| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Stimmen ohne ein ProgrammWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.01.2015, 17:34
| #1 |
 |  Stimmen ohne ein Programm Guten Tag Helfer, seid heute habe ich, wie ich denke einen Virus, auf meinem PC. Dieser Virus verursacht folgendes: Egal was ich mache nach einer Zeit kommen Stimmen. Es sind unterschiedliche Stimmen, doch meistens sagt mir eine, dass ein Fußballspieler von FC Bayern nach Augsburg gewechselt ist. Das ist nervig und auch ein wenig Angst einjagend. Ich habe schon einen Viren/Trojaner Scan durchgeführt und auch unter meinen installierten Programmen nach, für mich unbekannte Programme, Ausschau gehalten! Ohne Ergebnis. Ich hoffe auf eine schnelle Antwort. Mit freundlichen Grüßen feuerstein98 |
|
08.01.2015, 17:57
| #2 |
| /// the machine /// TB-Ausbilder    |  Stimmen ohne ein Programm hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
08.01.2015, 18:17
| #3 |
| | Stimmen ohne ein ProgrammFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 08-01-2015 18:10:07
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\System32\UAService.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\003\xmkysecqun32.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\RunOnce: [SpybotDeletingA3308] => command.com /c del "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\searchplugins\MyStart Search.xml"
HKLM\...\RunOnce: [SpybotDeletingC2411] => cmd.exe /c del "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\searchplugins\MyStart Search.xml"
HKLM\...\RunOnce: [SpybotSnD] => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [5365592 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\User\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\RunOnce: [SpybotDeletingB5374] => command.com /c del "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\searchplugins\MyStart Search.xml"
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\RunOnce: [SpybotDeletingD3046] => cmd.exe /c del "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\searchplugins\MyStart Search.xml"
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MountPoints2: {3dd44889-c219-11e3-bc97-20cf305600f3} - F:\INSTALL.EXE
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MountPoints2: {45ad721f-1750-11e0-96a3-806e6f6e6963} - E:\AutoRun.exe --autorun
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MountPoints2: {b6409402-2675-11e1-a53b-20cf305600f3} - I:\setup.exe -a
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MountPoints2: {c05275a1-2aed-11e0-b675-20cf305600f3} - J:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX&q={searchTerms}
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
SearchScopes: HKU\S-1-5-21-2980554796-842610410-1348767362-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M8DAD3A07-A06E-4A7C-B35C-3530FF38B0D9&SearchSource=58&CUI=&UM=5&UP=SP06CE4A34-6E00-4844-8DB0-9EF93B51EF12&q={searchTerms}&SSPV=21513SPPB_sp_ie
SearchScopes: HKU\S-1-5-21-2980554796-842610410-1348767362-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2980554796-842610410-1348767362-1000 -> {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2980554796-842610410-1348767362-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
BHO: Browser Companion Helper -> {00cbb66b-1d3b-46d3-9577-323a336acb50} -> C:\Program Files\BrowserCompanion\jsloader.dll No File
BHO: I Want This -> {11111111-1111-1111-1111-110011221158} -> No File
BHO: Web Assistant -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\Web Assistant\Extension32.dll No File
BHO: YoutubeAdBlaocke -> {389dd29b-30aa-4b53-8a3e-c329090a42f6} -> C:\Program Files\YoutubeAdBlaocke\5r7NzWv1VvEY3G.dll ()
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Browser Companion Helper Verifier -> {963B125B-8B21-49A2-A3A8-E37092276531} -> C:\Program Files\BrowserCompanion\updatebhoWin32.dll No File
BHO: unisalesi -> {d41e1605-bcf5-4307-ba1e-44950ed12dea} -> C:\Program Files\unisalesi\gmaNXLGrhGdHWq.dll ()
BHO: Search-Results Toolbar -> {f34c9277-6577-4dff-b2d7-7d58092f272f} -> C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM - Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll No File
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml
FF Extension: YoutubeAdBlaocke - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\Extensions\zR1@OoqHXI.edu [2014-12-26]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff
FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\extensions\quick_start@gmail.com [2014-05-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [3996160 2014-12-26] () [File not signed] <==== ATTENTION
S3 ArcService; D:\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SupraSavingsService; C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe [151040 2014-06-25] () [File not signed]
R2 UserAccess; C:\Windows\system32\UAService.exe [126976 2014-09-18] () [File not signed]
R2 Verifies and fixes application compatibility issues; C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
R2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe [541696 2014-05-03] () [File not signed]
S4 Browser Manager; No ImagePath
S2 Update Surftastic; "C:\Program Files\Surftastic\updateSurftastic.exe" [X]
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 cusbohcn; C:\Users\User\AppData\Local\Temp\cusbohcn.sys [29696 2011-05-25] () [File not signed]
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-06-12] (NetFilterSDK.com) [File not signed]
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-08 18:10 - 2015-01-08 18:11 - 00020078 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-08 18:09 - 2015-01-08 18:10 - 00000000 ____D () C:\FRST
2015-01-08 18:09 - 2015-01-08 18:09 - 00000163 _____ () C:\Windows\wininit.ini
2015-01-08 18:07 - 2015-01-08 18:08 - 01115648 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-08 13:24 - 2015-01-08 13:24 - 00000000 ____D () C:\Program Files\EnjoYCoupuon
2015-01-08 13:24 - 2015-01-08 13:24 - 00000000 ____D () C:\Program Files\COOupExxtensiOnn
2015-01-08 13:20 - 2015-01-08 16:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Compatibility Verifier
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 13:12 - 2015-01-08 13:13 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-08 13:12 - 2015-01-08 13:13 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-06 17:22 - 2015-01-08 16:15 - 00000000 ____D () C:\ProgramData\EnjoYCoupuon
2015-01-06 17:22 - 2015-01-08 16:15 - 00000000 ____D () C:\ProgramData\COOupExxtensiOnn
2015-01-03 19:10 - 2015-01-03 19:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\java
2015-01-02 16:40 - 2015-01-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
2015-01-02 12:44 - 2015-01-02 12:44 - 00000000 ____D () C:\Program Files\EExstraSavings
2015-01-02 12:05 - 2015-01-08 13:24 - 00000000 ____D () C:\ProgramData\767fe2081601d347
2015-01-02 12:05 - 2015-01-02 14:23 - 00000000 ____D () C:\ProgramData\EExstraSavings
2014-12-29 22:18 - 2014-12-29 22:19 - 00026003 _____ () C:\Users\User\Documents\Bewerbung Reporter.odt
2014-12-29 18:22 - 2014-12-29 18:23 - 00014764 _____ () C:\Users\User\Documents\Bewerbung Mafia.odt
2014-12-28 13:24 - 2014-12-28 13:24 - 00000000 ____D () C:\Damian tabe ts3
2014-12-27 09:54 - 2014-12-27 09:54 - 00000044 _____ () C:\Users\User\Documents\TS-Verbindungen.txt
2014-12-26 17:57 - 2014-12-26 17:57 - 00000000 ____D () C:\Program Files\Help Save
2014-12-26 17:57 - 2014-12-26 17:57 - 00000000 ____D () C:\Program Files\DeltaFix
2014-12-26 17:56 - 2014-12-26 17:56 - 00000000 ____D () C:\ProgramData\8538791942874583879
2014-12-26 17:56 - 2014-12-26 17:56 - 00000000 ____D () C:\Program Files\YoutubeAdBlaocke
2014-12-26 17:56 - 2014-12-26 17:56 - 00000000 ____D () C:\Program Files\unisalesi
2014-12-26 17:56 - 2014-12-26 17:56 - 00000000 ____D () C:\Program Files\uNisales
2014-12-26 17:55 - 2014-12-26 17:55 - 00000000 ____D () C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc
2014-12-25 20:15 - 2014-12-25 20:15 - 00017656 _____ () C:\Users\User\Documents\Bewerbung Mechaniker.odt
2014-12-21 20:33 - 2015-01-08 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-20 16:03 - 2014-12-20 16:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\MW2 FoV Changer
2014-12-20 16:03 - 2012-02-06 00:37 - 00083456 _____ () C:\Users\User\Downloads\MW2 MP FoV Changer.exe
2014-12-18 14:25 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 20:14 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 17:14 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 17:14 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 17:14 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 17:14 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 17:14 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 17:14 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 17:14 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 17:14 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 17:14 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 17:14 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 17:14 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 17:14 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 17:14 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 17:14 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 17:14 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 17:14 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 17:14 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 17:14 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 17:14 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 17:14 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 17:14 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 17:14 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 17:14 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 17:14 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 17:14 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 17:14 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 17:14 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 17:14 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 17:14 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 17:14 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 17:13 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 17:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 17:12 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 17:11 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-08 17:59 - 2012-01-20 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-08 16:32 - 2011-11-12 19:51 - 00000000 ____D () C:\Program Files\Steam
2015-01-08 16:30 - 2011-01-03 16:46 - 01314067 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 16:23 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 16:23 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 16:15 - 2013-12-28 19:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\newnext.me
2015-01-08 16:15 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 16:15 - 2009-07-14 05:39 - 00224970 _____ () C:\Windows\setupact.log
2015-01-08 16:12 - 2013-10-31 14:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-08 14:52 - 2014-03-22 20:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 14:47 - 2011-01-03 17:29 - 00000000 ____D () C:\Program Files\Java
2015-01-08 14:42 - 2014-03-22 20:32 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-07 08:32 - 2011-01-17 17:26 - 00640076 _____ () C:\Windows\PFRO.log
2015-01-06 14:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-06 11:24 - 2014-12-07 15:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2015-01-04 17:55 - 2011-01-04 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 22:03 - 2014-07-12 23:23 - 00000000 ____D () C:\Program Files\Google
2015-01-03 22:02 - 2012-06-01 13:11 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-01-03 13:33 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2015-01-02 14:27 - 2011-10-08 11:34 - 00000000 ____D () C:\ProgramData\Origin
2015-01-02 14:25 - 2012-04-20 17:15 - 00000000 ____D () C:\Program Files\Origin
2014-12-30 16:53 - 2012-01-04 08:18 - 00000000 ____D () C:\Users\User\Wichtig
2014-12-24 09:36 - 2011-01-03 16:57 - 01629412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 08:29 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 08:32 - 2014-09-07 06:28 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-18 19:28 - 2014-09-20 18:54 - 00000000 ___RD () C:\Program Files\Skype
2014-12-18 19:28 - 2012-01-20 16:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 14:21 - 2012-04-20 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-11 16:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 20:14 - 2011-01-16 11:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 20:12 - 2013-07-27 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 20:07 - 2011-01-03 17:37 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 17:23 - 2014-10-10 15:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2014-12-10 17:23 - 2012-10-20 09:42 - 00000000 ___RD () C:\Users\User\Desktop\videosmacher
Files to move or delete:
====================
C:\Users\User\KeiNett Launcher.exe
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\5e987f32669f6fd907cb4e4db3112a4f.dll
C:\Users\User\AppData\Local\Temp\appinstal1.exe
C:\Users\User\AppData\Local\Temp\appinstaly.exe
C:\Users\User\AppData\Local\Temp\applinstall.exe
C:\Users\User\AppData\Local\Temp\AutoRun.exe
C:\Users\User\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\User\AppData\Local\Temp\BetterSurfPlusInstaller.exe
C:\Users\User\AppData\Local\Temp\Browser_Helper_Companion_DE.exe
C:\Users\User\AppData\Local\Temp\BRSVC_13902637_hlp.exe
C:\Users\User\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\User\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\User\AppData\Local\Temp\COMPUTERBILD App-Center-Installation.exe
C:\Users\User\AppData\Local\Temp\comver.dll
C:\Users\User\AppData\Local\Temp\dlLogic.exe
C:\Users\User\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\User\AppData\Local\Temp\drvinstal.exe
C:\Users\User\AppData\Local\Temp\EAD3DBB.exe
C:\Users\User\AppData\Local\Temp\EADA3BD.exe
C:\Users\User\AppData\Local\Temp\EADB71E.exe
C:\Users\User\AppData\Local\Temp\EADB808.exe
C:\Users\User\AppData\Local\Temp\EAInstall.dll
C:\Users\User\AppData\Local\Temp\EASOUNInstaller.exe
C:\Users\User\AppData\Local\Temp\eauninstall.exe
C:\Users\User\AppData\Local\Temp\EnableExtDll.dll
C:\Users\User\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\User\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\User\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\User\AppData\Local\Temp\FreeStudio.exe
C:\Users\User\AppData\Local\Temp\FreeVideoEditor.exe
C:\Users\User\AppData\Local\Temp\GL_F52A.EXE
C:\Users\User\AppData\Local\Temp\htmlayout.dll
C:\Users\User\AppData\Local\Temp\increBibar_install1003.exe
C:\Users\User\AppData\Local\Temp\installerdll1793855.dll
C:\Users\User\AppData\Local\Temp\installerdll1800828.dll
C:\Users\User\AppData\Local\Temp\installerdll187638.dll
C:\Users\User\AppData\Local\Temp\installerdll189432.dll
C:\Users\User\AppData\Local\Temp\installerdll197809.dll
C:\Users\User\AppData\Local\Temp\installerdll243408.dll
C:\Users\User\AppData\Local\Temp\installerdll251941.dll
C:\Users\User\AppData\Local\Temp\installerdll417708.dll
C:\Users\User\AppData\Local\Temp\installerdll419112.dll
C:\Users\User\AppData\Local\Temp\installerdll427239.dll
C:\Users\User\AppData\Local\Temp\installerdll6055303.dll
C:\Users\User\AppData\Local\Temp\installerdll6077174.dll
C:\Users\User\AppData\Local\Temp\installerdll658293.dll
C:\Users\User\AppData\Local\Temp\installhelper.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R1.0-b2377jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R2.0-b2396jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-3-g9532cb6-b2887jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.2-R0.3-56-g3779cff-b3072jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
C:\Users\User\AppData\Local\Temp\jline_git-Bukkit-0_0_0-606-g6e629e6-b605jnks.dll
C:\Users\User\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\User\AppData\Local\Temp\Mobogenie-2.1.26.exe
C:\Users\User\AppData\Local\Temp\MotoHelper_2.0.24_Driver_4.7.1.exe
C:\Users\User\AppData\Local\Temp\NGM.exe
C:\Users\User\AppData\Local\Temp\NGMDll.dll
C:\Users\User\AppData\Local\Temp\NGMResource.dll
C:\Users\User\AppData\Local\Temp\nsc5D60.exe
C:\Users\User\AppData\Local\Temp\nscAEBA.exe
C:\Users\User\AppData\Local\Temp\nscFCBA.exe
C:\Users\User\AppData\Local\Temp\nseE557.exe
C:\Users\User\AppData\Local\Temp\nsh80DB.exe
C:\Users\User\AppData\Local\Temp\nsj8125.exe
C:\Users\User\AppData\Local\Temp\nslC555.exe
C:\Users\User\AppData\Local\Temp\nsm8455.exe
C:\Users\User\AppData\Local\Temp\nsmD4B5.exe
C:\Users\User\AppData\Local\Temp\nsnAEBB.exe
C:\Users\User\AppData\Local\Temp\nsnB090.exe
C:\Users\User\AppData\Local\Temp\nsp139B.exe
C:\Users\User\AppData\Local\Temp\nspB955.exe
C:\Users\User\AppData\Local\Temp\nsr607C.exe
C:\Users\User\AppData\Local\Temp\nsrB0EC.exe
C:\Users\User\AppData\Local\Temp\nss878A.exe
C:\Users\User\AppData\Local\Temp\nss89AD.exe
C:\Users\User\AppData\Local\Temp\nsu162B.exe
C:\Users\User\AppData\Local\Temp\nsuE2F6.exe
C:\Users\User\AppData\Local\Temp\nswCDB2.exe
C:\Users\User\AppData\Local\Temp\oi_{7F461661-DC40-46A6-8FB1-5C7BBD91BF71}.exe
C:\Users\User\AppData\Local\Temp\OriginLauncher187638.exe
C:\Users\User\AppData\Local\Temp\OriginLauncher417708.exe
C:\Users\User\AppData\Local\Temp\rootsupd.exe
C:\Users\User\AppData\Local\Temp\set-app.exe
C:\Users\User\AppData\Local\Temp\Setup.exe
C:\Users\User\AppData\Local\Temp\Setup1.exe
C:\Users\User\AppData\Local\Temp\Setup2.exe
C:\Users\User\AppData\Local\Temp\setup__3635.exe
C:\Users\User\AppData\Local\Temp\Shortcut_sweetimsetup.exe
C:\Users\User\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\User\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\sonarinst.exe
C:\Users\User\AppData\Local\Temp\SpOrder.dll
C:\Users\User\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\User\AppData\Local\Temp\SQLite.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\User\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\User\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe
C:\Users\User\AppData\Local\Temp\tmp394A.exe
C:\Users\User\AppData\Local\Temp\tmp481B.exe
C:\Users\User\AppData\Local\Temp\tmp5372.exe
C:\Users\User\AppData\Local\Temp\tmp5640.exe
C:\Users\User\AppData\Local\Temp\tmp6E83.exe
C:\Users\User\AppData\Local\Temp\tmp7F74.exe
C:\Users\User\AppData\Local\Temp\tmp9FC9.exe
C:\Users\User\AppData\Local\Temp\tmpAADD.exe
C:\Users\User\AppData\Local\Temp\tmpAED9.exe
C:\Users\User\AppData\Local\Temp\tmpD21F.exe
C:\Users\User\AppData\Local\Temp\tmpE644.exe
C:\Users\User\AppData\Local\Temp\tmpE68B.exe
C:\Users\User\AppData\Local\Temp\tmpF58B.exe
C:\Users\User\AppData\Local\Temp\ubiF5F.tmp.exe
C:\Users\User\AppData\Local\Temp\ubiFA85.tmp.exe
C:\Users\User\AppData\Local\Temp\unicows.dll
C:\Users\User\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\User\AppData\Local\Temp\utt2CAF.tmp.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\vcredist_x86.exe
C:\Users\User\AppData\Local\Temp\VIS-2013-German.exe
C:\Users\User\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-06 13:57
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by User at 2015-01-08 18:12:25
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Alliance of Valiant Arms (HKLM\...\Steam App 102700) (Version: - )
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Arma 3 (HKLM\...\Steam App 107410) (Version: - Bohemia Interactive)
Assassin's Creed IV Black Flag (HKLM\...\Uplay Install 273) (Version: - Ubisoft)
ATI AVIVO Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CDEE9257-8FEB-7BAF-B28F-C4737036D674}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Blender (HKLM\...\Blender) (Version: 2.70 - Blender Foundation)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version: - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version: - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version: - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version: - Infinity Ward - Sledgehammer Games)
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
ccc-core-static (Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
Combat Arms EU (HKLM\...\Combat Arms EU) (Version: - )
Company of Heroes - FAKEMSI (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM\...\Company of Heroes) (Version: 2.0.0.1 - THQ Inc.)
COMPUTERBILD Vorteil-Center (HKLM\...\{B7E68A6D-1C9B-4F18-B021-949115021714}) (Version: 1.1.23 - J3S)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CSS FULL DZ [Oct 15 2007] v18.1 (HKLM\...\CSS FULL DZ [Oct 15 2007]) (Version: v18.1 - GrCs2Ek~)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Der Herr der Ringe® - Die Eroberung™ (HKLM\...\{628C3D50-F524-4C49-A958-672CE7953756}) (Version: 1.0.0.1 - Electronic Arts)
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version: - )
EA SPORTS online 2008 (HKLM\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version: - )
ESET NOD32 Antivirus (HKLM\...\{17DBC9A6-D723-45E7-8D4C-7C00478B06AB}) (Version: 4.2.64.12 - ESET, spol. s r.o.)
FIFA 08 (HKLM\...\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}) (Version: 1.0.1.1 - Electronic Arts)
FIFA 12 (HKLM\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 12 DEMO (HKLM\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 13 (HKLM\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.7.0.0 - Electronic Arts)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version: - )
Gothic 1 (HKLM\...\Gothic 1_is1) (Version: - piranha bytes / Pluto 13 GmbH)
Gothic 3 - Götterdämmerung (HKLM\...\{4538055F-EBC6-4E67-9365-F55B1DEFE9DE}) (Version: 1.0.0 - JoWooD)
Gothic 3 Enhanced Edition (HKLM\...\{C28A686B-D439-4B83-B023-7402E982F69D}_is1) (Version: - Nordic Games GmbH)
Gothic II (HKLM\...\Gothic II) (Version: - JoWooD Productions Software AG)
Help Save (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - )
IncludePragma (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}) (Version: - BallerChart) <==== ATTENTION
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MK LOL (HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MK LOL) (Version: - )
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.3.5 (HKLM\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Need for Speed™ Most Wanted (HKLM\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version: - )
Nero 9 Essentials (HKLM\...\{c7d5c462-67fb-4dbf-bbed-5d3a6782ab53}) (Version: - Nero AG)
Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 11.61 (HKLM\...\Opera 11.61.1250) (Version: 11.61.1250 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Pflanzen gegen Zombies™ (HKLM\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pokémon Trading Card Game Online (HKLM\...\{496D7B7E-EBDC-4E2B-B021-4FF03B188B69}) (Version: 1.0.0 - The Pokémon Company International)
Prince of Persia T2T (HKLM\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version: - )
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
unisalesi (HKLM\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Uplay (HKLM\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159 - ATI Technologies Inc.) Hidden
YoutubeAdBlaocke (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov)
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb.dll ()
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\User\AppData\Local\Temp\4289785d3F8\temp\Download.exe ()
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
==================== Restore Points =========================
06-01-2015 21:54:39 Windows Update
07-01-2015 12:40:25 Windows Update
07-01-2015 23:45:35 Windows Update
08-01-2015 13:13:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 13:18:20 Windows Update
08-01-2015 13:20:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 13:30:05 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 13:31:53 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 16:50:30 Removed Java 8 Update 25
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2011-01-03 17:32 - 00428463 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {15B5DF3F-4AFE-4472-B571-45896165BF35} - System32\Tasks\{8809A844-0BD9-45AC-A222-EC9108A254D6} => pcalua.exe -a C:\Users\User\Downloads\vcredist_x86.exe -d C:\Users\User\Downloads
Task: {3549C950-29F9-46B9-A936-3A458947605E} - System32\Tasks\{F5EDFF58-A2BC-474B-AC45-0E5F420215B4} => pcalua.exe -a E:\GameData\Setup.exe -d E:\GameData
Task: {475E2569-8439-4132-B16B-0E44BF32D308} - System32\Tasks\{838FC016-6ACC-4D83-B395-F7493C30349F} => pcalua.exe -a "C:\Program Files\FreePDF_XP\fpsetup.exe" -c /r
Task: {8731A314-35C5-4C9A-A99E-5AA06433A6AB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {87EB7DF7-6D18-4D17-A603-60C19D81D0D8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2980554796-842610410-1348767362-1000
Task: {880C4242-24EC-4920-BD4A-E3C79724E728} - System32\Tasks\{C3F92471-0511-49E0-B693-2A386AEB2999} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2011-05-29] ()
Task: {9231CDF8-2D54-4ED5-951C-996F2DA5FF5F} - System32\Tasks\{8F5D5210-C65D-4549-805A-6DE25EE1229B} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2011-05-29] ()
Task: {929BA8E8-38E7-4D33-BA7D-C2064ED92D48} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {BFFC4BD8-2106-4769-B998-C0A704442B42} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {E5B978C0-C939-440E-A0D8-20BBD9149FE6} - System32\Tasks\RunAsStdUser Task => C:\Users\User\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {E7B89EAC-0E88-4443-BF15-92AA2629C65B} - System32\Tasks\{6DC09059-B610-42C9-967D-A0B334A4A10A} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2011-05-29] ()
Task: {EA4C32F7-7BD2-4843-B405-4EA062A78E40} - System32\Tasks\Escolade => C:\Users\User\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
2011-01-03 17:23 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-12-26 17:57 - 2014-12-26 17:57 - 03996160 _____ () c:\Program Files\DeltaFix\DeltaFix.dll
2014-09-18 15:09 - 2014-09-18 15:09 - 00126976 _____ () C:\Windows\system32\UAService.exe
2015-01-08 13:20 - 2014-12-31 16:27 - 00087208 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2014-05-03 20:06 - 2014-05-03 20:06 - 00541696 _____ () C:\Program Files\003\xmkysecqun32.exe
2015-01-08 13:20 - 2015-01-08 06:36 - 51251880 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-08 13:20 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-08 13:20 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-08 13:20 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-08 13:20 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2014-12-21 20:33 - 2014-12-21 20:33 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MKLOL => "C:\Program Files\MKJogo\MKLOL\Bin\MKIM.exe" -auto
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\User\Downloads\uTorrent_3.4.1.30768.exe" /MINIMIZED
========================= Accounts: ==========================
Administrator (S-1-5-21-2980554796-842610410-1348767362-500 - Administrator - Disabled)
Gast (S-1-5-21-2980554796-842610410-1348767362-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2980554796-842610410-1348767362-1003 - Limited - Enabled)
Schule (S-1-5-21-2980554796-842610410-1348767362-1001 - Limited - Enabled)
User (S-1-5-21-2980554796-842610410-1348767362-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2015 06:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x1408
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/08/2015 06:12:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x744
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/08/2015 06:11:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0xe60
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/08/2015 06:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x19f4
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/08/2015 06:07:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x110c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/08/2015 06:05:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x1bb4
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/08/2015 06:05:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0xf44
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/08/2015 06:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0xdbc
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/08/2015 04:50:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {89c534de-5653-4c8c-8cce-752ec6cef904}
Error: (01/08/2015 01:31:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.
Vorgang:
OnIdentify-Ereignis
Generatordaten werden gesammelt
Kontext:
Ausführungskontext: Shadow Copy Optimization Writer
Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Generatorname: Shadow Copy Optimization Writer
Generatorinstanz-ID: {86f1a035-7224-4079-8109-6dbfe413b0d2}
System errors:
=============
Error: (01/08/2015 04:16:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/08/2015 04:15:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter2
Error: (01/08/2015 04:15:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/08/2015 01:21:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/08/2015 01:20:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/08/2015 01:20:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
netfilter2
Error: (01/08/2015 01:20:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/08/2015 01:18:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2871997)
Error: (01/08/2015 01:18:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 (KB2952664)
Error: (01/08/2015 01:08:46 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1125) (User: User-PC)
Description: Die Gruppenrichtlinie konnte aufgrund eines internen Systemfehlers nicht verarbeitet werden. Eine spezifische Fehlermeldung hierzu finden Sie im Betriebsprotokoll der Gruppenrichtlinie. Es wird versucht, die Gruppenrichtlinie beim nächsten Aktualisierungszyklus erneut zu verarbeiten.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 65%
Total physical RAM: 3582.05 MB
Available physical RAM: 1242.07 MB
Total Pagefile: 7162.39 MB
Available Pagefile: 4034.3 MB
Total Virtual: 3071.88 MB
Available Virtual: 2927.36 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:298.73 GB) (Free:72.11 GB) NTFS
Drive d: (System) (Fixed) (Total:632.68 GB) (Free:488.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16712F0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=632.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
08.01.2015, 20:02
| #4 |
| /// the machine /// TB-Ausbilder | Stimmen ohne ein Programm Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.01.2015, 22:11
| #5 |
| | Stimmen ohne ein ProgrammCode:
ATTFilter 20:33:12.0851 0x1808 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
20:36:22.0338 0x1808 ============================================================
20:36:22.0338 0x1808 Current date / time: 2015/01/08 20:36:22.0338
20:36:22.0338 0x1808 SystemInfo:
20:36:22.0338 0x1808
20:36:22.0338 0x1808 OS Version: 6.1.7601 ServicePack: 1.0
20:36:22.0338 0x1808 Product type: Workstation
20:36:22.0338 0x1808 ComputerName: USER-PC
20:36:22.0338 0x1808 UserName: User
20:36:22.0338 0x1808 Windows directory: C:\Windows
20:36:22.0338 0x1808 System windows directory: C:\Windows
20:36:22.0338 0x1808 Processor architecture: Intel x86
20:36:22.0338 0x1808 Number of processors: 4
20:36:22.0338 0x1808 Page size: 0x1000
20:36:22.0338 0x1808 Boot type: Normal boot
20:36:22.0338 0x1808 ============================================================
20:36:24.0571 0x1808 KLMD registered as C:\Windows\system32\drivers\32480813.sys
20:36:24.0956 0x1808 System UUID: {E3418A68-6E9D-7E64-3C01-3C0ECCEDD568}
20:36:25.0810 0x1808 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:36:25.0835 0x1808 ============================================================
20:36:25.0835 0x1808 \Device\Harddisk0\DR0:
20:36:25.0835 0x1808 MBR partitions:
20:36:25.0835 0x1808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:36:25.0835 0x1808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x25576000
20:36:25.0835 0x1808 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x255A8800, BlocksNum 0x4F15D000
20:36:25.0835 0x1808 ============================================================
20:36:25.0867 0x1808 C: <-> \Device\Harddisk0\DR0\Partition2
20:36:25.0896 0x1808 D: <-> \Device\Harddisk0\DR0\Partition3
20:36:25.0971 0x1808 ============================================================
20:36:25.0971 0x1808 Initialize success
20:36:25.0971 0x1808 ============================================================
20:36:37.0004 0x1934 ============================================================
20:36:37.0004 0x1934 Scan started
20:36:37.0004 0x1934 Mode: Manual;
20:36:37.0004 0x1934 ============================================================
20:36:37.0004 0x1934 KSN ping started
20:36:50.0696 0x1934 KSN ping finished: true
20:36:51.0612 0x1934 ================ Scan system memory ========================
20:36:51.0612 0x1934 System memory - ok
20:36:51.0612 0x1934 ================ Scan services =============================
20:36:51.0732 0x1934 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:36:51.0749 0x1934 1394ohci - ok
20:36:51.0781 0x1934 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:36:51.0787 0x1934 ACPI - ok
20:36:51.0808 0x1934 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:36:51.0836 0x1934 AcpiPmi - ok
20:36:51.0913 0x1934 [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:36:51.0915 0x1934 AdobeARMservice - ok
20:36:51.0958 0x1934 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:36:52.0001 0x1934 adp94xx - ok
20:36:52.0024 0x1934 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:36:52.0044 0x1934 adpahci - ok
20:36:52.0056 0x1934 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:36:52.0073 0x1934 adpu320 - ok
20:36:52.0090 0x1934 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:36:52.0092 0x1934 AeLookupSvc - ok
20:36:52.0124 0x1934 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
20:36:52.0132 0x1934 AFD - ok
20:36:52.0156 0x1934 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:36:52.0170 0x1934 agp440 - ok
20:36:52.0180 0x1934 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:36:52.0194 0x1934 aic78xx - ok
20:36:52.0217 0x1934 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
20:36:52.0232 0x1934 ALG - ok
20:36:52.0255 0x1934 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
20:36:52.0256 0x1934 aliide - ok
20:36:52.0289 0x1934 [ 0DB03D8F29420B2B6716436A28E79C68, 15F495AAC3FC5E369BA0DA9916C9A8854E42906311C077395C6306D18ADC71C4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:36:52.0293 0x1934 AMD External Events Utility - ok
20:36:52.0301 0x1934 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:36:52.0315 0x1934 amdagp - ok
20:36:52.0339 0x1934 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
20:36:52.0377 0x1934 amdide - ok
20:36:52.0428 0x1934 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:36:52.0438 0x1934 AmdK8 - ok
20:36:52.0674 0x1934 [ 8FD111119BE6924B1B8C3976FAC1B535, DC4DF8A7C4AD0C3DECF53370791C42AB0F5144039BB793BDC133F6AE32A9AAFE ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:36:52.0858 0x1934 amdkmdag - ok
20:36:52.0886 0x1934 [ C9B705FF53B15DD71F6A4D4F45396EDD, C72E0B4B4A32C9D8BF665D61EC7D1EA13CDC46262BF459EEFC653F3F56C4D954 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:36:52.0919 0x1934 amdkmdap - ok
20:36:52.0947 0x1934 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:36:52.0949 0x1934 AmdPPM - ok
20:36:52.0966 0x1934 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:36:52.0981 0x1934 amdsata - ok
20:36:52.0994 0x1934 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:36:52.0998 0x1934 amdsbs - ok
20:36:53.0017 0x1934 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:36:53.0018 0x1934 amdxata - ok
20:36:53.0055 0x1934 [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID C:\Windows\system32\drivers\appid.sys
20:36:53.0058 0x1934 AppID - ok
20:36:53.0082 0x1934 [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:36:53.0089 0x1934 AppIDSvc - ok
20:36:53.0112 0x1934 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
20:36:53.0114 0x1934 Appinfo - ok
20:36:53.0152 0x1934 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:36:53.0158 0x1934 AppMgmt - ok
20:36:53.0173 0x1934 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:36:53.0187 0x1934 arc - ok
20:36:53.0199 0x1934 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:36:53.0202 0x1934 arcsas - ok
20:36:53.0266 0x1934 [ 321696309BEBC2CEC04206F3989AF1F4, BE975589FDEC866099D32A82B5A6CF128885320583D6C1D3C55842A01A5E731C ] ArcService D:\Arc\ArcService.exe
20:36:53.0271 0x1934 ArcService - ok
20:36:53.0360 0x1934 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:36:53.0364 0x1934 aspnet_state - ok
20:36:53.0378 0x1934 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:53.0379 0x1934 AsyncMac - ok
20:36:53.0403 0x1934 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
20:36:53.0404 0x1934 atapi - ok
20:36:53.0432 0x1934 [ 95B1E9804CA10D096C0383F7C6684950, 22891AE96904B94D61465E011C655FD75F3AA71CAB871716E8341168D852DEA9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
20:36:53.0435 0x1934 AtiHDAudioService - ok
20:36:53.0478 0x1934 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:36:53.0489 0x1934 AudioEndpointBuilder - ok
20:36:53.0502 0x1934 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:36:53.0510 0x1934 Audiosrv - ok
20:36:53.0537 0x1934 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:36:53.0540 0x1934 AxInstSV - ok
20:36:53.0581 0x1934 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:36:53.0609 0x1934 b06bdrv - ok
20:36:53.0640 0x1934 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:36:53.0667 0x1934 b57nd60x - ok
20:36:53.0687 0x1934 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
20:36:53.0689 0x1934 BDESVC - ok
20:36:53.0707 0x1934 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
20:36:53.0708 0x1934 Beep - ok
20:36:53.0752 0x1934 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
20:36:53.0763 0x1934 BFE - ok
20:36:53.0782 0x1934 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
20:36:53.0796 0x1934 BITS - ok
20:36:53.0809 0x1934 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:36:53.0823 0x1934 blbdrive - ok
20:36:53.0842 0x1934 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:36:53.0867 0x1934 bowser - ok
20:36:53.0888 0x1934 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:36:53.0891 0x1934 BrFiltLo - ok
20:36:53.0901 0x1934 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:36:53.0902 0x1934 BrFiltUp - ok
20:36:53.0924 0x1934 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
20:36:53.0927 0x1934 Browser - ok
20:36:53.0978 0x1934 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:36:53.0985 0x1934 Brserid - ok
20:36:53.0997 0x1934 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:36:54.0001 0x1934 BrSerWdm - ok
20:36:54.0011 0x1934 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:36:54.0012 0x1934 BrUsbMdm - ok
20:36:54.0019 0x1934 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:36:54.0021 0x1934 BrUsbSer - ok
20:36:54.0024 0x1934 BTCFilterService - ok
20:36:54.0032 0x1934 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:36:54.0046 0x1934 BTHMODEM - ok
20:36:54.0073 0x1934 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
20:36:54.0077 0x1934 bthserv - ok
20:36:54.0092 0x1934 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:36:54.0106 0x1934 cdfs - ok
20:36:54.0143 0x1934 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:36:54.0167 0x1934 cdrom - ok
20:36:54.0188 0x1934 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
20:36:54.0208 0x1934 CertPropSvc - ok
20:36:54.0236 0x1934 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:36:54.0253 0x1934 circlass - ok
20:36:54.0284 0x1934 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
20:36:54.0293 0x1934 CLFS - ok
20:36:54.0353 0x1934 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:54.0367 0x1934 clr_optimization_v2.0.50727_32 - ok
20:36:54.0441 0x1934 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:54.0447 0x1934 clr_optimization_v4.0.30319_32 - ok
20:36:54.0455 0x1934 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:36:54.0456 0x1934 CmBatt - ok
20:36:54.0477 0x1934 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:36:54.0490 0x1934 cmdide - ok
20:36:54.0522 0x1934 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
20:36:54.0531 0x1934 CNG - ok
20:36:54.0553 0x1934 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:36:54.0554 0x1934 Compbatt - ok
20:36:54.0572 0x1934 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:36:54.0573 0x1934 CompositeBus - ok
20:36:54.0583 0x1934 COMSysApp - ok
20:36:54.0599 0x1934 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:36:54.0600 0x1934 crcdisk - ok
20:36:54.0631 0x1934 [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:36:54.0635 0x1934 CryptSvc - ok
20:36:54.0667 0x1934 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
20:36:54.0687 0x1934 CSC - ok
20:36:54.0715 0x1934 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
20:36:54.0727 0x1934 CscService - ok
20:36:54.0842 0x1934 [ 22FABDC07B4DE09773A92D49201C9F94, 741C958671872CFB8EC50DBF8C4DDB13FBDAE9330F39471752D2F6E3E3441C21 ] cusbohcn C:\Users\User\AppData\Local\Temp\cusbohcn.sys
20:36:54.0845 0x1934 cusbohcn - ok
20:36:54.0886 0x1934 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
20:36:54.0895 0x1934 DcomLaunch - ok
20:36:54.0915 0x1934 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
20:36:54.0923 0x1934 defragsvc - ok
20:36:54.0940 0x1934 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:36:54.0943 0x1934 DfsC - ok
20:36:54.0970 0x1934 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:36:54.0976 0x1934 Dhcp - ok
20:36:54.0995 0x1934 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
20:36:54.0996 0x1934 discache - ok
20:36:55.0021 0x1934 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:36:55.0023 0x1934 Disk - ok
20:36:55.0047 0x1934 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:36:55.0051 0x1934 Dnscache - ok
20:36:55.0087 0x1934 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
20:36:55.0094 0x1934 dot3svc - ok
20:36:55.0141 0x1934 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
20:36:55.0145 0x1934 DPS - ok
20:36:55.0172 0x1934 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:36:55.0173 0x1934 drmkaud - ok
20:36:55.0217 0x1934 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:36:55.0311 0x1934 DXGKrnl - ok
20:36:55.0343 0x1934 EagleNT - ok
20:36:55.0380 0x1934 EagleXNt - ok
20:36:55.0415 0x1934 [ 73CE42907CF42BFB91BCD27FE7C7A7AF, 21292302D3542558C1FE0FAB4C539A896E357DD61FB3066D600BF971A783B1E6 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
20:36:55.0422 0x1934 eamonm - ok
20:36:55.0451 0x1934 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
20:36:55.0454 0x1934 EapHost - ok
20:36:55.0556 0x1934 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:36:55.0624 0x1934 ebdrv - ok
20:36:55.0645 0x1934 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
20:36:55.0649 0x1934 EFS - ok
20:36:55.0672 0x1934 [ 7D300A43A7BD8769E0F901BF9E1AE367, F016DBCD2271B28C36240B392987FB80595CDCB82439AA5477A4350A497549E6 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
20:36:55.0675 0x1934 ehdrv - ok
20:36:55.0729 0x1934 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:36:55.0755 0x1934 ehRecvr - ok
20:36:55.0784 0x1934 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
20:36:55.0800 0x1934 ehSched - ok
20:36:55.0845 0x1934 [ D83323D7CD5D1CC46B42DA9E59409890, 50E354A4D54D3A78631866A70223F0D04B4862AD3510B0EFDCC968E8523EB0F5 ] EhttpSrv C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
20:36:55.0848 0x1934 EhttpSrv - ok
20:36:55.0880 0x1934 [ EFA198F8983D064A81052851F7BB80C2, 09EF9F0572092CF4839CC0DE54078DF9D37D06BBF0D46B1B5B4A94C1650344F4 ] ekrn C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
20:36:55.0901 0x1934 ekrn - ok
20:36:55.0951 0x1934 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:36:55.0961 0x1934 elxstor - ok
20:36:55.0973 0x1934 [ 96F9030CA15A8D2E8D44E53C1F0E842D, A216B7033EE63920C803D4DD5281D4B4FD42A3693386FC6934676994464F21CC ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
20:36:55.0976 0x1934 epfwwfpr - ok
20:36:55.0999 0x1934 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:36:56.0011 0x1934 ErrDev - ok
20:36:56.0046 0x1934 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
20:36:56.0053 0x1934 EventSystem - ok
20:36:56.0071 0x1934 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
20:36:56.0075 0x1934 exfat - ok
20:36:56.0144 0x1934 FairplayKD - ok
20:36:56.0157 0x1934 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:36:56.0161 0x1934 fastfat - ok
20:36:56.0200 0x1934 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
20:36:56.0212 0x1934 Fax - ok
20:36:56.0230 0x1934 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:36:56.0252 0x1934 fdc - ok
20:36:56.0269 0x1934 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
20:36:56.0271 0x1934 fdPHost - ok
20:36:56.0279 0x1934 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
20:36:56.0282 0x1934 FDResPub - ok
20:36:56.0291 0x1934 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:36:56.0305 0x1934 FileInfo - ok
20:36:56.0311 0x1934 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:36:56.0312 0x1934 Filetrace - ok
20:36:56.0320 0x1934 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:56.0332 0x1934 flpydisk - ok
20:36:56.0349 0x1934 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:36:56.0367 0x1934 FltMgr - ok
20:36:56.0418 0x1934 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
20:36:56.0441 0x1934 FontCache - ok
20:36:56.0480 0x1934 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:36:56.0484 0x1934 FontCache3.0.0.0 - ok
20:36:56.0491 0x1934 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:36:56.0526 0x1934 FsDepends - ok
20:36:56.0565 0x1934 [ 2ED0BABD4CD98ED820FD0D0BCBE96721, A5B955F77BBD299DEF0F25047EF5C6E63AD3D25E4E783D974AA8BB64878D97D7 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:36:56.0569 0x1934 fssfltr - ok
20:36:56.0689 0x1934 [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:36:56.0725 0x1934 fsssvc - ok
20:36:56.0752 0x1934 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:36:56.0764 0x1934 Fs_Rec - ok
20:36:56.0805 0x1934 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:36:56.0810 0x1934 fvevol - ok
20:36:56.0839 0x1934 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:36:56.0853 0x1934 gagp30kx - ok
20:36:56.0883 0x1934 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
20:36:56.0897 0x1934 gpsvc - ok
20:36:56.0930 0x1934 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:36:56.0931 0x1934 hamachi - ok
20:36:56.0938 0x1934 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:36:56.0940 0x1934 hcw85cir - ok
20:36:56.0982 0x1934 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:36:56.0989 0x1934 HdAudAddService - ok
20:36:57.0008 0x1934 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:36:57.0011 0x1934 HDAudBus - ok
20:36:57.0030 0x1934 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:36:57.0032 0x1934 HidBatt - ok
20:36:57.0051 0x1934 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:36:57.0054 0x1934 HidBth - ok
20:36:57.0066 0x1934 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:36:57.0079 0x1934 HidIr - ok
20:36:57.0097 0x1934 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
20:36:57.0100 0x1934 hidserv - ok
20:36:57.0130 0x1934 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:36:57.0131 0x1934 HidUsb - ok
20:36:57.0150 0x1934 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
20:36:57.0154 0x1934 hkmsvc - ok
20:36:57.0177 0x1934 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:36:57.0185 0x1934 HomeGroupListener - ok
20:36:57.0207 0x1934 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:36:57.0214 0x1934 HomeGroupProvider - ok
20:36:57.0236 0x1934 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:36:57.0238 0x1934 HpSAMD - ok
20:36:57.0282 0x1934 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:36:57.0295 0x1934 HTTP - ok
20:36:57.0316 0x1934 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:36:57.0317 0x1934 hwpolicy - ok
20:36:57.0336 0x1934 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:36:57.0339 0x1934 i8042prt - ok
20:36:57.0367 0x1934 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:36:57.0375 0x1934 iaStorV - ok
20:36:57.0478 0x1934 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:36:57.0482 0x1934 IDriverT - ok
20:36:58.0063 0x1934 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:36:58.0086 0x1934 idsvc - ok
20:36:58.0108 0x1934 IEEtwCollectorService - ok
20:36:58.0131 0x1934 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:36:58.0133 0x1934 iirsp - ok
20:36:58.0172 0x1934 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
20:36:58.0188 0x1934 IKEEXT - ok
20:36:58.0211 0x1934 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
20:36:58.0224 0x1934 intelide - ok
20:36:58.0242 0x1934 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:36:58.0255 0x1934 intelppm - ok
20:36:58.0274 0x1934 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:36:58.0277 0x1934 IPBusEnum - ok
20:36:58.0287 0x1934 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:58.0311 0x1934 IpFilterDriver - ok
20:36:58.0349 0x1934 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:36:58.0361 0x1934 iphlpsvc - ok
20:36:58.0382 0x1934 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:36:58.0418 0x1934 IPMIDRV - ok
20:36:58.0437 0x1934 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:36:58.0461 0x1934 IPNAT - ok
20:36:58.0480 0x1934 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:36:58.0492 0x1934 IRENUM - ok
20:36:58.0510 0x1934 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:36:58.0533 0x1934 isapnp - ok
20:36:58.0564 0x1934 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:36:58.0582 0x1934 iScsiPrt - ok
20:36:58.0616 0x1934 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:36:58.0630 0x1934 kbdclass - ok
20:36:58.0646 0x1934 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:36:58.0672 0x1934 kbdhid - ok
20:36:58.0695 0x1934 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
20:36:58.0696 0x1934 KeyIso - ok
20:36:58.0722 0x1934 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:36:58.0726 0x1934 KSecDD - ok
20:36:58.0756 0x1934 [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:36:58.0761 0x1934 KSecPkg - ok
20:36:58.0788 0x1934 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:36:58.0798 0x1934 KtmRm - ok
20:36:58.0810 0x1934 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:36:58.0816 0x1934 LanmanServer - ok
20:36:58.0831 0x1934 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:36:58.0835 0x1934 LanmanWorkstation - ok
20:36:58.0862 0x1934 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:36:58.0871 0x1934 lltdio - ok
20:36:58.0882 0x1934 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:36:58.0888 0x1934 lltdsvc - ok
20:36:58.0899 0x1934 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:36:58.0901 0x1934 lmhosts - ok
20:36:58.0924 0x1934 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:36:58.0951 0x1934 LSI_FC - ok
20:36:58.0955 0x1934 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:36:58.0970 0x1934 LSI_SAS - ok
20:36:58.0986 0x1934 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:36:59.0011 0x1934 LSI_SAS2 - ok
20:36:59.0026 0x1934 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:36:59.0045 0x1934 LSI_SCSI - ok
20:36:59.0055 0x1934 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
20:36:59.0058 0x1934 luafv - ok
20:36:59.0079 0x1934 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:36:59.0083 0x1934 Mcx2Svc - ok
20:36:59.0096 0x1934 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:36:59.0144 0x1934 megasas - ok
20:36:59.0161 0x1934 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:36:59.0167 0x1934 MegaSR - ok
20:36:59.0233 0x1934 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:36:59.0237 0x1934 Microsoft Office Groove Audit Service - ok
20:36:59.0259 0x1934 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
20:36:59.0262 0x1934 MMCSS - ok
20:36:59.0273 0x1934 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
20:36:59.0287 0x1934 Modem - ok
20:36:59.0311 0x1934 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:36:59.0313 0x1934 monitor - ok
20:36:59.0330 0x1934 motccgp - ok
20:36:59.0333 0x1934 motccgpfl - ok
20:36:59.0367 0x1934 motmodem - ok
20:36:59.0369 0x1934 MotoSwitchService - ok
20:36:59.0380 0x1934 Motousbnet - ok
20:36:59.0394 0x1934 motusbdevice - ok
20:36:59.0414 0x1934 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:36:59.0427 0x1934 mouclass - ok
20:36:59.0457 0x1934 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:36:59.0470 0x1934 mouhid - ok
20:36:59.0499 0x1934 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:36:59.0513 0x1934 mountmgr - ok
20:36:59.0538 0x1934 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
20:36:59.0564 0x1934 mpio - ok
20:36:59.0596 0x1934 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:36:59.0610 0x1934 mpsdrv - ok
20:36:59.0648 0x1934 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:36:59.0661 0x1934 MpsSvc - ok
20:36:59.0682 0x1934 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:36:59.0697 0x1934 MRxDAV - ok
20:36:59.0715 0x1934 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:59.0718 0x1934 mrxsmb - ok
20:36:59.0731 0x1934 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:59.0736 0x1934 mrxsmb10 - ok
20:36:59.0747 0x1934 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:59.0750 0x1934 mrxsmb20 - ok
20:36:59.0770 0x1934 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
20:36:59.0783 0x1934 msahci - ok
20:36:59.0800 0x1934 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:36:59.0816 0x1934 msdsm - ok
20:36:59.0826 0x1934 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
20:36:59.0832 0x1934 MSDTC - ok
20:36:59.0860 0x1934 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:36:59.0887 0x1934 Msfs - ok
20:36:59.0900 0x1934 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:36:59.0911 0x1934 mshidkmdf - ok
20:36:59.0931 0x1934 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:36:59.0932 0x1934 msisadrv - ok
20:36:59.0957 0x1934 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:36:59.0962 0x1934 MSiSCSI - ok
20:36:59.0965 0x1934 msiserver - ok
20:36:59.0981 0x1934 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:36:59.0990 0x1934 MSKSSRV - ok
20:36:59.0993 0x1934 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:37:00.0004 0x1934 MSPCLOCK - ok
20:37:00.0013 0x1934 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:37:00.0015 0x1934 MSPQM - ok
20:37:00.0028 0x1934 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:37:00.0035 0x1934 MsRPC - ok
20:37:00.0042 0x1934 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:37:00.0043 0x1934 mssmbios - ok
20:37:00.0046 0x1934 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:37:00.0056 0x1934 MSTEE - ok
20:37:00.0069 0x1934 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:37:00.0096 0x1934 MTConfig - ok
20:37:00.0133 0x1934 [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:37:00.0145 0x1934 MTsensor - ok
20:37:00.0164 0x1934 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
20:37:00.0167 0x1934 Mup - ok
20:37:00.0207 0x1934 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
20:37:00.0215 0x1934 napagent - ok
20:37:00.0239 0x1934 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:37:00.0258 0x1934 NativeWifiP - ok
20:37:00.0293 0x1934 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:37:00.0309 0x1934 NDIS - ok
20:37:00.0318 0x1934 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:37:00.0331 0x1934 NdisCap - ok
20:37:00.0348 0x1934 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:37:00.0350 0x1934 NdisTapi - ok
20:37:00.0367 0x1934 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:37:00.0380 0x1934 Ndisuio - ok
20:37:00.0400 0x1934 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:37:00.0415 0x1934 NdisWan - ok
20:37:00.0436 0x1934 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:37:00.0438 0x1934 NDProxy - ok
20:37:00.0512 0x1934 [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:37:00.0536 0x1934 Nero BackItUp Scheduler 4.0 - ok
20:37:00.0580 0x1934 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:37:00.0602 0x1934 NetBIOS - ok
20:37:00.0667 0x1934 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:37:00.0692 0x1934 NetBT - ok
20:37:00.0817 0x1934 [ 1886A12A5610EF95C2958A2A35DCAB4C, 537A1890635921DD0181C66BDB76C0F55007A24B078B0726D6A87DC873F6315E ] netfilter C:\Windows\system32\drivers\netfilter.sys
20:37:00.0831 0x1934 netfilter - ok
20:37:00.0834 0x1934 netfilter2 - ok
20:37:00.0845 0x1934 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
20:37:00.0846 0x1934 Netlogon - ok
20:37:00.0867 0x1934 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
20:37:00.0875 0x1934 Netman - ok
20:37:00.0922 0x1934 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:37:00.0936 0x1934 NetMsmqActivator - ok
20:37:00.0955 0x1934 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:37:00.0958 0x1934 NetPipeActivator - ok
20:37:00.0974 0x1934 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
20:37:00.0983 0x1934 netprofm - ok
20:37:00.0997 0x1934 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:37:01.0000 0x1934 NetTcpActivator - ok
20:37:01.0005 0x1934 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:37:01.0008 0x1934 NetTcpPortSharing - ok
20:37:01.0027 0x1934 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:37:01.0029 0x1934 nfrd960 - ok
20:37:01.0051 0x1934 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:37:01.0057 0x1934 NlaSvc - ok
20:37:01.0070 0x1934 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:37:01.0083 0x1934 Npfs - ok
20:37:01.0101 0x1934 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
20:37:01.0104 0x1934 nsi - ok
20:37:01.0116 0x1934 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:37:01.0129 0x1934 nsiproxy - ok
20:37:01.0185 0x1934 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:37:01.0212 0x1934 Ntfs - ok
20:37:01.0219 0x1934 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
20:37:01.0232 0x1934 Null - ok
20:37:01.0499 0x1934 [ B0881DDA5A8160422561FFAB7F0008B1, 0D89792394CF44119CCBE9B1E8C0F5563ED41141C17C6B2D32B1D1C458BAC359 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:37:01.0723 0x1934 nvlddmkm - ok
20:37:01.0751 0x1934 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:37:01.0767 0x1934 nvraid - ok
20:37:01.0777 0x1934 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:37:01.0804 0x1934 nvstor - ok
20:37:01.0827 0x1934 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:37:01.0842 0x1934 nv_agp - ok
20:37:01.0894 0x1934 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:37:01.0904 0x1934 odserv - ok
20:37:01.0914 0x1934 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:37:01.0917 0x1934 ohci1394 - ok
20:37:02.0032 0x1934 [ EF8DA126239D08B7B4734256417AE702, 4BBA0577C20E851F5B30D0D0F19382AB32AF57EFF7AA5B394E0FF6358A7AB287 ] Origin Client Service C:\Program Files\Origin\OriginClientService.exe
20:37:02.0077 0x1934 Origin Client Service - ok
20:37:02.0142 0x1934 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:37:02.0160 0x1934 ose - ok
20:37:02.0185 0x1934 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:37:02.0194 0x1934 p2pimsvc - ok
20:37:02.0219 0x1934 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
20:37:02.0231 0x1934 p2psvc - ok
20:37:02.0249 0x1934 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:37:02.0264 0x1934 Parport - ok
20:37:02.0287 0x1934 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:37:02.0310 0x1934 partmgr - ok
20:37:02.0319 0x1934 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:37:02.0331 0x1934 Parvdm - ok
20:37:02.0352 0x1934 [ 3A55D53687F16D9EF5BF307BBFEFCD9C, F1BB1B43442B151686500768C43A4D20CAA47427E78386953A42DDB42D9DDF0C ] PcaSvc C:\Windows\System32\pcasvc.dll
20:37:02.0359 0x1934 PcaSvc - ok
20:37:02.0372 0x1934 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
20:37:02.0375 0x1934 pci - ok
20:37:02.0391 0x1934 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
20:37:02.0392 0x1934 pciide - ok
20:37:02.0413 0x1934 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:37:02.0432 0x1934 pcmcia - ok
20:37:02.0440 0x1934 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
20:37:02.0454 0x1934 pcw - ok
20:37:02.0487 0x1934 [ 344D1FA0438A967F1A2BAA42C86D6E19, E9CB31CBD9075B84BA771CF82A4C3AB5BF57ADEA3E76ABE8FE36FEACFD681D89 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:37:02.0503 0x1934 PEAUTH - ok
20:37:02.0545 0x1934 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:37:02.0570 0x1934 PeerDistSvc - ok
20:37:02.0631 0x1934 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
20:37:02.0668 0x1934 pla - ok
20:37:02.0695 0x1934 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:37:02.0705 0x1934 PlugPlay - ok
20:37:02.0726 0x1934 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:37:02.0730 0x1934 PNRPAutoReg - ok
20:37:02.0743 0x1934 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:37:02.0749 0x1934 PNRPsvc - ok
20:37:02.0770 0x1934 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:37:02.0787 0x1934 PolicyAgent - ok
20:37:02.0821 0x1934 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
20:37:02.0827 0x1934 Power - ok
20:37:02.0854 0x1934 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:37:02.0856 0x1934 PptpMiniport - ok
20:37:02.0868 0x1934 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:37:02.0881 0x1934 Processor - ok
20:37:02.0899 0x1934 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:37:02.0904 0x1934 ProfSvc - ok
20:37:02.0911 0x1934 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:37:02.0913 0x1934 ProtectedStorage - ok
20:37:02.0933 0x1934 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:37:02.0948 0x1934 Psched - ok
20:37:02.0996 0x1934 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:37:03.0041 0x1934 ql2300 - ok
20:37:03.0060 0x1934 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:37:03.0076 0x1934 ql40xx - ok
20:37:03.0107 0x1934 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
20:37:03.0115 0x1934 QWAVE - ok
20:37:03.0128 0x1934 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:37:03.0145 0x1934 QWAVEdrv - ok
20:37:03.0158 0x1934 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:37:03.0170 0x1934 RasAcd - ok
20:37:03.0191 0x1934 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:37:03.0193 0x1934 RasAgileVpn - ok
20:37:03.0198 0x1934 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
20:37:03.0203 0x1934 RasAuto - ok
20:37:03.0227 0x1934 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:37:03.0229 0x1934 Rasl2tp - ok
20:37:03.0254 0x1934 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
20:37:03.0263 0x1934 RasMan - ok
20:37:03.0276 0x1934 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:37:03.0278 0x1934 RasPppoe - ok
20:37:03.0291 0x1934 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:37:03.0306 0x1934 RasSstp - ok
20:37:03.0334 0x1934 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:37:03.0340 0x1934 rdbss - ok
20:37:03.0352 0x1934 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:37:03.0365 0x1934 rdpbus - ok
20:37:03.0378 0x1934 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:37:03.0405 0x1934 RDPCDD - ok
20:37:03.0424 0x1934 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:37:03.0427 0x1934 RDPDR - ok
20:37:03.0447 0x1934 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:37:03.0448 0x1934 RDPENCDD - ok
20:37:03.0452 0x1934 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:37:03.0453 0x1934 RDPREFMP - ok
20:37:03.0477 0x1934 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:37:03.0495 0x1934 RDPWD - ok
20:37:03.0530 0x1934 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:37:03.0535 0x1934 rdyboost - ok
20:37:03.0561 0x1934 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:37:03.0565 0x1934 RemoteAccess - ok
20:37:03.0585 0x1934 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:37:03.0591 0x1934 RemoteRegistry - ok
20:37:03.0599 0x1934 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:37:03.0603 0x1934 RpcEptMapper - ok
20:37:03.0609 0x1934 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
20:37:03.0611 0x1934 RpcLocator - ok
20:37:03.0637 0x1934 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
20:37:03.0645 0x1934 RpcSs - ok
20:37:03.0667 0x1934 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:37:03.0669 0x1934 rspndr - ok
20:37:03.0698 0x1934 [ D5EDE44CA85899E0478208C8413C1C31, 341BACF35E24745134167CB5D03E24E9B61B083D06086DFDAC20F9F9F4603751 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
20:37:03.0705 0x1934 RTL8167 - ok
20:37:03.0723 0x1934 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:37:03.0736 0x1934 s3cap - ok
20:37:03.0746 0x1934 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
20:37:03.0747 0x1934 SamSs - ok
20:37:03.0767 0x1934 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:37:03.0781 0x1934 sbp2port - ok
20:37:03.0838 0x1934 [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:37:03.0867 0x1934 SBSDWSCService - ok
20:37:03.0885 0x1934 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:37:03.0891 0x1934 SCardSvr - ok
20:37:03.0903 0x1934 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:37:03.0906 0x1934 scfilter - ok
20:37:03.0952 0x1934 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
20:37:03.0971 0x1934 Schedule - ok
20:37:03.0988 0x1934 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:37:03.0990 0x1934 SCPolicySvc - ok
20:37:04.0004 0x1934 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:37:04.0010 0x1934 SDRSVC - ok
20:37:04.0040 0x1934 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:37:04.0053 0x1934 secdrv - ok
20:37:04.0066 0x1934 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
20:37:04.0069 0x1934 seclogon - ok
20:37:04.0076 0x1934 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
20:37:04.0080 0x1934 SENS - ok
20:37:04.0106 0x1934 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:37:04.0110 0x1934 SensrSvc - ok
20:37:04.0119 0x1934 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:37:04.0132 0x1934 Serenum - ok
20:37:04.0143 0x1934 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:37:04.0146 0x1934 Serial - ok
20:37:04.0169 0x1934 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:37:04.0182 0x1934 sermouse - ok
20:37:04.0207 0x1934 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
20:37:04.0211 0x1934 SessionEnv - ok
20:37:04.0219 0x1934 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:37:04.0231 0x1934 sffdisk - ok
20:37:04.0234 0x1934 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:37:04.0247 0x1934 sffp_mmc - ok
20:37:04.0258 0x1934 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:37:04.0259 0x1934 sffp_sd - ok
20:37:04.0282 0x1934 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:37:04.0295 0x1934 sfloppy - ok
20:37:04.0334 0x1934 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:37:04.0344 0x1934 SharedAccess - ok
20:37:04.0364 0x1934 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:37:04.0373 0x1934 ShellHWDetection - ok
20:37:04.0392 0x1934 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:37:04.0406 0x1934 sisagp - ok
20:37:04.0418 0x1934 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:37:04.0442 0x1934 SiSRaid2 - ok
20:37:04.0455 0x1934 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:37:04.0490 0x1934 SiSRaid4 - ok
20:37:04.0550 0x1934 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:37:04.0571 0x1934 SkypeUpdate - ok
20:37:04.0591 0x1934 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:37:04.0605 0x1934 Smb - ok
20:37:04.0632 0x1934 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:37:04.0637 0x1934 SNMPTRAP - ok
20:37:04.0659 0x1934 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
20:37:04.0661 0x1934 spldr - ok
20:37:04.0685 0x1934 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
20:37:04.0696 0x1934 Spooler - ok
20:37:04.0794 0x1934 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
20:37:04.0869 0x1934 sppsvc - ok
20:37:04.0895 0x1934 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:37:04.0899 0x1934 sppuinotify - ok
20:37:04.0923 0x1934 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:37:04.0944 0x1934 srv - ok
20:37:04.0959 0x1934 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:37:04.0978 0x1934 srv2 - ok
20:37:04.0992 0x1934 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:37:05.0017 0x1934 srvnet - ok
20:37:05.0034 0x1934 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:37:05.0041 0x1934 SSDPSRV - ok
20:37:05.0054 0x1934 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:37:05.0059 0x1934 SstpSvc - ok
20:37:05.0100 0x1934 [ 3F0164FBC0BD1ADBD02DF9759181451A, 8BDAA0373BD16B38407F93FE5C697481D4D88C72B1931D6A7B9F80C0276242B9 ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
20:37:05.0124 0x1934 ss_bbus - ok
20:37:05.0146 0x1934 [ B89D62206034E5FE573C80A24DD55675, 26D12E2A7CB538DDEEA7B764242E9EAE25E0A46293AE3608E6B7DD71AECBA901 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:37:05.0158 0x1934 ss_bmdfl - ok
20:37:05.0176 0x1934 [ 1ED0FCEA586FE2A416EE15196E5631DD, AF1EBAD7D580BF85ACD6C6287892DE4E7A679852887B9E866A032B1DDCF26183 ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:37:05.0179 0x1934 ss_bmdm - ok
20:37:05.0235 0x1934 [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
20:37:05.0255 0x1934 Steam Client Service - ok
20:37:05.0277 0x1934 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:37:05.0290 0x1934 stexstor - ok
20:37:05.0318 0x1934 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
20:37:05.0331 0x1934 StiSvc - ok
20:37:05.0365 0x1934 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:37:05.0367 0x1934 storflt - ok
20:37:05.0378 0x1934 [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc C:\Windows\system32\storsvc.dll
20:37:05.0382 0x1934 StorSvc - ok
20:37:05.0392 0x1934 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:37:05.0405 0x1934 storvsc - ok
20:37:05.0473 0x1934 [ 681DBDB073C53A0DE831BCB8E2EF0348, 259D18045E5D7E7B36D2273FC43B03D492C8FF9BB52DFF09A63AD82EC1C8AC08 ] SupraSavingsService C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
20:37:05.0479 0x1934 SupraSavingsService - ok
20:37:05.0495 0x1934 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
20:37:05.0497 0x1934 swenum - ok
20:37:05.0523 0x1934 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
20:37:05.0533 0x1934 swprv - ok
20:37:05.0577 0x1934 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
20:37:05.0604 0x1934 SysMain - ok
20:37:05.0631 0x1934 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:37:05.0637 0x1934 TabletInputService - ok
20:37:05.0669 0x1934 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
20:37:05.0676 0x1934 TapiSrv - ok
20:37:05.0684 0x1934 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
20:37:05.0689 0x1934 TBS - ok
20:37:05.0741 0x1934 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:37:05.0783 0x1934 Tcpip - ok
20:37:05.0874 0x1934 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:37:05.0896 0x1934 TCPIP6 - ok
20:37:05.0926 0x1934 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:37:05.0949 0x1934 tcpipreg - ok
20:37:05.0973 0x1934 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:37:05.0986 0x1934 TDPIPE - ok
20:37:06.0010 0x1934 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:37:06.0011 0x1934 TDTCP - ok
20:37:06.0027 0x1934 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:37:06.0030 0x1934 tdx - ok
20:37:06.0053 0x1934 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:37:06.0055 0x1934 TermDD - ok
20:37:06.0091 0x1934 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
20:37:06.0105 0x1934 TermService - ok
20:37:06.0124 0x1934 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
20:37:06.0127 0x1934 Themes - ok
20:37:06.0135 0x1934 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
20:37:06.0137 0x1934 THREADORDER - ok
20:37:06.0146 0x1934 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
20:37:06.0149 0x1934 TrkWks - ok
20:37:06.0195 0x1934 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:37:06.0214 0x1934 TrustedInstaller - ok
20:37:06.0240 0x1934 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:06.0274 0x1934 tssecsrv - ok
20:37:06.0312 0x1934 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:37:06.0314 0x1934 TsUsbFlt - ok
20:37:06.0347 0x1934 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:37:06.0361 0x1934 tunnel - ok
20:37:06.0380 0x1934 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:37:06.0394 0x1934 uagp35 - ok
20:37:06.0407 0x1934 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:37:06.0435 0x1934 udfs - ok
20:37:06.0449 0x1934 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:37:06.0454 0x1934 UI0Detect - ok
20:37:06.0478 0x1934 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:37:06.0492 0x1934 uliagpkx - ok
20:37:06.0521 0x1934 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:37:06.0535 0x1934 umbus - ok
20:37:06.0554 0x1934 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:37:06.0583 0x1934 UmPass - ok
20:37:06.0614 0x1934 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
20:37:06.0620 0x1934 UmRdpService - ok
20:37:06.0652 0x1934 Update Surftastic - ok
20:37:06.0662 0x1934 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
20:37:06.0672 0x1934 upnphost - ok
20:37:06.0690 0x1934 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:06.0730 0x1934 usbccgp - ok
20:37:06.0752 0x1934 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:37:06.0767 0x1934 usbcir - ok
20:37:06.0776 0x1934 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:37:06.0778 0x1934 usbehci - ok
20:37:06.0801 0x1934 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:37:06.0807 0x1934 usbhub - ok
20:37:06.0818 0x1934 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:37:06.0819 0x1934 usbohci - ok
20:37:06.0841 0x1934 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:37:06.0853 0x1934 usbprint - ok
20:37:06.0881 0x1934 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:06.0884 0x1934 USBSTOR - ok
20:37:06.0923 0x1934 [ F9288B919EA3065AD65F33D971604696, 6482BC7BAD595173A825667157C54CD9A553CE3F4C2BD8EAA0B20FC5429675C2 ] USBTINSP C:\Windows\system32\DRIVERS\tinspusb.sys
20:37:06.0928 0x1934 USBTINSP - ok
20:37:06.0952 0x1934 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:37:06.0964 0x1934 usbuhci - ok
20:37:07.0005 0x1934 [ AE24F1A4C2D92ED8132254AAD3B8486E, EFEDCF3DABD493FB838FB77372EBA090183EC9F310F5322F213AC707F89097EB ] UserAccess C:\Windows\system32\UAService.exe
20:37:07.0010 0x1934 UserAccess - ok
20:37:07.0030 0x1934 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
20:37:07.0032 0x1934 UxSms - ok
20:37:07.0054 0x1934 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
20:37:07.0055 0x1934 VaultSvc - ok
20:37:07.0071 0x1934 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:37:07.0085 0x1934 vdrvroot - ok
20:37:07.0113 0x1934 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
20:37:07.0125 0x1934 vds - ok
20:37:07.0225 0x1934 [ BEDDB6B3304B67C142B776BDCB1922CB, 3BEF18E03093F7888E66004280EB1CA567B5D7C7EDEE01507B8A4FD7AA4ECB90 ] Verifies and fixes application compatibility issues C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
20:37:07.0227 0x1934 Verifies and fixes application compatibility issues - ok
20:37:07.0252 0x1934 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:07.0254 0x1934 vga - ok
20:37:07.0265 0x1934 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:37:07.0266 0x1934 VgaSave - ok
20:37:07.0287 0x1934 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:37:07.0304 0x1934 vhdmp - ok
20:37:07.0325 0x1934 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:37:07.0339 0x1934 viaagp - ok
20:37:07.0349 0x1934 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:37:07.0351 0x1934 ViaC7 - ok
20:37:07.0369 0x1934 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
20:37:07.0381 0x1934 viaide - ok
20:37:07.0395 0x1934 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:37:07.0400 0x1934 vmbus - ok
20:37:07.0414 0x1934 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:37:07.0417 0x1934 VMBusHID - ok
20:37:07.0430 0x1934 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:37:07.0454 0x1934 volmgr - ok
20:37:07.0481 0x1934 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:37:07.0489 0x1934 volmgrx - ok
20:37:07.0516 0x1934 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:37:07.0522 0x1934 volsnap - ok
20:37:07.0539 0x1934 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:07.0543 0x1934 vsmraid - ok
20:37:07.0592 0x1934 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
20:37:07.0611 0x1934 VSS - ok
20:37:07.0625 0x1934 vtany - ok
20:37:07.0633 0x1934 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:37:07.0646 0x1934 vwifibus - ok
20:37:07.0671 0x1934 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
20:37:07.0679 0x1934 W32Time - ok
20:37:07.0693 0x1934 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:37:07.0706 0x1934 WacomPen - ok
20:37:07.0735 0x1934 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:37:07.0749 0x1934 WANARP - ok
20:37:07.0752 0x1934 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:37:07.0754 0x1934 Wanarpv6 - ok
20:37:07.0800 0x1934 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
20:37:07.0831 0x1934 wbengine - ok
20:37:07.0855 0x1934 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:37:07.0860 0x1934 WbioSrvc - ok
20:37:07.0888 0x1934 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:37:07.0906 0x1934 wcncsvc - ok
20:37:07.0930 0x1934 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:37:07.0934 0x1934 WcsPlugInService - ok
20:37:07.0951 0x1934 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:37:07.0965 0x1934 Wd - ok
20:37:07.0999 0x1934 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:37:08.0025 0x1934 Wdf01000 - ok
20:37:08.0036 0x1934 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:37:08.0042 0x1934 WdiServiceHost - ok
20:37:08.0046 0x1934 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:37:08.0049 0x1934 WdiSystemHost - ok
20:37:08.0050 0x1934 Web Assistant Updater - ok
20:37:08.0078 0x1934 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
20:37:08.0086 0x1934 WebClient - ok
20:37:08.0103 0x1934 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:37:08.0110 0x1934 Wecsvc - ok
20:37:08.0118 0x1934 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:37:08.0123 0x1934 wercplsupport - ok
20:37:08.0146 0x1934 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
20:37:08.0149 0x1934 WerSvc - ok
20:37:08.0180 0x1934 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:08.0192 0x1934 WfpLwf - ok
20:37:08.0202 0x1934 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:37:08.0204 0x1934 WIMMount - ok
20:37:08.0254 0x1934 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:37:08.0272 0x1934 WinDefend - ok
20:37:08.0282 0x1934 WinHttpAutoProxySvc - ok
20:37:08.0318 0x1934 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:37:08.0325 0x1934 Winmgmt - ok
20:37:08.0373 0x1934 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
20:37:08.0401 0x1934 WinRM - ok
20:37:08.0431 0x1934 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:08.0434 0x1934 WinUsb - ok
20:37:08.0473 0x1934 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:37:08.0496 0x1934 Wlansvc - ok
20:37:08.0599 0x1934 [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:37:08.0640 0x1934 wlidsvc - ok
20:37:08.0661 0x1934 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:37:08.0674 0x1934 WmiAcpi - ok
20:37:08.0697 0x1934 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:37:08.0703 0x1934 wmiApSrv - ok
20:37:08.0769 0x1934 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:37:08.0797 0x1934 WMPNetworkSvc - ok
20:37:08.0813 0x1934 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:37:08.0817 0x1934 WPCSvc - ok
20:37:08.0839 0x1934 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:37:08.0844 0x1934 WPDBusEnum - ok
20:37:08.0865 0x1934 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:37:08.0866 0x1934 ws2ifsl - ok
20:37:08.0880 0x1934 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
20:37:08.0885 0x1934 wscsvc - ok
20:37:08.0907 0x1934 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:37:08.0909 0x1934 WSDPrintDevice - ok
20:37:08.0911 0x1934 WSearch - ok
20:37:08.0985 0x1934 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
20:37:09.0029 0x1934 wuauserv - ok
20:37:09.0064 0x1934 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:37:09.0068 0x1934 WudfPf - ok
20:37:09.0087 0x1934 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:09.0093 0x1934 WUDFRd - ok
20:37:09.0110 0x1934 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:37:09.0127 0x1934 wudfsvc - ok
20:37:09.0155 0x1934 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
20:37:09.0163 0x1934 WwanSvc - ok
20:37:09.0175 0x1934 XDva391 - ok
20:37:09.0179 0x1934 xhunter1 - ok
20:37:09.0217 0x1934 xmkysecqun32 - ok
20:37:09.0270 0x1934 [ CE0C846127D6ABB1E2A22E59682B2527, 9FDDECDC964A2E0AD306C68E1CF6B8B77388BBD0EC7642B61EE03273381777F7 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
20:37:09.0294 0x1934 xnacc - ok
20:37:09.0331 0x1934 [ C26C68BCBAC1F33F890C226769759209, 15FCBDF391C68D440A61512CF236C328A540DBC155D252FB7E97E14D0E99AA40 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
20:37:09.0334 0x1934 xusb21 - ok
20:37:09.0342 0x1934 ================ Scan global ===============================
20:37:09.0359 0x1934 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
20:37:09.0386 0x1934 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:37:09.0397 0x1934 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:37:09.0420 0x1934 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:37:09.0440 0x1934 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
20:37:09.0450 0x1934 [ Global ] - ok
20:37:09.0450 0x1934 ================ Scan MBR ==================================
20:37:09.0461 0x1934 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:37:09.0681 0x1934 \Device\Harddisk0\DR0 - ok
20:37:09.0682 0x1934 ================ Scan VBR ==================================
20:37:09.0683 0x1934 [ B40575C3E0E99C9D1276778DC1697C39 ] \Device\Harddisk0\DR0\Partition1
20:37:09.0727 0x1934 \Device\Harddisk0\DR0\Partition1 - ok
20:37:09.0730 0x1934 [ 6B41565FA7130F735273064136C97BCD ] \Device\Harddisk0\DR0\Partition2
20:37:09.0771 0x1934 \Device\Harddisk0\DR0\Partition2 - ok
20:37:09.0773 0x1934 [ E05E4871B16B364AE182C68193047A2D ] \Device\Harddisk0\DR0\Partition3
20:37:09.0789 0x1934 \Device\Harddisk0\DR0\Partition3 - ok
20:37:09.0790 0x1934 ================ Scan generic autorun ======================
20:37:09.0856 0x1934 [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:37:09.0880 0x1934 Adobe ARM - ok
20:37:09.0882 0x1934 Adobe Reader Speed Launcher - ok
20:37:09.0923 0x1934 mobilegeni daemon - ok
20:37:09.0925 0x1934 SpybotDeletingA3308 - ok
20:37:09.0927 0x1934 SpybotDeletingC2411 - ok
20:37:10.0079 0x1934 [ 0477C2F9171599CA5BC3307FDFBA8D89, B4F2980E0BA4C1E1B303B443A2C45F4A9090C0D745809F84AFB1879B70ABF195 ] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
20:37:10.0197 0x1934 SpybotSnD - ok
20:37:10.0260 0x1934 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:37:10.0288 0x1934 Sidebar - ok
20:37:10.0308 0x1934 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:37:10.0313 0x1934 mctadmin - ok
20:37:10.0341 0x1934 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:37:10.0361 0x1934 Sidebar - ok
20:37:10.0366 0x1934 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:37:10.0369 0x1934 mctadmin - ok
20:37:10.0369 0x1934 Overwolf - ok
20:37:10.0394 0x1934 [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
20:37:10.0398 0x1934 NextLive - ok
20:37:10.0426 0x1934 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
20:37:10.0446 0x1934 Sidebar - ok
20:37:10.0474 0x1934 Skype - ok
20:37:10.0486 0x1934 Akamai NetSession Interface - ok
20:37:10.0487 0x1934 SpybotDeletingB5374 - ok
20:37:10.0489 0x1934 SpybotDeletingD3046 - ok
20:37:10.0489 0x1934 Waiting for KSN requests completion. In queue: 346
20:37:11.0489 0x1934 Waiting for KSN requests completion. In queue: 35
20:37:12.0489 0x1934 Waiting for KSN requests completion. In queue: 35
20:37:13.0666 0x1934 AV detected via SS2: ESET NOD32 Antivirus 4.2, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 4.2.64.12 ), 0x41010 ( enabled : outofdate )
20:37:13.0754 0x1934 Win FW state via NFP2: enabled
20:37:16.0403 0x1934 ============================================================
20:37:16.0403 0x1934 Scan finished
20:37:16.0403 0x1934 ============================================================
20:37:16.0408 0x1bc4 Detected object count: 0
20:37:16.0408 0x1bc4 Actual detected object count: 0
20:38:12.0998 0x06b4 Deinitialize success
Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2015.01.08.14
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
User :: USER-PC [administrator]
08.01.2015 21:11:23
mbar-log-2015-01-08 (21-11-23).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | MBR | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: Drivers | Physical Sectors
Objects scanned: 366155
Time elapsed: 57 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
08.01.2015, 23:03
| #6 |
| /// the machine /// TB-Ausbilder | Stimmen ohne ein Programm Bitte die Logs einzeln in Codetags posten  Scan mit Combofix
__________________ --> Stimmen ohne ein Programm |
|
09.01.2015, 13:15
| #7 |
| | Stimmen ohne ein Programm Erst einmal danke für deine starke Hilfe und Unterstützung bisher! Ohne dich hätte ich es nie zu diesem Punkt gebracht. Combofix Logfile: Code:
ATTFilter ComboFix 15-01-08.01 - User 09.01.2015 12:58:36.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3582.2460 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\Neuer Ordner\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\terms.lnk.url
c:\program files\Common Files\Config\uninstinethnfd.exe
c:\program files\Common Files\Config\ver.xml
c:\program files\MediaBuzzV1
c:\program files\MediaPlayerV1
c:\program files\MediaViewerV1
c:\program files\MediaViewV1
c:\program files\MediaWatchV1
c:\program files\RichMediaViewV1
c:\program files\TrustMediaViewerV1
c:\program files\unisalesi
c:\program files\unisalesi\gmaNXLGrhGdHWq.dat
c:\program files\unisalesi\gmaNXLGrhGdHWq.dll
c:\program files\unisalesi\gmaNXLGrhGdHWq.tlb
c:\program files\WebexpEnhancedV1
c:\programdata\8538791942874583879
c:\programdata\8538791942874583879\cd5b15e575e1c3d0e3eceae9ee88d9ad.ini
c:\programdata\ntuser.pol
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Surftastic_iels
c:\users\User\AppData\Local\Temp\4289785d3F8\temp\DoWNload.exe
c:\users\User\AppData\Roaming\.#
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\bootstrap.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\content\bg.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\install.rdf
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\WebSearch.xml
c:\users\User\AppData\Roaming\systweak\ssd\SSDPTstub.exe
c:\users\User\KeiNett Launcher.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\IsUn0407.exe
c:\windows\jestertb.dll
c:\windows\system32\installd.exe
c:\windows\system32\logs
c:\windows\system32\logs\latest.log
c:\windows\system32\roboot.exe
c:\windows\system32\server.log
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-09 bis 2015-01-09 ))))))))))))))))))))))))))))))
.
.
2015-01-08 19:43 . 2015-01-09 11:37 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-08 19:43 . 2015-01-08 20:10 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-08 19:41 . 2015-01-08 20:10 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-08 19:22 . 2015-01-08 19:22 -------- d-----w- c:\program files\VS Revo Group
2015-01-08 17:09 . 2015-01-08 17:14 -------- d-----w- C:\FRST
2014-12-28 12:24 . 2014-12-28 12:24 -------- d-----w- C:\Damian tabe ts3
2014-12-26 16:57 . 2015-01-08 20:01 -------- d-----w- c:\program files\Help Save
2014-12-26 16:56 . 2015-01-08 20:01 -------- d-----w- c:\program files\uNisales
2014-12-26 16:55 . 2014-12-26 16:55 -------- d-----w- c:\programdata\nccncfbieclkohpknecjlhkfidfnkkbc
2014-12-20 15:03 . 2014-12-20 15:03 -------- d-----w- c:\users\User\AppData\Roaming\MW2 FoV Changer
2014-12-18 13:25 . 2014-12-13 03:33 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-10 19:14 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2014-12-10 16:13 . 2014-11-22 02:15 10948096 ----a-w- c:\program files\Internet Explorer\F12Resources.dll
2014-12-10 16:13 . 2014-11-27 01:10 815280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-12-10 16:12 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2014-12-10 16:12 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2014-12-10 16:12 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:12 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2014-12-10 16:12 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2014-12-10 16:12 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 16:11 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 03:36 . 2011-01-03 16:11 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-02 11:01 . 2015-01-09 11:43 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1441639-436B-41B7-ADC8-F9E109056169}\mpengine.dll
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 02:44 . 2014-11-19 14:51 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 14:51 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-10-29 18:55 . 2012-10-18 08:22 348928 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-10-29 18:55 . 2014-07-10 17:39 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-10-26 19:34 . 2014-07-10 17:39 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-10-25 20:29 . 2012-10-18 08:20 138056 ----a-w- c:\users\User\AppData\Roaming\PnkBstrK.sys
2014-10-25 01:32 . 2014-11-13 15:24 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-13 15:25 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-13 15:24 136632 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-13 15:24 523776 ----a-w- c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-13 15:25 2363904 ----a-w- c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-13 15:24 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-13 15:24 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-13 15:24 681984 ----a-w- c:\windows\system32\adtschema.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\User\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30872168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-08-12 13:16 2215064 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKLOL]
2014-08-09 10:04 1076424 ----a-w- c:\program files\MKJogo\MKLOL\Bin\MKIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-09-12 14:07 4272640 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-11-25 20:40 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-11-18 20:23 1940160 ----a-w- c:\program files\Steam\Steam.exe
.
R1 netfilter2;netfilter2;c:\windows\system32\drivers\netfilter2.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R2 Update Surftastic;Update Surftastic;c:\program files\Surftastic\updateSurftastic.exe [x]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
R3 ArcService;Arc Service;d:\arc\ArcService.exe [2014-10-21 88400]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cusbohcn;cusbohcn;c:\users\User\AppData\Local\Temp\cusbohcn.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2014-12-18 1903472]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 122752]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 Browser Manager;Browser Manager; [x]
R4 SupraSavingsService;SupraSavingsService;c:\program files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe [2014-06-25 151040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-06-12 31744]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [2014-12-31 87208]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
mStart Page = hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{d41e1605-bcf5-4307-ba1e-44950ed12dea} - c:\program files\unisalesi\gmaNXLGrhGdHWq.dll
Toolbar-10 - (no file)
HKCU-Run-Overwolf - c:\program files\Overwolf\Overwolf.exe
HKCU-Run-Akamai NetSession Interface - c:\users\User\AppData\Local\Akamai\netsession_win.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-Akamai NetSession Interface - c:\users\User\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-FreePDF Assistant - c:\program files\FreePDF_XP\fpassist.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSConfigStartUp-uTorrent - c:\users\User\Downloads\uTorrent_3.4.1.30768.exe
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
AddRemove-Opera 11.61.1250 - c:\program files\Opera\Opera.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2980554796-842610410-1348767362-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:68,dc,ae,28,a1,33,1b,10,08,ec,b1,9e,15,9c,88,67,4b,fa,fe,17,f5,3b,d5,
79,8b,e4,c9,7f,1d,8d,6f,c0,de,b1,e2,31,1d,57,1f,49,4c,b5,69,93,0c,f6,e8,00,\
"??"=hex:5e,42,1a,74,74,40,a4,8c,4c,97,40,15,d3,d2,5e,94
.
[HKEY_USERS\S-1-5-21-2980554796-842610410-1348767362-1000\Software\SecuROM\License information*]
"datasecu"=hex:c9,ef,e3,8e,d8,c5,49,c5,0a,39,a8,da,60,ad,1a,76,46,d7,7c,84,f4,
84,43,6d,58,5c,51,18,00,7a,24,28,41,90,4b,85,19,f2,9c,3d,b4,6a,93,55,0e,4e,\
"rkeysecu"=hex:56,c0,be,43,a4,65,68,bb,1c,9d,1a,d9,69,ff,5e,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\UAService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-09 13:12:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-01-09 12:12
.
Vor Suchlauf: 16 Verzeichnis(se), 75.809.132.544 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 82.674.044.928 Bytes frei
.
- - End Of File - - 09A0C93D7ABF62CF1D4AE93AB950CD9F
A36C5E4F47E84449FF07ED3517B43A31 [/CODE] LG feuerstein98 |
|
09.01.2015, 14:07
| #8 |
| /// the machine /// TB-Ausbilder | Stimmen ohne ein Programm Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2015, 22:08
| #9 |
| | Stimmen ohne ein Programm Guten Abend, wissen sie wie viele Dateien MBAM etwa bei mir überprüfen muss? Danke im vorraus! feuerstein98 Guten Abend, danke für die bisherige Hilfe es scheint ja ein relativ "gemeiner" Virus zu sein  Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 09.01.2015 14:59:53, SYSTEM, USER-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 09.01.2015 14:59:53, SYSTEM, USER-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.7.1, Update, 09.01.2015 15:00:04, SYSTEM, USER-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.9.9, Update, 09.01.2015 20:07:15, SYSTEM, USER-PC, Manual, Malware Database, 2015.1.9.9, 2015.1.9.15, (end) Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:53:40
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : Browser Manager
Dienst Gelöscht : netfilter
[#] Dienst Gelöscht : SupraSavingsService
[#] Dienst Gelöscht : Update Surftastic
[#] Dienst Gelöscht : Web Assistant Updater
Dienst Gelöscht : UserAccess
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\COOupExxtensiOnn
Ordner Gelöscht : C:\ProgramData\EExstraSavings
Ordner Gelöscht : C:\ProgramData\EnjoYCoupuon
Ordner Gelöscht : C:\ProgramData\767fe2081601d347
Ordner Gelöscht : C:\Program Files\~Web Assistant
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Mobogenie
Ordner Gelöscht : C:\Program Files\Uncompressor
Ordner Gelöscht : C:\Program Files\VideoPlayerV3
Ordner Gelöscht : C:\Program Files\COOupExxtensiOnn
Ordner Gelöscht : C:\Program Files\EExstraSavings
Ordner Gelöscht : C:\Program Files\EnjoYCoupuon
Ordner Gelöscht : C:\Users\User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Local\genienext
Ordner Gelöscht : C:\Users\User\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\User\AppData\Local\Oxy
Ordner Gelöscht : C:\Users\User\AppData\Local\Tuguu_SL
Ordner Gelöscht : C:\Users\User\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\User\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\User\AppData\Roaming\iPumper
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Oxy
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Windows\system32\UAService.exe
Datei Gelöscht : C:\Users\User\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\invalidprefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\user.js
***** [ Tasks ] *****
Task Gelöscht : Escolade
Task Gelöscht : RunAsStdUser Task
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\oxy.exe
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P80bf2c33_81ea_4938_9423_c59cac4428c8_.P80bf2c33_81ea_4938_9423_c59cac4428c8_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P80bf2c33_81ea_4938_9423_c59cac4428c8_.P80bf2c33_81ea_4938_9423_c59cac4428c8_.9
Schlüssel Gelöscht : HKCU\Software\eedc8ce73fe942
Schlüssel Gelöscht : HKLM\SOFTWARE\eedc8ce73fe942
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{155d6a90-0320-4506-bc9b-5cb6b07e4767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2bc0afe5-beb5-4ed1-aab2-0fa4072e1c8a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80bf2c33-81ea-4938-9423-c59cac4428c8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{155d6a90-0320-4506-bc9b-5cb6b07e4767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2bc0afe5-beb5-4ed1-aab2-0fa4072e1c8a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{80bf2c33-81ea-4938-9423-c59cac4428c8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Escolade
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\BetterSurf
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 de)
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15665");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e82ec35300000000000020cf305600f3&q=");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=115935&tt=4712_8&babsrc=NT_ss&mntrId=e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.817:16:14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.id", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16124");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=E82E20CF305600F3&affID=128491&tsp=5167");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=E82E20CF305600F3&affID=128491&tsp=5167");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.77:36:51");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledAddons", "battlefieldheroespatcher%40ea.com:5.0.145.0,bbrs_002%40blabbers.com:1.0.5,%7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0,%7B94cd2cc3-083f-49ba-a218-4cda4b482[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.admin", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.afterInstallRpt", "sent");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.cntry", "DE");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.dfltLng", "EN");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.dfltlng", "EN");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.dfltsrch", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.did", "10665");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.excTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.hdrMd5", "B3978502530535E76433E6652C252958");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.hmpg", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.hrdid", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.id", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.instlday", "15573");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.instlref", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.isdcmntcmplt", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.keywordurl", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.149:21:11");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.newtab", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.newtaburl", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.ppd", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.productid", "26");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.prtnrid", "Incredibar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.sg", "{smplGrp}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.smplgrp", "none");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.srch", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.srchprvdr", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.tlbrid", "base");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyLGgmLPq&loc=IB_TB&i=26&search=");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.upn2", "6OyLGgmLPq");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.upn2n", "92261967783937024");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsnts", "1.5.11.149:21:11");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.did", "10665");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.id", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.instlDay", "15573");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.newTab", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.ppd", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.productid", "26");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyLGgmLPq&loc=IB_TB&i=26&search=");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyLGgmLPq");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261967783937024");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.149:21:11");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1401121374895");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.newtab.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxps://www.google.de/");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{5187A98F-0910-45F1-9A6D-52F104FB99EF}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=6&barid={5187A98F-0910-45F1-9A6D-52F104FB99EF}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E+x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E,x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E-x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E.:2z527", "2423");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E.:2z527.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E.x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E/x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:", "6E6C71716E736D737070");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K", "247E2D2F226A74727777747973797676242F4B49474F42357D5D5C3D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E0x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E1x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E2x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJ=>=FM\"LL.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJ=BFJ?B#MM.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJC<=FBJ#MM.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJC<=FBJ#NCF.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJHBEGE<HJQFOB)SS.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJI5E K@C.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJI7GAK@#MM.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJI>K3?A#MM.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E3x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E4x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E5x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E6x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E7x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E8x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E9x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E:x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E;x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E<x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E=x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E>x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E?x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E@x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EAx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EBx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7ECx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EDx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7Etx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3G>D", "673B3C706C7373417A7674787320477A794E2521237B252A285557265524275A592C6061");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3G>D.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3G@6:5;", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3G@6:5;.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3GFA7EF", "2B2E2C3D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3GFA7EF.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B3=>@44I48?.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B5BA==9CJAG", "6A6C706F3E4173727A4277764747487C774C227B50");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B5BA==9CJAG.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;ANR@P", "6E6C71716E736D73707073767A");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B9643G3/9E", "6A");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B9643G3/9E.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE", "2B2E2C3D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B<:222H64<", "393F352F3E");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B<:222H64<.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ", "6D70706E7674737975712A7973727A78757E21");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:", "4443");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B?+E2A52D8.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H", "6D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9BA@0<0BI6A7GN:6@L?", "6C");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.PG_ENABLE", "74727565");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.PG_ENABLE.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED", "46414C5345");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_STATUS", "454E41424C4544");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_STATUS.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_USER_ID", "6369645F3237323230313431393336333432353038343437");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_USER_ID.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263._key_cl_active", "62636164343139612D383661322D346230342D623138322D346264346662646433313465");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263._key_cl_active.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_experience_000", "3136");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_experience_000.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_firstuse0100", "31");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_firstuse0100.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_user_id_000", "43423334323233323038313035355F313339353531363633393537375F46697265666F78");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_user_id_000.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cbfirsttime", "5468752046656220323720323031342031393A33363A343020474D542B30313030");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cbfirsttime.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime", "31343031353138333638383631");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active", "6F6E");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appsConfig.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled", "6E756C6C");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_calledSetupService", "31");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_calledSetupService.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_currentVersion", "312E31332E302E3137");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_currentVersion.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_first_time", "31");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_first_time.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid", "7B64363363353934622D336233652D346633632D383563312D6433346238656131303565367D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime", "31343031353138333730313734");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_localization.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_mamEnabled", "66616C7365");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_mamEnabled.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_settings1.13.0.17.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget", "66616C7365");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_stamp", "313130325F30");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_stamp.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_userBornDate", "3230313430323237");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_userBornDate.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_userId", "63316435636164392D323730352D346436352D393066662D363361373937356337353339");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_userId.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.url_history0001", "687474703A2F2F7777772E796F75747562652E636F6D2F6D795F766964656F733A3A3A636C69636B68616E646C65723A3A3A313339333532363631353538342C2C2C687474703A2F2F7777[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.url_history0001.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavi[...]
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("extensions.6JoIqk92sE66uwJa.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("extensions.fjY68ivUGaraMdaP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start@gmail.com.install-event-fired", true);
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("extensions.tqykr9FdjdPAugyw.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=");
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [45516 octets] - [09/01/2015 21:48:54]
AdwCleaner[S0].txt - [48191 octets] - [09/01/2015 21:53:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [48252 octets] ##########
JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by User on 09.01.2015 at 22:03:23,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update surftastic
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\fihm4efv.default-1405187378199\prefs.js
user_pref("extensions.ahKEe6Qu5bsJjdfm.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.ahKEe6Qu5bsJjdfm.url", "hxxp://toolkitcoupon.us/sync2/?q=hfZ9ofV9CShEAen0rTa4qHYMg708BNmGWj8wmihGheDUojw9rjsGqTw7qjgHqGhIC7n0rjnFrTs7rjg8qHkHtNhVCT94tMVK
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\fihm4efv.default-1405187378199\minidumps [56 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.01.2015 at 22:04:36,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 09-01-2015 22:10:17
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199
FF Homepage: hxxp://www.google.com/
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-maps.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; D:\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 cusbohcn; \??\C:\Users\User\AppData\Local\Temp\cusbohcn.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-09 22:04 - 2015-01-09 22:04 - 00001504 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-09 22:03 - 2015-01-09 22:03 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 22:02 - 2015-01-09 22:02 - 01707939 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-01-09 21:48 - 2015-01-09 21:56 - 00000000 ____D () C:\AdwCleaner
2015-01-09 21:43 - 2015-01-09 21:44 - 02191360 _____ () C:\Users\User\Downloads\AdwCleaner_4.107.exe
2015-01-09 21:43 - 2015-01-09 21:43 - 00000464 _____ () C:\Users\User\Desktop\mbam.txt
2015-01-09 20:07 - 2015-01-09 20:08 - 06619054 _____ () C:\Users\User\Downloads\FTB_Launcher.exe
2015-01-09 14:59 - 2015-01-09 14:59 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-01-09 14:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 14:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 14:56 - 2015-01-09 14:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 13:12 - 2015-01-09 13:12 - 00017941 _____ () C:\ComboFix.txt
2015-01-09 12:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-09 12:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-09 12:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-09 12:52 - 2015-01-09 12:52 - 05609736 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-09 12:52 - 2015-01-09 12:52 - 00001134 _____ () C:\Users\User\Desktop\ComboFix.exe - Verknüpfung.lnk
2015-01-09 12:51 - 2015-01-09 13:12 - 00000000 ____D () C:\Qoobox
2015-01-09 12:50 - 2015-01-09 13:11 - 00000000 ____D () C:\Windows\erdnt
2015-01-08 20:43 - 2015-01-09 20:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 20:43 - 2015-01-09 12:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Users\User\Downloads\mbar
2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-08 20:41 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 20:40 - 2015-01-08 20:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.08.2.1001.exe
2015-01-08 20:32 - 2015-01-08 20:33 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-01-08 20:22 - 2015-01-08 20:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-08 20:22 - 2015-01-08 20:22 - 00001228 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-08 20:22 - 2015-01-08 20:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-08 18:12 - 2015-01-08 18:14 - 00032623 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-08 18:10 - 2015-01-09 22:10 - 00010382 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-08 18:10 - 2015-01-08 18:14 - 00039244 _____ () C:\Users\User\Downloads\FRST1.txt
2015-01-08 18:09 - 2015-01-09 22:10 - 00000000 ____D () C:\FRST
2015-01-08 18:07 - 2015-01-08 18:08 - 01115648 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-03 19:10 - 2015-01-03 19:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\java
2015-01-02 16:40 - 2015-01-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
2014-12-29 22:18 - 2014-12-29 22:19 - 00026003 _____ () C:\Users\User\Documents\Bewerbung Reporter.odt
2014-12-29 18:22 - 2014-12-29 18:23 - 00014764 _____ () C:\Users\User\Documents\Bewerbung Mafia.odt
2014-12-28 13:24 - 2014-12-28 13:24 - 00000000 ____D () C:\Damian tabe ts3
2014-12-27 09:54 - 2014-12-27 09:54 - 00000044 _____ () C:\Users\User\Documents\TS-Verbindungen.txt
2014-12-26 17:57 - 2015-01-08 21:01 - 00000000 ____D () C:\Program Files\Help Save
2014-12-26 17:56 - 2015-01-08 21:01 - 00000000 ____D () C:\Program Files\uNisales
2014-12-26 17:55 - 2014-12-26 17:55 - 00000000 ____D () C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc
2014-12-25 20:15 - 2014-12-25 20:15 - 00017656 _____ () C:\Users\User\Documents\Bewerbung Mechaniker.odt
2014-12-21 20:33 - 2015-01-08 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-20 16:03 - 2014-12-20 16:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\MW2 FoV Changer
2014-12-20 16:03 - 2012-02-06 00:37 - 00083456 _____ () C:\Users\User\Downloads\MW2 MP FoV Changer.exe
2014-12-18 14:25 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 20:14 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 17:14 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 17:14 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 17:14 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 17:14 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 17:14 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 17:14 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 17:14 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 17:14 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 17:14 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 17:14 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 17:14 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 17:14 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 17:14 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 17:14 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 17:14 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 17:14 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 17:14 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 17:14 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 17:14 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 17:14 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 17:14 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 17:14 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 17:14 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 17:14 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 17:14 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 17:14 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 17:14 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 17:14 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 17:14 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 17:14 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 17:13 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 17:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 17:12 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 17:11 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-09 22:08 - 2011-01-03 16:46 - 01581406 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 22:06 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 22:06 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 22:00 - 2012-01-20 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-09 21:59 - 2011-01-17 17:26 - 00781446 _____ () C:\Windows\PFRO.log
2015-01-09 21:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 21:59 - 2009-07-14 05:39 - 00225306 _____ () C:\Windows\setupact.log
2015-01-09 21:43 - 2014-07-09 09:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDM2
2015-01-09 21:43 - 2014-06-26 20:27 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2015-01-09 21:07 - 2013-10-31 14:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-09 14:59 - 2011-01-03 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 13:21 - 2011-11-12 19:51 - 00000000 ____D () C:\Program Files\Steam
2015-01-09 13:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-09 13:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-09 13:07 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-09 13:06 - 2009-07-14 03:03 - 64749568 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-08 21:03 - 2013-04-01 17:43 - 00000000 ____D () C:\Windows\de
2015-01-08 14:52 - 2014-03-22 20:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 14:47 - 2011-01-03 17:29 - 00000000 ____D () C:\Program Files\Java
2015-01-08 14:42 - 2014-03-22 20:32 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-06 14:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-06 11:24 - 2014-12-07 15:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2015-01-06 04:36 - 2011-01-03 17:11 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 17:55 - 2011-01-04 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 22:03 - 2014-07-12 23:23 - 00000000 ____D () C:\Program Files\Google
2015-01-03 22:02 - 2012-06-01 13:11 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-01-03 13:33 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2015-01-02 14:27 - 2011-10-08 11:34 - 00000000 ____D () C:\ProgramData\Origin
2015-01-02 14:25 - 2012-04-20 17:15 - 00000000 ____D () C:\Program Files\Origin
2014-12-30 16:53 - 2012-01-04 08:18 - 00000000 ____D () C:\Users\User\Wichtig
2014-12-24 09:36 - 2011-01-03 16:57 - 01629412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 08:29 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 08:32 - 2014-09-07 06:28 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-18 19:28 - 2014-09-20 18:54 - 00000000 ___RD () C:\Program Files\Skype
2014-12-18 19:28 - 2012-01-20 16:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 14:21 - 2012-04-20 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-11 16:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 20:14 - 2011-01-16 11:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 20:12 - 2013-07-27 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 20:07 - 2011-01-03 17:37 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 17:23 - 2014-10-10 15:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2014-12-10 17:23 - 2012-10-20 09:42 - 00000000 ___RD () C:\Users\User\Desktop\videosmacher
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-06 13:57
==================== End Of Log ============================
Noch ein mal vielen Dank für Ihre Unterstützung! LG feuerstein98 |
|
10.01.2015, 11:37
| #10 |
| /// the machine /// TB-Ausbilder | Stimmen ohne ein ProgrammESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 21:06
| #11 |
| | Stimmen ohne ein Programm Guten Abend, hier die log Dateien! Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f465e6891e407c48982cc3a16d45dc1b
# engine=21902
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-10 07:47:41
# local_time=2015-01-10 08:47:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 119035 172550452 0 0
# compatibility_mode_1='ESET NOD32 Antivirus 4'
# compatibility_mode=8199 16776701 100 98 44415098 139300419 0 0
# scanned=347291
# found=32
# cleaned=0
# scan_time=6728
# nod_component=V3 Build:0x30000000
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\Mobogenie.exe.vir"
sh=76F71A78A0325BEFD06204724AA7FD51ECF43E43 ft=1 fh=01bb8aae11353a5c vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\Extension32.dll.vir"
sh=9D4A2823B99C8697FCFC018C361CCF7F12E9D20D ft=1 fh=1ad9441b34024e95 vn="Variante von Win32/Toolbar.BitCocktail.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\InstallerHelper.dll.vir"
sh=5AEF02F89BCD7622CBC7BEC8B8CEBAD49E0981B7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\source.crx.vir"
sh=96E394DBE6F1B057E61940E3D175F676048C9555 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\Firefox\chrome\content\main.js.vir"
sh=C2695F17B6B10822041D008A658712AAEF9AE95D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\Firefox\chrome\content\resources\localscript.js.vir"
sh=C2695F17B6B10822041D008A658712AAEF9AE95D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\resources\localscript.js.vir"
sh=94A5F9D5C2E4C65F86CA528A47DA43BD4A71635E ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\witmain.js.vir"
sh=77806ACCEF68FE5DA6553029E91B6477383F3817 ft=1 fh=3bc8aafdf30d2c08 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll.vir"
sh=3CE5D37693ADF0AD2E08A7FD2CFA7CFE973D5E2E ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl\1.1_0\BetterSrf.js.vir"
sh=800E7EB37E5EC14049A010F7886513367DD10CD6 ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\BetterSrf.js.vir"
sh=D6CFE89E51D1CF5C0043E538BC26C4477CE3EF3E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.2.0.zip.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir"
sh=EE47D9346BA1502824B280D41334E5BEBE9DF53E ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc\Ba.js"
sh=BFF9450ED225C31548426C98EBCF6055BA7A2BB9 ft=1 fh=c71c00118b379316 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\unisalesi\gmaNXLGrhGdHWq.dll.vir"
sh=1F0051B15E12D765FDF58966A8ED5921BF819FDD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\content\bg.js.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=2AE7F9C69096C7DC958F6207B64A6BF0C405DEAB ft=1 fh=250d94639159b4a8 vn="Variante von Win32/Amonetize.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\installd.exe.vir"
sh=5E41AB693AF0FEB0F33E013CF7FAA7CA91AABDE3 ft=1 fh=b9176d4f2bb0ec62 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\roboot.exe.vir"
sh=EE47D9346BA1502824B280D41334E5BEBE9DF53E ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\nccncfbieclkohpknecjlhkfidfnkkbc\Ba.js"
sh=E89829A1C681698B9C12CA97521113172ECA0EAA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.DU Anwendung" ac=I fn="C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\prefs.js.BAK"
sh=11664A975E7C31E25DA3F1CAF7A3FD08433B97E0 ft=1 fh=e6f7bc67c0af21c3 vn="Variante von Win32/InstallCore.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Programme\counter strike\ADLSoft_UnCompressor_v2.exe"
sh=3FCDDDFFA523FD30995BD7F1EE90AD1DAFF05C22 ft=1 fh=eb68e71596000e50 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe"
sh=6B97D6844255D47302665BE4EB504893477EFA9C ft=1 fh=edd6a7ebcaa5d0c2 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe"
sh=432BD2A275783208671CD1DD289C39B98DBCB270 ft=1 fh=3c9d1dccdf052d27 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\PersgSetup[1].exe"
sh=8EEC2F3EC9E824FC4D7E561C8C22B1A5C4546640 ft=1 fh=89f68a07f7f8a43c vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\update[1]"
sh=694A6C4A6C09151E896340FBD6597A3DF837CBAF ft=1 fh=439deba0b906930a vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\WSSetup[1].exe"
sh=6D970EEB9659EC51AD4AA0566E1C817B6078C6EE ft=1 fh=6997e40d6b6b5d8a vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21BGD4B0\WSSetup[1].exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 4.2
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Reader XI
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 4.2
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Reader XI
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
LG feuerstein98 |
|
10.01.2015, 22:56
| #12 |
| /// the machine /// TB-Ausbilder | Stimmen ohne ein Programm Das frische FRST log fehlt noch
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 23:26
| #13 |
| | Stimmen ohne ein Programm Oopps hab 2 mal das gleich anstatt den log! Tut mir leid. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 10-01-2015 21:05:00
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Users\User\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199
FF Homepage: hxxp://www.google.com/
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-maps.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ArcService; D:\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-10] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 cusbohcn; \??\C:\Users\User\AppData\Local\Temp\cusbohcn.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 20:58 - 2015-01-10 20:58 - 00852505 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2015-01-10 20:56 - 2015-01-10 20:56 - 00008571 _____ () C:\Users\User\Desktop\sicher.txt
2015-01-10 20:43 - 2015-01-10 20:45 - 00348928 _____ () C:\Windows\system32\PnkBstrB.exe
2015-01-10 20:43 - 2015-01-10 20:45 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2015-01-10 20:43 - 2015-01-10 20:45 - 00139944 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2015-01-10 20:42 - 2015-01-10 20:42 - 01534736 _____ () C:\Users\User\Downloads\battlelog-web-plugins_2.6.2_154.exe
2015-01-10 18:40 - 2015-01-10 18:40 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2015-01-09 22:04 - 2015-01-09 22:04 - 00001504 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-09 22:03 - 2015-01-09 22:03 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 22:02 - 2015-01-09 22:02 - 01707939 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-01-09 21:48 - 2015-01-09 21:56 - 00000000 ____D () C:\AdwCleaner
2015-01-09 21:43 - 2015-01-09 21:44 - 02191360 _____ () C:\Users\User\Downloads\AdwCleaner_4.107.exe
2015-01-09 21:43 - 2015-01-09 21:43 - 00000464 _____ () C:\Users\User\Desktop\mbam.txt
2015-01-09 20:07 - 2015-01-09 20:08 - 06619054 _____ () C:\Users\User\Downloads\FTB_Launcher.exe
2015-01-09 14:59 - 2015-01-09 14:59 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-01-09 14:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 14:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 14:56 - 2015-01-09 14:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 13:12 - 2015-01-09 13:12 - 00017941 _____ () C:\ComboFix.txt
2015-01-09 12:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-09 12:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-09 12:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-09 12:52 - 2015-01-09 12:52 - 05609736 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-09 12:52 - 2015-01-09 12:52 - 00001134 _____ () C:\Users\User\Desktop\ComboFix.exe - Verknüpfung.lnk
2015-01-09 12:51 - 2015-01-09 13:12 - 00000000 ____D () C:\Qoobox
2015-01-09 12:50 - 2015-01-09 13:11 - 00000000 ____D () C:\Windows\erdnt
2015-01-08 20:43 - 2015-01-09 20:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 20:43 - 2015-01-09 12:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Users\User\Downloads\mbar
2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-08 20:41 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 20:40 - 2015-01-08 20:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.08.2.1001.exe
2015-01-08 20:32 - 2015-01-08 20:33 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-01-08 20:22 - 2015-01-08 20:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-08 20:22 - 2015-01-08 20:22 - 00001228 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-08 20:22 - 2015-01-08 20:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-08 18:12 - 2015-01-08 18:14 - 00032623 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-08 18:10 - 2015-01-10 21:05 - 00010922 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-08 18:10 - 2015-01-09 22:10 - 00026186 _____ () C:\Users\User\Downloads\FRST2.txt
2015-01-08 18:10 - 2015-01-08 18:14 - 00039244 _____ () C:\Users\User\Downloads\FRST1.txt
2015-01-08 18:09 - 2015-01-10 21:05 - 00000000 ____D () C:\FRST
2015-01-08 18:07 - 2015-01-08 18:08 - 01115648 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-03 19:10 - 2015-01-03 19:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\java
2015-01-02 16:40 - 2015-01-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
2014-12-29 22:18 - 2014-12-29 22:19 - 00026003 _____ () C:\Users\User\Documents\Bewerbung Reporter.odt
2014-12-29 18:22 - 2014-12-29 18:23 - 00014764 _____ () C:\Users\User\Documents\Bewerbung Mafia.odt
2014-12-28 13:24 - 2014-12-28 13:24 - 00000000 ____D () C:\Damian tabe ts3
2014-12-27 09:54 - 2014-12-27 09:54 - 00000044 _____ () C:\Users\User\Documents\TS-Verbindungen.txt
2014-12-26 17:57 - 2015-01-08 21:01 - 00000000 ____D () C:\Program Files\Help Save
2014-12-26 17:56 - 2015-01-08 21:01 - 00000000 ____D () C:\Program Files\uNisales
2014-12-26 17:55 - 2014-12-26 17:55 - 00000000 ____D () C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc
2014-12-25 20:15 - 2014-12-25 20:15 - 00017656 _____ () C:\Users\User\Documents\Bewerbung Mechaniker.odt
2014-12-21 20:33 - 2015-01-08 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-20 16:03 - 2014-12-20 16:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\MW2 FoV Changer
2014-12-20 16:03 - 2012-02-06 00:37 - 00083456 _____ () C:\Users\User\Downloads\MW2 MP FoV Changer.exe
2014-12-18 14:25 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-10 20:57 - 2011-01-03 17:26 - 00000000 ____D () C:\Program Files\ESET
2015-01-10 20:53 - 2012-01-20 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-10 20:45 - 2014-07-10 18:39 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-10 20:45 - 2012-10-18 09:22 - 00348928 _____ () C:\Windows\system32\PnkBstrB.xtr
2015-01-10 20:42 - 2013-07-26 07:14 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2015-01-10 20:35 - 2011-10-08 11:34 - 00000000 ____D () C:\ProgramData\Origin
2015-01-10 20:33 - 2012-04-20 17:15 - 00000000 ____D () C:\Program Files\Origin
2015-01-10 19:32 - 2013-10-31 14:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-10 18:41 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 18:41 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 18:38 - 2011-01-03 16:46 - 01692052 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 18:34 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 18:34 - 2009-07-14 05:39 - 00225418 _____ () C:\Windows\setupact.log
2015-01-10 08:38 - 2011-11-12 19:51 - 00000000 ____D () C:\Program Files\Steam
2015-01-10 08:21 - 2011-01-17 17:26 - 00781796 _____ () C:\Windows\PFRO.log
2015-01-09 21:43 - 2014-07-09 09:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDM2
2015-01-09 21:43 - 2014-06-26 20:27 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2015-01-09 14:59 - 2011-01-03 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 13:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-09 13:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-09 13:07 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-09 13:06 - 2009-07-14 03:03 - 64749568 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-08 21:03 - 2013-04-01 17:43 - 00000000 ____D () C:\Windows\de
2015-01-08 14:52 - 2014-03-22 20:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 14:47 - 2011-01-03 17:29 - 00000000 ____D () C:\Program Files\Java
2015-01-08 14:42 - 2014-03-22 20:32 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-06 14:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-06 11:24 - 2014-12-07 15:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2015-01-06 04:36 - 2011-01-03 17:11 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 17:55 - 2011-01-04 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 22:03 - 2014-07-12 23:23 - 00000000 ____D () C:\Program Files\Google
2015-01-03 22:02 - 2012-06-01 13:11 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-01-03 13:33 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2014-12-30 16:53 - 2012-01-04 08:18 - 00000000 ____D () C:\Users\User\Wichtig
2014-12-24 09:36 - 2011-01-03 16:57 - 01629412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 08:29 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 08:32 - 2014-09-07 06:28 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-18 19:28 - 2014-09-20 18:54 - 00000000 ___RD () C:\Program Files\Skype
2014-12-18 19:28 - 2012-01-20 16:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 14:21 - 2012-04-20 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-11 16:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-06 13:57
==================== End Of Log ============================
|
|
11.01.2015, 08:22
| #14 |
| /// the machine /// TB-Ausbilder | Stimmen ohne ein Programm Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\prefs.js.BAK
C:\Users\User\Programme\counter strike\ADLSoft_UnCompressor_v2.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\PersgSetup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\update[1]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\WSSetup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21BGD4B0\WSSetup[1].exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.01.2015, 10:14
| #15 |
| | Stimmen ohne ein Programm Guten Tag, danke für Ihre ganze Mühe und alles was sie drum rum noch zu erledigen hatten! Ohne sie hätte ich wahrscheinlich meinen kompletten Computer formatieren müssen! Vielen Dank für alles. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-01-2015
Ran by User at 2015-01-11 09:57:28 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\prefs.js.BAK
C:\Users\User\Programme\counter strike\ADLSoft_UnCompressor_v2.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\PersgSetup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\update[1]
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\WSSetup[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21BGD4B0\WSSetup[1].exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
Emptytemp:
*****************
"C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc" => File/Directory not found.
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\prefs.js.BAK" => File/Directory not found.
"C:\Users\User\Programme\counter strike\ADLSoft_UnCompressor_v2.exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\PersgSetup[1].exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\update[1]" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\WSSetup[1].exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21BGD4B0\WSSetup[1].exe" => File/Directory not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 21.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog 09:57:33 ====
Vielen Dank nochmal. LG feuerstein98 |
|
| Themen zu Stimmen ohne ein Programm |
| angst, bayern, bekannte, durchgeführt, folge, folgendes, guten, helfer, heute, hoffe, installier, installierte, komische stimmen, nervig, program, programm, programme, programmen, scan, schnelle, stimmen, trojaner, unbekannte, unterschiedliche, verursacht, virus, wenig |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
