Windows\Minidump
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 20:54 - 2009-06-16 17:04 - 00000000 ____D () C:\Users\jules\AppData\Local\Google
2014-05-26 16:46 - 2014-05-26 16:43 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-23 09:03 - 2013-06-23 21:57 - 00000923 _____ () C:\Users\jules\Desktop\Dropbox.lnk
2014-05-23 09:03 - 2013-06-23 21:55 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 00:10 - 2013-11-03 22:57 - 00000000 ____D () C:\Users\jules\Desktop\Makro
2014-05-21 20:54 - 2009-06-16 18:23 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Mozilla
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-21 15:54 - 2010-04-01 16:53 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 09:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 09:38 - 2012-10-11 19:06 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 01:39 - 2008-11-20 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 01:35 - 2013-08-16 19:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 01:32 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 22:09 - 2012-09-02 11:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 22:09 - 2011-07-10 20:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 14:41 - 2006-11-02 12:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 09:02 - 2012-05-03 15:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-28 15:56 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 15:56 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2012-05-03 15:35 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 22:35 - 2014-01-06 02:12 - 00000139 _____ () C:\Users\jules\Desktop\xxxxxxxxxxxx.txt
2014-05-11 22:02 - 2014-05-11 22:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 15:54 - 2014-01-29 12:20 - 00001911 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00001909 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00001899 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-05-08 15:54 - 2014-01-29 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-05-08 10:17 - 2014-05-07 11:12 - 00001246 _____ () C:\Users\jules\Desktop\KurseWarschaumadness.txt

Some content of TEMP:
====================
C:\Users\jules\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiv6r4x.dll
C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-07 18:27

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by jules at 2014-06-07 21:21:10
Running from C:\Users\jules\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 3.1.0 - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Crystal Eye webcam Ver:1.1.57.409 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.57.409 - Chicony Electronics Co.,Ltd.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.02.1111 - Acer Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Aeria Ignite (HKLM\...\Aeria Ignite 1.13.3296) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (HKLM\...\Aeria Ignite) (Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alliance of Valiant Arms (HKLM\...\Alliance of Valiant Arms) (Version:  - )
Apple Mobile Device Support (HKLM\...\{B5C3B892-0849-476C-9F46-B12F84819D57}) (Version: 3.0.0.102 - Apple Inc.)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ARMA 2 (HKLM\...\Steam App 33910) (Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM\...\Steam App 33930) (Version:  - Bohemia Interactive)
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
Broadcom Gigabit Integrated Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
bwin Poker (HKLM\...\bwincomPoker) (Version:  - bwincom)
bwin Poker 1.0.0 (HKLM\...\bwin Poker_is1) (Version: 1.0.0 - bwin)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty(R) 4 - Modern Warfare(TM) (Version: 1.6 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version:  - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (Version: 1.7 - Activision) Hidden
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version:  - Infinity Ward)
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{42EDF895-158C-484E-A7F2-42B90759F281}) (Version: 2.3.0.0 - SEIKO EPSON CORPORATION)
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)
Company of Heroes 2 (HKLM\...\Steam App 231430) (Version:  - Relic Entertainment)
Counter-Strike: Source (HKLM\...\Steam App 240) (Version:  - Valve)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.3023d - CyberLink Corp.)
CyberLink PowerDirector (Version: 6.5.3023d - CyberLink Corp.) Hidden
DayZ Commander (HKLM\...\{05B1529B-C423-42AA-B981-4ECA247E9FC0}) (Version: 1.09.73 - Dotjosh Studios)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
DivX-Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
EPSON Stylus SX200 Series Printer Uninstall (HKLM\...\EPSON Stylus SX200 Series) (Version:  - SEIKO EPSON Corporation)
Free Audio CD Burner version 1.4 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube Download 2.4 (HKLM\...\Free YouTube Download_is1) (Version:  - DVDVideoSoft Limited.)
Free YouTube to MP3 Converter version 3.8 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version:  - DVDVideoSoft Limited.)
FreeMind (HKLM\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0_RC_10 - )
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)
Google Talk Plugin (HKLM\...\{217CEB43-6D22-3E1F-A311-DC0D7BFEE0A2}) (Version: 5.4.1.18709 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
GTA San Andreas (HKLM\...\{E0303B6A-C675-4102-95DA-C013625BFA99}) (Version: 1.00.00001 - Rockstar Games)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
Java Auto Updater (Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Logitech GamePanel Software 2.00 (HKLM\...\{948BE614-F37B-4A73-AD43-0245F23C110D}) (Version: 2.00.171 - Logitech)
Mafia 2 (HKLM\...\{A716BE0A-331D-4603-9E70-319153D1943F}_is1) (Version:  - By Hasbihal)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access 2010 (HKLM\...\Office14.AccessR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office Access 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.3.2 (HKLM\...\MTA:SA 1.3) (Version: v1.3.2 - Multi Theft Auto)
MySQL Connector/ODBC 5.2(w) (HKLM\...\{410BB59D-840E-4408-8D85-D74A0F7E113B}) (Version: 5.2.2 - Oracle Corporation)
Norton Security Scan (HKLM\...\NSS) (Version: 2.7.6.13 - Symantec Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Systemsteuerung 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OLYMPUS ib (HKLM\...\InstallShield_{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}) (Version: 1.1.1210c - OLYMPUS IMAGING CORP.)
OLYMPUS ib (Version: 1.1.1210c - OLYMPUS IMAGING CORP.) Hidden
OpenOffice.org 3.2 (HKLM\...\{8D1E61D1-1395-4E97-997F-D002DB3A5074}) (Version: 3.2.9502 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
PDF24 Creator 6.2.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoNow! (HKLM\...\{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.4619 - CyberLink Corp.)
Play withSIX (HKLM\...\{61873A7A-38DD-4973-90A9-69E4560A1DC6}) (Version: 1.00.0068 - SIX Networks)
PokerTH (HKLM\...\PokerTH 0.9.5) (Version: 0.9.5 - www.pokerth.net)
Portal (HKLM\...\Steam App 400) (Version:  - Valve)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
R for Windows 2.15.1 (HKLM\...\R for Windows 2.15.1_is1) (Version: 2.15.1 - R Core Team)
R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
RStudio (HKLM\...\RStudio) (Version: 0.96.331 - RStudio)
Scan2PDF 1.6 (HKLM\...\Scan2PDF_is1) (Version:  - Koma-Code)
Secure Download Manager (HKLM\...\{9268B41D-6045-4F5F-A14E-3F8E51CD2666}) (Version: 3.0.5 - e-academy Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SopCast 3.3.2 (HKLM\...\SopCast) (Version: 3.3.2 - www.sopcast.com)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
StarCraft II (HKLM\...\StarCraft II) (Version: 2.0.9.26147 - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.20202 - TeamViewer)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.AccessR_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.AccessR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OMUI.de-de_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{91140000-0015-0000-0000-0000000FF1CE}_Office14.AccessR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
USB MP3 Player WIN98 Drivers (HKLM\...\USB MP3 Player WIN98 Drivers) (Version:  - )
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.5 - Flagship Industries, Inc.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8098.930 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\E77704EF5E71F4F18CADFBFA68595AFE036D5D97) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
World of Warcraft (HKLM\...\World of Warcraft) (Version:  - Blizzard Entertainment)
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
XP-Games JRE (HKLM\...\XP-Games JRE) (Version:  - )

==================== Restore Points  =========================

01-06-2014 18:22:42 Ende der Bereinigung
01-06-2014 20:13:46 DirectX wurde installiert
03-06-2014 20:10:49 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-06-01 20:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1222D404-87FD-4E23-B51C-5636FE9DDB87} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2EA02FA6-45CB-4902-9CB9-D02F99350F1C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - jules => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {42B55020-E593-4710-881E-E36B0FFE7D5D} - System32\Tasks\{23EF95EB-77C0-43F5-9288-F408955B2D31} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4B69729F-4A53-417A-949B-CCA909BA187F} - System32\Tasks\Norton Security Scan for jules => C:\Program Files\Norton Security Scan\Engine\2.7.6.13\Nss.exe [2011-05-17] (Symantec Corporation)
Task: {4F368E01-46D7-491A-A60B-0597FA5BBC5E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: {5559BF42-53DB-4104-9AE2-ECF529964DEA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30] (Apple Inc.)
Task: {6D40101D-0A39-4A92-ADCA-5A61C00AB411} - System32\Tasks\{70F3F7B7-F755-4831-BEBE-3A34F629A904} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.1.0.166.217&amp;LastError=206
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {A9D99EE3-B89E-40FB-A0CA-97A856949A3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.)
Task: {BDA4A639-588E-4111-BC6C-0888177FA87B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-02] (Google Inc.)
Task: {D9EF614E-519B-41DE-B9B2-9558C87F27D0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe [2012-10-17] (Microsoft)
Task: {DEF6DB21-60B7-43ED-AEAE-EA6438708FFF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-02] (Google Inc.)
Task: {E4C5552A-23FE-4720-A239-7F12469FF02F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-01] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job => C:\Users\jules\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for jules.job => C:\Program Files\Norton Security Scan\Engine\2.7.6.13\Nss.exe

==================== Loaded Modules (whitelisted) =============

2007-06-24 20:09 - 2007-06-24 20:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 20:09 - 2007-06-24 20:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll
2008-11-20 06:09 - 2007-12-06 17:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-11-20 06:09 - 2007-11-27 16:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2009-06-16 20:29 - 2014-06-01 22:15 - 00075136 _____ () C:\Windows\system32\PnkBstrA.exe
2008-11-20 05:55 - 2007-01-09 20:25 - 00272024 _____ () c:\Program Files\Cyberlink\Shared files\RichVideo.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-05-23 20:08 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2008-04-25 22:36 - 2008-04-25 22:36 - 00028672 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-28 10:49 - 2008-04-28 10:49 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2009-01-19 22:42 - 2007-10-23 11:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-01-20 07:24 - 2003-06-07 23:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2009-06-16 17:03 - 2010-08-13 02:04 - 00034816 _____ () C:\Program Files\Google\Google Desktop Search\gzlib.dll
2014-06-07 18:23 - 2014-06-07 18:23 - 00043008 _____ () c:\users\jules\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiv6r4x.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\jules\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-11 22:01 - 2014-05-11 22:02 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:DAFD38AE
AlternateDataStreams: C:\ProgramData\Temp:F3176E45
AlternateDataStreams: C:\Users\jules\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\jules\AppData\Roaming:NT
AlternateDataStreams: C:\Users\jules\Documents\dvr irc test.mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/07/2014 08:52:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/07/2014 08:52:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/07/2014 08:37:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_13_0_0_214.exe, Version 13.0.0.214, Zeitstempel 0x5359c61d, fehlerhaftes Modul FlashPlayerPlugin_13_0_0_214.exe, Version 13.0.0.214, Zeitstempel 0x5359c61d, Ausnahmecode 0x40000015, Fehleroffset 0x000180d0,
Prozess-ID 0xe0c, Anwendungsstartzeit FlashPlayerPlugin_13_0_0_214.exe0.

Error: (06/07/2014 06:21:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:20:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 06:35:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 06:52:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 09:48:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/05/2014 09:48:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/05/2014 09:00:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Die abhängige Assemblierung "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (06/07/2014 06:21:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/07/2014 06:21:19 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/07/2014 06:21:15 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/07/2014 09:20:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/07/2014 09:19:54 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/07/2014 09:19:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/06/2014 06:35:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/06/2014 06:35:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)

Error: (06/06/2014 06:35:13 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (06/06/2014 06:52:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (06/07/2014 08:52:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Programs\bwincom\DM.dll

Error: (06/07/2014 08:52:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Programs\bwincom\DM.dll

Error: (06/07/2014 08:37:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61dFlashPlayerPlugin_13_0_0_214.exe13.0.0.2145359c61d40000015000180d0e0c01cf8278f5fee8ca

Error: (06/07/2014 06:21:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/07/2014 09:20:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 06:35:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/06/2014 06:52:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/05/2014 09:48:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Programs\bwincom\DM.dll

Error: (06/05/2014 09:48:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Programs\bwincom\DM.dll

Error: (06/05/2014 09:00:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Programs\bwincom\DM.dll


CodeIntegrity Errors:
===================================
  Date: 2014-06-07 21:20:59.243
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:58.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:58.604
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:58.292
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:57.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:57.652
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:57.325
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:57.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:56.545
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-07 21:20:56.217
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 3065.93 MB
Available physical RAM: 1554.13 MB
Total Pagefile: 6336.13 MB
Available Pagefile: 4472.42 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.79 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:26.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:4.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 841F2730)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=143 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)

==================== End Of Log ============================

GMER

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-07 21:43:20
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: GMER.exe; Driver: C:\Users\jules\AppData\Local\Temp\fwdoypow.sys


---- System - GMER 2.1 ----

INT 0x52        ?                                                                                                     87952F00
INT 0x72        ?                                                                                                     87952F00
INT 0x72        ?                                                                                                     87952F00
INT 0x72        ?                                                                                                     87952F00
INT 0x72        ?                                                                                                     87952F00
INT 0x72        ?                                                                                                     87952F00
INT 0x82        ?                                                                                                     87952F00
INT 0x92        ?                                                                                                     85F8CBF8
INT 0x92        ?                                                                                                     85F8CBF8
INT 0x92        ?                                                                                                     85F8CBF8
INT 0x92        ?                                                                                                     85F8CBF8
INT 0x92        ?                                                                                                     85F8CBF8
INT 0xA2        ?                                                                                                     87952F00

---- Kernel code sections - GMER 2.1 ----

?               System32\Drivers\spov.sys                                                                             Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atksgt.sys                                                                section is writeable [0xA34E8300, 0x3B6D8, 0xE8000020]
.text           C:\Windows\system32\DRIVERS\lirsgt.sys                                                                section is writeable [0xA35BB300, 0x1BEE, 0xE8000020]

---- Devices - GMER 2.1 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                869281F8
Device          \FileSystem\fastfat \FatCdrom                                                                         8A5C21F8

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys

Device          \Driver\volmgr \Device\VolMgrControl                                                                  85F8E1F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                      8796E500
Device          \Driver\usbuhci \Device\USBPDO-1                                                                      8796E500
Device          \Driver\usbuhci \Device\USBPDO-2                                                                      8796E500
Device          \Driver\usbehci \Device\USBPDO-3                                                                      878E71F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                      8796E500
Device          \Driver\usbuhci \Device\USBPDO-5                                                                      8796E500
Device          \Driver\usbuhci \Device\USBPDO-6                                                                      8796E500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                85F8E1F8
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                85F8E1F8
Device          \Driver\cdrom \Device\CdRom0                                                                          878DE1F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{24B3DBA1-5C1B-4453-86AA-763AE61AB23F}                              8B574308
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                           869261F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                    869261F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                    869261F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                    869261F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                    869261F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-3                                                           869261F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel0                                                            869271F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel1                                                            869271F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel4                                                            869271F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel5                                                            869271F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                85F8E1F8
Device          \Driver\volmgr \Device\HarddiskVolume4                                                                85F8E1F8
Device          \Driver\netbt \Device\NetBt_Wins_Export                                                               8B574308
Device          \Driver\Smb \Device\NetbiosSmb                                                                        8B368358
Device          \Driver\iScsiPrt \Device\RaidPort0                                                                    87C131F8
Device          \Driver\netbt \Device\NetBT_Tcpip_{3FAFED2A-826B-479E-B6A9-4636C777D5EA}                              8B574308
Device          \Driver\usbuhci \Device\USBFDO-0                                                                      8796E500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                      8796E500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                      8796E500
Device          \Driver\usbehci \Device\USBFDO-3                                                                      878E71F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                      8796E500
Device          \Driver\usbuhci \Device\USBFDO-5                                                                      8796E500
Device          \Driver\usbuhci \Device\USBFDO-6                                                                      8796E500
Device          \Driver\usbehci \Device\USBFDO-7                                                                      878E71F8
Device          \FileSystem\fastfat \Fat                                                                              8A5C21F8

AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys

Device          \FileSystem\cdfs \Cdfs                                                                                879FA1F8

---- Trace I/O - GMER 2.1 ----

Trace           ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x869261f8]<<                                           869261f8
Trace           1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x870bbac8]                                               870bbac8
Trace           3 CLASSPNP.SYS[8bb9f8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8697cb98]             8697cb98
Trace           \Driver\atapi[0x869b3a60] -> IRP_MJ_CREATE -> 0x869261f8                                              869261f8

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                    771343423
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                    285507792
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----

MBAM

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 07.06.2014
Suchlauf-Zeit: 18:34:32
Logdatei: logdateiMBAM.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.07.05
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: jules

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 292418
Verstrichene Zeit: 14 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Beste Grüße!!

schrauber · 08.06.2014, 08:31

hi,

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Dirknash · 08.06.2014, 10:51

Hier der LOG 1-Thread found. Habe Skip + Continue geklickt.

Code:

ATTFilter

11:45:07.0133 0x062c  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
11:45:11.0228 0x062c  ============================================================
11:45:11.0228 0x062c  Current date / time: 2014/06/08 11:45:11.0228
11:45:11.0228 0x062c  SystemInfo:
11:45:11.0229 0x062c  
11:45:11.0229 0x062c  OS Version: 6.0.6002 ServicePack: 2.0
11:45:11.0229 0x062c  Product type: Workstation
11:45:11.0229 0x062c  ComputerName: JULES-PC
11:45:11.0229 0x062c  UserName: jules
11:45:11.0229 0x062c  Windows directory: C:\Windows
11:45:11.0229 0x062c  System windows directory: C:\Windows
11:45:11.0229 0x062c  Processor architecture: Intel x86
11:45:11.0229 0x062c  Number of processors: 2
11:45:11.0229 0x062c  Page size: 0x1000
11:45:11.0229 0x062c  Boot type: Normal boot
11:45:11.0229 0x062c  ============================================================
11:45:13.0464 0x062c  KLMD registered as C:\Windows\system32\drivers\70555636.sys
11:45:13.0735 0x062c  System UUID: {4A07D478-A50A-4B49-2D44-78242D4C3D1D}
11:45:14.0601 0x062c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:45:14.0603 0x062c  ============================================================
11:45:14.0603 0x062c  \Device\Harddisk0\DR0:
11:45:14.0603 0x062c  MBR partitions:
11:45:14.0603 0x062c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x11D4D000
11:45:14.0603 0x062c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x130D5800, BlocksNum 0x11D58800
11:45:14.0603 0x062c  ============================================================
11:45:14.0669 0x062c  C: <-> \Device\Harddisk0\DR0\Partition1
11:45:14.0919 0x062c  D: <-> \Device\Harddisk0\DR0\Partition2
11:45:14.0920 0x062c  ============================================================
11:45:14.0920 0x062c  Initialize success
11:45:14.0920 0x062c  ============================================================
11:46:03.0385 0x1420  ============================================================
11:46:03.0385 0x1420  Scan started
11:46:03.0385 0x1420  Mode: Manual; SigCheck; TDLFS; 
11:46:03.0385 0x1420  ============================================================
11:46:03.0385 0x1420  KSN ping started
11:46:16.0836 0x1420  KSN ping finished: true
11:46:18.0647 0x1420  ================ Scan system memory ========================
11:46:18.0647 0x1420  System memory - ok
11:46:18.0648 0x1420  ================ Scan services =============================
11:46:18.0868 0x1420  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:46:18.0991 0x1420  ACPI - ok
11:46:19.0139 0x1420  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:46:19.0156 0x1420  AdobeARMservice - ok
11:46:19.0258 0x1420  [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:46:19.0277 0x1420  AdobeFlashPlayerUpdateSvc - ok
11:46:19.0332 0x1420  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:46:19.0406 0x1420  adp94xx - ok
11:46:19.0468 0x1420  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:46:19.0506 0x1420  adpahci - ok
11:46:19.0530 0x1420  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
11:46:19.0549 0x1420  adpu160m - ok
11:46:19.0573 0x1420  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:46:19.0592 0x1420  adpu320 - ok
11:46:19.0636 0x1420  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:46:19.0817 0x1420  AeLookupSvc - ok
11:46:19.0873 0x1420  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
11:46:19.0946 0x1420  AFD - ok
11:46:19.0991 0x1420  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:46:20.0007 0x1420  agp440 - ok
11:46:20.0063 0x1420  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
11:46:20.0080 0x1420  aic78xx - ok
11:46:20.0106 0x1420  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
11:46:20.0236 0x1420  ALG - ok
11:46:20.0270 0x1420  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
11:46:20.0284 0x1420  aliide - ok
11:46:20.0301 0x1420  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:46:20.0317 0x1420  amdagp - ok
11:46:20.0335 0x1420  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
11:46:20.0350 0x1420  amdide - ok
11:46:20.0405 0x1420  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
11:46:20.0452 0x1420  AmdK7 - ok
11:46:20.0476 0x1420  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:46:20.0529 0x1420  AmdK8 - ok
11:46:20.0574 0x1420  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
11:46:20.0644 0x1420  Appinfo - ok
11:46:20.0734 0x1420  [ ACB095E7E1663F1B83A41C22C5D75F90, 18405B7B7D90CD7A2AD17F4D1B7688B49048CB0EBD10A98C53349E6286138418 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:46:20.0759 0x1420  Apple Mobile Device - ok
11:46:20.0817 0x1420  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
11:46:20.0833 0x1420  arc - ok
11:46:20.0885 0x1420  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:46:20.0902 0x1420  arcsas - ok
11:46:21.0032 0x1420  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:46:21.0094 0x1420  aspnet_state - ok
11:46:21.0149 0x1420  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:21.0202 0x1420  AsyncMac - ok
11:46:21.0232 0x1420  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
11:46:21.0246 0x1420  atapi - ok
11:46:21.0307 0x1420  [ F0D933B42CD0594048E4D5200AE9E417, FF53E843A99948568515964C3C97107FA875BBC3F2906BADEE0B29ACE5532F0D ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
11:46:21.0362 0x1420  atksgt - ok
11:46:21.0425 0x1420  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:46:21.0477 0x1420  AudioEndpointBuilder - ok
11:46:21.0504 0x1420  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:46:21.0537 0x1420  Audiosrv - ok
11:46:21.0612 0x1420  [ 6FB43F0DADB3FDC287D080C19666AF8D, D2AA2172CEAF5954E4F04728D1BC9EA7C47A20E8918E876287FC766895FB617A ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
11:46:21.0691 0x1420  b57nd60x - ok
11:46:21.0732 0x1420  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:46:21.0785 0x1420  Beep - ok
11:46:21.0849 0x1420  [ B1359701847FF1FF415FA083F1610F48, 991F995B9CF614549F5F7EB5C5B2D47F34EFF0F47B35C4BF4CE716666B9DA1D3 ] BEService       C:\Program Files\Common Files\BattlEye\BEService.exe
11:46:21.0869 0x1420  BEService - detected UnsignedFile.Multi.Generic ( 1 )
11:46:24.0360 0x1420  Detect skipped due to KSN trusted
11:46:24.0360 0x1420  BEService - ok
11:46:24.0459 0x1420  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
11:46:24.0587 0x1420  BFE - ok
11:46:24.0652 0x1420  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
11:46:24.0771 0x1420  BITS - ok
11:46:24.0797 0x1420  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
11:46:24.0840 0x1420  blbdrive - ok
11:46:24.0891 0x1420  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:46:24.0941 0x1420  bowser - ok
11:46:24.0995 0x1420  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
11:46:25.0018 0x1420  BrFiltLo - ok
11:46:25.0031 0x1420  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
11:46:25.0079 0x1420  BrFiltUp - ok
11:46:25.0118 0x1420  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
11:46:25.0176 0x1420  Browser - ok
11:46:25.0197 0x1420  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
11:46:25.0397 0x1420  Brserid - ok
11:46:25.0421 0x1420  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
11:46:25.0486 0x1420  BrSerWdm - ok
11:46:25.0504 0x1420  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
11:46:25.0580 0x1420  BrUsbMdm - ok
11:46:25.0608 0x1420  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
11:46:25.0658 0x1420  BrUsbSer - ok
11:46:25.0679 0x1420  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
11:46:25.0766 0x1420  BTHMODEM - ok
11:46:25.0829 0x1420  [ 09E6AFFAE6C0E9158BF05C7D08D0107A, 05524526EBD5F42F58404A698F397CD7CBC2CBB5F7211AB6B5C2691A87983A24 ] BUNAgentSvc     C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
11:46:25.0834 0x1420  BUNAgentSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:46:28.0413 0x1420  Detect skipped due to KSN trusted
11:46:28.0413 0x1420  BUNAgentSvc - ok
11:46:28.0503 0x1420  catchme - ok
11:46:28.0637 0x1420  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:46:28.0706 0x1420  cdfs - ok
11:46:28.0736 0x1420  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:46:28.0780 0x1420  cdrom - ok
11:46:28.0843 0x1420  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
11:46:28.0880 0x1420  CertPropSvc - ok
11:46:28.0902 0x1420  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
11:46:28.0950 0x1420  circlass - ok
11:46:28.0992 0x1420  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
11:46:29.0017 0x1420  CLFS - ok
11:46:29.0066 0x1420  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:46:29.0082 0x1420  clr_optimization_v2.0.50727_32 - ok
11:46:29.0116 0x1420  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:46:29.0162 0x1420  clr_optimization_v4.0.30319_32 - ok
11:46:29.0210 0x1420  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:46:29.0243 0x1420  CmBatt - ok
11:46:29.0264 0x1420  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:46:29.0278 0x1420  cmdide - ok
11:46:29.0295 0x1420  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:46:29.0310 0x1420  Compbatt - ok
11:46:29.0317 0x1420  COMSysApp - ok
11:46:29.0325 0x1420  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:46:29.0342 0x1420  crcdisk - ok
11:46:29.0372 0x1420  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
11:46:29.0418 0x1420  Crusoe - ok
11:46:29.0485 0x1420  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:46:29.0539 0x1420  CryptSvc - ok
11:46:29.0601 0x1420  [ B5ECADF7708960F1818C7FA015F4C239, A58BA71B08A9D46EB79EB3DF0858F553A11DE3461E13B6D926E25D21D4CBB2D8 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys
11:46:29.0644 0x1420  CVirtA - ok
11:46:29.0805 0x1420  [ 30443EEF52F5FB043654859EAA8E5247, 887ED8C4FE2259542E05A17973FE1549B636DA2C6888CC3A66F97D7D2600DC49 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
11:46:29.0918 0x1420  CVPND - ok
11:46:29.0983 0x1420  [ CB90B2762B1A1D0B40496400C55B6ADE, 7A8D86B223FD8A2C4A75AD0849041D56255277D491387C613E62BC76E6730F06 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys
11:46:30.0013 0x1420  CVPNDRVA - detected UnsignedFile.Multi.Generic ( 1 )
11:46:32.0497 0x1420  Detect skipped due to KSN trusted
11:46:32.0497 0x1420  CVPNDRVA - ok
11:46:32.0586 0x1420  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:46:32.0633 0x1420  DcomLaunch - ok
11:46:32.0684 0x1420  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:46:32.0734 0x1420  DfsC - ok
11:46:32.0856 0x1420  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
11:46:33.0147 0x1420  DFSR - ok
11:46:33.0267 0x1420  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
11:46:33.0312 0x1420  Dhcp - ok
11:46:33.0369 0x1420  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
11:46:33.0385 0x1420  disk - ok
11:46:33.0446 0x1420  [ 73BAF270D24FE726B9CD7F80BB17A23D, 12ADFB26C16A7D3F623C1A6B72D4C6AB9163EBC93CF13CB2AC6897FB95E96105 ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
11:46:33.0458 0x1420  DKbFltr - ok
11:46:33.0506 0x1420  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144, 14C147B79786C5DCEC54AF191E8815D871906E30DE90B00C7929F0E6CC025E6A ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys
11:46:33.0522 0x1420  DNE - ok
11:46:33.0569 0x1420  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:46:33.0627 0x1420  Dnscache - ok
11:46:33.0659 0x1420  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
11:46:33.0747 0x1420  dot3svc - ok
11:46:33.0808 0x1420  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
11:46:33.0863 0x1420  DPS - ok
11:46:33.0890 0x1420  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:46:33.0946 0x1420  drmkaud - ok
11:46:34.0007 0x1420  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:46:34.0060 0x1420  DXGKrnl - ok
11:46:34.0099 0x1420  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
11:46:34.0157 0x1420  E1G60 - ok
11:46:34.0204 0x1420  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
11:46:34.0243 0x1420  EapHost - ok
11:46:34.0310 0x1420  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
11:46:34.0331 0x1420  Ecache - ok
11:46:34.0381 0x1420  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:46:34.0431 0x1420  ehRecvr - ok
11:46:34.0455 0x1420  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
11:46:34.0515 0x1420  ehSched - ok
11:46:34.0528 0x1420  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
11:46:34.0563 0x1420  ehstart - ok
11:46:34.0615 0x1420  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:46:34.0655 0x1420  elxstor - ok
11:46:34.0709 0x1420  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
11:46:34.0808 0x1420  EMDMgmt - ok
11:46:34.0843 0x1420  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
11:46:34.0887 0x1420  ErrDev - ok
11:46:34.0958 0x1420  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
11:46:35.0005 0x1420  EventSystem - ok
11:46:35.0052 0x1420  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:46:35.0100 0x1420  exfat - ok
11:46:35.0181 0x1420  FairplayKD - ok
11:46:35.0214 0x1420  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:46:35.0243 0x1420  fastfat - ok
11:46:35.0287 0x1420  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:46:35.0334 0x1420  fdc - ok
11:46:35.0366 0x1420  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
11:46:35.0396 0x1420  fdPHost - ok
11:46:35.0421 0x1420  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:46:35.0491 0x1420  FDResPub - ok
11:46:35.0528 0x1420  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:46:35.0544 0x1420  FileInfo - ok
11:46:35.0564 0x1420  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:46:35.0610 0x1420  Filetrace - ok
11:46:35.0640 0x1420  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:46:35.0682 0x1420  flpydisk - ok
11:46:35.0718 0x1420  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:46:35.0740 0x1420  FltMgr - ok
11:46:35.0835 0x1420  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
11:46:35.0949 0x1420  FontCache - ok
11:46:36.0007 0x1420  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:46:36.0021 0x1420  FontCache3.0.0.0 - ok
11:46:36.0052 0x1420  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:46:36.0102 0x1420  Fs_Rec - ok
11:46:36.0137 0x1420  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:46:36.0153 0x1420  gagp30kx - ok
11:46:36.0186 0x1420  [ F2F431D1573EE632975C524418655B84, 4AE27D0AE3A35FF18DF7E341698DF62C51698FB964395DDB69C45C778CCCC27E ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:46:36.0196 0x1420  GEARAspiWDM - ok
11:46:36.0293 0x1420  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:46:36.0303 0x1420  GoogleDesktopManager-051210-111108 - ok
11:46:36.0357 0x1420  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
11:46:36.0417 0x1420  gpsvc - ok
11:46:36.0480 0x1420  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:46:36.0495 0x1420  gupdate - ok
11:46:36.0558 0x1420  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:46:36.0571 0x1420  gupdatem - ok
11:46:36.0610 0x1420  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:46:36.0628 0x1420  gusvc - ok
11:46:36.0688 0x1420  [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
11:46:36.0701 0x1420  hamachi - ok
11:46:36.0744 0x1420  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:46:36.0824 0x1420  HdAudAddService - ok
11:46:36.0878 0x1420  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:46:36.0987 0x1420  HDAudBus - ok
11:46:37.0022 0x1420  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:46:37.0071 0x1420  HidBth - ok
11:46:37.0088 0x1420  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:46:37.0157 0x1420  HidIr - ok
11:46:37.0192 0x1420  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
11:46:37.0248 0x1420  hidserv - ok
11:46:37.0307 0x1420  [ 7F7E5E98CEFED8A10F7E56810EA7B6DF, 7D9F6801B24C96FAE77A50162074EDA4C4470C1E240BDC79ECB6B514E195291C ] hidshim         C:\Windows\system32\DRIVERS\hidshim.sys
11:46:37.0356 0x1420  hidshim - ok
11:46:37.0384 0x1420  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:46:37.0411 0x1420  HidUsb - ok
11:46:37.0455 0x1420  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:46:37.0507 0x1420  hkmsvc - ok
11:46:37.0533 0x1420  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
11:46:37.0549 0x1420  HpCISSs - ok
11:46:37.0612 0x1420  [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:46:37.0668 0x1420  HSFHWAZL - ok
11:46:37.0738 0x1420  [ 7BC42C65B5C6281777C1A7605B253BA8, 71885EB4E8625450ECA4623466FB3D5437DAABE739A5DC3B5F4CF982A65F8A86 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:46:37.0873 0x1420  HSF_DPV - ok
11:46:37.0919 0x1420  [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E, A11CE324DD8E8BDFFDF513429C32D3C16EC79DC9A7517048587759B26BF38583 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:46:37.0991 0x1420  HSXHWAZL - ok
11:46:38.0047 0x1420  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:46:38.0165 0x1420  HTTP - ok
11:46:38.0220 0x1420  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
11:46:38.0235 0x1420  i2omp - ok
11:46:38.0279 0x1420  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:46:38.0323 0x1420  i8042prt - ok
11:46:38.0351 0x1420  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
11:46:38.0374 0x1420  iaStorV - ok
11:46:38.0482 0x1420  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:46:38.0567 0x1420  idsvc - ok
11:46:38.0610 0x1420  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:46:38.0624 0x1420  iirsp - ok
11:46:38.0686 0x1420  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:46:38.0786 0x1420  IKEEXT - ok
11:46:39.0016 0x1420  [ B8716D9677B04B82FA405C8C54954728, 19BD403E268F27E2A50B3619ED87D6553D837456E32C56CB596C0E87A2B4895F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
11:46:39.0190 0x1420  IntcAzAudAddService - ok
11:46:39.0242 0x1420  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
11:46:39.0257 0x1420  intelide - ok
11:46:39.0289 0x1420  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:46:39.0338 0x1420  intelppm - ok
11:46:39.0381 0x1420  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:46:39.0430 0x1420  IPBusEnum - ok
11:46:39.0459 0x1420  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:46:39.0511 0x1420  IpFilterDriver - ok
11:46:39.0550 0x1420  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:46:39.0613 0x1420  iphlpsvc - ok
11:46:39.0619 0x1420  IpInIp - ok
11:46:39.0642 0x1420  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
11:46:39.0690 0x1420  IPMIDRV - ok
11:46:39.0736 0x1420  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
11:46:39.0770 0x1420  IPNAT - ok
11:46:39.0810 0x1420  [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda            C:\Windows\system32\DRIVERS\irda.sys
11:46:39.0858 0x1420  irda - ok
11:46:39.0876 0x1420  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:46:39.0907 0x1420  IRENUM - ok
11:46:39.0933 0x1420  [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon           C:\Windows\System32\irmon.dll
11:46:39.0999 0x1420  Irmon - ok
11:46:40.0019 0x1420  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:46:40.0034 0x1420  isapnp - ok
11:46:40.0093 0x1420  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:46:40.0114 0x1420  iScsiPrt - ok
11:46:40.0145 0x1420  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
11:46:40.0158 0x1420  iteatapi - ok
11:46:40.0197 0x1420  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
11:46:40.0211 0x1420  iteraid - ok
11:46:40.0232 0x1420  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:46:40.0247 0x1420  kbdclass - ok
11:46:40.0278 0x1420  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:46:40.0321 0x1420  kbdhid - ok
11:46:40.0341 0x1420  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
11:46:40.0394 0x1420  KeyIso - ok
11:46:40.0472 0x1420  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:46:40.0514 0x1420  KSecDD - ok
11:46:40.0572 0x1420  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:46:40.0644 0x1420  KtmRm - ok
11:46:40.0693 0x1420  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
11:46:40.0729 0x1420  LanmanServer - ok
11:46:40.0791 0x1420  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:46:40.0875 0x1420  LanmanWorkstation - ok
11:46:40.0944 0x1420  [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:46:40.0970 0x1420  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
11:46:43.0460 0x1420  Detect skipped due to KSN trusted
11:46:43.0460 0x1420  LightScribeService - ok
11:46:43.0536 0x1420  [ F8A7212D0864EF5E9185FB95E6623F4D, 277EAA06BD3D1CB31E6CD7B9ECD3A4B7D4AB7A369DB5FFF04EC7D749DF26E3D2 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
11:46:43.0549 0x1420  lirsgt - ok
11:46:43.0600 0x1420  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:46:43.0631 0x1420  lltdio - ok
11:46:43.0668 0x1420  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:46:43.0718 0x1420  lltdsvc - ok
11:46:43.0748 0x1420  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:46:43.0799 0x1420  lmhosts - ok
11:46:43.0823 0x1420  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:46:43.0841 0x1420  LSI_FC - ok
11:46:43.0866 0x1420  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:46:43.0882 0x1420  LSI_SAS - ok
11:46:43.0902 0x1420  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:46:43.0921 0x1420  LSI_SCSI - ok
11:46:43.0942 0x1420  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:46:43.0990 0x1420  luafv - ok
11:46:44.0053 0x1420  [ 8683C1B450F4B3872839308D836E0F92, C6CEEEA780D2191AEAC2537FD96324FF5501D92CE46313FB95ABB51765D919ED ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:46:44.0065 0x1420  MBAMProtector - ok
11:46:44.0214 0x1420  [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler   C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
11:46:44.0318 0x1420  MBAMScheduler - ok
11:46:44.0375 0x1420  [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService     C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
11:46:44.0488 0x1420  MBAMService - ok
11:46:44.0568 0x1420  [ 12E71DA845D76665B56753AD149E32B3, 0E403710CCBACD5AB85FD4C32AAB6CB2C27BC1F043E8008EE49EE96ECA944146 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
11:46:44.0582 0x1420  MBAMSwissArmy - ok
11:46:44.0603 0x1420  [ 799613BA73D25641402AA81B6403EFF8, 55FFF9248C0798346888071A60BF42C809C5D4C7BBA92C97B617F7B6681E00F3 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
11:46:44.0616 0x1420  MBAMWebAccessControl - ok
11:46:44.0722 0x1420  [ 6C3D154FFF0A97A6C3D9F78D60C41655, C93195F1FFC0161B2A8E22D2CF4F3CD8109C49DB722ED78824AF3A50B93D3CB7 ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
11:46:44.0737 0x1420  McAfee SiteAdvisor Service - ok
11:46:44.0774 0x1420  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:46:44.0806 0x1420  Mcx2Svc - ok
11:46:44.0831 0x1420  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:46:44.0845 0x1420  mdmxsdk - ok
11:46:44.0893 0x1420  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
11:46:44.0908 0x1420  megasas - ok
11:46:44.0953 0x1420  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
11:46:45.0019 0x1420  MegaSR - ok
11:46:45.0128 0x1420  Microsoft SharePoint Workspace Audit Service - ok
11:46:45.0176 0x1420  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
11:46:45.0220 0x1420  MMCSS - ok
11:46:45.0280 0x1420  MobilityService - ok
11:46:45.0293 0x1420  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
11:46:45.0337 0x1420  Modem - ok
11:46:45.0357 0x1420  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:46:45.0407 0x1420  monitor - ok
11:46:45.0444 0x1420  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:46:45.0459 0x1420  mouclass - ok
11:46:45.0479 0x1420  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:46:45.0529 0x1420  mouhid - ok
11:46:45.0555 0x1420  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
11:46:45.0570 0x1420  MountMgr - ok
11:46:45.0642 0x1420  [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:46:45.0661 0x1420  MozillaMaintenance - ok
11:46:45.0704 0x1420  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:46:45.0721 0x1420  mpio - ok
11:46:45.0750 0x1420  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:46:45.0793 0x1420  mpsdrv - ok
11:46:45.0841 0x1420  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:46:45.0921 0x1420  MpsSvc - ok
11:46:45.0944 0x1420  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
11:46:45.0958 0x1420  Mraid35x - ok
11:46:45.0974 0x1420  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:46:46.0015 0x1420  MRxDAV - ok
11:46:46.0054 0x1420  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:46:46.0082 0x1420  mrxsmb - ok
11:46:46.0125 0x1420  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:46:46.0165 0x1420  mrxsmb10 - ok
11:46:46.0189 0x1420  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:46:46.0221 0x1420  mrxsmb20 - ok
11:46:46.0270 0x1420  [ 5457DCFA7C0DA43522F4D9D4049C1472, C8B0FD8F96E4FC5CB4B74D5968E808F44B4371F0A797B1D368E6A6080CB862FD ] msahci          C:\Windows\system32\drivers\msahci.sys
11:46:46.0285 0x1420  msahci - ok
11:46:46.0314 0x1420  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:46:46.0330 0x1420  msdsm - ok
11:46:46.0351 0x1420  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
11:46:46.0398 0x1420  MSDTC - ok
11:46:46.0412 0x1420  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:46:46.0455 0x1420  Msfs - ok
11:46:46.0497 0x1420  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:46:46.0511 0x1420  msisadrv - ok
11:46:46.0542 0x1420  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:46:46.0578 0x1420  MSiSCSI - ok
11:46:46.0583 0x1420  msiserver - ok
11:46:46.0628 0x1420  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:46:46.0670 0x1420  MSKSSRV - ok
11:46:46.0700 0x1420  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:46:46.0731 0x1420  MSPCLOCK - ok
11:46:46.0743 0x1420  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:46:46.0773 0x1420  MSPQM - ok
11:46:46.0801 0x1420  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:46:46.0822 0x1420  MsRPC - ok
11:46:46.0844 0x1420  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:46:46.0858 0x1420  mssmbios - ok
11:46:46.0895 0x1420  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:46:46.0923 0x1420  MSTEE - ok
11:46:46.0956 0x1420  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:46:46.0978 0x1420  Mup - ok
11:46:47.0015 0x1420  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
11:46:47.0074 0x1420  napagent - ok
11:46:47.0127 0x1420  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:46:47.0150 0x1420  NativeWifiP - ok
11:46:47.0211 0x1420  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:46:47.0271 0x1420  NDIS - ok
11:46:47.0307 0x1420  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:46:47.0351 0x1420  NdisTapi - ok
11:46:47.0379 0x1420  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:46:47.0410 0x1420  Ndisuio - ok
11:46:47.0447 0x1420  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:46:47.0474 0x1420  NdisWan - ok
11:46:47.0496 0x1420  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:46:47.0518 0x1420  NDProxy - ok
11:46:47.0531 0x1420  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:46:47.0577 0x1420  NetBIOS - ok
11:46:47.0619 0x1420  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
11:46:47.0673 0x1420  netbt - ok
11:46:47.0697 0x1420  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
11:46:47.0712 0x1420  Netlogon - ok
11:46:47.0758 0x1420  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
11:46:47.0817 0x1420  Netman - ok
11:46:47.0856 0x1420  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:46:47.0881 0x1420  NetMsmqActivator - ok
11:46:47.0901 0x1420  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:46:47.0921 0x1420  NetPipeActivator - ok
11:46:47.0953 0x1420  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
11:46:48.0013 0x1420  netprofm - ok
11:46:48.0021 0x1420  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:46:48.0047 0x1420  NetTcpActivator - ok
11:46:48.0055 0x1420  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:46:48.0076 0x1420  NetTcpPortSharing - ok
11:46:48.0283 0x1420  [ 0B214C6A4728F085FB64A29ED9C4DE94, 5AB06F2D2826482BCD72A9D7574C1DD86FDE68DD67E7D4435F94B86817D4BC40 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
11:46:48.0589 0x1420  NETw5v32 - ok
11:46:48.0640 0x1420  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:46:48.0655 0x1420  nfrd960 - ok
11:46:48.0682 0x1420  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:46:48.0724 0x1420  NlaSvc - ok
11:46:48.0759 0x1420  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:46:48.0785 0x1420  Npfs - ok
11:46:48.0815 0x1420  npggsvc - ok
11:46:48.0837 0x1420  [ 6D8D2E5652FC2442C810C5D8BE784148, 013FF4FA03CA2E066B1946CC09889616B243068BA0FB2E58D4C1435BF66FBC87 ] NSCIRDA         C:\Windows\system32\DRIVERS\nscirda.sys
11:46:48.0879 0x1420  NSCIRDA - ok
11:46:48.0901 0x1420  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
11:46:48.0960 0x1420  nsi - ok
11:46:48.0985 0x1420  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:46:49.0090 0x1420  nsiproxy - ok
11:46:49.0228 0x1420  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:46:49.0351 0x1420  Ntfs - ok
11:46:49.0396 0x1420  [ A2B6583A5652A385DFF5E4F49AD48761, 7214F722DE8EAEE9F33FF3AAE32AF14BEA8D1CE71680B813130D4AA41E8D32C8 ] NTIBackupSvc    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
11:46:49.0404 0x1420  NTIBackupSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:46:51.0834 0x1420  Detect skipped due to KSN trusted
11:46:51.0834 0x1420  NTIBackupSvc - ok
11:46:51.0901 0x1420  [ 2757D2BA59AEE155209E24942AB127C9, 60C8571D548901A68591F1C7C548B40FA1086D21D23B8CB1083A8AE50760FE87 ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
11:46:51.0914 0x1420  NTIDrvr - ok
11:46:51.0965 0x1420  [ 40B87FE8A1A9A5AC9E5A91D96F212BCD, 0C0BE4EF2999613B1559F9A709B31DB1E5EBB3336732A24D5C3E705461549E24 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
11:46:51.0988 0x1420  NTISchedulerSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:46:54.0478 0x1420  Detect skipped due to KSN trusted
11:46:54.0478 0x1420  NTISchedulerSvc - ok
11:46:54.0497 0x1420  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
11:46:54.0564 0x1420  ntrigdigi - ok
11:46:54.0583 0x1420  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
11:46:54.0632 0x1420  Null - ok
11:46:54.0673 0x1420  [ 85D8845B7B6A434B7CE35723BF0E5C57, F10026F2F63F4852D9E174E1D4E0345BB5080A20370F7F350F5D5951CD52F5BC ] nuvotonhidgeneric C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
11:46:54.0698 0x1420  nuvotonhidgeneric - ok
11:46:54.0765 0x1420  [ 77F9F9A199B87FE3F852E12F5419240B, BE9C05F2AC12BB41EC71A596039F2116E5A0F454D32E5A618112296721001473 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
11:46:54.0782 0x1420  NVHDA - ok
11:46:55.0301 0x1420  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E, 88FA632754A20025F03FE0970C93F572055919F53C8A50E5DB6CF1EF7B00B7FD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:46:55.0931 0x1420  nvlddmkm - ok
11:46:56.0002 0x1420  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:46:56.0020 0x1420  nvraid - ok
11:46:56.0041 0x1420  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:46:56.0057 0x1420  nvstor - ok
11:46:56.0119 0x1420  [ 31B8835B003CAA6D31BEAD83DDBF98E5, FB7C7BD1E95BEFB9A8FFEB3FB1B6D9BCD923E48498CB23169EDAA025C84CDD33 ] nvsvc           C:\Windows\system32\nvvsvc.exe
11:46:56.0172 0x1420  nvsvc - ok
11:46:56.0332 0x1420  [ F935E817409F78FA50C5921DB39124B3, E1AB4B69E9C0AD89A5B9E99C7A0D77A1A50B4823C89E8687686B716957FBA2B3 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:46:56.0440 0x1420  nvUpdatusService - ok
11:46:56.0466 0x1420  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:46:56.0483 0x1420  nv_agp - ok
11:46:56.0490 0x1420  NwlnkFlt - ok
11:46:56.0498 0x1420  NwlnkFwd - ok
11:46:56.0541 0x1420  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
11:46:56.0589 0x1420  ohci1394 - ok
11:46:56.0645 0x1420  [ F4CB9C1991314B1352DDBD8A968E4471, 7E23A8EB739E1F0E114CB8ADBD7461B02C5CF671648EACA0845C53CE84545DD3 ] OlyCamComm      C:\Windows\system32\DRIVERS\OlyCamComm.sys
11:46:56.0657 0x1420  OlyCamComm - ok
11:46:56.0729 0x1420  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:46:56.0747 0x1420  ose - ok
11:46:57.0016 0x1420  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:46:57.0332 0x1420  osppsvc - ok
11:46:57.0408 0x1420  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
11:46:57.0502 0x1420  p2pimsvc - ok
11:46:57.0550 0x1420  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:46:57.0613 0x1420  p2psvc - ok
11:46:57.0654 0x1420  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
11:46:57.0707 0x1420  Parport - ok
11:46:57.0757 0x1420  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:46:57.0774 0x1420  partmgr - ok
11:46:57.0810 0x1420  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
11:46:57.0877 0x1420  Parvdm - ok
11:46:57.0922 0x1420  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:46:57.0979 0x1420  PcaSvc - ok
11:46:58.0010 0x1420  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
11:46:58.0031 0x1420  pci - ok
11:46:58.0053 0x1420  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
11:46:58.0067 0x1420  pciide - ok
11:46:58.0114 0x1420  [ B7C5A8769541900F6DFA6FE0C5E4D513, 1885FE8AE9D6929E8B43D674B43B7B3FEAA25AF6E45973A0B49CBA7B9CBA34C4 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
11:46:58.0136 0x1420  pcmcia - ok
11:46:58.0209 0x1420  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:46:58.0316 0x1420  PEAUTH - ok
11:46:58.0420 0x1420  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
11:46:58.0543 0x1420  pla - ok
11:46:58.0598 0x1420  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:46:58.0660 0x1420  PlugPlay - ok
11:46:58.0748 0x1420  [ 3A2BDD76E7D2A5F40A7174793D1BA794, 029EE2C2F71AEC7906600EEC4F855DC5648C1ECF53F11426079B04591F24D067 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
11:46:58.0761 0x1420  PnkBstrA - ok
11:46:58.0809 0x1420  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
11:46:58.0878 0x1420  PNRPAutoReg - ok
11:46:58.0929 0x1420  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
11:46:58.0987 0x1420  PNRPsvc - ok
11:46:59.0044 0x1420  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:46:59.0106 0x1420  PolicyAgent - ok
11:46:59.0141 0x1420  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:46:59.0192 0x1420  PptpMiniport - ok
11:46:59.0218 0x1420  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
11:46:59.0265 0x1420  Processor - ok
11:46:59.0339 0x1420  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
11:46:59.0392 0x1420  ProfSvc - ok
11:46:59.0426 0x1420  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
11:46:59.0441 0x1420  ProtectedStorage - ok
11:46:59.0490 0x1420  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
11:46:59.0536 0x1420  PSched - ok
11:46:59.0637 0x1420  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:46:59.0739 0x1420  ql2300 - ok
11:46:59.0767 0x1420  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:46:59.0783 0x1420  ql40xx - ok
11:46:59.0831 0x1420  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
11:46:59.0858 0x1420  QWAVE - ok
11:46:59.0877 0x1420  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:46:59.0913 0x1420  QWAVEdrv - ok
11:46:59.0934 0x1420  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:46:59.0982 0x1420  RasAcd - ok
11:47:00.0005 0x1420  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
11:47:00.0061 0x1420  RasAuto - ok
11:47:00.0089 0x1420  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:47:00.0154 0x1420  Rasl2tp - ok
11:47:00.0198 0x1420  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
11:47:00.0257 0x1420  RasMan - ok
11:47:00.0298 0x1420  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:47:00.0323 0x1420  RasPppoe - ok
11:47:00.0340 0x1420  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:47:00.0359 0x1420  RasSstp - ok
11:47:00.0397 0x1420  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:47:00.0454 0x1420  rdbss - ok
11:47:00.0488 0x1420  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:47:00.0533 0x1420  RDPCDD - ok
11:47:00.0577 0x1420  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
11:47:00.0619 0x1420  rdpdr - ok
11:47:00.0628 0x1420  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:47:00.0676 0x1420  RDPENCDD - ok
11:47:00.0739 0x1420  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:47:00.0774 0x1420  RDPWD - ok
11:47:00.0837 0x1420  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:47:00.0899 0x1420  RemoteAccess - ok
11:47:00.0961 0x1420  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:47:01.0018 0x1420  RemoteRegistry - ok
11:47:01.0087 0x1420  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449, F05A32DA0A62144AAE78A3A9173F21F52FAED4E39F9250B3E1B11066760B2576 ] RichVideo       c:\Program Files\Cyberlink\Shared files\RichVideo.exe
11:47:01.0118 0x1420  RichVideo - ok
11:47:01.0157 0x1420  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
11:47:01.0211 0x1420  RpcLocator - ok
11:47:01.0269 0x1420  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
11:47:01.0318 0x1420  RpcSs - ok
11:47:01.0359 0x1420  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:47:01.0406 0x1420  rspndr - ok
11:47:01.0446 0x1420  [ 8DAB5975B5C7923D61506A48E251DBAD, 34C197BDBFEB676ED7C0262E27EF9190E684A47E4DBFDFA889958966406F9862 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
11:47:01.0512 0x1420  RTSTOR - ok
11:47:01.0520 0x1420  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
11:47:01.0537 0x1420  SamSs - ok
11:47:01.0555 0x1420  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:47:01.0570 0x1420  sbp2port - ok
11:47:01.0629 0x1420  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:47:01.0658 0x1420  SCardSvr - ok
11:47:01.0724 0x1420  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
11:47:01.0822 0x1420  Schedule - ok
11:47:01.0862 0x1420  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:47:01.0886 0x1420  SCPolicySvc - ok
11:47:01.0926 0x1420  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
11:47:01.0973 0x1420  sdbus - ok
11:47:02.0002 0x1420  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:47:02.0063 0x1420  SDRSVC - ok
11:47:02.0105 0x1420  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:47:02.0171 0x1420  secdrv - ok
11:47:02.0194 0x1420  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
11:47:02.0229 0x1420  seclogon - ok
11:47:02.0246 0x1420  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
11:47:02.0293 0x1420  SENS - ok
11:47:02.0327 0x1420  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:47:02.0399 0x1420  Serenum - ok
11:47:02.0427 0x1420  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
11:47:02.0491 0x1420  Serial - ok
11:47:02.0512 0x1420  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:47:02.0542 0x1420  sermouse - ok
11:47:02.0579 0x1420  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:47:02.0614 0x1420  SessionEnv - ok
11:47:02.0643 0x1420  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
11:47:02.0677 0x1420  sffdisk - ok
11:47:02.0691 0x1420  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:47:02.0734 0x1420  sffp_mmc - ok
11:47:02.0754 0x1420  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
11:47:02.0783 0x1420  sffp_sd - ok
11:47:02.0799 0x1420  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:47:02.0850 0x1420  sfloppy - ok
11:47:02.0891 0x1420  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:47:02.0958 0x1420  SharedAccess - ok
11:47:03.0016 0x1420  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:47:03.0109 0x1420  ShellHWDetection - ok
11:47:03.0133 0x1420  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:47:03.0150 0x1420  sisagp - ok
11:47:03.0180 0x1420  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
11:47:03.0195 0x1420  SiSRaid2 - ok
11:47:03.0220 0x1420  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:47:03.0239 0x1420  SiSRaid4 - ok
11:47:03.0318 0x1420  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
11:47:03.0339 0x1420  SkypeUpdate - ok
11:47:03.0514 0x1420  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
11:47:03.0724 0x1420  slsvc - ok
11:47:03.0779 0x1420  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
11:47:03.0806 0x1420  SLUINotify - ok
11:47:03.0838 0x1420  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:47:03.0877 0x1420  Smb - ok
11:47:03.0917 0x1420  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:47:03.0956 0x1420  SNMPTRAP - ok
11:47:04.0037 0x1420  [ 6B92F41B59F0774EF053CE865C9529BB, B40325C838470ECDA928E6DBD171700CC37FABA0D3D5859B6E04970D36EDBACC ] spc999          C:\Windows\system32\drivers\spc999.sys
11:47:04.0113 0x1420  spc999 - ok
11:47:04.0145 0x1420  [ 6E26F563CE1A7F25E5182E8512710595, BC3DF8FC09652267110E2317E57BF238137E0F2EBE30C93FB2E7BF70C7D7986A ] spc999m         C:\Windows\system32\drivers\spc999m.sys
11:47:04.0174 0x1420  spc999m - ok
11:47:04.0217 0x1420  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:47:04.0232 0x1420  spldr - ok
11:47:04.0287 0x1420  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
11:47:04.0339 0x1420  Spooler - ok
11:47:04.0425 0x1420  [ CDDDEC541BC3C96F91ECB48759673505, B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB ] sptd            C:\Windows\system32\Drivers\sptd.sys
11:47:04.0426 0x1420  Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505, sha256: B030FFA02832317AC5626BF1BF8A4A95A5992C9A6E81BC1C002D5F4D667C27FB
11:47:04.0429 0x1420  sptd - detected LockedFile.Multi.Generic ( 1 )
11:47:06.0840 0x1420  Detect skipped due to KSN trusted
11:47:06.0840 0x1420  sptd - ok
11:47:06.0924 0x1420  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:47:06.0972 0x1420  srv - ok
11:47:07.0008 0x1420  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:47:07.0042 0x1420  srv2 - ok
11:47:07.0070 0x1420  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:47:07.0108 0x1420  srvnet - ok
11:47:07.0155 0x1420  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:47:07.0206 0x1420  SSDPSRV - ok
11:47:07.0249 0x1420  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:47:07.0291 0x1420  SstpSvc - ok
11:47:07.0351 0x1420  [ 8ABBE9996AFB085E080783C2FDEE6480, E8F865DBC0F7EA9CB07EB56F18E898EFEA04FC3DD230B34ED98EC3CACCEAEFC1 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
11:47:07.0393 0x1420  Steam Client Service - ok
11:47:07.0477 0x1420  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
11:47:07.0550 0x1420  stisvc - ok
11:47:07.0600 0x1420  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:47:07.0615 0x1420  swenum - ok
11:47:07.0661 0x1420  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
11:47:07.0710 0x1420  swprv - ok
11:47:07.0742 0x1420  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
11:47:07.0757 0x1420  Symc8xx - ok
11:47:07.0776 0x1420  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
11:47:07.0790 0x1420  Sym_hi - ok
11:47:07.0805 0x1420  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
11:47:07.0819 0x1420  Sym_u3 - ok
11:47:07.0859 0x1420  [ 4C9BB4B3B9EAC26211484C30B914C6DC, 2F90146A72E666B5D990B8B7C66F56EAC540565AC7C57F6905714AE65B597C40 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
11:47:07.0878 0x1420  SynTP - ok
11:47:07.0935 0x1420  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
11:47:08.0021 0x1420  SysMain - ok
11:47:08.0075 0x1420  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:47:08.0095 0x1420  TabletInputService - ok
11:47:08.0138 0x1420  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:47:08.0174 0x1420  TapiSrv - ok
11:47:08.0190 0x1420  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
11:47:08.0242 0x1420  TBS - ok
11:47:08.0318 0x1420  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:47:08.0390 0x1420  Tcpip - ok
11:47:08.0458 0x1420  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
11:47:08.0506 0x1420  Tcpip6 - ok
11:47:08.0547 0x1420  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:47:08.0609 0x1420  tcpipreg - ok
11:47:08.0677 0x1420  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:47:08.0705 0x1420  TDPIPE - ok
11:47:08.0725 0x1420  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:47:08.0755 0x1420  TDTCP - ok
11:47:08.0788 0x1420  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:47:08.0827 0x1420  tdx - ok
11:47:09.0157 0x1420  [ D53118C165AE5D188632B6CDEEE82A1B, 407885433688329DE733706DBF94D22704B6F55E2E846A288E2C2A546234621B ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
11:47:09.0577 0x1420  TeamViewer8 - ok
11:47:09.0650 0x1420  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:47:09.0667 0x1420  TermDD - ok
11:47:09.0724 0x1420  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
11:47:09.0803 0x1420  TermService - ok
11:47:09.0842 0x1420  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
11:47:09.0867 0x1420  Themes - ok
11:47:09.0879 0x1420  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
11:47:09.0910 0x1420  THREADORDER - ok
11:47:09.0942 0x1420  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
11:47:09.0975 0x1420  TrkWks - ok
11:47:10.0019 0x1420  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:47:10.0058 0x1420  TrustedInstaller - ok
11:47:10.0092 0x1420  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:47:10.0116 0x1420  tssecsrv - ok
11:47:10.0165 0x1420  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
11:47:10.0198 0x1420  tunmp - ok
11:47:10.0230 0x1420  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:47:10.0246 0x1420  tunnel - ok
11:47:10.0268 0x1420  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:47:10.0285 0x1420  uagp35 - ok
11:47:10.0327 0x1420  [ F763E070843EE2803DE1395002B42938, 0060F5D7AD091D7F0CC25C98AB9DD8258A9837958AFE845971CD04E29A6A8658 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
11:47:10.0339 0x1420  UBHelper - ok
11:47:10.0365 0x1420  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:47:10.0400 0x1420  udfs - ok
11:47:10.0442 0x1420  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:47:10.0490 0x1420  UI0Detect - ok
11:47:10.0503 0x1420  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:47:10.0521 0x1420  uliagpkx - ok
11:47:10.0546 0x1420  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
11:47:10.0571 0x1420  uliahci - ok
11:47:10.0600 0x1420  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
11:47:10.0618 0x1420  UlSata - ok
11:47:10.0649 0x1420  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
11:47:10.0681 0x1420  ulsata2 - ok
11:47:10.0704 0x1420  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:47:10.0735 0x1420  umbus - ok
11:47:10.0757 0x1420  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
11:47:10.0825 0x1420  upnphost - ok
11:47:10.0896 0x1420  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
11:47:10.0948 0x1420  usbaudio - ok
11:47:11.0012 0x1420  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:47:11.0074 0x1420  usbccgp - ok
11:47:11.0107 0x1420  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:47:11.0160 0x1420  usbcir - ok
11:47:11.0198 0x1420  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:47:11.0214 0x1420  usbehci - ok
11:47:11.0234 0x1420  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:47:11.0280 0x1420  usbhub - ok
11:47:11.0309 0x1420  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:47:11.0359 0x1420  usbohci - ok
11:47:11.0394 0x1420  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:47:11.0456 0x1420  usbprint - ok
11:47:11.0507 0x1420  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:47:11.0542 0x1420  usbscan - ok
11:47:11.0582 0x1420  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:47:11.0627 0x1420  USBSTOR - ok
11:47:11.0651 0x1420  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:47:11.0668 0x1420  usbuhci - ok
11:47:11.0706 0x1420  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:47:11.0762 0x1420  usbvideo - ok
11:47:11.0791 0x1420  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
11:47:11.0819 0x1420  UxSms - ok
11:47:11.0855 0x1420  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
11:47:11.0929 0x1420  vds - ok
11:47:11.0970 0x1420  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:47:12.0012 0x1420  vga - ok
11:47:12.0324 0x1420  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:47:12.0353 0x1420  VgaSave - ok
11:47:12.0385 0x1420  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:47:12.0401 0x1420  viaagp - ok
11:47:12.0422 0x1420  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
11:47:12.0452 0x1420  ViaC7 - ok
11:47:12.0478 0x1420  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
11:47:12.0494 0x1420  viaide - ok
11:47:12.0515 0x1420  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:47:12.0531 0x1420  volmgr - ok
11:47:12.0577 0x1420  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:47:12.0605 0x1420  volmgrx - ok
11:47:12.0655 0x1420  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:47:12.0678 0x1420  volsnap - ok
11:47:12.0701 0x1420  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:47:12.0721 0x1420  vsmraid - ok
11:47:12.0789 0x1420  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
11:47:12.0881 0x1420  VSS - ok
11:47:12.0923 0x1420  vtany - ok
11:47:12.0963 0x1420  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
11:47:13.0012 0x1420  W32Time - ok
11:47:13.0040 0x1420  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:47:13.0092 0x1420  WacomPen - ok
11:47:13.0116 0x1420  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
11:47:13.0162 0x1420  Wanarp - ok
11:47:13.0170 0x1420  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:47:13.0195 0x1420  Wanarpv6 - ok
11:47:13.0233 0x1420  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:47:13.0269 0x1420  wcncsvc - ok
11:47:13.0295 0x1420  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:47:13.0323 0x1420  WcsPlugInService - ok
11:47:13.0347 0x1420  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
11:47:13.0362 0x1420  Wd - ok
11:47:13.0426 0x1420  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:47:13.0492 0x1420  Wdf01000 - ok
11:47:13.0536 0x1420  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:47:13.0592 0x1420  WdiServiceHost - ok
11:47:13.0599 0x1420  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:47:13.0632 0x1420  WdiSystemHost - ok
11:47:13.0672 0x1420  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
11:47:13.0699 0x1420  WebClient - ok
11:47:13.0744 0x1420  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:47:13.0799 0x1420  Wecsvc - ok
11:47:13.0821 0x1420  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:47:13.0867 0x1420  wercplsupport - ok
11:47:13.0904 0x1420  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:47:13.0934 0x1420  WerSvc - ok
11:47:14.0000 0x1420  [ 5A77AC34A0FFB70CE8B35B524FEDE9BA, 711DD957AF98F1B835ECE0FEBCCF8FCC7763F1DAA232F1C9E80DE6DA123C7F33 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:47:14.0073 0x1420  winachsf - ok
11:47:14.0138 0x1420  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:47:14.0160 0x1420  WinDefend - ok
11:47:14.0171 0x1420  WinHttpAutoProxySvc - ok
11:47:14.0213 0x1420  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:47:14.0244 0x1420  Winmgmt - ok
11:47:14.0340 0x1420  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:47:14.0445 0x1420  WinRM - ok
11:47:14.0489 0x1420  WisINT15 - ok
11:47:14.0547 0x1420  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:47:14.0620 0x1420  Wlansvc - ok
11:47:14.0654 0x1420  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:47:14.0676 0x1420  WmiAcpi - ok
11:47:14.0741 0x1420  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:47:14.0786 0x1420  wmiApSrv - ok
11:47:14.0863 0x1420  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:47:14.0984 0x1420  WMPNetworkSvc - ok
11:47:15.0010 0x1420  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:47:15.0069 0x1420  WPCSvc - ok
11:47:15.0110 0x1420  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:47:15.0139 0x1420  WPDBusEnum - ok
11:47:15.0195 0x1420  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
11:47:15.0212 0x1420  WpdUsb - ok
11:47:15.0340 0x1420  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:47:15.0383 0x1420  WPFFontCache_v0400 - ok
11:47:15.0414 0x1420  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:47:15.0459 0x1420  ws2ifsl - ok
11:47:15.0488 0x1420  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
11:47:15.0528 0x1420  wscsvc - ok
11:47:15.0576 0x1420  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7, B010DCC7B802C26A701A7DE1CA1B21D6B43D99FE88524D015C9228376B0BDA6E ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
11:47:15.0619 0x1420  WSDPrintDevice - ok
11:47:15.0639 0x1420  [ 65D1FF8AAFF4A7D8F787A290E5087816, 9681C1B3B683E7F9531CD223C4C09877C829EFF3C707DD826752A815C1CF8982 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
11:47:15.0677 0x1420  WSDScan - ok
11:47:15.0683 0x1420  WSearch - ok
11:47:15.0840 0x1420  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:47:16.0012 0x1420  wuauserv - ok
11:47:16.0073 0x1420  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:47:16.0099 0x1420  WudfPf - ok
11:47:16.0131 0x1420  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:47:16.0152 0x1420  WUDFRd - ok
11:47:16.0178 0x1420  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:47:16.0208 0x1420  wudfsvc - ok
11:47:16.0262 0x1420  [ 88AF537264F2B818DA15479CEEAF5D7C, E0F95D6448FFB77351BB63ED444238F891B16748FD09F8BCCA23BEC4E341A96B ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
11:47:16.0290 0x1420  XAudio - ok
11:47:16.0327 0x1420  [ 15A317674A08DF26BE65164D959E9203, 6EEE0D1711F37936D157651E265A65137BCBFBDA17F066C844BAA0D53558F86A ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
11:47:16.0367 0x1420  XAudioService - ok
11:47:16.0394 0x1420  xhunter1 - ok
11:47:16.0440 0x1420  [ A640C90B007762939507C28A021BE3B3, 465289C2620E6B53973E08C969D86EB8C5AE33D279B1055E48725758F9FCF9B9 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
11:47:16.0470 0x1420  xusb21 - ok
11:47:16.0512 0x1420  ================ Scan global ===============================
11:47:16.0556 0x1420  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
11:47:16.0613 0x1420  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
11:47:16.0646 0x1420  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
11:47:16.0696 0x1420  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
11:47:16.0706 0x1420  [ Global ] - ok
11:47:16.0707 0x1420  ================ Scan MBR ==================================
11:47:16.0727 0x1420  [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
11:47:17.0640 0x1420  \Device\Harddisk0\DR0 - ok
11:47:17.0640 0x1420  ================ Scan VBR ==================================
11:47:17.0643 0x1420  [ AAE2E6F6B6EACA9D502335ABFC5FA7C0 ] \Device\Harddisk0\DR0\Partition1
11:47:17.0679 0x1420  \Device\Harddisk0\DR0\Partition1 - ok
11:47:17.0682 0x1420  [ A13A49460F39A48494ED26782F8C8ED4 ] \Device\Harddisk0\DR0\Partition2
11:47:17.0717 0x1420  \Device\Harddisk0\DR0\Partition2 - ok
11:47:17.0717 0x1420  ================ Scan generic autorun ======================
11:47:17.0802 0x1420  [ 5C080C61235C74568C2978FC7E602AE0, 7A4A3D1D51762EC17A0CF0E5099C0E76E9311D884DF461C77F17295DFDD91151 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
11:47:17.0863 0x1420  SynTPEnh - ok
11:47:17.0901 0x1420  [ D7EE83A9257D508656172A2B9DD3C317, 2C39EBC113C45B10B56E0F06E8C9A40879EB432273B538CC0944B9BC4D5EBFAC ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
11:47:17.0908 0x1420  BkupTray - detected UnsignedFile.Multi.Generic ( 1 )
11:47:28.0000 0x1420  BkupTray ( UnsignedFile.Multi.Generic ) - warning
11:47:31.0147 0x1420  [ 50F5E1205E8DCA4EE482198B30DB4206, 59329BA7C670201D16CA32F682DA5F78F22196C699287CE1F39A3535C49F84C4 ] C:\Windows\RtHDVCpl.exe
11:47:31.0803 0x1420  RtHDVCpl - ok
11:47:31.0994 0x1420  [ 1D52EC0A4087ABF9BB8883CB081B67C7, 3058F4F86CF4201EB3CE1F8270837EBFC2DEE0B50A5F779520E3C75E6F509942 ] C:\Windows\Skytel.exe
11:47:32.0115 0x1420  Skytel - ok
11:47:32.0141 0x1420  [ 2AC7F8B8BF0D5D327A3A2A00453222C4, F71B6CFA7F4AE2A13C8DDF296631EF26C72E7C0387D88B9701577DAE133EC583 ] C:\Windows\PLFSetI.exe
11:47:32.0153 0x1420  PLFSetI - detected UnsignedFile.Multi.Generic ( 1 )
11:47:34.0575 0x1420  Detect skipped due to KSN trusted
11:47:34.0575 0x1420  PLFSetI - ok
11:47:34.0683 0x1420  [ 1D3F0D5B208A258091507A4ABEED0340, 125789451AFE067F1D91FA5F0E433C160937F633C2448A9237A20F85B9C3C3C3 ] C:\PROGRA~1\LAUNCH~1\LManager.exe
11:47:34.0755 0x1420  LManager - ok
11:47:34.0825 0x1420  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
11:47:34.0836 0x1420  Google Desktop Search - ok
11:47:34.0876 0x1420  [ 3E4C03CEFAD8DE135263236B61A49C90, 243201B64F4B60D55CDB1A3BF4B9AA60BC22EB8ACA88E95042EE48AC5DF5F397 ] C:\Windows\system32\NeroCheck.exe
11:47:34.0889 0x1420  NeroFilterCheck - detected UnsignedFile.Multi.Generic ( 1 )
11:47:37.0381 0x1420  Detect skipped due to KSN trusted
11:47:37.0381 0x1420  NeroFilterCheck - ok
11:47:37.0506 0x1420  [ 22E08FED0F5ADBDCE6BFE431157E52A2, 534EA169845C96F89BDE42F19EC97C1AD8904DDAA7DD2ACFE636A8A4A0BF74EF ] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
11:47:37.0663 0x1420  Launch LCDMon - ok
11:47:37.0790 0x1420  [ F5F2B7C3AE2A4DCAE4E8A0C8D2CEB8D8, 6C572AD9754352A347049A186EF0B5B29D0EF55A858B53DC7AA0A6432D330AC0 ] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
11:47:37.0954 0x1420  Launch LGDCore - ok
11:47:38.0062 0x1420  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe
11:47:38.0079 0x1420  MDS_Menu - ok
11:47:38.0193 0x1420  [ 7636713B4F0944045AB4AF7CED5245AB, 9FA4A18F53F1593651D075419723CB97481459512FA923F15BF874B9DFED4031 ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
11:47:38.0303 0x1420  DivXUpdate - ok
11:47:38.0363 0x1420  [ 93DB1FF92B03D24738A71E6E4992DFD3, 56951284A1BBF201806A1A5610D6316DA33FC92A4E7DA5A989FD7C7FE2F7672C ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
11:47:38.0380 0x1420  SunJavaUpdateSched - ok
11:47:38.0472 0x1420  [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
11:47:38.0490 0x1420  BCSSync - ok
11:47:38.0579 0x1420  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
11:47:38.0637 0x1420  Adobe ARM - ok
11:47:38.0722 0x1420  [ 5100ADC704F2D6CE3DF8C0D5105D6C84, BD46EE57F881EDAB63A0540186D9471F4C70F3E4D72F1C52D72DD9BADF9E7334 ] C:\Program Files\PDF24\pdf24.exe
11:47:38.0740 0x1420  PDFPrint - ok
11:47:38.0895 0x1420  [ 80086ED442941DE2CA18CB6DAE8C1422, F7BE958F2E8E17970C238E3806F4A742B12DA09EB21093BD6371CF4B580C5BE4 ] C:\Program Files\Aeria Games\Ignite\aeriaignite.exe
11:47:39.0047 0x1420  Aeria Ignite - ok
11:47:39.0108 0x1420  [ 3EBFE205F79CA1C5DF01E85436427278, A03C4D858DC23A88DB6127A843FB0FEE2138FB74017973243A96F84F361FC230 ] C:\Program Files\Acer\WR_PopUp\ProductReg.exe
11:47:39.0131 0x1420  ProductReg - detected UnsignedFile.Multi.Generic ( 1 )
11:47:41.0619 0x1420  Detect skipped due to KSN trusted
11:47:41.0619 0x1420  ProductReg - ok
11:47:41.0672 0x1420  [ E616A6A6E91B0A86F2F6217CDE835FFE, 411671C4B2BB4DB3F02A21C199A5479F31394165704736A549B53245B94577F7 ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
11:47:41.0685 0x1420  swg - ok
11:47:41.0716 0x1420  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
11:47:41.0756 0x1420  ehTray.exe - ok
11:47:41.0905 0x1420  [ B1DAF0E7971BC806D2319DA1058A3DBA, 556962D34774AF51FD1C9D2738A3232A7CFBD3D253EE13E2C0B0C98FF08099A3 ] C:\Program Files\Steam\steam.exe
11:47:42.0033 0x1420  Steam - ok
11:47:42.0087 0x1420  [ A6B4D08839E77D800E9B7EC8F6FDFE08, BA066AAE73D3910EFD00973D9FC1A1323436C20F2F16914115AE452F992811E7 ] C:\Program Files\Olympus\ib\olycamdetect.exe
11:47:42.0099 0x1420  Olympus ib - detected UnsignedFile.Multi.Generic ( 1 )
11:47:44.0538 0x1420  Detect skipped due to KSN trusted
11:47:44.0538 0x1420  Olympus ib - ok
11:47:44.0877 0x1420  [ CC78200C3ECFFA178E78308A0E160D80, 4E02D6827A99401781032A397663770FA7BE56397AA20F6E2FACE0A0004109C5 ] C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
11:47:45.0144 0x1420  Akamai NetSession Interface - ok
11:47:45.0196 0x1420  GoogleDriveSync - ok
11:47:45.0246 0x1420  Skype - ok
11:47:45.0272 0x1420  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
11:47:45.0294 0x1420  WMPNSCFG - ok
11:47:45.0456 0x1420  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
11:47:45.0574 0x1420  Sidebar - ok
11:47:45.0581 0x1420  WindowsWelcomeCenter - ok
11:47:45.0612 0x1420  [ 3EBFE205F79CA1C5DF01E85436427278, A03C4D858DC23A88DB6127A843FB0FEE2138FB74017973243A96F84F361FC230 ] C:\Program Files\Acer\WR_PopUp\ProductReg.exe
11:47:45.0620 0x1420  ProductReg - detected UnsignedFile.Multi.Generic ( 1 )
11:47:45.0620 0x1420  Detect skipped due to KSN trusted
11:47:45.0620 0x1420  ProductReg - ok
11:47:45.0663 0x1420  [ DB0E2DDFC85AF7BF1223851A8FB3B4AD, 34C4F8167E8490775E31F4DC3B0B69AD03754255467CD300232A9625F2601554 ] C:\Windows\Acer\run_NB.exe
11:47:45.0669 0x1420  AcerScrSav - detected UnsignedFile.Multi.Generic ( 1 )
11:47:48.0165 0x1420  Detect skipped due to KSN trusted
11:47:48.0165 0x1420  AcerScrSav - ok
11:47:48.0165 0x1420  Waiting for KSN requests completion. In queue: 18
11:47:49.0165 0x1420  Waiting for KSN requests completion. In queue: 18
11:47:50.0165 0x1420  Waiting for KSN requests completion. In queue: 18
11:47:51.0228 0x1420  Win FW state via NFP2: enabled
11:47:53.0646 0x1420  ============================================================
11:47:53.0646 0x1420  Scan finished
11:47:53.0646 0x1420  ============================================================
11:47:53.0658 0x170c  Detected object count: 1
11:47:53.0658 0x170c  Actual detected object count: 1
11:48:13.0840 0x170c  BkupTray ( UnsignedFile.Multi.Generic ) - skipped by user
11:48:13.0841 0x170c  BkupTray ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:48:19.0330 0x0db8  Deinitialize success

frohe pfingsten

schrauber · 08.06.2014, 17:38

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Dirknash · 09.06.2014, 16:53

Code:

ATTFilter

ComboFix 14-06-09.01 - jules 09.06.2014  10:28:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.1913 [GMT 2:00]
ausgeführt von:: c:\users\jules\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jules\AppData\Roaming\Origin
c:\users\jules\AppData\Roaming\Origin\local.xml
c:\users\jules\AppData\Roaming\Origin\local_d76095ff0d6b8dbb079fabaec3444302.xml
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-09 bis 2014-06-09  ))))))))))))))))))))))))))))))
.
.
2014-06-09 08:39 . 2014-06-09 08:39	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-06-09 08:39 . 2014-06-09 08:39	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-07 19:19 . 2014-06-07 19:21	--------	dc----w-	C:\FRST
2014-06-06 16:46 . 2014-04-30 23:37	8073384	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B16A3CC7-1EE5-4976-9457-EFD14AB5A46E}\mpengine.dll
2014-06-01 20:20 . 2014-06-01 20:20	--------	d-----w-	c:\users\jules\AppData\Local\ESN
2014-06-01 20:20 . 2014-06-01 20:20	--------	d-----w-	c:\program files\Battlelog Web Plugins
2014-06-01 20:17 . 2014-06-01 20:17	--------	d-----w-	c:\programdata\EA Core
2014-06-01 20:17 . 2014-06-01 20:20	--------	d-----w-	c:\programdata\EA Logs
2014-06-01 20:16 . 2014-06-01 20:16	--------	d--h--w-	c:\program files\Common Files\EAInstaller
2014-06-01 18:17 . 2014-06-09 08:39	--------	d-----w-	c:\users\jules\AppData\Local\temp
2014-05-29 16:35 . 2014-05-29 16:35	--------	d-----w-	c:\users\jules\AppData\Local\Adobe
2014-05-29 16:31 . 2014-05-29 16:33	--------	d-----w-	c:\program files\Origin Games
2014-05-29 16:30 . 2014-05-29 16:31	--------	d-----w-	c:\users\jules\AppData\Local\Origin
2014-05-29 16:29 . 2014-06-01 23:04	--------	d-----w-	c:\programdata\Origin
2014-05-29 16:29 . 2014-06-01 20:17	--------	d-----w-	c:\programdata\Electronic Arts
2014-05-29 16:28 . 2014-06-01 18:51	--------	d-----w-	c:\program files\Origin
2014-05-29 07:37 . 2014-05-29 07:37	--------	d-----w-	c:\program files\Common Files\Skype
2014-05-28 14:28 . 2014-06-01 18:22	--------	d-----w-	c:\windows\ERUNT
2014-05-28 14:14 . 2010-08-30 06:34	536576	----a-w-	c:\windows\system32\sqlite3.dll
2014-05-28 13:56 . 2014-06-09 08:10	110296	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-28 13:56 . 2014-05-28 13:56	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2014-05-28 13:56 . 2014-05-12 05:26	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-28 13:56 . 2014-05-12 05:25	74456	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-27 07:21 . 2014-05-27 07:21	--------	d-----w-	c:\program files\VS Revo Group
2014-05-14 20:54 . 2014-05-06 22:58	1383424	----a-w-	c:\windows\system32\mshtml.tlb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-01 20:21 . 2009-06-16 18:30	140072	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2014-06-01 20:21 . 2009-06-16 20:42	280904	----a-w-	c:\windows\system32\PnkBstrB.xtr
2014-06-01 20:21 . 2009-06-16 18:29	280904	----a-w-	c:\windows\system32\PnkBstrB.exe
2014-06-01 20:16 . 2009-06-16 18:30	138056	----a-w-	c:\users\jules\AppData\Roaming\PnkBstrK.sys
2014-06-01 20:15 . 2009-06-16 18:29	189248	----a-w-	c:\windows\system32\PnkBstrB.ex0
2014-06-01 20:15 . 2009-06-16 18:29	75136	----a-w-	c:\windows\system32\PnkBstrA.exe
2014-05-13 20:09 . 2012-09-02 09:54	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-13 20:09 . 2011-07-10 18:28	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 05:25 . 2012-05-03 13:35	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-04-15 00:34 . 2014-04-15 00:34	1070232	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2014-03-31 07:35 . 2012-05-02 23:35	231584	------w-	c:\windows\system32\MpSigStub.exe
2010-08-13 00:04 . 2014-05-11 20:01	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\jules\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\jules\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\jules\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-16 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Steam"="c:\program files\Steam\steam.exe" [2014-05-21 1775808]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2009-12-10 93376]
"Akamai NetSession Interface"="c:\users\jules\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]
"Skytel"="Skytel.exe" [2008-09-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-17 858632]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-13 30192]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-07-17 1687824]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-07-18 2094352]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-12-12 186408]
"Aeria Ignite"="c:\program files\Aeria Games\Ignite\aeriaignite.exe" [2013-06-06 1925656]
.
c:\users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico -user_logon [2012-10-22 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-21 13:53	1091912	----a-w-	c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-02 20:09]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 09:41]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 09:41]
.
2014-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job
- c:\users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-29 14:42]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
- c:\users\jules\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-29 14:42]
.
2014-06-08 c:\windows\Tasks\Norton Security Scan for jules.job
- c:\program files\Norton Security Scan\Engine\2.7.6.13\Nss.exe [2011-05-17 11:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 80.69.103.78 80.69.102.158
FF - ProfilePath - c:\users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\qbdzhnrb.default-1402179333405\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-GoogleDriveSync - c:\program files\Google\Drive\googledrivesync.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-06-09 10:39
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-06-09  10:42:49
ComboFix-quarantined-files.txt  2014-06-09 08:42
.
Vor Suchlauf: 18 Verzeichnis(se), 26.459.090.944 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 26.513.055.744 Bytes frei
.
- - End Of File - - 47E62C3954A4F06F2A935235C66E596A
BB9D3A6A13C5010348DA7C900BB6AF50

schrauber · 09.06.2014, 17:07

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Dirknash · 11.06.2014, 18:05

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.06.2014
Suchlauf-Zeit: 21:45:50
Logdatei: mbamNEW.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.06.09.07
Rootkit Datenbank: v2014.06.02.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: jules

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 292560
Verstrichene Zeit: 10 Min, 13 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

adw

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 10/06/2014 um 00:22:46
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : jules - JULES-PC
# Gestartet von : C:\Users\jules\Desktop\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6002.18005


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\qbdzhnrb.default-1402179333405\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1162 octets] - [10/06/2014 00:20:28]
AdwCleaner[S0].txt - [1083 octets] - [10/06/2014 00:22:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1143 octets] ##########

jrt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by jules on 10.06.2014 at 18:48:42,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\jules\AppData\Roaming\mozilla\firefox\profiles\qbdzhnrb.default-1402179333405\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.06.2014 at 18:52:45,57
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

frst

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-06-2014 03
Ran by jules (administrator) on JULES-PC on 10-06-2014 18:57:26
Running from C:\Users\jules\Desktop\TrojanerBoard
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Acer\Mobility Center\MobilityService.exe
() C:\Windows\PLFSetI.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\ib\olycamdetect.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Realtek Semiconductor Corp.) C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-16] (Google Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1775808 2014-05-21] (Valve Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93376 2009-12-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Akamai NetSession Interface] => C:\Users\jules\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\qbdzhnrb.default-1402179333405
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.4.0 - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\qbdzhnrb.default-1402179333405\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-06-17]

Chrome: 
=======
CHR HomePage: hxxp://www.google.de/
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (MicrosoftÂ® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Skype Toolbars) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Google Drive) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-05-16]
CHR Extension: (DivX HiQ) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-05-16]
CHR Extension: (Skype Click to Call) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-10-13]
CHR Extension: (Google Wallet) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-05-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-06-22]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\jules\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2011-02-08]

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-05-26] () [File not signed]
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95200 2012-01-13] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.) [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2014-06-01] ()
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-16] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.)
S3 spc999; C:\Windows\System32\drivers\spc999.sys [487936 2009-12-14] (                                                            )
S3 spc999m; C:\Windows\System32\drivers\spc999m.sys [7680 2009-12-14] (                                                            )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-23] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\jules\AppData\Local\Temp\catchme.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-10 18:52 - 2014-06-10 18:52 - 00000802 _____ () C:\Users\jules\Desktop\JRT.txt
2014-06-10 00:42 - 2014-06-10 00:42 - 00001223 _____ () C:\Users\jules\Desktop\AdwCleaner[S0].txt
2014-06-10 00:20 - 2014-06-10 00:22 - 00000000 ___DC () C:\AdwCleaner
2014-06-09 22:04 - 2014-06-09 22:04 - 00001161 _____ () C:\Users\jules\Desktop\mbamNEW.txt
2014-06-09 21:45 - 2014-06-09 21:45 - 01333465 _____ () C:\Users\jules\Desktop\adwcleaner_3.212.exe
2014-06-09 21:45 - 2014-06-09 21:45 - 01016261 _____ (Thisisu) C:\Users\jules\Desktop\JRT.exe
2014-06-09 10:42 - 2014-06-09 10:42 - 00012091 ____C () C:\ComboFix.txt
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 10:25 - 2014-06-09 10:42 - 00000000 ___DC () C:\Qoobox
2014-06-09 10:25 - 2014-06-09 10:42 - 00000000 ___DC () C:\ComboFix
2014-06-09 10:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-09 10:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-09 10:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-08 21:45 - 2014-06-09 10:23 - 05205664 ____R (Swearware) C:\Users\jules\Desktop\ComboFix.exe
2014-06-08 15:31 - 2014-06-10 18:57 - 00000000 ____D () C:\Users\jules\Desktop\TrojanerBoard
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 _____ () C:\Users\jules\Desktop\PASSWORTändernWARSCHAU.txt
2014-06-08 11:05 - 2014-06-08 11:05 - 00000000 _____ () C:\Users\jules\AppData\Local\{74D606CC-960A-4670-93C2-E703E6CB794B}
2014-06-07 21:19 - 2014-06-10 18:57 - 00000000 ___DC () C:\FRST
2014-06-04 20:09 - 2014-06-04 20:20 - 00000000 ____D () C:\Users\jules\Desktop\MakroTetragon
2014-06-01 22:21 - 2014-06-01 22:21 - 00000000 ____D () C:\Users\jules\Documents\Battlefield 3
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Users\jules\AppData\Local\ESN
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-01 22:17 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-01 22:16 - 2014-06-01 22:16 - 00000967 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-01 22:16 - 2014-06-01 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-01 20:22 - 2014-06-01 20:23 - 00002163 ____C () C:\DelFix.txt
2014-06-01 20:17 - 2014-06-10 18:58 - 00000000 ____D () C:\Users\jules\AppData\Local\temp
2014-05-29 18:35 - 2014-05-29 18:35 - 00000000 ____D () C:\Users\jules\AppData\Local\Adobe
2014-05-29 18:31 - 2014-05-29 18:33 - 00000000 ____D () C:\Program Files\Origin Games
2014-05-29 18:30 - 2014-05-29 18:31 - 00000000 ____D () C:\Users\jules\AppData\Local\Origin
2014-05-29 18:29 - 2014-06-02 01:04 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 18:29 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-29 18:29 - 2014-05-29 18:29 - 00000780 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-29 18:28 - 2014-06-01 20:51 - 00000000 ____D () C:\Program Files\Origin
2014-05-29 09:37 - 2014-05-29 09:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-28 16:28 - 2014-06-01 20:22 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 16:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-28 15:56 - 2014-06-10 18:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 15:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 09:48 - 2014-06-09 10:24 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 16:43 - 2014-05-26 16:46 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 22:54 - 2014-05-07 02:26 - 03627520 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:54 - 2014-05-07 02:26 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:54 - 2014-05-07 00:58 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:54 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-11 22:01 - 2014-05-11 22:02 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-06-10 18:58 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\jules\AppData\Local\temp
2014-06-10 18:57 - 2014-06-08 15:31 - 00000000 ____D () C:\Users\jules\Desktop\TrojanerBoard
2014-06-10 18:57 - 2014-06-07 21:19 - 00000000 ___DC () C:\FRST
2014-06-10 18:56 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Steam
2014-06-10 18:55 - 2014-04-29 20:37 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-06-10 18:53 - 2010-04-01 11:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-10 18:52 - 2014-06-10 18:52 - 00000802 _____ () C:\Users\jules\Desktop\JRT.txt
2014-06-10 18:50 - 2013-06-23 21:52 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Dropbox
2014-06-10 18:49 - 2014-05-07 09:03 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-06-10 18:49 - 2013-06-23 21:57 - 00000000 ___RD () C:\Users\jules\Dropbox
2014-06-10 18:49 - 2012-10-17 10:16 - 00311089 _____ () C:\Windows\AutoKMS.log
2014-06-10 18:49 - 2009-12-05 17:31 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Skype
2014-06-10 18:48 - 2014-05-28 15:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-10 18:46 - 2010-04-01 11:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-10 18:46 - 2008-11-20 05:53 - 00000147 _____ () C:\Windows\system32\agent.log
2014-06-10 18:46 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-10 18:46 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-10 18:45 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-10 18:44 - 2009-01-19 22:35 - 01701181 _____ () C:\Windows\WindowsUpdate.log
2014-06-10 18:44 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-10 10:08 - 2012-09-02 11:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-10 00:42 - 2014-06-10 00:42 - 00001223 _____ () C:\Users\jules\Desktop\AdwCleaner[S0].txt
2014-06-10 00:24 - 2008-01-21 04:47 - 03426576 _____ () C:\Windows\PFRO.log
2014-06-10 00:22 - 2014-06-10 00:20 - 00000000 ___DC () C:\AdwCleaner
2014-06-09 22:04 - 2014-06-09 22:04 - 00001161 _____ () C:\Users\jules\Desktop\mbamNEW.txt
2014-06-09 21:45 - 2014-06-09 21:45 - 01333465 _____ () C:\Users\jules\Desktop\adwcleaner_3.212.exe
2014-06-09 21:45 - 2014-06-09 21:45 - 01016261 _____ (Thisisu) C:\Users\jules\Desktop\JRT.exe
2014-06-09 20:37 - 2011-05-17 13:26 - 00000474 ____H () C:\Windows\Tasks\Norton Security Scan for jules.job
2014-06-09 17:46 - 2014-04-29 20:37 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job
2014-06-09 17:45 - 2014-03-24 01:18 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-09 10:42 - 2014-06-09 10:42 - 00012091 ____C () C:\ComboFix.txt
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:25 - 00000000 ___DC () C:\Qoobox
2014-06-09 10:42 - 2014-06-09 10:25 - 00000000 ___DC () C:\ComboFix
2014-06-09 10:39 - 2006-11-02 12:23 - 00000215 ____C () C:\Windows\system.ini
2014-06-09 10:24 - 2014-05-27 09:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 10:23 - 2014-06-08 21:45 - 05205664 ____R (Swearware) C:\Users\jules\Desktop\ComboFix.exe
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 _____ () C:\Users\jules\Desktop\PASSWORTändernWARSCHAU.txt
2014-06-08 12:58 - 2009-06-16 17:03 - 00000000 ____D () C:\Program Files\Google
2014-06-08 11:06 - 2014-01-29 12:28 - 00000000 ___RD () C:\Users\jules\Google Drive
2014-06-08 11:05 - 2014-06-08 11:05 - 00000000 _____ () C:\Users\jules\AppData\Local\{74D606CC-960A-4670-93C2-E703E6CB794B}
2014-06-04 20:20 - 2014-06-04 20:09 - 00000000 ____D () C:\Users\jules\Desktop\MakroTetragon
2014-06-02 01:04 - 2014-05-29 18:29 - 00000000 ____D () C:\ProgramData\Origin
2014-06-01 23:14 - 2012-10-22 17:45 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-01 22:21 - 2014-06-01 22:21 - 00000000 ____D () C:\Users\jules\Documents\Battlefield 3
2014-06-01 22:21 - 2009-06-16 22:42 - 00280904 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-06-01 22:21 - 2009-06-16 20:50 - 00000000 ____D () C:\Users\jules\AppData\Local\PunkBuster
2014-06-01 22:21 - 2009-06-16 20:30 - 00140072 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-06-01 22:21 - 2009-06-16 20:29 - 00280904 _____ () C:\Windows\system32\PnkBstrB.exe
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Users\jules\AppData\Local\ESN
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-01 22:17 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-01 22:17 - 2014-05-29 18:29 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-01 22:16 - 2014-06-01 22:16 - 00000967 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-01 22:16 - 2014-06-01 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-01 22:16 - 2009-06-16 20:30 - 00138056 _____ () C:\Users\jules\AppData\Roaming\PnkBstrK.sys
2014-06-01 22:15 - 2009-06-16 20:29 - 00189248 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-06-01 22:15 - 2009-06-16 20:29 - 00075136 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-01 20:51 - 2014-05-29 18:28 - 00000000 ____D () C:\Program Files\Origin
2014-06-01 20:23 - 2014-06-01 20:22 - 00002163 ____C () C:\DelFix.txt
2014-06-01 20:22 - 2014-05-28 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 19:33 - 2009-06-16 17:03 - 00000000 ____D () C:\Users\jules
2014-05-29 18:35 - 2014-05-29 18:35 - 00000000 ____D () C:\Users\jules\AppData\Local\Adobe
2014-05-29 18:33 - 2014-05-29 18:31 - 00000000 ____D () C:\Program Files\Origin Games
2014-05-29 18:31 - 2014-05-29 18:30 - 00000000 ____D () C:\Users\jules\AppData\Local\Origin
2014-05-29 18:29 - 2014-05-29 18:29 - 00000780 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-29 09:37 - 2014-05-29 09:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-29 09:37 - 2009-12-05 17:30 - 00000000 ___RD () C:\Program Files\Skype
2014-05-29 09:37 - 2009-10-08 15:15 - 00000000 ____D () C:\ProgramData\Skype
2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-28 21:02 - 2014-02-13 20:38 - 00001431 _____ () C:\Users\jules\Desktop\bwin Poker.lnk
2014-05-28 21:02 - 2013-03-18 02:57 - 00001437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-05-28 21:02 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-28 18:00 - 2012-08-14 14:48 - 00000000 ____D () C:\Users\jules\AppData\Local\ArmA 2 OA
2014-05-28 16:16 - 2010-10-28 20:17 - 00000000 ____D () C:\ProgramData\ICQ
2014-05-28 16:16 - 2009-06-24 20:25 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2013-05-13 21:35 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 15:56 - 2012-05-03 15:36 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Malwarebytes
2014-05-28 15:56 - 2012-05-03 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-27 09:17 - 2010-04-05 17:25 - 00000000 ____D () C:\Users\jules\Tracing
2014-05-26 23:26 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 23:22 - 2012-04-27 21:45 - 318719702 _____ () C:\Windows\MEMORY.DMP
2014-05-26 23:22 - 2012-04-27 21:45 - 00000000 ____D () C:\Windows\Minidump
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 20:54 - 2009-06-16 17:04 - 00000000 ____D () C:\Users\jules\AppData\Local\Google
2014-05-26 16:46 - 2014-05-26 16:43 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-23 09:03 - 2013-06-23 21:57 - 00000923 _____ () C:\Users\jules\Desktop\Dropbox.lnk
2014-05-23 09:03 - 2013-06-23 21:55 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 00:10 - 2013-11-03 22:57 - 00000000 ____D () C:\Users\jules\Desktop\Makro
2014-05-21 20:54 - 2009-06-16 18:23 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Mozilla
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt
2014-05-21 15:54 - 2010-04-01 16:53 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-15 09:39 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 09:38 - 2012-10-11 19:06 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 01:39 - 2008-11-20 05:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 01:36 - 2014-05-15 01:36 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 01:35 - 2013-08-16 19:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 01:32 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 22:09 - 2012-09-02 11:54 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 22:09 - 2011-07-10 20:28 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-12 14:41 - 2006-11-02 12:33 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-12 09:02 - 2012-05-03 15:09 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-12 07:26 - 2014-05-28 15:56 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 15:56 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2012-05-03 15:35 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 22:35 - 2014-01-06 02:12 - 00000139 _____ () C:\Users\jules\Desktop\xxxxxxxxxxxx.txt
2014-05-11 22:02 - 2014-05-11 22:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\jules\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpihbkm4.dll
C:\Users\jules\AppData\Local\temp\Quarantine.exe
C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-10 18:53

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

ps: problem scheint wirklich noch da zu sein. manchmal stockt einfach firefox. zurückgesetzt hatte ich den browser schonmal, oder lieber komplett neu installieren?

chrome läuft parallel einwandfrei.

pps: die testversion von malewarebytes anti-maleware ist abgelaufen. was nun ?

schrauber · 12.06.2014, 08:11

Firefox komplett deinstallieren und neu installieren, dann zurücksetzen.

Zitat:

pps: die testversion von malewarebytes anti-maleware ist abgelaufen. was nun ?

Wie was nun? kaufen oder als freeware weiter nutzen

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Dirknash · 15.06.2014, 23:59

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=95fc1a4b78b03748a30e8e2f29fa0f37
# engine=18729
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-15 10:07:20
# local_time=2014-06-16 12:07:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 15982 240402768 0 0
# scanned=273676
# found=1
# cleaned=0
# scan_time=10878
sh=E6E8553B28C55163063EC8C29415AACD123FB84C ft=1 fh=c71c00116ab9f7e2 vn="Variante von Win32/InstallCore.OY evtl. unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1746654511-3761473265-4038029783-1000\$ROFBUQ8.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 22  
 Java version out of Date! 
 Adobe Flash Player 	13.0.0.214  
 Adobe Reader 9 Adobe Reader out of Date! 
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (30.0) 
 Google Chrome 35.0.1916.114  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-06-2014
Ran by jules (administrator) on JULES-PC on 16-06-2014 01:01:42
Running from C:\Users\jules\Desktop\TrojanerBoard
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files\Olympus\ib\olycamdetect.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Dropbox, Inc.) C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corp.) C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe
(Akamai Technologies, Inc.) C:\Users\jules\AppData\Local\Akamai\netsession_win.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Programs\bwincom\bwincom.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [1687824 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [2094352 2007-07-18] (Logitech Inc.)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [186408 2013-12-12] (Geek Software GmbH)
HKLM\...\Run: [Aeria Ignite] => C:\Program Files\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2009-06-16] (Google Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Steam] => C:\Program Files\Steam\steam.exe [1775808 2014-05-21] (Valve Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Olympus ib] => C:\Program Files\Olympus\ib\olycamdetect.exe [93376 2009-12-10] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Akamai NetSession Interface] => C:\Users\jules\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\Run: [ProductReg] => C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168 2008-11-17] (Acer)
HKU\S-1-5-21-1746654511-3761473265-4038029783-1001\...\RunOnce: [AcerScrSav] - C:\Windows\Acer\run_NB.exe [24576 2007-08-21] ()
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-13] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\jules\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {3055BE9B-C574-4C23-9D32-16D177511334} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE332
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -  No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF ProfilePath: C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\qbdzhnrb.default-1402179333405
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @esn/npbattlelog,version=2.4.0 - C:\Program Files\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/SAFFPlugin - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\jules\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jules\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jules\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\jules\AppData\Roaming\Mozilla\Firefox\Profiles\qbdzhnrb.default-1402179333405\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-08]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-16]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-06-17]

Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Skype Toolbars) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (SiteAdvisor) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2011-05-16]
CHR Extension: (DivX HiQ) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2011-05-16]
CHR Extension: (Skype Click to Call) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-10-13]
CHR Extension: (Google Wallet) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\jules\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-05-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2010-06-22]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\jules\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2011-02-08]

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-05-26] () [File not signed]
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-13] (Google)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [95200 2012-01-13] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
S3 npggsvc; C:\Windows\system32\GameMon.des [3953632 2012-03-05] (INCA Internet Co., Ltd.) [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2014-06-01] ()
R2 RichVideo; c:\Program Files\Cyberlink\Shared files\RichVideo.exe [272024 2007-01-09] ()

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-16] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-16] ()
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-14] (OLYMPUS IMAGING CORP.)
S3 spc999; C:\Windows\System32\drivers\spc999.sys [487936 2009-12-14] (                                                            )
S3 spc999m; C:\Windows\System32\drivers\spc999m.sys [7680 2009-12-14] (                                                            )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-23] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\jules\AppData\Local\Temp\catchme.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-16 00:56 - 2014-06-16 00:56 - 00001000 _____ () C:\Users\jules\Desktop\checkup.txt
2014-06-15 21:01 - 2014-06-15 21:01 - 00000000 ____D () C:\Program Files\ESET
2014-06-15 19:16 - 2014-06-15 19:16 - 00854367 _____ () C:\Users\jules\Desktop\SecurityCheck.exe
2014-06-15 19:15 - 2014-06-15 19:15 - 02347384 _____ (ESET) C:\Users\jules\Desktop\esetsmartinstaller_deu(1).exe
2014-06-12 12:06 - 2014-06-12 12:06 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-12 12:06 - 2014-06-12 12:06 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-12 12:06 - 2014-06-12 12:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-12 11:54 - 2014-06-12 11:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jules\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-10 18:52 - 2014-06-10 18:52 - 00000802 _____ () C:\Users\jules\Desktop\JRT.txt
2014-06-10 00:42 - 2014-06-10 00:42 - 00001223 _____ () C:\Users\jules\Desktop\AdwCleaner[S0].txt
2014-06-10 00:20 - 2014-06-10 00:22 - 00000000 ___DC () C:\AdwCleaner
2014-06-09 22:04 - 2014-06-09 22:04 - 00001161 _____ () C:\Users\jules\Desktop\mbamNEW.txt
2014-06-09 21:45 - 2014-06-09 21:45 - 01333465 _____ () C:\Users\jules\Desktop\adwcleaner_3.212.exe
2014-06-09 21:45 - 2014-06-09 21:45 - 01016261 _____ (Thisisu) C:\Users\jules\Desktop\JRT.exe
2014-06-09 10:42 - 2014-06-09 10:42 - 00012091 ____C () C:\ComboFix.txt
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 10:25 - 2014-06-09 10:42 - 00000000 ___DC () C:\Qoobox
2014-06-09 10:25 - 2014-06-09 10:42 - 00000000 ___DC () C:\ComboFix
2014-06-09 10:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-09 10:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-09 10:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-09 10:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-08 21:45 - 2014-06-09 10:23 - 05205664 ____R (Swearware) C:\Users\jules\Desktop\ComboFix.exe
2014-06-08 15:31 - 2014-06-16 01:01 - 00000000 ____D () C:\Users\jules\Desktop\TrojanerBoard
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 _____ () C:\Users\jules\Desktop\PASSWORTändernWARSCHAU.txt
2014-06-08 11:05 - 2014-06-08 11:05 - 00000000 _____ () C:\Users\jules\AppData\Local\{74D606CC-960A-4670-93C2-E703E6CB794B}
2014-06-07 21:19 - 2014-06-16 01:01 - 00000000 ___DC () C:\FRST
2014-06-04 20:09 - 2014-06-04 20:20 - 00000000 ____D () C:\Users\jules\Desktop\MakroTetragon
2014-06-01 22:21 - 2014-06-01 22:21 - 00000000 ____D () C:\Users\jules\Documents\Battlefield 3
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Users\jules\AppData\Local\ESN
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-01 22:17 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-01 22:16 - 2014-06-01 22:16 - 00000967 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-01 22:16 - 2014-06-01 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-01 20:22 - 2014-06-01 20:23 - 00002163 ____C () C:\DelFix.txt
2014-06-01 20:17 - 2014-06-16 01:02 - 00000000 ____D () C:\Users\jules\AppData\Local\temp
2014-05-29 18:35 - 2014-05-29 18:35 - 00000000 ____D () C:\Users\jules\AppData\Local\Adobe
2014-05-29 18:31 - 2014-05-29 18:33 - 00000000 ____D () C:\Program Files\Origin Games
2014-05-29 18:30 - 2014-05-29 18:31 - 00000000 ____D () C:\Users\jules\AppData\Local\Origin
2014-05-29 18:29 - 2014-06-02 01:04 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 18:29 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-05-29 18:29 - 2014-05-29 18:29 - 00000780 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-29 18:28 - 2014-06-01 20:51 - 00000000 ____D () C:\Program Files\Origin
2014-05-29 09:37 - 2014-05-29 09:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-28 16:28 - 2014-06-01 20:22 - 00000000 ____D () C:\Windows\ERUNT
2014-05-28 16:14 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-28 15:56 - 2014-06-15 19:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 15:56 - 2014-06-12 11:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2014-06-12 11:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-05-28 15:56 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 15:56 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-27 09:48 - 2014-06-09 10:24 - 00000000 ____D () C:\Windows\erdnt
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 16:43 - 2014-05-26 16:46 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt

==================== One Month Modified Files and Folders =======

2014-06-16 01:02 - 2014-06-01 20:17 - 00000000 ____D () C:\Users\jules\AppData\Local\temp
2014-06-16 01:01 - 2014-06-08 15:31 - 00000000 ____D () C:\Users\jules\Desktop\TrojanerBoard
2014-06-16 01:01 - 2014-06-07 21:19 - 00000000 ___DC () C:\FRST
2014-06-16 00:57 - 2009-12-05 17:31 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Skype
2014-06-16 00:56 - 2014-06-16 00:56 - 00001000 _____ () C:\Users\jules\Desktop\checkup.txt
2014-06-16 00:54 - 2014-04-29 20:37 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000UA.job
2014-06-16 00:54 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 00:54 - 2006-11-02 14:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 00:53 - 2010-04-01 11:41 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-16 00:08 - 2012-09-02 11:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-15 21:01 - 2014-06-15 21:01 - 00000000 ____D () C:\Program Files\ESET
2014-06-15 20:32 - 2009-01-19 22:35 - 01950002 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 19:37 - 2014-05-28 15:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 19:16 - 2014-06-15 19:16 - 00854367 _____ () C:\Users\jules\Desktop\SecurityCheck.exe
2014-06-15 19:15 - 2014-06-15 19:15 - 02347384 _____ (ESET) C:\Users\jules\Desktop\esetsmartinstaller_deu(1).exe
2014-06-15 19:01 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Steam
2014-06-15 18:58 - 2013-06-23 21:52 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Dropbox
2014-06-15 18:57 - 2014-05-07 09:03 - 00000000 ____D () C:\Users\jules\AppData\Roaming\DropboxMaster
2014-06-15 18:57 - 2013-06-23 21:57 - 00000000 ___RD () C:\Users\jules\Dropbox
2014-06-15 18:54 - 2012-10-17 10:16 - 00313753 _____ () C:\Windows\AutoKMS.log
2014-06-15 18:54 - 2010-04-01 11:41 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-15 18:54 - 2008-11-20 05:53 - 00000147 _____ () C:\Windows\system32\agent.log
2014-06-15 18:53 - 2008-01-21 04:47 - 03426908 _____ () C:\Windows\PFRO.log
2014-06-15 18:53 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 12:49 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-12 12:06 - 2014-06-12 12:06 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-12 12:06 - 2014-06-12 12:06 - 00000850 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-12 12:06 - 2014-06-12 12:06 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-12 12:06 - 2014-05-11 22:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-12 11:56 - 2014-05-28 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-12 11:56 - 2014-05-28 15:56 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-12 11:56 - 2013-05-13 21:35 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-12 11:54 - 2014-06-12 11:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jules\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-11 21:15 - 2014-05-07 11:12 - 00001169 _____ () C:\Users\jules\Desktop\KurseWarschaumadness.txt
2014-06-10 22:11 - 2010-04-01 16:53 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-10 21:58 - 2013-07-01 19:26 - 00000000 ____D () C:\ProgramData\MTA San Andreas All
2014-06-10 21:25 - 2014-03-24 01:18 - 00002379 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-10 18:52 - 2014-06-10 18:52 - 00000802 _____ () C:\Users\jules\Desktop\JRT.txt
2014-06-10 00:42 - 2014-06-10 00:42 - 00001223 _____ () C:\Users\jules\Desktop\AdwCleaner[S0].txt
2014-06-10 00:22 - 2014-06-10 00:20 - 00000000 ___DC () C:\AdwCleaner
2014-06-09 22:04 - 2014-06-09 22:04 - 00001161 _____ () C:\Users\jules\Desktop\mbamNEW.txt
2014-06-09 21:45 - 2014-06-09 21:45 - 01333465 _____ () C:\Users\jules\Desktop\adwcleaner_3.212.exe
2014-06-09 21:45 - 2014-06-09 21:45 - 01016261 _____ (Thisisu) C:\Users\jules\Desktop\JRT.exe
2014-06-09 20:37 - 2011-05-17 13:26 - 00000474 ____H () C:\Windows\Tasks\Norton Security Scan for jules.job
2014-06-09 17:46 - 2014-04-29 20:37 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1746654511-3761473265-4038029783-1000Core.job
2014-06-09 10:42 - 2014-06-09 10:42 - 00012091 ____C () C:\ComboFix.txt
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-09 10:42 - 2014-06-09 10:25 - 00000000 ___DC () C:\Qoobox
2014-06-09 10:42 - 2014-06-09 10:25 - 00000000 ___DC () C:\ComboFix
2014-06-09 10:39 - 2006-11-02 12:23 - 00000215 ____C () C:\Windows\system.ini
2014-06-09 10:24 - 2014-05-27 09:48 - 00000000 ____D () C:\Windows\erdnt
2014-06-09 10:23 - 2014-06-08 21:45 - 05205664 ____R (Swearware) C:\Users\jules\Desktop\ComboFix.exe
2014-06-08 15:31 - 2014-06-08 15:31 - 00000000 _____ () C:\Users\jules\Desktop\PASSWORTändernWARSCHAU.txt
2014-06-08 12:58 - 2009-06-16 17:03 - 00000000 ____D () C:\Program Files\Google
2014-06-08 11:06 - 2014-01-29 12:28 - 00000000 ___RD () C:\Users\jules\Google Drive
2014-06-08 11:05 - 2014-06-08 11:05 - 00000000 _____ () C:\Users\jules\AppData\Local\{74D606CC-960A-4670-93C2-E703E6CB794B}
2014-06-04 20:20 - 2014-06-04 20:09 - 00000000 ____D () C:\Users\jules\Desktop\MakroTetragon
2014-06-02 01:04 - 2014-05-29 18:29 - 00000000 ____D () C:\ProgramData\Origin
2014-06-01 23:14 - 2012-10-22 17:45 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-06-01 22:21 - 2014-06-01 22:21 - 00000000 ____D () C:\Users\jules\Documents\Battlefield 3
2014-06-01 22:21 - 2009-06-16 22:42 - 00280904 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-06-01 22:21 - 2009-06-16 20:50 - 00000000 ____D () C:\Users\jules\AppData\Local\PunkBuster
2014-06-01 22:21 - 2009-06-16 20:30 - 00140072 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2014-06-01 22:21 - 2009-06-16 20:29 - 00280904 _____ () C:\Windows\system32\PnkBstrB.exe
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Users\jules\AppData\Local\ESN
2014-06-01 22:20 - 2014-06-01 22:20 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2014-06-01 22:17 - 2014-06-01 22:17 - 00000000 ____D () C:\ProgramData\EA Core
2014-06-01 22:17 - 2014-05-29 18:29 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-06-01 22:16 - 2014-06-01 22:16 - 00000967 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2014-06-01 22:16 - 2014-06-01 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2014-06-01 22:16 - 2009-06-16 20:30 - 00138056 _____ () C:\Users\jules\AppData\Roaming\PnkBstrK.sys
2014-06-01 22:15 - 2009-06-16 20:29 - 00189248 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-06-01 22:15 - 2009-06-16 20:29 - 00075136 _____ () C:\Windows\system32\PnkBstrA.exe
2014-06-01 20:51 - 2014-05-29 18:28 - 00000000 ____D () C:\Program Files\Origin
2014-06-01 20:23 - 2014-06-01 20:22 - 00002163 ____C () C:\DelFix.txt
2014-06-01 20:22 - 2014-05-28 16:28 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 19:33 - 2009-06-16 17:03 - 00000000 ____D () C:\Users\jules
2014-05-29 18:35 - 2014-05-29 18:35 - 00000000 ____D () C:\Users\jules\AppData\Local\Adobe
2014-05-29 18:33 - 2014-05-29 18:31 - 00000000 ____D () C:\Program Files\Origin Games
2014-05-29 18:31 - 2014-05-29 18:30 - 00000000 ____D () C:\Users\jules\AppData\Local\Origin
2014-05-29 18:29 - 2014-05-29 18:29 - 00000780 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-05-29 09:37 - 2014-05-29 09:37 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-05-29 09:37 - 2009-12-05 17:30 - 00000000 ___RD () C:\Program Files\Skype
2014-05-29 09:37 - 2009-10-08 15:15 - 00000000 ____D () C:\ProgramData\Skype
2014-05-28 21:02 - 2014-05-28 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
2014-05-28 21:02 - 2014-02-13 20:38 - 00001431 _____ () C:\Users\jules\Desktop\bwin Poker.lnk
2014-05-28 21:02 - 2013-03-18 02:57 - 00001437 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\bwin Poker.lnk
2014-05-28 21:02 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-28 18:00 - 2012-08-14 14:48 - 00000000 ____D () C:\Users\jules\AppData\Local\ArmA 2 OA
2014-05-28 16:16 - 2010-10-28 20:17 - 00000000 ____D () C:\ProgramData\ICQ
2014-05-28 16:16 - 2009-06-24 20:25 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-28 15:56 - 2012-05-03 15:36 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Malwarebytes
2014-05-28 15:56 - 2012-05-03 15:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-05-27 10:17 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-27 09:21 - 2014-05-27 09:21 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-27 09:17 - 2010-04-05 17:25 - 00000000 ____D () C:\Users\jules\Tracing
2014-05-26 23:26 - 2009-12-14 21:56 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-26 23:22 - 2014-05-26 23:22 - 00166520 _____ () C:\Windows\Minidump\Mini052614-02.dmp
2014-05-26 23:22 - 2012-04-27 21:45 - 318719702 _____ () C:\Windows\MEMORY.DMP
2014-05-26 23:22 - 2012-04-27 21:45 - 00000000 ____D () C:\Windows\Minidump
2014-05-26 22:44 - 2014-05-26 22:44 - 00166520 _____ () C:\Windows\Minidump\Mini052614-01.dmp
2014-05-26 20:54 - 2009-06-16 17:04 - 00000000 ____D () C:\Users\jules\AppData\Local\Google
2014-05-26 16:46 - 2014-05-26 16:43 - 00000000 ____D () C:\Users\jules\Documents\BIS Core Engine
2014-05-23 09:03 - 2013-06-23 21:57 - 00000923 _____ () C:\Users\jules\Desktop\Dropbox.lnk
2014-05-23 09:03 - 2013-06-23 21:55 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 00:10 - 2013-11-03 22:57 - 00000000 ____D () C:\Users\jules\Desktop\Makro
2014-05-21 20:54 - 2009-06-16 18:23 - 00000000 ____D () C:\Users\jules\AppData\Roaming\Mozilla
2014-05-21 20:19 - 2014-05-21 20:19 - 00000285 _____ () C:\Users\jules\Desktop\makrofaebookkack.txt

Some content of TEMP:
====================
C:\Users\jules\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpigemcp.dll
C:\Users\jules\AppData\Local\temp\Quarantine.exe
C:\Users\jules\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-15 19:15

==================== End Of Log ============================

--- --- ---

schrauber · 16.06.2014, 21:30

Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$RECYCLE.BIN

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Dirknash · 17.06.2014, 14:30

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:15-06-2014
Ran by jules at 2014-06-17 15:29:11 Run:1
Running from C:\Users\jules\Desktop\TrojanerBoard
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN
*****************

C:\$RECYCLE.BIN => Moved successfully.

==== End of Fixlog ====

Hi alles bestens soweit! Vielen Dank!

schrauber · 18.06.2014, 09:15

Gern Geschehen

18.06.2014, 09:15	#12
schrauber /// the machine /// TB-Ausbilder	Firefox spinnt - 'Man-in-the-Browser' ? Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Firefox spinnt - 'Man-in-the-Browser' ?

Log-Analyse und Auswertung: Firefox spinnt - 'Man-in-the-Browser' ?