| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.08.2014, 18:46
| #1 |
 |  Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Hallo, vor einiger Zeit wurde meine Frau bei Nutzung ihres Laptop Opfer eines Virus oder Trojaners, der beim Öffnen des Internetbanking eine Fake-Abfrage über das Banking geschoben hat und leider erfolgreich eine TAN abgefischt hat. das Ergebnis war ein leeres Konto und viele viele Tränen. Seitdem haben wir Angst diesen Laptop zu benutzen und ich möchte dieses Forum nutzen, um den Laptop wieder sicher zu machen. Zum Start habe ich die Ergebnisse von FRST64 erzeugt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Gursky (administrator) on THUNDERBIRD on 10-08-2014 19:35:21
Running from C:\Users\Gursky\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Babylon Ltd.) C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
(Ginger Software) C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107688 2010-04-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3577712 2010-03-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Babylon Client] => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3462296 2012-07-02] (Babylon Ltd.)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Google Update] => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-27] (Google Inc.)
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Acti-1-0] => C:\Windows\system32\crypring.exe [299008 2014-07-14] ()
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=58&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=58&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ie-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ie_ds_IS0&query={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon IE plugin -> {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: MyEmoticons Class -> {DCC39ACE-709B-44EA-B062-5F6BE2774644} -> C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons-1.3.dll (GreenTree Applications)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.yahoo.com
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Babylon Spelling and Proofreading - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\adapter@babylontc.com.xpi [2012-07-24]
FF Extension: Babylon Translation Activation - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\ocr@babylon.com.xpi [2012-07-24]
FF Extension: Greasemonkey - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-16]
FF HKLM-x32\...\Firefox\Extensions: [myemoticons@myemoticons.com] - C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3
FF Extension: MyEmoticons - C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3 [2012-10-08]
Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=55&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=55&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&SSPV="
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Extension: (Babylon Translator) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-07-30]
CHR Extension: (Google Wallet) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12]
CHR Extension: (MyEmoticons) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf [2013-01-20]
CHR Extension: (Extutil) - C:\Users\Gursky\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-02]
CHR Extension: (Managera) - C:\Users\Gursky\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-02]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [oopofgccipckckifenoicncegojimpmf] - C:\Users\Gursky\AppData\Roaming\MyEmoticons\oopofgccipckckifenoicncegojimpmf.crx [2012-08-23]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3456880 2010-03-08] (Egis Technology Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-09-01] (Windows (R) Win 7 DDK provider)
R3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [625152 2009-05-23] (LiteOn)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-09-01] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-06-11] (Audials AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-02-25] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-10 19:35 - 2014-08-10 19:35 - 00023434 _____ () C:\Users\Gursky\Downloads\FRST.txt
2014-08-10 19:35 - 2014-08-10 19:35 - 00000000 ____D () C:\FRST
2014-08-10 19:34 - 2014-08-10 19:35 - 02099712 _____ (Farbar) C:\Users\Gursky\Downloads\FRST64.exe
2014-08-08 18:57 - 2014-08-08 18:28 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
2014-07-14 22:26 - 2014-07-14 22:26 - 00299008 _____ () C:\Windows\system32\crypring.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-10 19:35 - 2014-08-10 19:35 - 00023434 _____ () C:\Users\Gursky\Downloads\FRST.txt
2014-08-10 19:35 - 2014-08-10 19:35 - 00000000 ____D () C:\FRST
2014-08-10 19:35 - 2014-08-10 19:34 - 02099712 _____ (Farbar) C:\Users\Gursky\Downloads\FRST64.exe
2014-08-10 19:33 - 2012-07-24 20:57 - 00000000 ____D () C:\ProgramData\Babylon
2014-08-10 19:33 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 19:33 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 19:29 - 2011-03-02 19:05 - 01248570 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 19:26 - 2011-04-25 15:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 19:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 19:26 - 2009-07-14 06:51 - 00198585 _____ () C:\Windows\setupact.log
2014-08-10 19:26 - 2009-07-14 06:45 - 00379576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-09 16:01 - 2011-04-25 15:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 15:54 - 2011-05-08 11:10 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job
2014-08-09 15:46 - 2012-07-30 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 14:54 - 2011-05-08 11:10 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job
2014-08-08 18:32 - 2011-03-03 03:56 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-08-08 18:32 - 2011-03-03 03:56 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-08-08 18:32 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 18:28 - 2014-08-08 18:57 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
2014-07-18 07:57 - 2011-05-08 11:10 - 00002368 _____ () C:\Users\Gursky\Desktop\Google Chrome.lnk
2014-07-14 22:26 - 2014-07-14 22:26 - 00299008 _____ () C:\Windows\system32\crypring.exe
2014-07-14 19:03 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\Gursky\AppData\Local\Temp\AskSLib.dll
C:\Users\Gursky\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gursky\AppData\Local\Temp\COMAP.EXE
C:\Users\Gursky\AppData\Local\Temp\EAD86BB.exe
C:\Users\Gursky\AppData\Local\Temp\EAD888F.exe
C:\Users\Gursky\AppData\Local\Temp\EAD9146.exe
C:\Users\Gursky\AppData\Local\Temp\EAD94EE.exe
C:\Users\Gursky\AppData\Local\Temp\EAD9F89.exe
C:\Users\Gursky\AppData\Local\Temp\EAD9FE6.exe
C:\Users\Gursky\AppData\Local\Temp\EADB0F6.exe
C:\Users\Gursky\AppData\Local\Temp\EADB6FF.exe
C:\Users\Gursky\AppData\Local\Temp\EADB99D.exe
C:\Users\Gursky\AppData\Local\Temp\EADBAD5.exe
C:\Users\Gursky\AppData\Local\Temp\EADBF29.exe
C:\Users\Gursky\AppData\Local\Temp\EADC725.exe
C:\Users\Gursky\AppData\Local\Temp\EADCD5C.exe
C:\Users\Gursky\AppData\Local\Temp\EADD161.exe
C:\Users\Gursky\AppData\Local\Temp\EADD355.exe
C:\Users\Gursky\AppData\Local\Temp\EADD3B2.exe
C:\Users\Gursky\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gursky\AppData\Local\Temp\htmlayout.dll
C:\Users\Gursky\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Gursky\AppData\Local\Temp\nsc1206.exe
C:\Users\Gursky\AppData\Local\Temp\nsc97C.exe
C:\Users\Gursky\AppData\Local\Temp\nscE61F.exe
C:\Users\Gursky\AppData\Local\Temp\nsf7FFD.exe
C:\Users\Gursky\AppData\Local\Temp\nsiE296.exe
C:\Users\Gursky\AppData\Local\Temp\nssDD1.exe
C:\Users\Gursky\AppData\Local\Temp\nsxE9F7.exe
C:\Users\Gursky\AppData\Local\Temp\RegClean2.exe
C:\Users\Gursky\AppData\Local\Temp\toolbar1437143.exe
C:\Users\Gursky\AppData\Local\Temp\toolbar1438485.exe
C:\Users\Gursky\AppData\Local\Temp\toolbar1438547.exe
C:\Users\Gursky\AppData\Local\Temp\uninstall188480.exe
C:\Users\Gursky\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Gursky\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Gursky\AppData\Local\Temp\VuuPC.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-08 07:24
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01
Ran by Gursky at 2014-08-10 19:36:03
Running from C:\Users\Gursky\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7501 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.1.7501 - CyberLink Corp.) Hidden
Acer Arcade Instant On (x32 Version: 3.0.34.2 - Acer) Hidden
Acer Arcade Movie (x32 Version: 9.0.6302 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.5.76 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.12.1 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{AFBE654A-4597-89DB-EF5F-7CC7D0475691}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Babylon (HKLM-x32\...\Babylon) (Version: - Babylon)
Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden
bwin Poker (HKLM-x32\...\bwin Poker_is1) (Version: - bwin)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Fingerprint Solution (x32 Version: 6.1.76.0 - Egis Technology Inc.) Hidden
Fragen-Lern-CD 4.0 international (HKLM-x32\...\de.3m5.wendel.flcd.FLCDint.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.0.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.0 international (x32 Version: 4.0.0 - Wendel-Verlag GmbH) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.)
MediaDrug (HKCU\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyEmoticons (HKCU\...\MyEmoticons) (Version: 1.3.0.0 - GreenTree Applications SRL)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Nuvoton CIR Device Drivers (HKLM-x32\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation)
O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.)
O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5FAD2AAE-C6DD-4CC8-B325-BFCBB3D32249}) (Version: 2.0.37.D - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D - O2Micro International LTD.) Hidden
ODF Add-In für Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.2 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
17-07-2014 05:45:28 Geplanter Prüfpunkt
24-07-2014 16:42:59 Geplanter Prüfpunkt
31-07-2014 20:48:02 Geplanter Prüfpunkt
08-08-2014 05:31:36 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2EE742A3-8553-4CA4-B801-A2AA9223536C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {45642250-B034-4683-B5BF-A80925E82EA1} - System32\Tasks\Digital Sites => C:\Users\Gursky\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4A411131-3DF8-49B1-A988-368994F073E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {4B203BC5-1FA7-491E-90DA-47B92FDD49A1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {640A23E2-2E60-45B3-B093-B4558DC42561} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6ACF023F-5D47-48BF-9ADF-07809EE1BC99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8148C350-814E-4103-821B-EE64A1172966} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {977CEC33-8DB2-4BC1-A130-52B8784FA3F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {DCF8A36C-FB3A-4AC1-A36D-F8142DFBFDF1} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {E8FC529F-7B2B-4338-9DB6-4D48A6A732FF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F20D94DC-D65C-46D0-9AE0-2346C1D5A7CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Gursky\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-03-08 04:35 - 2010-03-08 04:35 - 00108912 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2011-03-02 19:32 - 2010-02-03 10:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2011-03-02 19:18 - 2010-01-13 11:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-03-26 12:46 - 2010-03-26 12:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-01-07 15:42 - 2010-01-07 15:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-02 19:07 - 2011-03-02 19:07 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-28 14:13 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-07-24 20:58 - 2010-03-29 14:02 - 00520234 _____ () C:\ProgramData\Babylon\sqlite3.dll
2011-05-24 20:06 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-04-28 13:28 - 2010-04-28 13:28 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a52290f344ad5c5e513d71251549f5c2\IsdiInterop.ni.dll
2010-04-28 13:28 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/03/2014 08:58:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 26c
Startzeit: 01cfaf3059b69912
Endzeit: 26
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Berichts-ID: 34016a79-1b40-11e4-8187-c80aa9907234
Error: (08/03/2014 05:33:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d7370
ID des fehlerhaften Prozesses: 0x1268
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (07/30/2014 08:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005d9039
ID des fehlerhaften Prozesses: 0xb68
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (07/27/2014 00:43:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x3308cd0c
ID des fehlerhaften Prozesses: 0x1070
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (07/22/2014 10:06:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005d9039
ID des fehlerhaften Prozesses: 0x1f10
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (07/17/2014 11:46:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 794
Startzeit: 01cfa1f6fe5a1e2b
Endzeit: 45
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Berichts-ID: c9db22d4-0dfb-11e4-bd8f-c80aa9907234
Error: (07/12/2014 08:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d7370
ID des fehlerhaften Prozesses: 0x1108
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (07/11/2014 11:17:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x1299fc30
ID des fehlerhaften Prozesses: 0x1328
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (07/10/2014 10:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1300
Startzeit: 01cf9c6cd5e419da
Endzeit: 30
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Berichts-ID: 0d7848d6-0871-11e4-8fc1-c80aa9907234
Error: (07/10/2014 07:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450, Zeitstempel: 0x4aebab8d
Name des fehlerhaften Moduls: Captlib64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fb1251e
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000009ac68e0
ID des fehlerhaften Prozesses: 0x468
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
System errors:
=============
Error: (08/09/2014 01:07:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (08/08/2014 05:39:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (08/08/2014 07:49:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Error: (08/07/2014 10:30:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error: (08/07/2014 10:30:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error: (08/07/2014 10:30:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error: (08/07/2014 10:11:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
Error: (08/07/2014 10:01:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (08/05/2014 11:09:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Error: (08/05/2014 11:09:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.
Microsoft Office Sessions:
=========================
Error: (08/03/2014 08:58:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1642126c01cfaf3059b6991226C:\Program Files (x86)\Internet Explorer\iexplore.exe34016a79-1b40-11e4-8187-c80aa9907234
Error: (08/03/2014 05:33:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005000d7370126801cfaf2835c33cefC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx93910ea9-1b23-11e4-8187-c80aa9907234
Error: (07/30/2014 08:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005005d9039b6801cfac05d1287918C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx3f610a8f-1816-11e4-9199-c80aa9907234
Error: (07/27/2014 00:43:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dunknown0.0.0.000000000c00000053308cd0c107001cfa96004a957edC:\Program Files (x86)\Internet Explorer\iexplore.exeunknowne9429654-157a-11e4-a1e7-c80aa9907234
Error: (07/22/2014 10:06:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005005d90391f1001cfa5da10672285C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocxa6118c80-11db-11e4-b4ea-78e400251bc4
Error: (07/17/2014 11:46:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1642179401cfa1f6fe5a1e2b45C:\Program Files (x86)\Internet Explorer\iexplore.exec9db22d4-0dfb-11e4-bd8f-c80aa9907234
Error: (07/12/2014 08:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005000d7370110801cf9df49739a24bC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx3fb49b8c-09f6-11e4-be75-c80aa9907234
Error: (07/11/2014 11:17:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dunknown0.0.0.000000000c00000051299fc30132801cf9d46d072c7d3C:\Program Files (x86)\Internet Explorer\iexplore.exeunknowncb477b74-0940-11e4-9341-c80aa9907234
Error: (07/10/2014 10:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16421130001cf9c6cd5e419da30C:\Program Files (x86)\Internet Explorer\iexplore.exe0d7848d6-0871-11e4-8fc1-c80aa9907234
Error: (07/10/2014 07:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.164504aebab8dCaptlib64.dll_unloaded0.0.0.04fb1251ec000041d0000000009ac68e046801cf9c4e251f2e7cC:\Windows\Explorer.EXECaptlib64.dll7cf488d3-085b-11e4-8b02-c80aa9907234
CodeIntegrity Errors:
===================================
Date: 2013-02-18 20:35:55.006
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 11:05:09.507
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 09:47:40.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 08:01:48.995
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 07:58:25.563
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-22 16:23:15.468
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-11 07:06:38.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-10 22:08:13.151
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-08 11:24:42.315
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-08 10:22:42.112
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 19%
Total physical RAM: 8124.5 MB
Available physical RAM: 6503.89 MB
Total Pagefile: 16247.14 MB
Available Pagefile: 14380.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:288.8 GB) (Free:184.9 GB) NTFS
Drive d: (DATA) (Fixed) (Total:288.14 GB) (Free:288.04 GB) NTFS
Drive e: (DATA) (Fixed) (Total:596.17 GB) (Free:565.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 3E9DEFF9)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=577 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 0F4BC564)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
10.08.2014, 19:06
| #2 |
| /// the machine /// TB-Ausbilder    | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Hi,
__________________Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
11.08.2014, 23:04
| #3 |
| | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Hallo,
__________________anbei das Ergebnis des Scans: Code:
ATTFilter 23:56:42.0135 0x087c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:56:49.0633 0x087c ============================================================
23:56:49.0633 0x087c Current date / time: 2014/08/11 23:56:49.0633
23:56:49.0633 0x087c SystemInfo:
23:56:49.0633 0x087c
23:56:49.0633 0x087c OS Version: 6.1.7600 ServicePack: 0.0
23:56:49.0633 0x087c Product type: Workstation
23:56:49.0634 0x087c ComputerName: THUNDERBIRD
23:56:49.0634 0x087c UserName: Gursky
23:56:49.0634 0x087c Windows directory: C:\Windows
23:56:49.0634 0x087c System windows directory: C:\Windows
23:56:49.0634 0x087c Running under WOW64
23:56:49.0634 0x087c Processor architecture: Intel x64
23:56:49.0634 0x087c Number of processors: 8
23:56:49.0634 0x087c Page size: 0x1000
23:56:49.0634 0x087c Boot type: Normal boot
23:56:49.0634 0x087c ============================================================
23:56:52.0010 0x087c KLMD registered as C:\Windows\system32\drivers\62980868.sys
23:56:52.0354 0x087c System UUID: {89B552C9-29EA-F46D-19B7-9B367F31AEDD}
23:56:52.0922 0x087c Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:56:56.0608 0x087c Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:56:56.0622 0x087c ============================================================
23:56:56.0622 0x087c \Device\Harddisk0\DR0:
23:56:56.0678 0x087c MBR partitions:
23:56:56.0678 0x087c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2640800, BlocksNum 0x32000
23:56:56.0687 0x087c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2673000, BlocksNum 0x2419A800
23:56:56.0710 0x087c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2680E000, BlocksNum 0x24049800
23:56:56.0710 0x087c \Device\Harddisk1\DR1:
23:56:56.0849 0x087c MBR partitions:
23:56:56.0853 0x087c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
23:56:56.0853 0x087c ============================================================
23:56:56.0886 0x087c C: <-> \Device\Harddisk0\DR0\Partition2
23:56:56.0926 0x087c D: <-> \Device\Harddisk0\DR0\Partition3
23:56:56.0940 0x087c E: <-> \Device\Harddisk1\DR1\Partition1
23:56:56.0940 0x087c ============================================================
23:56:56.0940 0x087c Initialize success
23:56:56.0940 0x087c ============================================================
23:58:14.0500 0x1294 ============================================================
23:58:14.0500 0x1294 Scan started
23:58:14.0500 0x1294 Mode: Manual; SigCheck; TDLFS;
23:58:14.0500 0x1294 ============================================================
23:58:14.0500 0x1294 KSN ping started
23:58:17.0202 0x1294 KSN ping finished: true
23:58:18.0596 0x1294 ================ Scan system memory ========================
23:58:18.0597 0x1294 System memory - ok
23:58:18.0597 0x1294 ================ Scan services =============================
23:58:18.0852 0x1294 [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
23:58:18.0960 0x1294 1394ohci - ok
23:58:19.0003 0x1294 [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
23:58:19.0018 0x1294 ACPI - ok
23:58:19.0048 0x1294 [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
23:58:19.0127 0x1294 AcpiPmi - ok
23:58:19.0445 0x1294 [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:58:19.0474 0x1294 AdobeFlashPlayerUpdateSvc - ok
23:58:19.0628 0x1294 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:58:19.0651 0x1294 adp94xx - ok
23:58:19.0694 0x1294 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:58:19.0710 0x1294 adpahci - ok
23:58:19.0732 0x1294 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:58:19.0744 0x1294 adpu320 - ok
23:58:19.0764 0x1294 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:58:19.0895 0x1294 AeLookupSvc - ok
23:58:19.0941 0x1294 [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD C:\Windows\system32\drivers\afd.sys
23:58:19.0998 0x1294 AFD - ok
23:58:20.0030 0x1294 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
23:58:20.0050 0x1294 agp440 - ok
23:58:20.0098 0x1294 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
23:58:20.0137 0x1294 ALG - ok
23:58:20.0173 0x1294 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
23:58:20.0190 0x1294 aliide - ok
23:58:20.0246 0x1294 [ B4143CB1DD16AE73C6177C72F33450A6, D675AEF56FF030314AB3B4F13A81D72272E67AE10E415058928182A3B8370FE1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:58:20.0339 0x1294 AMD External Events Utility - ok
23:58:20.0389 0x1294 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
23:58:20.0406 0x1294 amdide - ok
23:58:20.0442 0x1294 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:58:20.0489 0x1294 AmdK8 - ok
23:58:21.0147 0x1294 [ D1D06810BF7E21F5763EB06CB7E7262B, 77DEEA2C76D1C3E65E3D4F1FB2C671195019E9B78336EA4E040565DB88228611 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
23:58:21.0526 0x1294 amdkmdag - ok
23:58:21.0569 0x1294 [ 6BA71D6616B56816E57394D77DD1BB6F, 5250378D4CA31578D8E92DD4402E2AA34C2299EA2D9471AC5A9A7CEA46A54CB3 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
23:58:21.0594 0x1294 amdkmdap - ok
23:58:21.0627 0x1294 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:58:21.0667 0x1294 AmdPPM - ok
23:58:21.0697 0x1294 [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
23:58:21.0715 0x1294 amdsata - ok
23:58:21.0750 0x1294 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:58:21.0767 0x1294 amdsbs - ok
23:58:21.0788 0x1294 [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
23:58:21.0795 0x1294 amdxata - ok
23:58:21.0841 0x1294 [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID C:\Windows\system32\drivers\appid.sys
23:58:21.0911 0x1294 AppID - ok
23:58:21.0943 0x1294 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:58:21.0989 0x1294 AppIDSvc - ok
23:58:22.0033 0x1294 [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo C:\Windows\System32\appinfo.dll
23:58:22.0102 0x1294 Appinfo - ok
23:58:22.0133 0x1294 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:58:22.0141 0x1294 arc - ok
23:58:22.0170 0x1294 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:58:22.0180 0x1294 arcsas - ok
23:58:22.0208 0x1294 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:58:22.0279 0x1294 AsyncMac - ok
23:58:22.0316 0x1294 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
23:58:22.0324 0x1294 atapi - ok
23:58:22.0367 0x1294 [ 77C149E6D702737B2E372DEE166FAEF8, D18FEAE9D915D5F25B787B755F9C6321A9C9506D4F563DD637E3586401E36053 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
23:58:22.0423 0x1294 AtiHdmiService - ok
23:58:22.0506 0x1294 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:58:22.0572 0x1294 AudioEndpointBuilder - ok
23:58:22.0591 0x1294 [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:58:22.0633 0x1294 AudioSrv - ok
23:58:22.0690 0x1294 [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:58:22.0791 0x1294 AxInstSV - ok
23:58:22.0862 0x1294 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:58:22.0922 0x1294 b06bdrv - ok
23:58:22.0985 0x1294 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:58:23.0018 0x1294 b57nd60a - ok
23:58:23.0220 0x1294 [ FDE8C8DC07E75347E4C6B455A0964217, A5CFF5BDBE9989328269FB422A0DBE18CF9CA6974F530A6DE9BCF66A2B766A68 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
23:58:23.0329 0x1294 BCM43XX - ok
23:58:23.0356 0x1294 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
23:58:23.0388 0x1294 BDESVC - ok
23:58:23.0410 0x1294 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
23:58:23.0447 0x1294 Beep - ok
23:58:23.0506 0x1294 [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE C:\Windows\System32\bfe.dll
23:58:23.0567 0x1294 BFE - ok
23:58:23.0684 0x1294 [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS C:\Windows\System32\qmgr.dll
23:58:23.0774 0x1294 BITS - ok
23:58:23.0808 0x1294 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:58:23.0838 0x1294 blbdrive - ok
23:58:23.0867 0x1294 [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:58:23.0916 0x1294 bowser - ok
23:58:23.0948 0x1294 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:58:23.0990 0x1294 BrFiltLo - ok
23:58:24.0015 0x1294 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:58:24.0027 0x1294 BrFiltUp - ok
23:58:24.0077 0x1294 [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser C:\Windows\System32\browser.dll
23:58:24.0147 0x1294 Browser - ok
23:58:24.0182 0x1294 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:58:24.0241 0x1294 Brserid - ok
23:58:24.0272 0x1294 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:58:24.0329 0x1294 BrSerWdm - ok
23:58:24.0343 0x1294 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:58:24.0379 0x1294 BrUsbMdm - ok
23:58:24.0402 0x1294 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:58:24.0438 0x1294 BrUsbSer - ok
23:58:24.0485 0x1294 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
23:58:24.0522 0x1294 BthEnum - ok
23:58:24.0539 0x1294 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:58:24.0570 0x1294 BTHMODEM - ok
23:58:24.0593 0x1294 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
23:58:24.0614 0x1294 BthPan - ok
23:58:24.0664 0x1294 [ A51FA9D0E85D5ADABEF72E67F386309C, 4F6F44D5E3A43239B50BCA75CBAA48FE40097E2AFF9360E1956F41ED52BD8183 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
23:58:24.0692 0x1294 BTHPORT - ok
23:58:24.0724 0x1294 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
23:58:24.0752 0x1294 bthserv - ok
23:58:24.0765 0x1294 [ F740B9A16B2C06700F2130E19986BF3B, 92158FD1B3706DE068F077ACA9A25F5479EF282E8B81F5A2FF8A66CBB5F80FCF ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
23:58:24.0786 0x1294 BTHUSB - ok
23:58:24.0852 0x1294 [ 380B798D30C56EDE4AF58619D0E86CCB, 6830E0C0A5DA74B6E3122702135AF4E018D938FB18F59C5501FB88C994EA1845 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
23:58:24.0885 0x1294 btwampfl - ok
23:58:24.0904 0x1294 [ BA5622F5544C6C445DFF1A05ACC8B19D, D9B3FBED2EDE92E16AEC5A6E3E69768540083A9AB3D80E3E8DC9218B7BD78DED ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
23:58:24.0911 0x1294 btwaudio - ok
23:58:24.0934 0x1294 [ A11905D0F4BD34771F195217B6AA5AE0, 2E7096E278978773C42E06833D2207DE7B4A9DBC4AF09415DCADD27372C4C0AE ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
23:58:24.0942 0x1294 btwavdt - ok
23:58:25.0094 0x1294 [ 3930E53EE0BED9DFF9AFA09F505D0CAE, 4DD6EC1A669A1063AB5CFC71DDF021EA0B241C10A284EB9C82B7F95BDDF3ECD8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:58:25.0133 0x1294 btwdins - ok
23:58:25.0160 0x1294 [ 07096D2BC22CCB6CEA5A532DF0BE8A75, A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
23:58:25.0166 0x1294 btwl2cap - ok
23:58:25.0201 0x1294 [ BD776F32D64EC615BE4563DC2747224E, D0CFB25919051DC5654CC47BBD785D304BEEA4BEBC99BEFCE74C53C439AB33ED ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
23:58:25.0206 0x1294 btwrchid - ok
23:58:25.0242 0x1294 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:58:25.0286 0x1294 cdfs - ok
23:58:25.0342 0x1294 [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:58:25.0381 0x1294 cdrom - ok
23:58:25.0432 0x1294 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc C:\Windows\System32\certprop.dll
23:58:25.0473 0x1294 CertPropSvc - ok
23:58:25.0492 0x1294 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:58:25.0530 0x1294 circlass - ok
23:58:25.0561 0x1294 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
23:58:25.0577 0x1294 CLFS - ok
23:58:25.0647 0x1294 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:58:25.0664 0x1294 clr_optimization_v2.0.50727_32 - ok
23:58:25.0710 0x1294 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:58:25.0718 0x1294 clr_optimization_v2.0.50727_64 - ok
23:58:25.0756 0x1294 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:58:25.0791 0x1294 CmBatt - ok
23:58:25.0804 0x1294 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
23:58:25.0816 0x1294 cmdide - ok
23:58:25.0858 0x1294 [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG C:\Windows\system32\Drivers\cng.sys
23:58:25.0887 0x1294 CNG - ok
23:58:25.0923 0x1294 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:58:25.0930 0x1294 Compbatt - ok
23:58:25.0960 0x1294 [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:58:25.0985 0x1294 CompositeBus - ok
23:58:26.0004 0x1294 COMSysApp - ok
23:58:26.0016 0x1294 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:58:26.0024 0x1294 crcdisk - ok
23:58:26.0071 0x1294 [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:58:26.0117 0x1294 CryptSvc - ok
23:58:26.0167 0x1294 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:58:26.0223 0x1294 DcomLaunch - ok
23:58:26.0280 0x1294 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
23:58:26.0341 0x1294 defragsvc - ok
23:58:26.0369 0x1294 [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:58:26.0428 0x1294 DfsC - ok
23:58:26.0468 0x1294 [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:58:26.0533 0x1294 Dhcp - ok
23:58:26.0558 0x1294 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
23:58:26.0600 0x1294 discache - ok
23:58:26.0633 0x1294 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:58:26.0642 0x1294 Disk - ok
23:58:26.0675 0x1294 [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:58:26.0726 0x1294 Dnscache - ok
23:58:26.0748 0x1294 [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc C:\Windows\System32\dot3svc.dll
23:58:26.0792 0x1294 dot3svc - ok
23:58:26.0813 0x1294 [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS C:\Windows\system32\dps.dll
23:58:26.0844 0x1294 DPS - ok
23:58:26.0870 0x1294 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:58:26.0898 0x1294 drmkaud - ok
23:58:27.0004 0x1294 [ 61E894FE1E9CC720C909E6E343351794, 2C8540ED0A2C7028B242289078B4C2D8678D26FB7429AB3B33C136BB47B178C3 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:58:27.0022 0x1294 DsiWMIService - ok
23:58:27.0112 0x1294 [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:58:27.0141 0x1294 DXGKrnl - ok
23:58:27.0177 0x1294 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
23:58:27.0221 0x1294 EapHost - ok
23:58:27.0386 0x1294 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:58:27.0592 0x1294 ebdrv - ok
23:58:27.0624 0x1294 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
23:58:27.0648 0x1294 EFS - ok
23:58:27.0739 0x1294 [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:58:27.0803 0x1294 ehRecvr - ok
23:58:27.0842 0x1294 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
23:58:27.0874 0x1294 ehSched - ok
23:58:27.0939 0x1294 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:58:27.0960 0x1294 elxstor - ok
23:58:28.0058 0x1294 [ 91C2E6234F6884C6FEEF9658D8EDE6B6, 5CD0CED05FD9FB3C134DD87C0115CDD314CE20B7E4BAB95AC4AA181EAE6C855E ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
23:58:28.0086 0x1294 ePowerSvc - ok
23:58:28.0104 0x1294 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
23:58:28.0114 0x1294 ErrDev - ok
23:58:28.0248 0x1294 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
23:58:28.0306 0x1294 EventSystem - ok
23:58:28.0331 0x1294 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
23:58:28.0377 0x1294 exfat - ok
23:58:28.0413 0x1294 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:58:28.0462 0x1294 fastfat - ok
23:58:28.0545 0x1294 [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax C:\Windows\system32\fxssvc.exe
23:58:28.0588 0x1294 Fax - ok
23:58:28.0621 0x1294 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:58:28.0650 0x1294 fdc - ok
23:58:28.0691 0x1294 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
23:58:28.0754 0x1294 fdPHost - ok
23:58:28.0771 0x1294 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
23:58:28.0798 0x1294 FDResPub - ok
23:58:28.0831 0x1294 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:58:28.0839 0x1294 FileInfo - ok
23:58:28.0854 0x1294 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:58:28.0882 0x1294 Filetrace - ok
23:58:28.0901 0x1294 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:58:28.0912 0x1294 flpydisk - ok
23:58:28.0938 0x1294 [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:58:28.0952 0x1294 FltMgr - ok
23:58:29.0005 0x1294 [ BC00505CFDA789ED3BE95D2FF38C4875, 9CB98AFF8A9740CFB53BDFB3DD40A76EB79C160CF2DF03E5EEFF6F2109216FEB ] FontCache C:\Windows\system32\FntCache.dll
23:58:29.0081 0x1294 FontCache - ok
23:58:29.0142 0x1294 [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:58:29.0157 0x1294 FontCache3.0.0.0 - ok
23:58:29.0195 0x1294 [ 54A9C5A6AA0BB0041A4AF7172FFC3D9F, 2CAA44443651188B6614B657536F8A21B6329585A1D9D1ABBEC2CA6050C8928E ] FPSensor C:\Windows\system32\Drivers\FPSensor.sys
23:58:29.0207 0x1294 FPSensor - ok
23:58:29.0248 0x1294 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:58:29.0268 0x1294 FsDepends - ok
23:58:29.0296 0x1294 [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:58:29.0313 0x1294 Fs_Rec - ok
23:58:29.0356 0x1294 [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:58:29.0387 0x1294 fvevol - ok
23:58:29.0419 0x1294 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:58:29.0439 0x1294 gagp30kx - ok
23:58:29.0528 0x1294 [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc C:\Windows\System32\gpsvc.dll
23:58:29.0580 0x1294 gpsvc - ok
23:58:29.0635 0x1294 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
23:58:29.0646 0x1294 GREGService - ok
23:58:29.0749 0x1294 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:58:29.0768 0x1294 gupdate - ok
23:58:29.0802 0x1294 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:58:29.0813 0x1294 gupdatem - ok
23:58:29.0851 0x1294 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:58:29.0864 0x1294 gusvc - ok
23:58:29.0912 0x1294 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:58:29.0947 0x1294 hcw85cir - ok
23:58:30.0001 0x1294 [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:58:30.0040 0x1294 HdAudAddService - ok
23:58:30.0092 0x1294 [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:58:30.0137 0x1294 HDAudBus - ok
23:58:30.0181 0x1294 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:58:30.0191 0x1294 HECIx64 - ok
23:58:30.0202 0x1294 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:58:30.0239 0x1294 HidBatt - ok
23:58:30.0283 0x1294 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:58:30.0329 0x1294 HidBth - ok
23:58:30.0353 0x1294 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:58:30.0382 0x1294 HidIr - ok
23:58:30.0416 0x1294 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
23:58:30.0464 0x1294 hidserv - ok
23:58:30.0517 0x1294 [ F44381F466CFCEE8E850DE6BBFA43FE2, C3AEE7C3BD989E2437A00F389B0F59DB14B86A0CBCCD521FC5BD208475DCFC95 ] hidshim C:\Windows\system32\DRIVERS\hidshim.sys
23:58:30.0542 0x1294 hidshim - ok
23:58:30.0584 0x1294 [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:58:30.0625 0x1294 HidUsb - ok
23:58:30.0672 0x1294 [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc C:\Windows\system32\kmsvc.dll
23:58:30.0736 0x1294 hkmsvc - ok
23:58:30.0746 0x1294 [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:58:30.0784 0x1294 HomeGroupListener - ok
23:58:30.0807 0x1294 [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:58:30.0839 0x1294 HomeGroupProvider - ok
23:58:30.0869 0x1294 [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
23:58:30.0878 0x1294 HpSAMD - ok
23:58:30.0964 0x1294 [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:58:31.0028 0x1294 HTTP - ok
23:58:31.0047 0x1294 [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:58:31.0053 0x1294 hwpolicy - ok
23:58:31.0118 0x1294 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:58:31.0144 0x1294 i8042prt - ok
23:58:31.0215 0x1294 [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:58:31.0232 0x1294 iaStor - ok
23:58:31.0297 0x1294 [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:58:31.0306 0x1294 IAStorDataMgrSvc - ok
23:58:31.0358 0x1294 [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
23:58:31.0390 0x1294 iaStorV - ok
23:58:31.0573 0x1294 [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:58:31.0670 0x1294 idsvc - ok
23:58:31.0988 0x1294 [ 64C7429D0BD8C65AE9FD366D01C37C10, 75BC1207CD8305EFCA90CDD660C164CA9E37D206D45758C7648C6A6380F3E861 ] IGBASVC C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
23:58:32.0147 0x1294 IGBASVC - ok
23:58:32.0184 0x1294 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:58:32.0192 0x1294 iirsp - ok
23:58:32.0238 0x1294 [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT C:\Windows\System32\ikeext.dll
23:58:32.0300 0x1294 IKEEXT - ok
23:58:32.0415 0x1294 [ A73CC9BD3A7236E686BE6667F0106C16, B9ABE8EE63867CBD9E439A3D4603D1F7D9ED3206768B28509D812DCBD046B64D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:58:32.0471 0x1294 IntcAzAudAddService - ok
23:58:32.0513 0x1294 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
23:58:32.0520 0x1294 intelide - ok
23:58:32.0550 0x1294 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:58:32.0571 0x1294 intelppm - ok
23:58:32.0612 0x1294 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:58:32.0656 0x1294 IPBusEnum - ok
23:58:32.0678 0x1294 [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:58:32.0707 0x1294 IpFilterDriver - ok
23:58:32.0749 0x1294 [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:58:32.0807 0x1294 iphlpsvc - ok
23:58:32.0831 0x1294 [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:58:32.0844 0x1294 IPMIDRV - ok
23:58:32.0863 0x1294 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:58:32.0911 0x1294 IPNAT - ok
23:58:32.0937 0x1294 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:58:32.0950 0x1294 IRENUM - ok
23:58:32.0976 0x1294 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
23:58:32.0984 0x1294 isapnp - ok
23:58:33.0015 0x1294 [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
23:58:33.0028 0x1294 iScsiPrt - ok
23:58:33.0051 0x1294 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:58:33.0059 0x1294 kbdclass - ok
23:58:33.0089 0x1294 [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:58:33.0115 0x1294 kbdhid - ok
23:58:33.0130 0x1294 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
23:58:33.0140 0x1294 KeyIso - ok
23:58:33.0177 0x1294 [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:58:33.0186 0x1294 KSecDD - ok
23:58:33.0207 0x1294 [ BBE1BF6D9B661C354D4857D5FADB943B, D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:58:33.0217 0x1294 KSecPkg - ok
23:58:33.0233 0x1294 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:58:33.0295 0x1294 ksthunk - ok
23:58:33.0343 0x1294 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
23:58:33.0389 0x1294 KtmRm - ok
23:58:33.0421 0x1294 [ 6E0698CEA0901FD1A2B9CE0859E2D8FE, A9A2335948037ADE09EEEE17FEC37A55B8336715F52EFD49DEC4726A8C5169C5 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
23:58:33.0427 0x1294 L1C - ok
23:58:33.0468 0x1294 [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer C:\Windows\system32\srvsvc.dll
23:58:33.0531 0x1294 LanmanServer - ok
23:58:33.0559 0x1294 [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:58:33.0609 0x1294 LanmanWorkstation - ok
23:58:33.0652 0x1294 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:58:33.0692 0x1294 lltdio - ok
23:58:33.0717 0x1294 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:58:33.0752 0x1294 lltdsvc - ok
23:58:33.0797 0x1294 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:58:33.0841 0x1294 lmhosts - ok
23:58:33.0922 0x1294 [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:58:33.0963 0x1294 LMS - detected UnsignedFile.Multi.Generic ( 1 )
23:58:36.0784 0x1294 LMS ( UnsignedFile.Multi.Generic ) - warning
23:58:36.0784 0x1294 Force sending object to P2P due to detect: LMS
23:58:39.0536 0x1294 Object send P2P result: true
23:58:42.0280 0x1294 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:58:42.0305 0x1294 LSI_FC - ok
23:58:42.0315 0x1294 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:58:42.0325 0x1294 LSI_SAS - ok
23:58:42.0337 0x1294 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:58:42.0346 0x1294 LSI_SAS2 - ok
23:58:42.0366 0x1294 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:58:42.0375 0x1294 LSI_SCSI - ok
23:58:42.0447 0x1294 [ 9D48F75C237F972E8CDEA3F5BCFF74D5, A06397226496180F3CDB5D3981B8D7D008DBCA616C95115F275BF71A7430DA75 ] Ltn_stk7070P C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
23:58:42.0494 0x1294 Ltn_stk7070P - ok
23:58:42.0535 0x1294 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
23:58:42.0595 0x1294 luafv - ok
23:58:42.0635 0x1294 [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:58:42.0671 0x1294 Mcx2Svc - ok
23:58:42.0687 0x1294 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:58:42.0707 0x1294 megasas - ok
23:58:42.0740 0x1294 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:58:42.0754 0x1294 MegaSR - ok
23:58:42.0787 0x1294 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
23:58:42.0832 0x1294 MMCSS - ok
23:58:42.0861 0x1294 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
23:58:42.0927 0x1294 Modem - ok
23:58:42.0949 0x1294 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:58:42.0971 0x1294 monitor - ok
23:58:42.0995 0x1294 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:58:43.0002 0x1294 mouclass - ok
23:58:43.0018 0x1294 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:58:43.0030 0x1294 mouhid - ok
23:58:43.0071 0x1294 [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:58:43.0093 0x1294 mountmgr - ok
23:58:43.0196 0x1294 [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:58:43.0217 0x1294 MozillaMaintenance - ok
23:58:43.0237 0x1294 [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
23:58:43.0247 0x1294 mpio - ok
23:58:43.0276 0x1294 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:58:43.0305 0x1294 mpsdrv - ok
23:58:43.0417 0x1294 [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc C:\Windows\system32\mpssvc.dll
23:58:43.0478 0x1294 MpsSvc - ok
23:58:43.0609 0x1294 [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:58:43.0649 0x1294 MRxDAV - ok
23:58:43.0673 0x1294 [ AB5892797C4114640BA333949568DE8C, 9F9880DB64286D8250A9AF15FADD85E885B504F531B39A5B0605D66F7BFBE200 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:58:43.0718 0x1294 mrxsmb - ok
23:58:43.0763 0x1294 [ 81A38F7AEEB265634B05AE5F3F29FBC4, 29A4DEA060A1C98F620DF4395844D00B98BC71822614DA2F8D1B726792261711 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:58:43.0806 0x1294 mrxsmb10 - ok
23:58:43.0824 0x1294 [ 6B2D5FEF385828B6E485C1C90AFB8195, A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:58:43.0855 0x1294 mrxsmb20 - ok
23:58:43.0876 0x1294 [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
23:58:43.0883 0x1294 msahci - ok
23:58:43.0919 0x1294 [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
23:58:43.0929 0x1294 msdsm - ok
23:58:43.0947 0x1294 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
23:58:43.0962 0x1294 MSDTC - ok
23:58:43.0980 0x1294 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:58:44.0007 0x1294 Msfs - ok
23:58:44.0030 0x1294 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:58:44.0066 0x1294 mshidkmdf - ok
23:58:44.0081 0x1294 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
23:58:44.0087 0x1294 msisadrv - ok
23:58:44.0131 0x1294 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:58:44.0179 0x1294 MSiSCSI - ok
23:58:44.0182 0x1294 msiserver - ok
23:58:44.0214 0x1294 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:58:44.0242 0x1294 MSKSSRV - ok
23:58:44.0261 0x1294 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:58:44.0300 0x1294 MSPCLOCK - ok
23:58:44.0313 0x1294 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:58:44.0352 0x1294 MSPQM - ok
23:58:44.0375 0x1294 [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:58:44.0391 0x1294 MsRPC - ok
23:58:44.0407 0x1294 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:58:44.0415 0x1294 mssmbios - ok
23:58:44.0453 0x1294 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:58:44.0493 0x1294 MSTEE - ok
23:58:44.0502 0x1294 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:58:44.0546 0x1294 MTConfig - ok
23:58:44.0581 0x1294 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
23:58:44.0601 0x1294 Mup - ok
23:58:44.0653 0x1294 [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:58:44.0663 0x1294 mwlPSDFilter - ok
23:58:44.0675 0x1294 [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:58:44.0684 0x1294 mwlPSDNServ - ok
23:58:44.0820 0x1294 [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:58:44.0833 0x1294 mwlPSDVDisk - ok
23:58:44.0957 0x1294 [ 22A4905C958BEB68D78385B633C1351B, FFF03DB9F0A7DCFFF221FA1EAEBF9EA04732F4D0562EA02412D178B887773574 ] MWLService C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
23:58:44.0984 0x1294 MWLService - ok
23:58:45.0037 0x1294 [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent C:\Windows\system32\qagentRT.dll
23:58:45.0080 0x1294 napagent - ok
23:58:45.0128 0x1294 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:58:45.0168 0x1294 NativeWifiP - ok
23:58:45.0223 0x1294 [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS C:\Windows\system32\drivers\ndis.sys
23:58:45.0253 0x1294 NDIS - ok
23:58:45.0285 0x1294 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:58:45.0313 0x1294 NdisCap - ok
23:58:45.0336 0x1294 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:58:45.0381 0x1294 NdisTapi - ok
23:58:45.0394 0x1294 [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:58:45.0440 0x1294 Ndisuio - ok
23:58:45.0465 0x1294 [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:58:45.0516 0x1294 NdisWan - ok
23:58:45.0550 0x1294 [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:58:45.0579 0x1294 NDProxy - ok
23:58:45.0622 0x1294 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:58:45.0687 0x1294 NetBIOS - ok
23:58:45.0824 0x1294 [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:58:45.0884 0x1294 NetBT - ok
23:58:45.0903 0x1294 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
23:58:45.0913 0x1294 Netlogon - ok
23:58:45.0963 0x1294 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
23:58:46.0013 0x1294 Netman - ok
23:58:46.0041 0x1294 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
23:58:46.0088 0x1294 netprofm - ok
23:58:46.0115 0x1294 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:58:46.0123 0x1294 NetTcpPortSharing - ok
23:58:46.0162 0x1294 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:58:46.0170 0x1294 nfrd960 - ok
23:58:46.0206 0x1294 [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc C:\Windows\System32\nlasvc.dll
23:58:46.0259 0x1294 NlaSvc - ok
23:58:46.0280 0x1294 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:58:46.0307 0x1294 Npfs - ok
23:58:46.0323 0x1294 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
23:58:46.0362 0x1294 nsi - ok
23:58:46.0378 0x1294 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:58:46.0407 0x1294 nsiproxy - ok
23:58:46.0698 0x1294 [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:58:46.0780 0x1294 Ntfs - ok
23:58:46.0922 0x1294 [ 5B3CE960C62DBE864BE9A0BD043A3E30, 8474C68B0A8F94945C3278C682143F289245FC31C28DBB4609E993F90F7AD309 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
23:58:46.0951 0x1294 NTI IScheduleSvc - detected UnsignedFile.Multi.Generic ( 1 )
23:58:49.0695 0x1294 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
23:58:52.0477 0x1294 [ 15221DD637D9D0FFC60848EBBF1DF538, 72E20DAAC3BF7CA9303DB515A7C93C629D7EEDA04C9A7CE91AFBCBB574F257D4 ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:58:52.0492 0x1294 NTIBackupSvc - ok
23:58:52.0526 0x1294 [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
23:58:52.0536 0x1294 NTIDrvr - ok
23:58:52.0577 0x1294 [ B5071E15D4C3F5EF5018AFF7E85A85E5, FF3ACAEDD127CC4BB0A6FD2D34B5E4D98478A86122BE31DB84702A12567288E0 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:58:52.0627 0x1294 NTISchedulerSvc - ok
23:58:52.0644 0x1294 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
23:58:52.0691 0x1294 Null - ok
23:58:52.0713 0x1294 [ 4F990BD111CF94891104193F8787788F, 9EC023E1A4F19F83E95B128522E191C2FA1709150971FFB5727C16B2086B0B9C ] nuvotoncir C:\Windows\system32\DRIVERS\nuvotoncir.sys
23:58:52.0742 0x1294 nuvotoncir - ok
23:58:52.0764 0x1294 [ 05416052F584E7488DCE7F6BCE4E75A1, 27CF3B28AE0550C89C6B90557C83B7EBDD6FC121569EB6E8DF70B3D4D1115970 ] nuvotonhidcir C:\Windows\system32\DRIVERS\nuvotonhidcir.sys
23:58:52.0793 0x1294 nuvotonhidcir - ok
23:58:52.0812 0x1294 [ B4922563019CCAA82D52584D4A82DF8F, 138809D008BED8F53146840162C3B75DD7D653569D08F5F1ECF4780E38758341 ] nuvotonir C:\Windows\system32\DRIVERS\nuvotonir.sys
23:58:52.0875 0x1294 nuvotonir - ok
23:58:52.0917 0x1294 [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
23:58:52.0935 0x1294 nvraid - ok
23:58:52.0962 0x1294 [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
23:58:52.0973 0x1294 nvstor - ok
23:58:53.0001 0x1294 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
23:58:53.0012 0x1294 nv_agp - ok
23:58:53.0071 0x1294 [ D955D5DE998DB2476BF0892BE3A96C26, 3828FC1D4A4F9CD685E6D938B92370A602B84A3ACE2C9A674B3B59E633B0AE07 ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
23:58:53.0123 0x1294 O2FLASH - ok
23:58:53.0141 0x1294 [ 706EDBE5011BCE06F183632D6332E698, 7725865458491667563F94E7D326DF372C7AB4095ACBBD5900E0F6502233594D ] O2MDGRDR C:\Windows\system32\DRIVERS\o2mdgx64.sys
23:58:53.0151 0x1294 O2MDGRDR - ok
23:58:53.0194 0x1294 [ 58DEB12100D55F01FF14B46709BDF8FF, 919F89780222DB55FCBED838E4DCF2948527AA0A95F4AF808771D4C4F1F22087 ] O2SDGRDR C:\Windows\system32\DRIVERS\o2sdgx64.sys
23:58:53.0202 0x1294 O2SDGRDR - ok
23:58:53.0230 0x1294 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
23:58:53.0250 0x1294 ohci1394 - ok
23:58:53.0334 0x1294 [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:58:53.0352 0x1294 ose - ok
23:58:53.0386 0x1294 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:58:53.0440 0x1294 p2pimsvc - ok
23:58:53.0488 0x1294 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
23:58:53.0518 0x1294 p2psvc - ok
23:58:53.0546 0x1294 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:58:53.0557 0x1294 Parport - ok
23:58:53.0572 0x1294 [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:58:53.0580 0x1294 partmgr - ok
23:58:53.0595 0x1294 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
23:58:53.0621 0x1294 PcaSvc - ok
23:58:53.0645 0x1294 [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci C:\Windows\system32\DRIVERS\pci.sys
23:58:53.0655 0x1294 pci - ok
23:58:53.0690 0x1294 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\DRIVERS\pciide.sys
23:58:53.0707 0x1294 pciide - ok
23:58:53.0765 0x1294 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:58:53.0797 0x1294 pcmcia - ok
23:58:53.0820 0x1294 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
23:58:53.0828 0x1294 pcw - ok
23:58:53.0897 0x1294 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:58:53.0944 0x1294 PEAUTH - ok
23:58:54.0016 0x1294 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:58:54.0061 0x1294 PerfHost - ok
23:58:54.0177 0x1294 [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla C:\Windows\system32\pla.dll
23:58:54.0256 0x1294 pla - ok
23:58:54.0310 0x1294 [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:58:54.0365 0x1294 PlugPlay - ok
23:58:54.0407 0x1294 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:58:54.0441 0x1294 PNRPAutoReg - ok
23:58:54.0473 0x1294 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:58:54.0501 0x1294 PNRPsvc - ok
23:58:54.0550 0x1294 [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:58:54.0610 0x1294 PolicyAgent - ok
23:58:54.0628 0x1294 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
23:58:54.0658 0x1294 Power - ok
23:58:54.0696 0x1294 [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:58:54.0725 0x1294 PptpMiniport - ok
23:58:54.0745 0x1294 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:58:54.0782 0x1294 Processor - ok
23:58:54.0823 0x1294 [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc C:\Windows\system32\profsvc.dll
23:58:54.0889 0x1294 ProfSvc - ok
23:58:54.0904 0x1294 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:58:54.0914 0x1294 ProtectedStorage - ok
23:58:54.0939 0x1294 [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:58:54.0970 0x1294 Psched - ok
23:58:55.0054 0x1294 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:58:55.0101 0x1294 ql2300 - ok
23:58:55.0138 0x1294 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:58:55.0148 0x1294 ql40xx - ok
23:58:55.0181 0x1294 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
23:58:55.0219 0x1294 QWAVE - ok
23:58:55.0236 0x1294 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:58:55.0249 0x1294 QWAVEdrv - ok
23:58:55.0260 0x1294 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:58:55.0303 0x1294 RasAcd - ok
23:58:55.0332 0x1294 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:58:55.0361 0x1294 RasAgileVpn - ok
23:58:55.0406 0x1294 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
23:58:55.0480 0x1294 RasAuto - ok
23:58:55.0507 0x1294 [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:58:55.0557 0x1294 Rasl2tp - ok
23:58:55.0622 0x1294 [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan C:\Windows\System32\rasmans.dll
23:58:55.0682 0x1294 RasMan - ok
23:58:55.0707 0x1294 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:58:55.0745 0x1294 RasPppoe - ok
23:58:55.0765 0x1294 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:58:55.0809 0x1294 RasSstp - ok
23:58:55.0843 0x1294 [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:58:55.0890 0x1294 rdbss - ok
23:58:55.0906 0x1294 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:58:55.0918 0x1294 rdpbus - ok
23:58:55.0947 0x1294 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:58:55.0974 0x1294 RDPCDD - ok
23:58:55.0988 0x1294 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:58:56.0024 0x1294 RDPENCDD - ok
23:58:56.0044 0x1294 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:58:56.0084 0x1294 RDPREFMP - ok
23:58:56.0108 0x1294 [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:58:56.0150 0x1294 RDPWD - ok
23:58:56.0181 0x1294 [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:58:56.0194 0x1294 rdyboost - ok
23:58:56.0225 0x1294 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:58:56.0273 0x1294 RemoteAccess - ok
23:58:56.0312 0x1294 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:58:56.0358 0x1294 RemoteRegistry - ok
23:58:56.0399 0x1294 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
23:58:56.0423 0x1294 RFCOMM - ok
23:58:56.0473 0x1294 [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
23:58:56.0510 0x1294 RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
23:58:59.0159 0x1294 Detect skipped due to KSN trusted
23:58:59.0159 0x1294 RichVideo - ok
23:58:59.0199 0x1294 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:58:59.0266 0x1294 RpcEptMapper - ok
23:58:59.0291 0x1294 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
23:58:59.0301 0x1294 RpcLocator - ok
23:58:59.0325 0x1294 [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs C:\Windows\system32\rpcss.dll
23:58:59.0364 0x1294 RpcSs - ok
23:58:59.0399 0x1294 [ 6195EC84C82E7844B5B17803ADDB1CA3, 175DF60973C50B1F1FA84B7DBB694D2B18CD41DA8A29479E388ED76D2C9AAE19 ] RrNetCapFilterDriver C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys
23:58:59.0403 0x1294 RrNetCapFilterDriver - ok
23:58:59.0440 0x1294 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:58:59.0501 0x1294 rspndr - ok
23:58:59.0584 0x1294 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A, A6810A901620119E1809297A568DC903729471F4F4F813F1C60378E122D2358E ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
23:58:59.0601 0x1294 RS_Service - ok
23:58:59.0616 0x1294 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs C:\Windows\system32\lsass.exe
23:58:59.0626 0x1294 SamSs - ok
23:58:59.0659 0x1294 [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
23:58:59.0683 0x1294 sbp2port - ok
23:58:59.0735 0x1294 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:58:59.0812 0x1294 SCardSvr - ok
23:58:59.0825 0x1294 [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:58:59.0882 0x1294 scfilter - ok
23:58:59.0929 0x1294 [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule C:\Windows\system32\schedsvc.dll
23:58:59.0986 0x1294 Schedule - ok
23:59:00.0010 0x1294 [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc C:\Windows\System32\certprop.dll
23:59:00.0044 0x1294 SCPolicySvc - ok
23:59:00.0087 0x1294 [ 54E47AD086782D3AE9417C155CDCEB9B, 5143DC43B89F9143A56505FA20841AF15E7785A87F88195B08B3E09B87472A07 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
23:59:00.0110 0x1294 sdbus - ok
23:59:00.0139 0x1294 [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:59:00.0171 0x1294 SDRSVC - ok
23:59:00.0202 0x1294 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:59:00.0230 0x1294 secdrv - ok
23:59:00.0242 0x1294 [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon C:\Windows\system32\seclogon.dll
23:59:00.0281 0x1294 seclogon - ok
23:59:00.0323 0x1294 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
23:59:00.0364 0x1294 SENS - ok
23:59:00.0380 0x1294 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:59:00.0389 0x1294 SensrSvc - ok
23:59:00.0416 0x1294 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:59:00.0425 0x1294 Serenum - ok
23:59:00.0461 0x1294 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:59:00.0487 0x1294 Serial - ok
23:59:00.0511 0x1294 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:59:00.0541 0x1294 sermouse - ok
23:59:00.0591 0x1294 [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv C:\Windows\system32\sessenv.dll
23:59:00.0647 0x1294 SessionEnv - ok
23:59:00.0675 0x1294 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
23:59:00.0707 0x1294 sffdisk - ok
23:59:00.0724 0x1294 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:59:00.0746 0x1294 sffp_mmc - ok
23:59:00.0766 0x1294 [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
23:59:00.0778 0x1294 sffp_sd - ok
23:59:00.0806 0x1294 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:59:00.0824 0x1294 sfloppy - ok
23:59:00.0878 0x1294 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:59:00.0915 0x1294 SharedAccess - ok
23:59:00.0967 0x1294 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:59:01.0005 0x1294 ShellHWDetection - ok
23:59:01.0041 0x1294 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:59:01.0049 0x1294 SiSRaid2 - ok
23:59:01.0062 0x1294 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:59:01.0071 0x1294 SiSRaid4 - ok
23:59:01.0081 0x1294 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:59:01.0111 0x1294 Smb - ok
23:59:01.0137 0x1294 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:59:01.0174 0x1294 SNMPTRAP - ok
23:59:01.0210 0x1294 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
23:59:01.0217 0x1294 spldr - ok
23:59:01.0248 0x1294 [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler C:\Windows\System32\spoolsv.exe
23:59:01.0275 0x1294 Spooler - ok
23:59:01.0539 0x1294 [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc C:\Windows\system32\sppsvc.exe
23:59:01.0731 0x1294 sppsvc - ok
23:59:01.0747 0x1294 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:59:01.0775 0x1294 sppuinotify - ok
23:59:01.0818 0x1294 [ 37C3ABC2338010E110D2A6A3930F3149, EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:59:01.0857 0x1294 srv - ok
23:59:01.0885 0x1294 [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:59:01.0923 0x1294 srv2 - ok
23:59:01.0941 0x1294 [ CCE32BB223E9FF55D241099A858FA889, A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:59:01.0953 0x1294 srvnet - ok
23:59:02.0001 0x1294 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:59:02.0060 0x1294 SSDPSRV - ok
23:59:02.0074 0x1294 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:59:02.0105 0x1294 SstpSvc - ok
23:59:02.0115 0x1294 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:59:02.0122 0x1294 stexstor - ok
23:59:02.0155 0x1294 [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc C:\Windows\System32\wiaservc.dll
23:59:02.0185 0x1294 stisvc - ok
23:59:02.0218 0x1294 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:59:02.0224 0x1294 swenum - ok
23:59:02.0258 0x1294 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
23:59:02.0302 0x1294 swprv - ok
23:59:02.0349 0x1294 [ 9504FAC3BB8A14861BB2D6C741AAF9C8, 785353BA0CEF45E141221419555591956064FE0D2F5E250BA67F107F1FE5354F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:59:02.0362 0x1294 SynTP - ok
23:59:02.0463 0x1294 [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain C:\Windows\system32\sysmain.dll
23:59:02.0556 0x1294 SysMain - ok
23:59:02.0582 0x1294 [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:59:02.0613 0x1294 TabletInputService - ok
23:59:02.0641 0x1294 [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:59:02.0701 0x1294 TapiSrv - ok
23:59:02.0747 0x1294 [ 048CFE7569D6ADCAB9349BB1A566A79E, E248D2A66881FDFF9505896F383EFFEF2FD5AFC15D8992E653F5C31F1F80DAF3 ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
23:59:02.0761 0x1294 tbhsd - ok
23:59:02.0788 0x1294 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
23:59:02.0843 0x1294 TBS - ok
23:59:02.0975 0x1294 [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:59:03.0033 0x1294 Tcpip - ok
23:59:03.0154 0x1294 [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:59:03.0211 0x1294 TCPIP6 - ok
23:59:03.0233 0x1294 [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:59:03.0262 0x1294 tcpipreg - ok
23:59:03.0298 0x1294 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:59:03.0371 0x1294 TDPIPE - ok
23:59:03.0390 0x1294 [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:59:03.0416 0x1294 TDTCP - ok
23:59:03.0443 0x1294 [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:59:03.0486 0x1294 tdx - ok
23:59:03.0509 0x1294 [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:59:03.0516 0x1294 TermDD - ok
23:59:03.0584 0x1294 [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService C:\Windows\System32\termsrv.dll
23:59:03.0640 0x1294 TermService - ok
23:59:03.0662 0x1294 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
23:59:03.0701 0x1294 Themes - ok
23:59:03.0706 0x1294 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
23:59:03.0733 0x1294 THREADORDER - ok
23:59:03.0771 0x1294 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
23:59:03.0820 0x1294 TrkWks - ok
23:59:03.0892 0x1294 [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:59:03.0937 0x1294 TrustedInstaller - ok
23:59:03.0965 0x1294 [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:04.0018 0x1294 tssecsrv - ok
23:59:04.0050 0x1294 [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:59:04.0094 0x1294 tunnel - ok
23:59:04.0111 0x1294 [ 825E7A1F48FB8BCFBA27C178AAB4E275, 94F039917B52BEFFFE383E14A6169AE81B6E79C30BA7DD017A9CFE15708A1605 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
23:59:04.0117 0x1294 TurboB - ok
23:59:04.0237 0x1294 [ B206BE1174D5964D49A56BB6C4E0524A, 9D7DA11220B69E2EDEA9E55EC0E4CB554DD7F638ABF49B76353CE5A5C75965B8 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:59:04.0260 0x1294 TurboBoost - ok
23:59:04.0280 0x1294 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:59:04.0293 0x1294 uagp35 - ok
23:59:04.0321 0x1294 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
23:59:04.0328 0x1294 UBHelper - ok
23:59:04.0358 0x1294 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:59:04.0413 0x1294 udfs - ok
23:59:04.0440 0x1294 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:59:04.0450 0x1294 UI0Detect - ok
23:59:04.0484 0x1294 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
23:59:04.0503 0x1294 uliagpkx - ok
23:59:04.0524 0x1294 [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:59:04.0550 0x1294 umbus - ok
23:59:04.0563 0x1294 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:59:04.0573 0x1294 UmPass - ok
23:59:04.0841 0x1294 [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:59:04.0973 0x1294 UNS - detected UnsignedFile.Multi.Generic ( 1 )
23:59:07.0720 0x1294 Detect skipped due to KSN trusted
23:59:07.0720 0x1294 UNS - ok
23:59:07.0814 0x1294 [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:59:07.0841 0x1294 Updater Service - ok
23:59:07.0871 0x1294 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
23:59:07.0908 0x1294 upnphost - ok
23:59:07.0939 0x1294 [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:59:07.0950 0x1294 usbccgp - ok
23:59:07.0965 0x1294 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
23:59:07.0991 0x1294 usbcir - ok
23:59:08.0014 0x1294 [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:59:08.0049 0x1294 usbehci - ok
23:59:08.0102 0x1294 [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:59:08.0142 0x1294 usbhub - ok
23:59:08.0156 0x1294 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
23:59:08.0168 0x1294 usbohci - ok
23:59:08.0179 0x1294 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:59:08.0218 0x1294 usbprint - ok
23:59:08.0253 0x1294 [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:59:08.0286 0x1294 USBSTOR - ok
23:59:08.0322 0x1294 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:59:08.0340 0x1294 usbuhci - ok
23:59:08.0374 0x1294 [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
23:59:08.0396 0x1294 usbvideo - ok
23:59:08.0420 0x1294 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
23:59:08.0449 0x1294 UxSms - ok
23:59:08.0483 0x1294 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
23:59:08.0494 0x1294 VaultSvc - ok
23:59:08.0531 0x1294 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
23:59:08.0539 0x1294 vdrvroot - ok
23:59:08.0601 0x1294 [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds C:\Windows\System32\vds.exe
23:59:08.0629 0x1294 vds - ok
23:59:08.0661 0x1294 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:08.0674 0x1294 vga - ok
23:59:08.0687 0x1294 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:59:08.0729 0x1294 VgaSave - ok
23:59:08.0747 0x1294 [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
23:59:08.0759 0x1294 vhdmp - ok
23:59:08.0788 0x1294 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
23:59:08.0795 0x1294 viaide - ok
23:59:08.0830 0x1294 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
23:59:08.0839 0x1294 volmgr - ok
23:59:08.0860 0x1294 [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:59:08.0877 0x1294 volmgrx - ok
23:59:08.0894 0x1294 [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
23:59:08.0908 0x1294 volsnap - ok
23:59:08.0934 0x1294 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:59:08.0945 0x1294 vsmraid - ok
23:59:09.0036 0x1294 [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS C:\Windows\system32\vssvc.exe
23:59:09.0109 0x1294 VSS - ok
23:59:09.0131 0x1294 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:59:09.0142 0x1294 vwifibus - ok
23:59:09.0172 0x1294 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:59:09.0187 0x1294 vwififlt - ok
23:59:09.0238 0x1294 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
23:59:09.0278 0x1294 W32Time - ok
23:59:09.0301 0x1294 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:59:09.0327 0x1294 WacomPen - ok
23:59:09.0358 0x1294 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:59:09.0390 0x1294 WANARP - ok
23:59:09.0395 0x1294 [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:59:09.0426 0x1294 Wanarpv6 - ok
23:59:09.0516 0x1294 [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine C:\Windows\system32\wbengine.exe
23:59:09.0595 0x1294 wbengine - ok
23:59:09.0621 0x1294 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:59:09.0641 0x1294 WbioSrvc - ok
23:59:09.0678 0x1294 [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:59:09.0703 0x1294 wcncsvc - ok
23:59:09.0716 0x1294 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:59:09.0739 0x1294 WcsPlugInService - ok
23:59:09.0766 0x1294 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:59:09.0774 0x1294 Wd - ok
23:59:09.0804 0x1294 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:59:09.0830 0x1294 Wdf01000 - ok
23:59:09.0866 0x1294 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:59:09.0893 0x1294 WdiServiceHost - ok
23:59:09.0898 0x1294 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:59:09.0915 0x1294 WdiSystemHost - ok
23:59:09.0937 0x1294 [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient C:\Windows\System32\webclnt.dll
23:59:09.0968 0x1294 WebClient - ok
23:59:09.0993 0x1294 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:59:10.0048 0x1294 Wecsvc - ok
23:59:10.0084 0x1294 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:59:10.0139 0x1294 wercplsupport - ok
23:59:10.0177 0x1294 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
23:59:10.0208 0x1294 WerSvc - ok
23:59:10.0225 0x1294 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:59:10.0254 0x1294 WfpLwf - ok
23:59:10.0288 0x1294 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:59:10.0297 0x1294 WIMMount - ok
23:59:10.0327 0x1294 WinDefend - ok
23:59:10.0330 0x1294 WinHttpAutoProxySvc - ok
23:59:10.0432 0x1294 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:59:10.0494 0x1294 Winmgmt - ok
23:59:10.0634 0x1294 [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM C:\Windows\system32\WsmSvc.dll
23:59:10.0779 0x1294 WinRM - ok
23:59:10.0850 0x1294 [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:59:10.0879 0x1294 WinUsb - ok
23:59:10.0948 0x1294 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:59:11.0014 0x1294 Wlansvc - ok
23:59:11.0044 0x1294 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:59:11.0055 0x1294 WmiAcpi - ok
23:59:11.0108 0x1294 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:59:11.0166 0x1294 wmiApSrv - ok
23:59:11.0197 0x1294 WMPNetworkSvc - ok
23:59:11.0232 0x1294 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:59:11.0259 0x1294 WPCSvc - ok
23:59:11.0278 0x1294 [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:59:11.0311 0x1294 WPDBusEnum - ok
23:59:11.0342 0x1294 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:59:11.0407 0x1294 ws2ifsl - ok
23:59:11.0439 0x1294 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
23:59:11.0483 0x1294 wscsvc - ok
23:59:11.0487 0x1294 WSearch - ok
23:59:11.0599 0x1294 [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv C:\Windows\system32\wuaueng.dll
23:59:11.0724 0x1294 wuauserv - ok
23:59:11.0740 0x1294 [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:59:11.0769 0x1294 WudfPf - ok
23:59:11.0820 0x1294 [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:59:11.0861 0x1294 WUDFRd - ok
23:59:11.0879 0x1294 [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:59:11.0926 0x1294 wudfsvc - ok
23:59:11.0953 0x1294 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:59:11.0985 0x1294 WwanSvc - ok
23:59:12.0137 0x1294 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:59:12.0157 0x1294 YahooAUService - ok
23:59:12.0234 0x1294 [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {6E090BD5-4EF5-4bf0-A968-74049E88E935} C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl
23:59:12.0252 0x1294 {6E090BD5-4EF5-4bf0-A968-74049E88E935} - ok
23:59:12.0269 0x1294 ================ Scan global ===============================
23:59:12.0290 0x1294 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:59:12.0322 0x1294 [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:59:12.0335 0x1294 [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:59:12.0364 0x1294 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:59:12.0420 0x1294 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:59:12.0437 0x1294 [ Global ] - ok
23:59:12.0437 0x1294 ================ Scan MBR ==================================
23:59:12.0447 0x1294 [ 9C51D3FD2697BD2AE931BE1D6F1E6FFA ] \Device\Harddisk0\DR0
23:59:13.0412 0x1294 \Device\Harddisk0\DR0 - ok
23:59:17.0028 0x1294 [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk1\DR1
23:59:19.0295 0x1294 \Device\Harddisk1\DR1 - ok
23:59:19.0296 0x1294 ================ Scan VBR ==================================
23:59:19.0314 0x1294 [ DA4397ECDD569974AF0683AC4E7BD9BA ] \Device\Harddisk0\DR0\Partition1
23:59:19.0317 0x1294 \Device\Harddisk0\DR0\Partition1 - ok
23:59:19.0336 0x1294 [ EB557E0D0C7DA240C4AA977C40911798 ] \Device\Harddisk0\DR0\Partition2
23:59:19.0339 0x1294 \Device\Harddisk0\DR0\Partition2 - ok
23:59:19.0361 0x1294 [ 62FB8373B21EBAD5CD44E8D288850904 ] \Device\Harddisk0\DR0\Partition3
23:59:19.0364 0x1294 \Device\Harddisk0\DR0\Partition3 - ok
23:59:19.0369 0x1294 [ 16DE74CF0D60C0C2694C52F0562DE42C ] \Device\Harddisk1\DR1\Partition1
23:59:19.0374 0x1294 \Device\Harddisk1\DR1\Partition1 - ok
23:59:19.0375 0x1294 ================ Scan generic autorun ======================
23:59:19.0507 0x1294 [ 89F7B7CCC82D7E6FF9832FE3D24988C4, 430958B7694D2F86F4DAEF57329582669F79435B0B4D5D10CB3FF9D1B4251F44 ] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
23:59:19.0522 0x1294 mwlDaemon - ok
23:59:20.0375 0x1294 [ BF98B82615C6737A75F71A8827EE91BC, 52A04A2F961E326F27174EDB51C730207E6612D9308649E6129AECDEE9BC784A ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:59:20.0752 0x1294 RtHDVCpl - ok
23:59:20.0761 0x1294 SynTPEnh - ok
23:59:20.0792 0x1294 [ 17C5E2A94AA1B42D499A5396D67E0B61, 744BB5165E2390A5D6616C8E55A5A2EC8289539F7BA0153AFE954C729E2FE7C6 ] C:\Windows\PLFSetI.exe
23:59:20.0802 0x1294 PLFSetI - ok
23:59:20.0864 0x1294 [ 3F317440210CA5238F493F9FF5103C2D, 81BC0B75072FE6E93863114B0B1E6710F37425813C315A963D26B9E8652F73AA ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
23:59:20.0890 0x1294 Acer ePower Management - ok
23:59:20.0973 0x1294 [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
23:59:20.0990 0x1294 IAStorIcon - ok
23:59:21.0060 0x1294 [ 522EEC6D2CAF10ADF7D9B6868A5BDEA9, 15198AF557E2630492106CA6306C03E1A103FF9E9669B70E601957AC7D490C87 ] C:\Program Files (x86)\Launch Manager\LManager.exe
23:59:21.0096 0x1294 LManager - ok
23:59:21.0159 0x1294 [ E439643E61B6CE7F47CC03E6A4590E26, E0C3DD41BD12CAF2AA04E930A30D3C4DF9974AC8769C58A45B744C28F6EF469D ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
23:59:21.0179 0x1294 SuiteTray - ok
23:59:21.0236 0x1294 [ 6C695B04E2E29459CDC2E5C0970B883B, CE0CFE5369B9931FF387A2F64B9F7F8E6583CE50789FB703228AC68950F32EA9 ] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
23:59:21.0255 0x1294 EgisUpdate - ok
23:59:21.0275 0x1294 [ 27964C4676D0F4B34DB7332AFA2B1474, E3A7ED7642A3902C19E96717E9C14267C9A578637338674A2654A018D3D7F65D ] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
23:59:21.0289 0x1294 EgisTecPMMUpdate - ok
23:59:21.0334 0x1294 [ 452FA961163EF4AEE4815796A13AB2CF, 14DC422082F96F5C21C41A5E5F6E8445547CC4B02B18F0A86A34669CA2CE18A7 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:59:21.0339 0x1294 Adobe Reader Speed Launcher - ok
23:59:21.0410 0x1294 [ F3B61618292A576E00B81707B6D30B40, 9D10BE8F18508B45661C6A6E8283769334A4F18B78A3BF721D416F640D4B58B2 ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
23:59:21.0436 0x1294 BackupManagerTray - detected UnsignedFile.Multi.Generic ( 1 )
23:59:24.0183 0x1294 Detect skipped due to KSN trusted
23:59:24.0183 0x1294 BackupManagerTray - ok
23:59:24.0239 0x1294 [ 4EC4260D778FB923BA1AB697AFF6C0E3, 72372369153F675C26F938C5106BFD8704FC518348BC95961214B76DECB68689 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:59:24.0272 0x1294 StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
23:59:27.0019 0x1294 Detect skipped due to KSN trusted
23:59:27.0019 0x1294 StartCCC - ok
23:59:27.0520 0x1294 [ F9173CD9F23F5695C848E8A294876523, FB82CB18873007D9D81C4F370BBBD75B78DA802CCCF03E7C6C61F74FB8182119 ] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
23:59:27.0679 0x1294 VitaKeyPdtWzd - ok
23:59:27.0766 0x1294 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe
23:59:27.0776 0x1294 MDS_Menu - ok
23:59:27.0796 0x1294 [ 29996B367DFC23E3253AF77E40D085F5, 063F89CB8C4099956EFED71D8B2989222C7631C678B406D20BC1F382D8DFF193 ] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
23:59:27.0805 0x1294 ArcadeMovieService - ok
23:59:27.0912 0x1294 [ 1F3FF6C062B311FE410EC89F6BFAC213, E7DCD366568321BDE5B801680B5D0DE30548C36CE58E326DA6C74537DCCAA49B ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:59:27.0919 0x1294 APSDaemon - ok
23:59:28.0235 0x1294 [ 3B35A7465B26C6AFD7F43518A9F25BBA, 4F2FA1D432AD40A6F19C08D77393CB0A6270AA29AED3891A3BE79B184BFFFA12 ] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
23:59:28.0396 0x1294 Babylon Client - ok
23:59:28.0399 0x1294 AnyProtect Scanner - ok
23:59:28.0401 0x1294 AnyProtect Tray - ok
23:59:28.0545 0x1294 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:59:28.0610 0x1294 Sidebar - ok
23:59:28.0632 0x1294 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:59:28.0648 0x1294 mctadmin - ok
23:59:28.0679 0x1294 [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:59:28.0717 0x1294 Sidebar - ok
23:59:28.0723 0x1294 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:59:28.0736 0x1294 mctadmin - ok
23:59:28.0935 0x1294 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
23:59:28.0953 0x1294 Google Update - ok
23:59:29.0380 0x1294 [ C0D12E6C85FC6DD7FF1DBB04F2DC933B, 06D3C060ABC986EE4DED0991AEAFD88367E7922D1364F23948FE98923445BCFD ] C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe
23:59:29.0603 0x1294 Messenger (Yahoo!) - ok
23:59:29.0631 0x1294 EA Core - ok
23:59:29.0631 0x1294 AudialsNotifier - ok
23:59:29.0703 0x1294 [ 8E65F53D6A36F5E790D09952D7F523CF, F380859EF6FDD67FDDC199AFEF8364DD54360569C639F4AEBD65FBBE46143623 ] C:\Windows\system32\crypring.exe
23:59:29.0722 0x1294 Acti-1-0 - detected UnsignedFile.Multi.Generic ( 1 )
23:59:32.0405 0x1294 Acti-1-0 ( UnsignedFile.Multi.Generic ) - warning
23:59:35.0122 0x1294 Win FW state via NFP2: enabled
23:59:37.0810 0x1294 ============================================================
23:59:37.0810 0x1294 Scan finished
23:59:37.0810 0x1294 ============================================================
23:59:37.0829 0x10c8 Detected object count: 3
23:59:37.0829 0x10c8 Actual detected object count: 3
00:00:09.0965 0x10c8 LMS ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:09.0965 0x10c8 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:09.0966 0x10c8 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:09.0966 0x10c8 NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:00:09.0969 0x10c8 Acti-1-0 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:09.0969 0x10c8 Acti-1-0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.08.2014, 17:52
| #4 |
| /// the machine /// TB-Ausbilder | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Soweit eh ich mal nix, wenn das aber wirklich nur Phishing war muss auf dem Rechner gar keine Malware sein. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.08.2014, 22:50
| #5 |
| | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Hallo, Du siehst in mir gerade einen der ratlosesten Anwender vor Dir. Beim Versuch AVIRA für Combofix zu deaktivieren, hab ich es nicht (mehr) gefunden. Ist weg? Also hier ist zumindest der Screenshot von dem Scan nach dem Phishing-Vorfall als angehängte Datei. Wie auch immer, hier die TXT von Combofix: Code:
ATTFilter Combofix Logfile: |
|
13.08.2014, 19:31
| #6 |
| /// the machine /// TB-Ausbilder | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? |
|
16.08.2014, 22:30
| #7 |
| | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Hallo mal wieder, hier die 3 gewünschten Dateien: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.08.2014 Suchlauf-Zeit: 19:36:07 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.08.16.06 Rootkit Datenbank: v2014.08.15.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 CPU: x64 Dateisystem: NTFS Benutzer: Gursky Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 306991 Verstrichene Zeit: 7 Min, 8 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 23 PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DCC39ACE-709B-44EA-B062-5F6BE2774644}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7970495D-2F98-45F4-B093-87E76C7B8B60}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C5896EEA-056A-402F-8991-587AB2B8FD9C}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7970495D-2F98-45F4-B093-87E76C7B8B60}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C5896EEA-056A-402F-8991-587AB2B8FD9C}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DCC39ACE-709B-44EA-B062-5F6BE2774644}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DCC39ACE-709B-44EA-B062-5F6BE2774644}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DCC39ACE-709B-44EA-B062-5F6BE2774644}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [2026d4f386f53303f55371ff62a09a66], PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [2026d4f386f53303f55371ff62a09a66], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [2026d4f386f53303f55371ff62a09a66], PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [2026d4f386f53303f55371ff62a09a66], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [21257552cfac41f5f192363551b1aa56], PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyEmoticons, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhkplhfnhceodhffomolpfigojocbpcb, In Quarantäne, [de680eb94d2eb2847168d76ca75d3fc1], PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oopofgccipckckifenoicncegojimpmf, In Quarantäne, [91b5982f710aca6c1bed9c6d8c7725db], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [cd79c2057b00dd59952906e150b2fd03], PUP.Optional.InstallCore.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [61e53d8aceadae8836f3d33a59aa50b0], PUP.Optional.InstallCore.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [9da95176b9c2d660a8979e854cb8ab55], PUP.Optional.Softonic.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [94b233948af10e28fd481ede8a78926e], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [ea5c775039424ee8893419cefb07de22], Registrierungswerte: 2 PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|myemoticons@myemoticons.com, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3, In Quarantäne, [5bebe3e4f48711253ecbc742956edc24] PUP.Optional.InstallCore.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0O1J1G2R, In Quarantäne, [9da95176b9c2d660a8979e854cb8ab55] Registrierungsdaten: 0 (No malicious items detected) Ordner: 9 PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons, Löschen bei Neustart, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3, Löschen bei Neustart, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\content, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf, Löschen bei Neustart, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb, Löschen bei Neustart, [1d29d4f32a5161d5487e3488ac566d93], PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], PUP.Optional.SystemSpeedup, C:\Users\Gursky\AppData\Roaming\Systweak\ssd, In Quarantäne, [e363705794e7d26414ee874a23df53ad], PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], Dateien: 37 PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons-1.3.dll, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], Spyware.Zbot.VXGen, C:\Windows\System32\crypring.exe, In Quarantäne, [cd797f48f5868caa968f185d57aa5aa6], PUP.Optional.Bundlore, C:\Users\Gursky\Downloads\setup.exe, In Quarantäne, [0a3c6b5c334861d5940de52bdb26dc24], PUP.Optional.Trovi.A, C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\trovi-search.xml, In Quarantäne, [47ff8a3dfd7ece68bb66b44127db16ea], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com.xpi, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\config.ini, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons.ico, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\MyEmoticons.url, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\oopofgccipckckifenoicncegojimpmf.crx, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\uninst.exe, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\chrome.manifest, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\icon.png, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\install.rdf, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\content\myemoticons.jar, In Quarantäne, [21257e49e695102608fe69a05ca707f9], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\128.png, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\16.png, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\48.png, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\background.js, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\fbme.js, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\fbme.png, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\manifest.json, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\popup.html, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\babylon48.png, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dll, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\bg.html, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\bg.js, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\cs.js, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\manifest.json, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], PUP.Optional.SystemSpeedup, C:\Users\Gursky\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [e363705794e7d26414ee874a23df53ad], PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], PUP.Optional.Trovi.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=55&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&SSPV=" ],), Ersetzt,[0a3ccbfc7a01cc6aa10ac43f40c59e62] PUP.Optional.Trovi.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=55&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&SSPV=",), Ersetzt,[2422a126fd7e0a2ccfdd0bf87e87dd23] PUP.Optional.Trovi, C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "Trovi search");), Ersetzt,[7bcbe2e5abd07fb7a7730cf7bc490cf4] PUP.Optional.Trovi, C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "Trovi search");), Ersetzt,[c0868f38ee8d49ed9b8062a1e81d2ad6] Physische Sektoren: 0 (No malicious items detected) (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.306 - Bericht erstellt am 16/08/2014 um 22:50:11
# Aktualisiert 15/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium (64 bits)
# Benutzername : Gursky - THUNDERBIRD
# Gestartet von : C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\ProgramData\Partner
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[!] Ordner Gelöscht : C:\Program Files (x86)\Babylon
[!] Ordner Gelöscht : C:\Program Files\Babylon
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Local\Babylon
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\Babylon
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\DigitalSites
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\goforfiles
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\InetStat
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\adapter@babylontc.com.xpi
Datei Gelöscht : C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\ocr@babylon.com.xpi
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Gursky\AppData\Roaming\aps.uninstall.scan.results
***** [ Tasks ] *****
Task Gelöscht : Digital Sites
Task Gelöscht : GoforFilesUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_safari_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_safari_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,ocr%40babylon.com:1.1,%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.1,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0");
-\\ Google Chrome v
[ Datei : C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=58&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&q={searchTerms}&SSPV=
Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=58&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&q={searchTerms}&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
*************************
AdwCleaner[R0].txt - [12427 octets] - [16/08/2014 22:48:29]
AdwCleaner[S0].txt - [11853 octets] - [16/08/2014 22:50:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11914 octets] ##########
[/CODE] Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gursky on 16.08.2014 at 22:55:10,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-864001013-3320382990-1238080026-1000\Software\babylon
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\Gursky\AppData\Roaming\mozilla\firefox\profiles\clzgy7ze.default\minidumps [240 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2014 at 23:02:16,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und zu Ende noch die FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Gursky (administrator) on THUNDERBIRD on 16-08-2014 23:34:12
Running from C:\Users\Gursky\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107688 2010-04-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3577712 2010-03-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.yahoo.com
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Greasemonkey - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-16]
FF Extension: No Name - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\extensions\adapter@babylontc.com.xpi []
FF Extension: No Name - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\extensions\ocr@babylon.com.xpi []
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3456880 2010-03-08] (Egis Technology Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-09-01] (Windows (R) Win 7 DDK provider)
R3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [625152 2009-05-23] (LiteOn)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-09-01] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-06-11] (Audials AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-02-25] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-16 23:33 - 2014-08-16 23:33 - 00000000 ____D () C:\Users\Gursky\Desktop\FRST-OlderVersion
2014-08-16 23:02 - 2014-08-16 23:02 - 00001019 _____ () C:\Users\Gursky\Desktop\JRT.txt
2014-08-16 22:55 - 2014-08-16 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:53 - 2014-08-16 22:53 - 01016261 _____ (Thisisu) C:\Users\Gursky\Desktop\JRT.exe
2014-08-16 22:52 - 2014-08-16 22:52 - 00012043 _____ () C:\Users\Gursky\Desktop\AdwCleaner[S0].txt
2014-08-16 22:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-16 22:47 - 2014-08-16 22:50 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:47 - 2014-08-16 22:47 - 01361203 _____ () C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
2014-08-16 19:49 - 2014-08-16 19:49 - 00014067 _____ () C:\Users\Gursky\Desktop\mbam.txt
2014-08-16 19:34 - 2014-08-16 19:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 19:32 - 2014-08-16 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gursky\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-16 19:32 - 2014-08-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-16 19:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 19:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 19:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 23:38 - 2014-08-12 23:38 - 00018909 _____ () C:\ComboFix.txt
2014-08-12 23:22 - 2014-08-12 23:38 - 00000000 ____D () C:\Qoobox
2014-08-12 23:22 - 2014-08-12 23:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 23:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-12 23:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-12 23:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-12 23:11 - 2014-08-12 23:11 - 05569662 ____R (Swearware) C:\Users\Gursky\Desktop\ComboFix.exe
2014-08-11 23:56 - 2014-08-11 23:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gursky\Desktop\tdsskiller.exe
2014-08-10 19:36 - 2014-08-10 19:36 - 00034901 _____ () C:\Users\Gursky\Desktop\Addition.txt
2014-08-10 19:35 - 2014-08-16 23:34 - 00018652 _____ () C:\Users\Gursky\Desktop\FRST.txt
2014-08-10 19:35 - 2014-08-16 23:34 - 00000000 ____D () C:\FRST
2014-08-10 19:34 - 2014-08-16 23:33 - 02101760 _____ (Farbar) C:\Users\Gursky\Desktop\FRST64.exe
2014-08-08 18:57 - 2014-08-08 18:28 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-16 23:34 - 2014-08-10 19:35 - 00018652 _____ () C:\Users\Gursky\Desktop\FRST.txt
2014-08-16 23:34 - 2014-08-10 19:35 - 00000000 ____D () C:\FRST
2014-08-16 23:33 - 2014-08-16 23:33 - 00000000 ____D () C:\Users\Gursky\Desktop\FRST-OlderVersion
2014-08-16 23:33 - 2014-08-10 19:34 - 02101760 _____ (Farbar) C:\Users\Gursky\Desktop\FRST64.exe
2014-08-16 23:02 - 2014-08-16 23:02 - 00001019 _____ () C:\Users\Gursky\Desktop\JRT.txt
2014-08-16 23:01 - 2011-04-25 15:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 22:58 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 22:58 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 22:55 - 2014-08-16 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:54 - 2011-05-08 11:10 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job
2014-08-16 22:54 - 2011-03-02 19:05 - 01275593 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 22:53 - 2014-08-16 22:53 - 01016261 _____ (Thisisu) C:\Users\Gursky\Desktop\JRT.exe
2014-08-16 22:52 - 2014-08-16 22:52 - 00012043 _____ () C:\Users\Gursky\Desktop\AdwCleaner[S0].txt
2014-08-16 22:51 - 2011-04-25 15:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 22:51 - 2011-03-02 19:02 - 00038098 _____ () C:\Windows\PFRO.log
2014-08-16 22:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 22:51 - 2009-07-14 06:51 - 00198977 _____ () C:\Windows\setupact.log
2014-08-16 22:50 - 2014-08-16 22:47 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:47 - 2014-08-16 22:47 - 01361203 _____ () C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
2014-08-16 22:46 - 2012-07-30 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 22:14 - 2009-07-14 06:45 - 00379576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 19:49 - 2014-08-16 19:49 - 00014067 _____ () C:\Users\Gursky\Desktop\mbam.txt
2014-08-16 19:47 - 2014-08-16 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 19:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-08-16 19:32 - 2014-08-16 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gursky\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-16 19:32 - 2014-08-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-12 23:38 - 2014-08-12 23:38 - 00018909 _____ () C:\ComboFix.txt
2014-08-12 23:38 - 2014-08-12 23:22 - 00000000 ____D () C:\Qoobox
2014-08-12 23:37 - 2014-08-12 23:22 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 23:33 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-12 23:32 - 2009-07-14 04:34 - 51642368 _____ () C:\Windows\system32\config\software.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 18087936 _____ () C:\Windows\system32\config\system.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-12 23:28 - 2011-03-02 19:14 - 00000000 ____D () C:\Program Files (x86)\Acer Bio Protection
2014-08-12 23:11 - 2014-08-12 23:11 - 05569662 ____R (Swearware) C:\Users\Gursky\Desktop\ComboFix.exe
2014-08-11 23:56 - 2014-08-11 23:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gursky\Desktop\tdsskiller.exe
2014-08-10 19:36 - 2014-08-10 19:36 - 00034901 _____ () C:\Users\Gursky\Desktop\Addition.txt
2014-08-09 14:54 - 2011-05-08 11:10 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job
2014-08-08 18:32 - 2011-03-03 03:56 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-08-08 18:32 - 2011-03-03 03:56 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-08-08 18:32 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 18:28 - 2014-08-08 18:57 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
2014-07-18 07:57 - 2011-05-08 11:10 - 00002368 _____ () C:\Users\Gursky\Desktop\Google Chrome.lnk
Some content of TEMP:
====================
C:\Users\Gursky\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-08 07:24
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Gursky at 2014-08-16 23:34:50
Running from C:\Users\Gursky\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7501 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.1.7501 - CyberLink Corp.) Hidden
Acer Arcade Instant On (x32 Version: 3.0.34.2 - Acer) Hidden
Acer Arcade Movie (x32 Version: 9.0.6302 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.5.76 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.12.1 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{AFBE654A-4597-89DB-EF5F-7CC7D0475691}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden
bwin Poker (HKLM-x32\...\bwin Poker_is1) (Version: - bwin)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Fingerprint Solution (x32 Version: 6.1.76.0 - Egis Technology Inc.) Hidden
Fragen-Lern-CD 4.0 international (HKLM-x32\...\de.3m5.wendel.flcd.FLCDint.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.0.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.0 international (x32 Version: 4.0.0 - Wendel-Verlag GmbH) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDrug (HKCU\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Nuvoton CIR Device Drivers (HKLM-x32\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation)
O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.)
O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5FAD2AAE-C6DD-4CC8-B325-BFCBB3D32249}) (Version: 2.0.37.D - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D - O2Micro International LTD.) Hidden
ODF Add-In für Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.2 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
17-07-2014 05:45:28 Geplanter Prüfpunkt
24-07-2014 16:42:59 Geplanter Prüfpunkt
31-07-2014 20:48:02 Geplanter Prüfpunkt
08-08-2014 05:31:36 Geplanter Prüfpunkt
12-08-2014 21:22:53 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-12 23:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2EE742A3-8553-4CA4-B801-A2AA9223536C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {4A411131-3DF8-49B1-A988-368994F073E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {6ACF023F-5D47-48BF-9ADF-07809EE1BC99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8148C350-814E-4103-821B-EE64A1172966} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {977CEC33-8DB2-4BC1-A130-52B8784FA3F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {F20D94DC-D65C-46D0-9AE0-2346C1D5A7CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-03-02 19:32 - 2010-02-03 10:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2011-03-02 19:18 - 2010-01-13 11:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-03-26 12:46 - 2010-03-26 12:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-01-07 15:42 - 2010-01-07 15:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-02 19:07 - 2011-03-02 19:07 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-28 14:13 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-05-24 20:06 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-04-28 13:28 - 2010-04-28 13:28 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a52290f344ad5c5e513d71251549f5c2\IsdiInterop.ni.dll
2010-04-28 13:28 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-08-12 23:28:42.147
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-12 23:28:42.141
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-18 20:35:55.006
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 11:05:09.507
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 09:47:40.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 08:01:48.995
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 07:58:25.563
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-22 16:23:15.468
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-11 07:06:38.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-10 22:08:13.151
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 17%
Total physical RAM: 8124.5 MB
Available physical RAM: 6676.43 MB
Total Pagefile: 16247.14 MB
Available Pagefile: 14586.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:288.8 GB) (Free:185.69 GB) NTFS
Drive d: (DATA) (Fixed) (Total:288.14 GB) (Free:288.04 GB) NTFS
Drive e: (DATA) (Fixed) (Total:596.17 GB) (Free:593.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 3E9DEFF9)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=3.5 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=576.9 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 0F4BC564)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Geändert von Asmoteus (16.08.2014 um 22:37 Uhr) |
|
17.08.2014, 14:49
| #8 |
| /// the machine /// TB-Ausbilder | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.08.2014, 21:39
| #9 |
| | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Hallo mal wieder. Hier die Scans: Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9073c4f4f0eb7c4d9af8cf84284377e8
# engine=19715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-18 05:55:17
# local_time=2014-08-18 07:55:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 109267125 160014367 0 0
# scanned=182837
# found=9
# cleaned=0
# scan_time=2985
sh=A947908B61C9D628542EC1D1FEA13BC2CE2B7C06 ft=1 fh=961bdd4314208540 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll.vir"
sh=9901EA4F6868736CBE4161354556E16BCD6E3C6D ft=1 fh=bfb40f213a91a73c vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll.vir"
sh=6936E876CC0DBE1ACABFE76901C5FC97E03A0704 ft=1 fh=c71c001103c9a087 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BExternal.dll.vir"
sh=81447912A34F2B17146525275592838967D4FFF7 ft=1 fh=e9acee4b46b6c119 vn="Variante von Win32/RiskWare.Astori.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gursky\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=1C5244967D8907B676C6CBCEEE6BD9F90F10CC6B ft=1 fh=51b3b1bbaa02ab32 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gursky\Desktop\PhotoScape_V3.6.2.exe"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[2].0"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[2].0"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 14.0.0.145
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (30.0)
Google Chrome 36.0.1985.125
Google Chrome 36.0.1985.143
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Gursky (administrator) on THUNDERBIRD on 18-08-2014 22:44:36
Running from C:\Users\Gursky\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107688 2010-04-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3577712 2010-03-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.yahoo.com
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Greasemonkey - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-16]
FF Extension: No Name - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\extensions\adapter@babylontc.com.xpi []
FF Extension: No Name - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\extensions\ocr@babylon.com.xpi []
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3456880 2010-03-08] (Egis Technology Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-09-01] (Windows (R) Win 7 DDK provider)
R3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [625152 2009-05-23] (LiteOn)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-09-01] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-06-11] (Audials AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-02-25] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 18:58 - 2014-08-18 18:58 - 02347384 _____ (ESET) C:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe
2014-08-16 23:33 - 2014-08-16 23:33 - 00000000 ____D () C:\Users\Gursky\Desktop\FRST-OlderVersion
2014-08-16 23:02 - 2014-08-16 23:02 - 00001019 _____ () C:\Users\Gursky\Desktop\JRT.txt
2014-08-16 22:55 - 2014-08-16 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:53 - 2014-08-16 22:53 - 01016261 _____ (Thisisu) C:\Users\Gursky\Desktop\JRT.exe
2014-08-16 22:52 - 2014-08-16 22:52 - 00012043 _____ () C:\Users\Gursky\Desktop\AdwCleaner[S0].txt
2014-08-16 22:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-16 22:47 - 2014-08-16 22:50 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:47 - 2014-08-16 22:47 - 01361203 _____ () C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
2014-08-16 19:49 - 2014-08-16 19:49 - 00014067 _____ () C:\Users\Gursky\Desktop\mbam.txt
2014-08-16 19:34 - 2014-08-16 19:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 19:32 - 2014-08-16 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gursky\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-16 19:32 - 2014-08-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-16 19:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 19:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 19:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 23:38 - 2014-08-12 23:38 - 00018909 _____ () C:\ComboFix.txt
2014-08-12 23:22 - 2014-08-12 23:38 - 00000000 ____D () C:\Qoobox
2014-08-12 23:22 - 2014-08-12 23:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 23:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-12 23:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-12 23:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-12 23:11 - 2014-08-12 23:11 - 05569662 ____R (Swearware) C:\Users\Gursky\Desktop\ComboFix.exe
2014-08-11 23:56 - 2014-08-11 23:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gursky\Desktop\tdsskiller.exe
2014-08-10 19:36 - 2014-08-16 23:35 - 00023881 _____ () C:\Users\Gursky\Desktop\Addition.txt
2014-08-10 19:35 - 2014-08-18 22:44 - 00018778 _____ () C:\Users\Gursky\Desktop\FRST.txt
2014-08-10 19:35 - 2014-08-18 22:44 - 00000000 ____D () C:\FRST
2014-08-10 19:34 - 2014-08-16 23:33 - 02101760 _____ (Farbar) C:\Users\Gursky\Desktop\FRST64.exe
2014-08-08 18:57 - 2014-08-08 18:28 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-18 22:44 - 2014-08-10 19:35 - 00018778 _____ () C:\Users\Gursky\Desktop\FRST.txt
2014-08-18 22:44 - 2014-08-10 19:35 - 00000000 ____D () C:\FRST
2014-08-18 22:01 - 2011-04-25 15:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 21:54 - 2011-05-08 11:10 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job
2014-08-18 21:46 - 2012-07-30 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 19:55 - 2011-05-08 11:10 - 00002368 _____ () C:\Users\Gursky\Desktop\Google Chrome.lnk
2014-08-18 19:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 19:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 18:58 - 2014-08-18 18:58 - 02347384 _____ (ESET) C:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe
2014-08-18 18:57 - 2011-03-02 19:05 - 01279569 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 18:54 - 2011-04-25 15:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 18:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 18:54 - 2009-07-14 06:51 - 00199033 _____ () C:\Windows\setupact.log
2014-08-18 18:54 - 2009-07-14 06:45 - 00379576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 23:35 - 2014-08-10 19:36 - 00023881 _____ () C:\Users\Gursky\Desktop\Addition.txt
2014-08-16 23:33 - 2014-08-16 23:33 - 00000000 ____D () C:\Users\Gursky\Desktop\FRST-OlderVersion
2014-08-16 23:33 - 2014-08-10 19:34 - 02101760 _____ (Farbar) C:\Users\Gursky\Desktop\FRST64.exe
2014-08-16 23:02 - 2014-08-16 23:02 - 00001019 _____ () C:\Users\Gursky\Desktop\JRT.txt
2014-08-16 22:55 - 2014-08-16 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:53 - 2014-08-16 22:53 - 01016261 _____ (Thisisu) C:\Users\Gursky\Desktop\JRT.exe
2014-08-16 22:52 - 2014-08-16 22:52 - 00012043 _____ () C:\Users\Gursky\Desktop\AdwCleaner[S0].txt
2014-08-16 22:51 - 2011-03-02 19:02 - 00038098 _____ () C:\Windows\PFRO.log
2014-08-16 22:50 - 2014-08-16 22:47 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:47 - 2014-08-16 22:47 - 01361203 _____ () C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
2014-08-16 19:49 - 2014-08-16 19:49 - 00014067 _____ () C:\Users\Gursky\Desktop\mbam.txt
2014-08-16 19:47 - 2014-08-16 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 19:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-08-16 19:32 - 2014-08-16 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gursky\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-16 19:32 - 2014-08-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-12 23:38 - 2014-08-12 23:38 - 00018909 _____ () C:\ComboFix.txt
2014-08-12 23:38 - 2014-08-12 23:22 - 00000000 ____D () C:\Qoobox
2014-08-12 23:37 - 2014-08-12 23:22 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 23:33 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-12 23:32 - 2009-07-14 04:34 - 51642368 _____ () C:\Windows\system32\config\software.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 18087936 _____ () C:\Windows\system32\config\system.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-12 23:28 - 2011-03-02 19:14 - 00000000 ____D () C:\Program Files (x86)\Acer Bio Protection
2014-08-12 23:11 - 2014-08-12 23:11 - 05569662 ____R (Swearware) C:\Users\Gursky\Desktop\ComboFix.exe
2014-08-11 23:56 - 2014-08-11 23:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gursky\Desktop\tdsskiller.exe
2014-08-09 14:54 - 2011-05-08 11:10 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job
2014-08-08 18:32 - 2011-03-03 03:56 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-08-08 18:32 - 2011-03-03 03:56 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-08-08 18:32 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 18:28 - 2014-08-08 18:57 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
Some content of TEMP:
====================
C:\Users\Gursky\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-18 20:20
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Gursky at 2014-08-18 22:45:10
Running from C:\Users\Gursky\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7501 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.1.7501 - CyberLink Corp.) Hidden
Acer Arcade Instant On (x32 Version: 3.0.34.2 - Acer) Hidden
Acer Arcade Movie (x32 Version: 9.0.6302 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.5.76 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.12.1 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{AFBE654A-4597-89DB-EF5F-7CC7D0475691}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden
bwin Poker (HKLM-x32\...\bwin Poker_is1) (Version: - bwin)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Fingerprint Solution (x32 Version: 6.1.76.0 - Egis Technology Inc.) Hidden
Fragen-Lern-CD 4.0 international (HKLM-x32\...\de.3m5.wendel.flcd.FLCDint.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.0.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.0 international (x32 Version: 4.0.0 - Wendel-Verlag GmbH) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDrug (HKCU\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Nuvoton CIR Device Drivers (HKLM-x32\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation)
O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.)
O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5FAD2AAE-C6DD-4CC8-B325-BFCBB3D32249}) (Version: 2.0.37.D - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D - O2Micro International LTD.) Hidden
ODF Add-In für Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.2 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
17-07-2014 05:45:28 Geplanter Prüfpunkt
24-07-2014 16:42:59 Geplanter Prüfpunkt
31-07-2014 20:48:02 Geplanter Prüfpunkt
08-08-2014 05:31:36 Geplanter Prüfpunkt
12-08-2014 21:22:53 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-12 23:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2EE742A3-8553-4CA4-B801-A2AA9223536C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {4A411131-3DF8-49B1-A988-368994F073E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {6ACF023F-5D47-48BF-9ADF-07809EE1BC99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8148C350-814E-4103-821B-EE64A1172966} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {977CEC33-8DB2-4BC1-A130-52B8784FA3F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {F20D94DC-D65C-46D0-9AE0-2346C1D5A7CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-03-02 19:32 - 2010-02-03 10:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2010-03-26 12:46 - 2010-03-26 12:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-03-02 19:18 - 2010-01-13 11:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-01-07 15:42 - 2010-01-07 15:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-02 19:07 - 2011-03-02 19:07 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-28 14:13 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-05-24 20:06 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-04-28 13:28 - 2010-04-28 13:28 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a52290f344ad5c5e513d71251549f5c2\IsdiInterop.ni.dll
2010-04-28 13:28 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/18/2014 10:37:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (08/18/2014 08:20:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (08/18/2014 07:00:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (08/18/2014 07:00:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Error: (08/18/2014 06:58:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (08/18/2014 10:37:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (08/18/2014 08:20:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
Error: (08/18/2014 07:00:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe
Error: (08/18/2014 07:00:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe
Error: (08/18/2014 06:58:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe
CodeIntegrity Errors:
===================================
Date: 2014-08-12 23:28:42.147
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-12 23:28:42.141
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-02-18 20:35:55.006
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 11:05:09.507
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 09:47:40.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 08:01:48.995
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-08-05 07:58:25.563
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-22 16:23:15.468
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-11 07:06:38.654
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-07-10 22:08:13.151
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 25%
Total physical RAM: 8124.5 MB
Available physical RAM: 6065.04 MB
Total Pagefile: 16247.14 MB
Available Pagefile: 14226.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:288.8 GB) (Free:184.96 GB) NTFS
Drive d: (DATA) (Fixed) (Total:288.14 GB) (Free:288.04 GB) NTFS
Drive e: (DATA) (Fixed) (Total:596.17 GB) (Free:593.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 3E9DEFF9)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=3.5 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=576.9 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 0F4BC564)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ob es noch Probleme gibt? Keine Ahnung... zumindest sehe ich noch das hier, also tippe ich mal... "Ja" (McAffee ist auf diesem rechner nicht installiert...): HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION Geändert von Asmoteus (18.08.2014 um 21:49 Uhr) |
|
19.08.2014, 20:31
| #10 |
| /// the machine /// TB-Ausbilder | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Das ist nur ein Rest in der Registry. Java updaten, unbedingt Windows updaten, da fehlt ein ganzes Servicepack!! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.08.2014, 22:14
| #11 |
| | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Hallo mal wieder, hier die Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Gursky at 2014-08-19 23:13:02 Run:1
Running from C:\Users\Gursky\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
*****************
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
Vielen Dank Geändert von Asmoteus (19.08.2014 um 22:43 Uhr) |
|
20.08.2014, 11:02
| #12 |
| /// the machine /// TB-Ausbilder | Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
