Töne und Werbung, ohne etwas geöffnet zu haben (evtl. Audio Trojaner?)

Jenny94 · 24.01.2015, 12:21

Hallo!

Ich weiß dass meine Frage schon einmal so ähnlich gestellt wurde (http://www.trojaner-board.de/161492-...net-haben.html)

leider hilft mir das aber nicht weiter.

Seit ein paar Tagen kommt immer wieder ein "Piepton", so wie das Signal das kommt wenn man etwas bestätigen soll.
Außerdem kommt auch immer wieder einmal eine kurze Audio-Werbung.
Heute zwischen 9 und 10 ist das ca. 5 Mal passiert.. aber danach gar nicht mehr.
Die letzten Tage habe ich nicht immer darauf geachtet, weil ich da zum Beispiel Facebook oder Youtube offen hatte und dachte, dass sich einfach zwischendurch Werbung durch meinen AdBlocker "durchschleicht".
Aber dann kamen diese Töne auch wenn ich nichts geöffnet habe.

Ich habe im Internet schon ein wenig recherchiert und bin so darauf gekommen, dass das ein Audio-Trojaner sein könnte. Aber ich habe bis jetzt leider nur Bruchstücke von Anleitungen gefunden.

Hilft es mir wenn ich den Laptop neu aufsetze?
Und ich müsste noch ein paar Daten sichern, aber ich weiß nicht ob das Problem dann nicht auf meine externe Festplatte übertragen werden könnte?
Und wie kann ich bei meiner externe Festplatte bzw. bei meinen USB-Sticks feststellen ob sie auch schon infiziert wurden?
Vielleicht habe ich das Problem ja schon länger, ohne etwas bemerkt zu haben.

Ich danke schon im Voraus für eure Hilfe!

Liebe Grüße Jenny

schrauber · 24.01.2015, 12:21

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Jenny94 · 24.01.2015, 12:41

Zuerst einmal vielen Dank für die schnelle Antwort! Find ich echt super =)

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Jenny Nix (administrator) on JENNY on 24-01-2015 12:35:37
Running from C:\Users\Jenny Nix\Downloads
Loaded Profiles: UpdatusUser & Jenny Nix (Available profiles: UpdatusUser & Jenny Nix)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
() C:\Users\Jenny Nix\AppData\Roaming\InetStat\inetstat.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2733080 2014-05-29] ()
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Run: [InetStat] => C:\Users\Jenny Nix\AppData\Roaming\InetStat\inetstat.exe [705038 2014-11-29] ()
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Jenny Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52144;https=127.0.0.1:52144
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=hp&installDate=25/09/2013
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> DefaultScope {2F7922A0-EB23-4A7B-8FB2-7DE09FFEF3CC} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd64&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0Azy0E0CtBtD0A0E0C0AtDtN0D0Tzu0SyDyEtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCyE&cr=1260766107&ir=
SearchScopes: HKLM -> {2F7922A0-EB23-4A7B-8FB2-7DE09FFEF3CC} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd64&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0Azy0E0CtBtD0A0E0C0AtDtN0D0Tzu0SyDyEtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCyE&cr=1260766107&ir=
SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 -> {2F7922A0-EB23-4A7B-8FB2-7DE09FFEF3CC} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd64&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0Azy0E0CtBtD0A0E0C0AtDtN0D0Tzu0SyDyEtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCyE&cr=1260766107&ir=
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1001 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> {2F7922A0-EB23-4A7B-8FB2-7DE09FFEF3CC} URL = 
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> {570BEAD8-EE36-78F9-3220-79AFD8160926} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd64&cd=2XzuyEtN2Y1L1QzutB0C0DtDyD0Azy0E0CtBtD0A0E0C0AtDtN0D0Tzu0SyDyEtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1L1C1H1B1QyCyE&cr=1260766107&ir=
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={062BBA43-0CD4-4468-9F65-64F283D0F3E8}&mid=7e435389d3da47d39dcafd991c7a2bf9-2a38474d2bdd7dd0728363e7f3fe90c838b4f3d2&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 21:27:27&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> {EFB02F6B-8B86-495D-9CDF-2CB49A024DBF} URL = hxxp://search.softonic.com/MOY00358/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=46e3eca00000000000001ed05a9ec20a&r=359
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3192750341-2543641923-3795283259-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR HomePage: Default -> https://mysearch.avg.com?cid={062BBA43-0CD4-4468-9F65-64F283D0F3E8}&mid=7e435389d3da47d39dcafd991c7a2bf9-2a38474d2bdd7dd0728363e7f3fe90c838b4f3d2&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 21:27:27&v=18.1.9.799&pid=safeguard&sg=&sap=hp
CHR StartupUrls: Default -> "https://mysearch.avg.com?cid={062BBA43-0CD4-4468-9F65-64F283D0F3E8}&mid=7e435389d3da47d39dcafd991c7a2bf9-2a38474d2bdd7dd0728363e7f3fe90c838b4f3d2&lang=de&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-04-18 21:27:27&v=18.1.9.799&pid=safeguard&sg=&sap=hp"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (AdBlock) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-04]
CHR Extension: (Google Wallet) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Jenny Nix\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-09-24]
CHR HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kdfbddbdpnahdahmamlolacimfdbeckk] - C:\Users\Jenny Nix\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx [2013-09-24]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-02] (Dritek System INC.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-13] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-06] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-13] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-02] (Dritek System Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-06] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 12:35 - 2015-01-24 12:36 - 00023267 _____ () C:\Users\Jenny Nix\Downloads\FRST.txt
2015-01-24 12:35 - 2015-01-24 12:35 - 00000000 ____D () C:\FRST
2015-01-24 12:34 - 2015-01-24 12:34 - 02129920 _____ (Farbar) C:\Users\Jenny Nix\Downloads\FRST64.exe
2015-01-24 11:48 - 2015-01-24 11:48 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Simply Super Software
2015-01-24 11:48 - 2015-01-24 11:48 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-24 11:47 - 2015-01-24 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-24 11:46 - 2015-01-24 11:47 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-24 11:46 - 2015-01-24 11:46 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-24 11:44 - 2015-01-24 11:44 - 31390952 _____ (Simply Super Software ) C:\Users\Jenny Nix\Downloads\trjsetup691.exe
2015-01-24 10:43 - 2015-01-24 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-24 10:03 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-24 09:55 - 2015-01-24 09:56 - 00000247 _____ () C:\WINDOWS\system32\2015-01-24-08-55-56.057-aswFe.exe-5560.log
2015-01-24 09:46 - 2015-01-24 09:55 - 00000247 _____ () C:\WINDOWS\system32\2015-01-24-08-46-13.065-aswFe.exe-1176.log
2015-01-24 09:46 - 2015-01-24 09:46 - 00000197 _____ () C:\WINDOWS\system32\2015-01-24-08-46-11.015-AvastVBoxSVC.exe-3860.log
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\AVAST Software
2015-01-24 09:33 - 2015-01-24 09:33 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.1422088429546
2015-01-24 09:33 - 2015-01-24 09:33 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-24 09:33 - 2015-01-24 09:32 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1422088428859
2015-01-24 09:31 - 2015-01-24 09:31 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-24 09:29 - 2015-01-24 09:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-22 19:21 - 2015-01-22 19:36 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Arbeiten
2015-01-22 06:49 - 2015-01-22 06:49 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-22 06:36 - 2012-11-20 11:48 - 02213776 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-01-14 06:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 06:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 06:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 06:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 06:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 06:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 06:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 06:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 06:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 06:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 06:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 06:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 06:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 06:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 06:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 06:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 06:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 06:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 06:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 06:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 06:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:36 - 2015-01-13 21:36 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\dvdcss
2015-01-08 11:38 - 2015-01-08 11:38 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\BMDNTCS
2015-01-08 11:38 - 2015-01-08 11:38 - 00000000 ____D () C:\ProgramData\BMDNTCS
2015-01-08 11:11 - 2015-01-08 11:21 - 00000000 ____D () C:\BMDCRW
2015-01-08 11:11 - 2015-01-08 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMD Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-24 12:24 - 2013-06-26 23:21 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-24 11:52 - 2013-06-25 00:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3192750341-2543641923-3795283259-1002
2015-01-24 11:48 - 2012-11-23 06:58 - 00000000 ____D () C:\ProgramData\Temp
2015-01-24 11:42 - 2013-06-27 10:18 - 00000000 ___RD () C:\Users\Jenny Nix\Dropbox
2015-01-24 11:29 - 2014-12-06 13:06 - 01803614 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-24 11:23 - 2013-12-01 13:58 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Hörspiele
2015-01-24 11:19 - 2014-12-10 21:52 - 00000000 ____D () C:\Users\Jenny Nix\Documents\USB
2015-01-24 11:19 - 2013-06-25 18:57 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Bilder
2015-01-24 10:52 - 2013-09-17 14:38 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Schule
2015-01-24 10:50 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-24 10:50 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-24 10:50 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-24 10:47 - 2013-06-25 19:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-24 10:46 - 2014-10-06 12:15 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Bewerbung + Lebenslauf
2015-01-24 10:46 - 2013-08-22 15:46 - 00340160 _____ () C:\WINDOWS\setupact.log
2015-01-24 10:44 - 2014-11-24 16:58 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-24 10:43 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-24 10:42 - 2013-06-27 10:13 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\Dropbox
2015-01-24 10:42 - 2013-06-25 19:51 - 00000000 ___HD () C:\$AVG
2015-01-24 10:41 - 2014-05-29 21:39 - 00000386 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-01-24 10:41 - 2014-05-29 21:39 - 00000386 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-01-24 10:41 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-24 10:41 - 2013-06-26 23:21 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 10:40 - 2014-12-06 13:13 - 00000000 ____D () C:\Users\Jenny Nix
2015-01-24 10:40 - 2014-09-23 22:06 - 00729140 _____ () C:\WINDOWS\PFRO.log
2015-01-24 10:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-24 09:38 - 2014-11-24 06:59 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\Avg2015
2015-01-24 09:05 - 2014-12-06 13:53 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{508B9F10-E260-487A-92D3-397342E45419}
2015-01-23 18:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-23 16:27 - 2013-09-09 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-22 06:57 - 2013-10-19 09:51 - 00000000 ____D () C:\ProgramData\DivX
2015-01-20 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 22:32 - 2014-12-11 08:45 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-11 08:45 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-19 19:35 - 2014-12-08 19:00 - 00565760 ___SH () C:\Users\Jenny Nix\Desktop\Thumbs.db
2015-01-17 15:58 - 2013-09-29 11:00 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\vlc
2015-01-17 14:18 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-14 22:17 - 2013-07-28 19:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 22:08 - 2013-06-27 11:45 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 20:16 - 2014-12-08 19:08 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\Deployment
2015-01-08 11:11 - 2012-11-23 06:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 00:40 - 2014-07-10 20:40 - 00000000 ____D () C:\Users\Jenny Nix\Documents\alt

==================== Files in the root of some directories =======

2014-02-18 23:23 - 2014-03-05 07:49 - 0011758 _____ () C:\Users\Jenny Nix\AppData\Roaming\LogBuch.txt
2014-02-17 20:57 - 2014-03-05 17:05 - 0003126 _____ () C:\Users\Jenny Nix\AppData\Roaming\PData.MM1
2014-02-17 20:57 - 2014-03-05 17:05 - 0003126 _____ () C:\Users\Jenny Nix\AppData\Roaming\PData.MMM
2013-09-14 15:09 - 2014-01-10 12:23 - 0000140 _____ () C:\Users\Jenny Nix\AppData\Roaming\WB.CFG
2014-06-07 11:11 - 2014-06-07 11:11 - 0002737 _____ () C:\Users\Jenny Nix\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Jenny Nix\appnimi-zip-password-unlocker.dat


Some content of TEMP:
====================
C:\Users\Jenny Nix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzva8gs.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-24 10:31

==================== End Of Log ============================

--- --- ---

und die Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Jenny Nix at 2015-01-24 12:37:43
Running from C:\Users\Jenny Nix\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi SDK - Video 2 (x32 Version: 2.1.2128 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2112 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3011 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3015 - Acer Incorporated)
AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3125 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3204 - Acer Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5646 - AVG Technologies)
AVG 2015 (Version: 15.0.4273 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5646 - AVG Technologies) Hidden
Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
BMD CRW (HKLM-x32\...\{E662F023-ACB2-445A-B7CE-65F487AFBEF5}) (Version: 5.50.1322.2 - BMD Systemhaus)
Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3112 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3109 - Acer Incorporated)
Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
Dropbox (HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Free YouTube Download version 3.2.44.922 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.44.922 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
InetStat (HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION!
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Acer Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Acer Incorporated)
Media Go (HKLM-x32\...\{5C7025FD-6BD0-4E48-8948-696E26AF6F15}) (Version: 2.5.299 - Sony)
Media Go Video Playback Engine 1.120.106.05010 (HKLM-x32\...\{8227BCD8-AA43-B935-7134-2732A298364A}) (Version: 1.120.106.05010 - Sony)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9014 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9014 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3202 - Acer)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.21 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Saturn Picture Center (HKLM-x32\...\Saturn Picture Center) (Version:  - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.14.201312091927 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Trojan Remover 6.9.1 (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.1 - Simply Super Software)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

08-01-2015 11:10:25 Installiert BMD CRW
14-01-2015 06:16:50 Windows Update
22-01-2015 06:50:55 Revo Uninstaller's restore point - DivX Setup
24-01-2015 09:30:24 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10ED5C99-2578-42F7-9416-E6814B461AA4} - \DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {175B4A64-C160-43EC-B2E7-3E385674E33C} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-29] ()
Task: {3B53780C-1E1A-45FC-8F49-E694F0F43D31} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-05-29] ()
Task: {4379264D-F433-46DD-A857-020CCC076024} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {4C0A4C85-713F-4558-8D56-4A16602541D4} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-10-23] (Acer Incorporated)
Task: {4CC312B7-6E38-48D7-968B-5A32EF6DE919} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
Task: {5973892A-E570-48C2-942D-80BCF9A53397} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-11-06] ()
Task: {678E101E-CBFE-49C5-8417-69D9A63B76F1} - \DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {80B40F5E-2649-4D11-8556-348391E0442A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {8BC460CC-B41F-43BF-B909-9803A97D0525} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {95FCADB2-D69E-4B94-B78C-105A69D7E7AB} - \Dealply No Task File <==== ATTENTION
Task: {AF874630-E68F-4B7F-9856-47381140B665} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {E68DE6BF-A61B-40BA-9006-BC6326D1B81D} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-12] (Egis Technology Inc.)
Task: {E913C514-33BA-4DA4-9DDD-04FBB1448B9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26] (Google Inc.)
Task: {FBE6A6F3-1B33-44A2-ABF9-77CEA7DD2729} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 02:36 - 2013-09-05 02:36 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-22 03:12 - 2012-06-22 03:12 - 01407568 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-05-29 21:39 - 2014-05-29 21:39 - 02733080 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-29 09:36 - 2014-11-29 09:36 - 00705038 _____ () C:\Users\Jenny Nix\AppData\Roaming\InetStat\inetstat.exe
2012-11-03 01:38 - 2012-11-03 01:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2012-11-03 01:38 - 2012-11-03 01:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
2012-11-03 01:37 - 2012-11-03 01:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-24 10:41 - 2015-01-24 10:41 - 00043008 _____ () c:\Users\Jenny Nix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzva8gs.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-04-02 13:18 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-04-18 20:27 - 2014-08-13 08:06 - 01654296 ____N () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll
2015-01-23 08:27 - 2015-01-21 04:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-23 08:27 - 2015-01-21 04:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-23 08:27 - 2015-01-21 04:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
2015-01-23 08:27 - 2015-01-21 04:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKLM\...\StartupApproved\Run32: => "DivXUpdate"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\StartupApproved\Run: => "Sony PC Companion"

========================= Accounts: ==========================

Administrator (S-1-5-21-3192750341-2543641923-3795283259-500 - Administrator - Disabled)
Gast (S-1-5-21-3192750341-2543641923-3795283259-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3192750341-2543641923-3795283259-1004 - Limited - Enabled)
Jenny Nix (S-1-5-21-3192750341-2543641923-3795283259-1002 - Administrator - Enabled) => C:\Users\Jenny Nix
UpdatusUser (S-1-5-21-3192750341-2543641923-3795283259-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/24/2015 11:29:34 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (01/24/2015 09:35:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary xfjitlid.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/24/2015 09:34:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary xfjitlid.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/24/2015 09:30:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary xfjitlid.

System Error:
Das System kann die angegebene Datei nicht finden.
.

Error: (01/23/2015 09:13:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/23/2015 07:56:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/21/2015 07:34:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/20/2015 07:58:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/20/2015 06:39:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/17/2015 03:01:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


System errors:
=============
Error: (01/24/2015 10:32:14 AM) (Source: DCOM) (EventID: 10010) (User: Jenny)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/24/2015 10:03:45 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Windows Defender – KB2267602 (Definition 1.191.3173.0)

Error: (01/24/2015 08:55:49 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎01.‎2015 um 23:26:55 unerwartet heruntergefahren.

Error: (01/23/2015 06:13:26 PM) (Source: DCOM) (EventID: 10010) (User: Jenny)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/22/2015 06:22:40 PM) (Source: DCOM) (EventID: 10010) (User: Jenny)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/21/2015 07:04:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎21.‎01.‎2015 um 19:02:04 unerwartet heruntergefahren.

Error: (01/20/2015 10:16:30 PM) (Source: DCOM) (EventID: 10010) (User: Jenny)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/20/2015 10:16:00 PM) (Source: DCOM) (EventID: 10010) (User: Jenny)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (01/20/2015 09:54:33 PM) (Source: DCOM) (EventID: 10010) (User: Jenny)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (01/20/2015 09:54:03 PM) (Source: DCOM) (EventID: 10010) (User: Jenny)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}


Microsoft Office Sessions:
=========================
Error: (01/24/2015 11:29:34 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (01/24/2015 09:35:29 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary xfjitlid.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/24/2015 09:34:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary xfjitlid.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/24/2015 09:30:37 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary xfjitlid.

System Error:
Das System kann die angegebene Datei nicht finden.

Error: (01/23/2015 09:13:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/23/2015 07:56:06 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/21/2015 07:34:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/20/2015 07:58:31 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/20/2015 06:39:52 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (01/17/2015 03:01:56 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2348M CPU @ 2.30GHz
Percentage of memory in use: 29%
Total physical RAM: 8005.28 MB
Available physical RAM: 5681.7 MB
Total Pagefile: 9413.28 MB
Available Pagefile: 7144.79 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:911.75 GB) (Free:572.2 GB) NTFS
Drive e: (JENNY) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 150623F0)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

schrauber · 24.01.2015, 16:07

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

InetStat
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Jenny94 · 24.01.2015, 17:44

Also ich habe das Programm "Malwarebytes" durchlaufen lassen, aber es wurde keine Malware gefunden..
Es kommt die Meldung: Congratulations, no cleanup is required
Scan finishes: no malware found

Soll ich das Programm nochmal laufen lassen?

Liebe Grüße Jenny

ps: bis jetzt ist keine Werbung mehr gekommen.. (soweit ich mitbekommen habe)

schrauber · 24.01.2015, 20:51

Dann bitte noch TDSSKiller wie oben beschrieben

Jenny94 · 24.01.2015, 21:30

Habe jetzt auch den TDSSkiller ausgeführt - es wurden keine infizierten Objekte gefunden =)

Ich habe 2 Logfiles gefunden.

Code:

ATTFilter

21:22:13.0650 0x11d0  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:22:13.0650 0x11d0  UEFI system
21:22:17.0458 0x11d0  EULA was not accepted, exiting. For auto accept you could use -accepteula command line parameter.
21:22:17.0476 0x1728  Deinitialize success

Code:

ATTFilter

21:23:07.0208 0x17a4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:23:07.0208 0x17a4  UEFI system
21:23:11.0592 0x17a4  ============================================================
21:23:11.0592 0x17a4  Current date / time: 2015/01/24 21:23:11.0592
21:23:11.0592 0x17a4  SystemInfo:
21:23:11.0592 0x17a4  
21:23:11.0592 0x17a4  OS Version: 6.3.9600 ServicePack: 0.0
21:23:11.0592 0x17a4  Product type: Workstation
21:23:11.0592 0x17a4  ComputerName: JENNY
21:23:11.0592 0x17a4  UserName: Jenny Nix
21:23:11.0592 0x17a4  Windows directory: C:\WINDOWS
21:23:11.0592 0x17a4  System windows directory: C:\WINDOWS
21:23:11.0592 0x17a4  Running under WOW64
21:23:11.0592 0x17a4  Processor architecture: Intel x64
21:23:11.0592 0x17a4  Number of processors: 4
21:23:11.0592 0x17a4  Page size: 0x1000
21:23:11.0592 0x17a4  Boot type: Normal boot
21:23:11.0592 0x17a4  ============================================================
21:23:11.0982 0x17a4  KLMD registered as C:\WINDOWS\system32\drivers\67668205.sys
21:23:12.0545 0x17a4  System UUID: {5DDDF598-E6B9-A04D-6327-FC4070359E67}
21:23:13.0654 0x17a4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:23:13.0670 0x17a4  ============================================================
21:23:13.0670 0x17a4  \Device\Harddisk0\DR0:
21:23:13.0670 0x17a4  GPT partitions:
21:23:13.0670 0x17a4  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {39C2CB19-0A45-4A8F-9BDE-FB16379BA2F3}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
21:23:13.0670 0x17a4  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3A264F46-E15A-4E68-AA89-65B0A3FC80E0}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x96000
21:23:13.0670 0x17a4  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {17890FBF-5CAB-4DE8-8CC7-61DCE1E6B6FE}, Name: Microsoft reserved partition, StartLBA 0x15E800, BlocksNum 0x40000
21:23:13.0670 0x17a4  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {BAFED7D6-2892-45D1-8A5E-0D12114DF25A}, Name: Basic data partition, StartLBA 0x19E800, BlocksNum 0x71F81000
21:23:13.0670 0x17a4  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {69F57286-10D9-49F7-8643-F06AB6AC6675}, Name: , StartLBA 0x7211F800, BlocksNum 0xE1000
21:23:13.0670 0x17a4  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {515A3BBF-E0E9-453B-BF06-4E7389E9C15F}, Name: Basic data partition, StartLBA 0x72200800, BlocksNum 0x2506000
21:23:13.0670 0x17a4  MBR partitions:
21:23:13.0670 0x17a4  ============================================================
21:23:13.0686 0x17a4  C: <-> \Device\Harddisk0\DR0\Partition4
21:23:13.0686 0x17a4  ============================================================
21:23:13.0686 0x17a4  Initialize success
21:23:13.0686 0x17a4  ============================================================
21:23:19.0979 0x0b20  ============================================================
21:23:19.0979 0x0b20  Scan started
21:23:19.0979 0x0b20  Mode: Manual; 
21:23:19.0979 0x0b20  ============================================================
21:23:19.0979 0x0b20  KSN ping started
21:23:22.0502 0x0b20  KSN ping finished: true
21:23:24.0870 0x0b20  ================ Scan system memory ========================
21:23:24.0870 0x0b20  System memory - ok
21:23:24.0870 0x0b20  ================ Scan services =============================
21:23:25.0151 0x0b20  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
21:23:25.0167 0x0b20  1394ohci - ok
21:23:25.0229 0x0b20  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
21:23:25.0229 0x0b20  3ware - ok
21:23:25.0307 0x0b20  [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
21:23:25.0338 0x0b20  ACPI - ok
21:23:25.0354 0x0b20  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
21:23:25.0354 0x0b20  acpiex - ok
21:23:25.0385 0x0b20  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
21:23:25.0385 0x0b20  acpipagr - ok
21:23:25.0432 0x0b20  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
21:23:25.0432 0x0b20  AcpiPmi - ok
21:23:25.0448 0x0b20  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
21:23:25.0448 0x0b20  acpitime - ok
21:23:25.0536 0x0b20  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:23:25.0543 0x0b20  AdobeARMservice - ok
21:23:25.0642 0x0b20  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
21:23:25.0694 0x0b20  ADP80XX - ok
21:23:25.0765 0x0b20  [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
21:23:25.0781 0x0b20  AeLookupSvc - ok
21:23:25.0840 0x0b20  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD             C:\WINDOWS\system32\drivers\afd.sys
21:23:25.0882 0x0b20  AFD - ok
21:23:25.0911 0x0b20  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
21:23:25.0926 0x0b20  agp440 - ok
21:23:25.0989 0x0b20  [ F0CB6DB513CAC393D04A0FCE0A59E1BF, E6EE159D0E6B1F666946B1FE421874044E89BB2EB60A521BAA111A1229FA7B2D ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
21:23:26.0004 0x0b20  ahcache - ok
21:23:26.0051 0x0b20  [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG             C:\WINDOWS\System32\alg.exe
21:23:26.0072 0x0b20  ALG - ok
21:23:26.0102 0x0b20  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
21:23:26.0102 0x0b20  AmdK8 - ok
21:23:26.0134 0x0b20  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
21:23:26.0134 0x0b20  AmdPPM - ok
21:23:26.0180 0x0b20  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
21:23:26.0180 0x0b20  amdsata - ok
21:23:26.0227 0x0b20  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
21:23:26.0243 0x0b20  amdsbs - ok
21:23:26.0259 0x0b20  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
21:23:26.0259 0x0b20  amdxata - ok
21:23:26.0290 0x0b20  [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID           C:\WINDOWS\system32\drivers\appid.sys
21:23:26.0305 0x0b20  AppID - ok
21:23:26.0337 0x0b20  [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
21:23:26.0337 0x0b20  AppIDSvc - ok
21:23:26.0384 0x0b20  [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo         C:\WINDOWS\System32\appinfo.dll
21:23:26.0384 0x0b20  Appinfo - ok
21:23:26.0446 0x0b20  [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
21:23:26.0493 0x0b20  AppReadiness - ok
21:23:26.0593 0x0b20  [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
21:23:26.0687 0x0b20  AppXSvc - ok
21:23:26.0718 0x0b20  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
21:23:26.0718 0x0b20  arcsas - ok
21:23:26.0765 0x0b20  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
21:23:26.0765 0x0b20  atapi - ok
21:23:27.0046 0x0b20  [ 2C7676F892E88FD190F08D98048C7C6C, 44C13C103F61DA4D1A3823D37344F8C9465A611A9560808CE928925FB69604F7 ] athr            C:\WINDOWS\system32\DRIVERS\athw8x.sys
21:23:27.0249 0x0b20  athr - ok
21:23:27.0312 0x0b20  [ 8779FDAE68BC948B0FE152E758CC8DA7, 13070C2073F8E7546B48AE9CF54067B9BB75DFCD98F2987B90FFAD20D40D54CF ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
21:23:27.0343 0x0b20  AudioEndpointBuilder - ok
21:23:27.0452 0x0b20  [ 61EA45A645854FE81D8A924E2D93DFFE, 34F79532297F609CA93C380B68BB8B7B0F027F9C8F4FB8E02A9A43EA3D155F1B ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
21:23:27.0530 0x0b20  Audiosrv - ok
21:23:27.0562 0x0b20  [ 4EB2E8EE8BA47B58E08B67139C31CB41, 196F759A2BC3E978C3FDB1E37E0D40D56D43CB0004D5333E787CD4727A46F06C ] Avgboota        C:\WINDOWS\system32\DRIVERS\avgboota.sys
21:23:27.0562 0x0b20  Avgboota - ok
21:23:27.0593 0x0b20  [ 54FE1CAFA3B3029B282E6A05EA672031, E972B8A22322FF06903A1E3AB20585E02A21C3A6EA9A75C172231494A08D14D1 ] Avgdiska        C:\WINDOWS\system32\DRIVERS\avgdiska.sys
21:23:27.0608 0x0b20  Avgdiska - ok
21:23:27.0923 0x0b20  [ 2568C3B3A5B58D04CE89A37C12576B73, D7178D0E780071C9C8B2917B873F2ED105890DFB87472B377B5A8C2EC1E3F0D0 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
21:23:28.0126 0x0b20  AVGIDSAgent - ok
21:23:28.0173 0x0b20  [ A3124AC9C0AF30ABD000A7CB5779C101, 1719EE6986FC29EE4EA383B2DAF4CAF9C1E70A1F547F75F8D51EDA027D3E5236 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys
21:23:28.0189 0x0b20  AVGIDSDriver - ok
21:23:28.0220 0x0b20  [ 68070AEEE757ACC6EC5BC291B1E8EA1A, 8A4902CE6F4696F33CD6CF98F96FDA7895B99A676916F3137CF34192AF3C25A4 ] AVGIDSHA        C:\WINDOWS\system32\DRIVERS\avgidsha.sys
21:23:28.0235 0x0b20  AVGIDSHA - ok
21:23:28.0267 0x0b20  [ 7C9E8FD2BFCE60BDF9B5944C0BE47C87, 0F51507BAECDEF7B6F553066621A03832FF070EC6837A8E304AABA1227F779BF ] Avgldx64        C:\WINDOWS\system32\DRIVERS\avgldx64.sys
21:23:28.0282 0x0b20  Avgldx64 - ok
21:23:28.0314 0x0b20  [ 734DCC05A7F327FDCE43A18BA011FD4E, E5245314E60D86911A6A9FC1FE4A0C0D0284D972CE642C28B9B1A43D1553AFA5 ] Avgloga         C:\WINDOWS\system32\DRIVERS\avgloga.sys
21:23:28.0345 0x0b20  Avgloga - ok
21:23:28.0376 0x0b20  [ B4D589C734D796B5B76E0A0E5DA50397, CACAB2C0D01583CEB55C62334A4E9BB46A2E399BE9B7EDC988AEC785DF1FCC1C ] Avgmfx64        C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
21:23:28.0392 0x0b20  Avgmfx64 - ok
21:23:28.0423 0x0b20  [ 3CE824D46BA1871713ABF147E6BAD556, B4D8AFC388BE06D6E3C5CDC865F80FF101E731E1D2B221FFC6C1E28487E1B3CD ] Avgrkx64        C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
21:23:28.0423 0x0b20  Avgrkx64 - ok
21:23:28.0454 0x0b20  [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
21:23:28.0470 0x0b20  avgtp - ok
21:23:28.0517 0x0b20  [ 9B3B23AF6396FCC8899F0214A27EE49A, 187D8D2726891000702A4FAFDE9DFF1750F8B9C7EDE474547177E1213E0CCAF7 ] avgwd           C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
21:23:28.0532 0x0b20  avgwd - ok
21:23:28.0564 0x0b20  [ DFB6F6E34ACDB4F55AF6B2DCBFB3225E, 02EEBB109B951BD54DBE3D31B459AAFC0F9E751E4F202C8A0AC66474777B2B1F ] Avgwfpa         C:\WINDOWS\system32\DRIVERS\avgwfpa.sys
21:23:28.0579 0x0b20  Avgwfpa - ok
21:23:28.0626 0x0b20  [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
21:23:28.0642 0x0b20  AxInstSV - ok
21:23:28.0704 0x0b20  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
21:23:28.0751 0x0b20  b06bdrv - ok
21:23:28.0782 0x0b20  [ 0630C8915B747E88E825CE7F73B66A5D, E9B465EE23487B59B1C906B04F9235B0BFBF254C1760E2462A7D1D7FE1655088 ] b57xdbd         C:\WINDOWS\System32\drivers\b57xdbd.sys
21:23:28.0798 0x0b20  b57xdbd - ok
21:23:28.0814 0x0b20  [ CA8457E528E13B38F8DC3B86B6BA4C6B, 532E48BBBA806608EBEFE10A94DCE2BFE8918D8DD6DEF6871F44FEEDA51238B8 ] b57xdmp         C:\WINDOWS\System32\drivers\b57xdmp.sys
21:23:28.0814 0x0b20  b57xdmp - ok
21:23:28.0860 0x0b20  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
21:23:28.0860 0x0b20  BasicDisplay - ok
21:23:28.0876 0x0b20  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
21:23:28.0876 0x0b20  BasicRender - ok
21:23:28.0907 0x0b20  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
21:23:28.0907 0x0b20  bcmfn2 - ok
21:23:28.0970 0x0b20  [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
21:23:29.0017 0x0b20  BDESVC - ok
21:23:29.0048 0x0b20  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:23:29.0064 0x0b20  Beep - ok
21:23:29.0142 0x0b20  [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE             C:\WINDOWS\System32\bfe.dll
21:23:29.0204 0x0b20  BFE - ok
21:23:29.0329 0x0b20  [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS            C:\WINDOWS\System32\qmgr.dll
21:23:29.0407 0x0b20  BITS - ok
21:23:29.0439 0x0b20  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
21:23:29.0454 0x0b20  bowser - ok
21:23:29.0517 0x0b20  [ 5C6ADD0111E1C6601B5911F7ACF85BB8, 1653E8725478C8118D2AF15399A1A44464AFDC6F66EB1A90BB268A0692831AEE ] BrcmCardReader  C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
21:23:29.0532 0x0b20  BrcmCardReader - ok
21:23:29.0595 0x0b20  [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
21:23:29.0642 0x0b20  BrokerInfrastructure - ok
21:23:29.0689 0x0b20  [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser         C:\WINDOWS\System32\browser.dll
21:23:29.0704 0x0b20  Browser - ok
21:23:29.0735 0x0b20  [ 0E9B28782D0E5DE7C25207432B791B33, FE33E3B27BEED03922DB2565DECC0E12F8CD586B5060EE4A1A87FF99EEC77B22 ] bScsiMSa        C:\WINDOWS\System32\drivers\bScsiMSa.sys
21:23:29.0751 0x0b20  bScsiMSa - ok
21:23:29.0782 0x0b20  [ 8F62F985BDD2F333A3EE34D54894363D, 44755CEEE5B1823990547C1F22FFC833D7BD693E6C3DD056B0C41615ED61ED4C ] bScsiSDa        C:\WINDOWS\System32\drivers\bScsiSDa.sys
21:23:29.0798 0x0b20  bScsiSDa - ok
21:23:29.0829 0x0b20  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
21:23:29.0829 0x0b20  BthAvrcpTg - ok
21:23:29.0860 0x0b20  [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
21:23:29.0860 0x0b20  BthHFEnum - ok
21:23:29.0876 0x0b20  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
21:23:29.0876 0x0b20  bthhfhid - ok
21:23:29.0907 0x0b20  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
21:23:29.0907 0x0b20  BTHMODEM - ok
21:23:29.0954 0x0b20  [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv         C:\WINDOWS\system32\bthserv.dll
21:23:29.0970 0x0b20  bthserv - ok
21:23:30.0170 0x0b20  [ D93FC9EF129C214D6E91DFE3DF98C38C, 96E079C2F46B382FA2F784AC35335673E4DA0ECBF65C44C3A25EE89DB4F4484F ] CCDMonitorService C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
21:23:30.0311 0x0b20  CCDMonitorService - ok
21:23:30.0358 0x0b20  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
21:23:30.0358 0x0b20  cdfs - ok
21:23:30.0389 0x0b20  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
21:23:30.0405 0x0b20  cdrom - ok
21:23:30.0451 0x0b20  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
21:23:30.0467 0x0b20  CertPropSvc - ok
21:23:30.0498 0x0b20  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
21:23:30.0514 0x0b20  circlass - ok
21:23:30.0545 0x0b20  [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
21:23:30.0561 0x0b20  CLFS - ok
21:23:30.0608 0x0b20  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
21:23:30.0608 0x0b20  CmBatt - ok
21:23:30.0701 0x0b20  [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
21:23:30.0733 0x0b20  CNG - ok
21:23:30.0748 0x0b20  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
21:23:30.0748 0x0b20  CompositeBus - ok
21:23:30.0764 0x0b20  COMSysApp - ok
21:23:30.0780 0x0b20  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
21:23:30.0780 0x0b20  condrv - ok
21:23:30.0936 0x0b20  [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
21:23:30.0983 0x0b20  cphs - ok
21:23:31.0014 0x0b20  [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
21:23:31.0030 0x0b20  CryptSvc - ok
21:23:31.0045 0x0b20  [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam             C:\WINDOWS\system32\drivers\dam.sys
21:23:31.0061 0x0b20  dam - ok
21:23:31.0155 0x0b20  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:23:31.0201 0x0b20  DcomLaunch - ok
21:23:31.0264 0x0b20  [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
21:23:31.0280 0x0b20  defragsvc - ok
21:23:31.0358 0x0b20  [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll
21:23:31.0389 0x0b20  DeviceAssociationService - ok
21:23:31.0452 0x0b20  [ D06DB4200F9444B2386E6C0E68CD574A, 7266A22D6AF86813CF8AB13BE40384D20C24CE72EF75B0C467C5F88F5B058B1E ] DeviceFastLaneService C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe
21:23:31.0483 0x0b20  DeviceFastLaneService - ok
21:23:31.0530 0x0b20  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
21:23:31.0545 0x0b20  DeviceInstall - ok
21:23:31.0592 0x0b20  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
21:23:31.0608 0x0b20  Dfsc - ok
21:23:31.0670 0x0b20  [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
21:23:31.0717 0x0b20  Dhcp - ok
21:23:31.0733 0x0b20  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\WINDOWS\system32\drivers\disk.sys
21:23:31.0733 0x0b20  disk - ok
21:23:31.0780 0x0b20  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
21:23:31.0780 0x0b20  dmvsc - ok
21:23:31.0842 0x0b20  [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:23:31.0858 0x0b20  Dnscache - ok
21:23:31.0920 0x0b20  [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:23:31.0952 0x0b20  dot3svc - ok
21:23:32.0030 0x0b20  [ 27069CFFF29B7F04F4B1BB10154BE52B, 6869626F9A1D3F64224883C5E661638CEE893A3E29651C7B9302A03E52180415 ] dot4            C:\WINDOWS\system32\DRIVERS\Dot4.sys
21:23:32.0045 0x0b20  dot4 - ok
21:23:32.0061 0x0b20  [ 0BD906A79F9CE3013F7D9D0AC45F9F9D, 2F7D5082E7E226D5EBEA164A8ACEE0A447C96EB1829224A6EFA3E7B4EFEE1D14 ] Dot4Print       C:\WINDOWS\System32\drivers\Dot4Prt.sys
21:23:32.0061 0x0b20  Dot4Print - ok
21:23:32.0092 0x0b20  [ B7D595F2F464F7B628AD53F06547792C, F5D06A91EF54FBF56305FCC882B854350B266B2A005D80CC77AEBC2929440729 ] dot4usb         C:\WINDOWS\system32\DRIVERS\dot4usb.sys
21:23:32.0092 0x0b20  dot4usb - ok
21:23:32.0108 0x0b20  [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS             C:\WINDOWS\system32\dps.dll
21:23:32.0123 0x0b20  DPS - ok
21:23:32.0139 0x0b20  [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:23:32.0155 0x0b20  drmkaud - ok
21:23:32.0217 0x0b20  [ D2BCDD6BBFCD068090C109854FCEE079, 6DC8C67713566ABD2CC7860359AC7ABDBA8B6949D8F7ED001730BB0D53010693 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
21:23:32.0233 0x0b20  DsiWMIService - ok
21:23:32.0295 0x0b20  [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
21:23:32.0311 0x0b20  DsmSvc - ok
21:23:32.0452 0x0b20  [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
21:23:32.0545 0x0b20  DXGKrnl - ok
21:23:32.0592 0x0b20  [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
21:23:32.0592 0x0b20  Eaphost - ok
21:23:32.0842 0x0b20  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
21:23:33.0045 0x0b20  ebdrv - ok
21:23:33.0092 0x0b20  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS             C:\WINDOWS\System32\lsass.exe
21:23:33.0092 0x0b20  EFS - ok
21:23:33.0170 0x0b20  [ AD23FC5DB336CA89A6FC2DA1F70E421C, 8C543A0057873B71F19D4D94249D6690F27708FB4D6F4056EC87DF33D7D120EF ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
21:23:33.0186 0x0b20  EgisTec Ticket Service - ok
21:23:33.0217 0x0b20  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
21:23:33.0233 0x0b20  EhStorClass - ok
21:23:33.0248 0x0b20  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
21:23:33.0264 0x0b20  EhStorTcgDrv - ok
21:23:33.0358 0x0b20  [ 5C5552BF36C443746A9808EB632B3947, 08969E5A04DECBF374C52A0A0A8DDB2188DFCDAE879D40943FE307971F03E027 ] ePowerSvc       C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
21:23:33.0405 0x0b20  ePowerSvc - ok
21:23:33.0436 0x0b20  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
21:23:33.0436 0x0b20  ErrDev - ok
21:23:33.0483 0x0b20  [ BBEFD1442896352FBACEC3319959B278, 274BD43FD5F28D61CD2BA9D4AE127798F14DAADC247892A85358BB8D9FC53904 ] ETD             C:\WINDOWS\system32\DRIVERS\ETD.sys
21:23:33.0514 0x0b20  ETD - ok
21:23:33.0592 0x0b20  [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem     C:\WINDOWS\system32\es.dll
21:23:33.0623 0x0b20  EventSystem - ok
21:23:33.0686 0x0b20  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
21:23:33.0702 0x0b20  exfat - ok
21:23:33.0748 0x0b20  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
21:23:33.0764 0x0b20  fastfat - ok
21:23:33.0842 0x0b20  [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax             C:\WINDOWS\system32\fxssvc.exe
21:23:33.0889 0x0b20  Fax - ok
21:23:33.0920 0x0b20  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
21:23:33.0920 0x0b20  fdc - ok
21:23:33.0967 0x0b20  [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
21:23:33.0967 0x0b20  fdPHost - ok
21:23:33.0983 0x0b20  [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
21:23:33.0983 0x0b20  FDResPub - ok
21:23:33.0999 0x0b20  [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
21:23:34.0014 0x0b20  fhsvc - ok
21:23:34.0061 0x0b20  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
21:23:34.0077 0x0b20  FileInfo - ok
21:23:34.0092 0x0b20  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
21:23:34.0139 0x0b20  Filetrace - ok
21:23:34.0217 0x0b20  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:23:34.0280 0x0b20  FLEXnet Licensing Service - ok
21:23:34.0295 0x0b20  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
21:23:34.0311 0x0b20  flpydisk - ok
21:23:34.0342 0x0b20  [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
21:23:34.0358 0x0b20  FltMgr - ok
21:23:34.0499 0x0b20  [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache       C:\WINDOWS\system32\FntCache.dll
21:23:34.0592 0x0b20  FontCache - ok
21:23:34.0717 0x0b20  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:23:34.0717 0x0b20  FontCache3.0.0.0 - ok
21:23:34.0733 0x0b20  [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
21:23:34.0733 0x0b20  FsDepends - ok
21:23:34.0749 0x0b20  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:23:34.0749 0x0b20  Fs_Rec - ok
21:23:34.0811 0x0b20  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
21:23:34.0858 0x0b20  fvevol - ok
21:23:34.0874 0x0b20  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
21:23:34.0874 0x0b20  FxPPM - ok
21:23:34.0905 0x0b20  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
21:23:34.0905 0x0b20  gagp30kx - ok
21:23:34.0936 0x0b20  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
21:23:34.0952 0x0b20  gencounter - ok
21:23:34.0999 0x0b20  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
21:23:34.0999 0x0b20  GPIOClx0101 - ok
21:23:35.0115 0x0b20  [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
21:23:35.0209 0x0b20  gpsvc - ok
21:23:35.0256 0x0b20  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:23:35.0256 0x0b20  gupdate - ok
21:23:35.0271 0x0b20  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:23:35.0287 0x0b20  gupdatem - ok
21:23:35.0318 0x0b20  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:23:35.0334 0x0b20  gusvc - ok
21:23:35.0365 0x0b20  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
21:23:35.0365 0x0b20  HDAudBus - ok
21:23:35.0396 0x0b20  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
21:23:35.0396 0x0b20  HidBatt - ok
21:23:35.0443 0x0b20  [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
21:23:35.0459 0x0b20  HidBth - ok
21:23:35.0506 0x0b20  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
21:23:35.0521 0x0b20  hidi2c - ok
21:23:35.0553 0x0b20  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
21:23:35.0553 0x0b20  HidIr - ok
21:23:35.0584 0x0b20  [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv         C:\WINDOWS\system32\hidserv.dll
21:23:35.0600 0x0b20  hidserv - ok
21:23:35.0615 0x0b20  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
21:23:35.0631 0x0b20  HidUsb - ok
21:23:35.0678 0x0b20  [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
21:23:35.0693 0x0b20  hkmsvc - ok
21:23:35.0725 0x0b20  [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
21:23:35.0771 0x0b20  HomeGroupListener - ok
21:23:35.0865 0x0b20  [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
21:23:35.0896 0x0b20  HomeGroupProvider - ok
21:23:35.0943 0x0b20  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
21:23:35.0943 0x0b20  HpSAMD - ok
21:23:36.0100 0x0b20  [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
21:23:36.0193 0x0b20  HTTP - ok
21:23:36.0240 0x0b20  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
21:23:36.0271 0x0b20  hwpolicy - ok
21:23:36.0287 0x0b20  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
21:23:36.0303 0x0b20  hyperkbd - ok
21:23:36.0334 0x0b20  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
21:23:36.0334 0x0b20  HyperVideo - ok
21:23:36.0381 0x0b20  [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
21:23:36.0396 0x0b20  i8042prt - ok
21:23:36.0443 0x0b20  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
21:23:36.0443 0x0b20  iaLPSSi_GPIO - ok
21:23:36.0481 0x0b20  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
21:23:36.0488 0x0b20  iaLPSSi_I2C - ok
21:23:36.0622 0x0b20  [ 6C024B3AE192D72B216166802AF345DD, 67AEDBEF4A1C1EE1DA9B684BDEB3DB07715E12B766AA72B6684CC6C583A8DCC5 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
21:23:36.0669 0x0b20  iaStorA - ok
21:23:36.0747 0x0b20  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
21:23:36.0794 0x0b20  iaStorAV - ok
21:23:36.0888 0x0b20  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
21:23:36.0919 0x0b20  iaStorV - ok
21:23:36.0919 0x0b20  IEEtwCollectorService - ok
21:23:37.0668 0x0b20  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
21:23:38.0011 0x0b20  igfx - ok
21:23:38.0152 0x0b20  [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
21:23:38.0230 0x0b20  IKEEXT - ok
21:23:38.0574 0x0b20  [ 9CC645EB9697AA4F2D5A39835C80A0A2, 39861B19E9BF17F5250D571996167A178606150B62C876529D3699817FDDC42A ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
21:23:38.0859 0x0b20  IntcAzAudAddService - ok
21:23:38.0921 0x0b20  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
21:23:38.0968 0x0b20  IntcDAud - ok
21:23:39.0046 0x0b20  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:23:39.0093 0x0b20  Intel(R) Capability Licensing Service Interface - ok
21:23:39.0109 0x0b20  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
21:23:39.0109 0x0b20  intelide - ok
21:23:39.0156 0x0b20  [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
21:23:39.0156 0x0b20  intelpep - ok
21:23:39.0187 0x0b20  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
21:23:39.0187 0x0b20  intelppm - ok
21:23:39.0218 0x0b20  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:23:39.0218 0x0b20  IpFilterDriver - ok
21:23:39.0328 0x0b20  [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
21:23:39.0390 0x0b20  iphlpsvc - ok
21:23:39.0437 0x0b20  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
21:23:39.0437 0x0b20  IPMIDRV - ok
21:23:39.0484 0x0b20  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
21:23:39.0500 0x0b20  IPNAT - ok
21:23:39.0515 0x0b20  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
21:23:39.0515 0x0b20  IRENUM - ok
21:23:39.0547 0x0b20  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
21:23:39.0547 0x0b20  isapnp - ok
21:23:39.0609 0x0b20  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
21:23:39.0625 0x0b20  iScsiPrt - ok
21:23:39.0703 0x0b20  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:23:39.0718 0x0b20  jhi_service - ok
21:23:39.0781 0x0b20  [ 45369E037410609D769852A1CE46A184, 752BE7BB167E602CD89D52E3A4382AF7C75033306E31884EC55872EF7A0A3EE2 ] k57nd60a        C:\WINDOWS\system32\DRIVERS\k57nd60a.sys
21:23:39.0812 0x0b20  k57nd60a - ok
21:23:39.0859 0x0b20  [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
21:23:39.0859 0x0b20  kbdclass - ok
21:23:39.0875 0x0b20  [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
21:23:39.0875 0x0b20  kbdhid - ok
21:23:39.0890 0x0b20  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
21:23:39.0890 0x0b20  kdnic - ok
21:23:39.0922 0x0b20  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso          C:\WINDOWS\system32\lsass.exe
21:23:39.0922 0x0b20  KeyIso - ok
21:23:39.0937 0x0b20  [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
21:23:39.0953 0x0b20  KSecDD - ok
21:23:40.0000 0x0b20  [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
21:23:40.0015 0x0b20  KSecPkg - ok
21:23:40.0031 0x0b20  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
21:23:40.0031 0x0b20  ksthunk - ok
21:23:40.0085 0x0b20  [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
21:23:40.0132 0x0b20  KtmRm - ok
21:23:40.0178 0x0b20  [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
21:23:40.0225 0x0b20  LanmanServer - ok
21:23:40.0272 0x0b20  [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
21:23:40.0304 0x0b20  LanmanWorkstation - ok
21:23:40.0382 0x0b20  [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc           C:\WINDOWS\System32\GeofenceMonitorService.dll
21:23:40.0429 0x0b20  lfsvc - ok
21:23:40.0475 0x0b20  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
21:23:40.0491 0x0b20  lltdio - ok
21:23:40.0538 0x0b20  [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
21:23:40.0569 0x0b20  lltdsvc - ok
21:23:40.0600 0x0b20  [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
21:23:40.0616 0x0b20  lmhosts - ok
21:23:40.0647 0x0b20  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:23:40.0679 0x0b20  LMS - ok
21:23:40.0725 0x0b20  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
21:23:40.0725 0x0b20  LSI_SAS - ok
21:23:40.0757 0x0b20  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
21:23:40.0772 0x0b20  LSI_SAS2 - ok
21:23:40.0804 0x0b20  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\WINDOWS\system32\drivers\lsi_sas3.sys
21:23:40.0804 0x0b20  LSI_SAS3 - ok
21:23:40.0835 0x0b20  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
21:23:40.0835 0x0b20  LSI_SSS - ok
21:23:40.0913 0x0b20  [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM             C:\WINDOWS\System32\lsm.dll
21:23:40.0975 0x0b20  LSM - ok
21:23:41.0007 0x0b20  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
21:23:41.0007 0x0b20  luafv - ok
21:23:41.0054 0x0b20  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
21:23:41.0069 0x0b20  megasas - ok
21:23:41.0116 0x0b20  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
21:23:41.0147 0x0b20  megasr - ok
21:23:41.0179 0x0b20  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
21:23:41.0179 0x0b20  MEIx64 - ok
21:23:41.0225 0x0b20  Microsoft SharePoint Workspace Audit Service - ok
21:23:41.0272 0x0b20  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
21:23:41.0272 0x0b20  MMCSS - ok
21:23:41.0319 0x0b20  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
21:23:41.0319 0x0b20  Modem - ok
21:23:41.0335 0x0b20  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
21:23:41.0350 0x0b20  monitor - ok
21:23:41.0382 0x0b20  [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
21:23:41.0397 0x0b20  mouclass - ok
21:23:41.0413 0x0b20  [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
21:23:41.0413 0x0b20  mouhid - ok
21:23:41.0429 0x0b20  [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
21:23:41.0444 0x0b20  mountmgr - ok
21:23:41.0460 0x0b20  [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
21:23:41.0460 0x0b20  mpsdrv - ok
21:23:41.0554 0x0b20  [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
21:23:41.0616 0x0b20  MpsSvc - ok
21:23:41.0647 0x0b20  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
21:23:41.0663 0x0b20  MRxDAV - ok
21:23:41.0725 0x0b20  [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:23:41.0757 0x0b20  mrxsmb - ok
21:23:41.0804 0x0b20  [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
21:23:41.0835 0x0b20  mrxsmb10 - ok
21:23:41.0866 0x0b20  [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
21:23:41.0866 0x0b20  mrxsmb20 - ok
21:23:41.0929 0x0b20  [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
21:23:41.0929 0x0b20  MsBridge - ok
21:23:41.0975 0x0b20  [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
21:23:42.0007 0x0b20  MSDTC - ok
21:23:42.0038 0x0b20  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:23:42.0054 0x0b20  Msfs - ok
21:23:42.0069 0x0b20  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
21:23:42.0085 0x0b20  msgpiowin32 - ok
21:23:42.0100 0x0b20  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
21:23:42.0100 0x0b20  mshidkmdf - ok
21:23:42.0116 0x0b20  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
21:23:42.0116 0x0b20  mshidumdf - ok
21:23:42.0132 0x0b20  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
21:23:42.0132 0x0b20  msisadrv - ok
21:23:42.0179 0x0b20  [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
21:23:42.0210 0x0b20  MSiSCSI - ok
21:23:42.0210 0x0b20  msiserver - ok
21:23:42.0225 0x0b20  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:23:42.0225 0x0b20  MSKSSRV - ok
21:23:42.0272 0x0b20  [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
21:23:42.0272 0x0b20  MsLldp - ok
21:23:42.0319 0x0b20  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:23:42.0319 0x0b20  MSPCLOCK - ok
21:23:42.0335 0x0b20  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:23:42.0335 0x0b20  MSPQM - ok
21:23:42.0397 0x0b20  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
21:23:42.0429 0x0b20  MsRPC - ok
21:23:42.0444 0x0b20  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
21:23:42.0460 0x0b20  mssmbios - ok
21:23:42.0476 0x0b20  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:23:42.0476 0x0b20  MSTEE - ok
21:23:42.0491 0x0b20  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
21:23:42.0491 0x0b20  MTConfig - ok
21:23:42.0554 0x0b20  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
21:23:42.0554 0x0b20  Mup - ok
21:23:42.0585 0x0b20  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
21:23:42.0600 0x0b20  mvumis - ok
21:23:42.0616 0x0b20  [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter    C:\WINDOWS\system32\DRIVERS\mwlPSDFilter.sys
21:23:42.0616 0x0b20  mwlPSDFilter - ok
21:23:42.0632 0x0b20  [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ     C:\WINDOWS\system32\DRIVERS\mwlPSDNServ.sys
21:23:42.0632 0x0b20  mwlPSDNServ - ok
21:23:42.0647 0x0b20  [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk     C:\WINDOWS\system32\DRIVERS\mwlPSDVDisk.sys
21:23:42.0647 0x0b20  mwlPSDVDisk - ok
21:23:42.0725 0x0b20  [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent        C:\WINDOWS\system32\qagentRT.dll
21:23:42.0772 0x0b20  napagent - ok
21:23:42.0850 0x0b20  [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
21:23:42.0897 0x0b20  NativeWifiP - ok
21:23:42.0960 0x0b20  [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
21:23:42.0976 0x0b20  NcaSvc - ok
21:23:42.0991 0x0b20  [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
21:23:43.0007 0x0b20  NcbService - ok
21:23:43.0022 0x0b20  [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
21:23:43.0038 0x0b20  NcdAutoSetup - ok
21:23:43.0147 0x0b20  [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
21:23:43.0226 0x0b20  NDIS - ok
21:23:43.0241 0x0b20  [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
21:23:43.0241 0x0b20  NdisCap - ok
21:23:43.0272 0x0b20  [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
21:23:43.0288 0x0b20  NdisImPlatform - ok
21:23:43.0304 0x0b20  [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:23:43.0304 0x0b20  NdisTapi - ok
21:23:43.0319 0x0b20  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:23:43.0319 0x0b20  Ndisuio - ok
21:23:43.0335 0x0b20  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
21:23:43.0335 0x0b20  NdisVirtualBus - ok
21:23:43.0366 0x0b20  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:23:43.0397 0x0b20  NdisWan - ok
21:23:43.0429 0x0b20  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:23:43.0444 0x0b20  NdisWanLegacy - ok
21:23:43.0460 0x0b20  [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:23:43.0476 0x0b20  NDProxy - ok
21:23:43.0491 0x0b20  [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
21:23:43.0507 0x0b20  Ndu - ok
21:23:43.0522 0x0b20  [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:23:43.0538 0x0b20  NetBIOS - ok
21:23:43.0554 0x0b20  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:23:43.0585 0x0b20  NetBT - ok
21:23:43.0585 0x0b20  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:23:43.0601 0x0b20  Netlogon - ok
21:23:43.0647 0x0b20  [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman          C:\WINDOWS\System32\netman.dll
21:23:43.0710 0x0b20  Netman - ok
21:23:43.0788 0x0b20  [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
21:23:43.0835 0x0b20  netprofm - ok
21:23:43.0897 0x0b20  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:23:43.0913 0x0b20  NetTcpPortSharing - ok
21:23:43.0960 0x0b20  [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc          C:\WINDOWS\system32\DRIVERS\netvsc63.sys
21:23:43.0960 0x0b20  netvsc - ok
21:23:44.0054 0x0b20  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
21:23:44.0085 0x0b20  NlaSvc - ok
21:23:44.0101 0x0b20  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:23:44.0116 0x0b20  Npfs - ok
21:23:44.0132 0x0b20  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
21:23:44.0132 0x0b20  npsvctrig - ok
21:23:44.0179 0x0b20  [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi             C:\WINDOWS\system32\nsisvc.dll
21:23:44.0194 0x0b20  nsi - ok
21:23:44.0194 0x0b20  [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
21:23:44.0210 0x0b20  nsiproxy - ok
21:23:44.0382 0x0b20  [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:23:44.0522 0x0b20  Ntfs - ok
21:23:44.0601 0x0b20  [ A9AE582FE2240E7FB0E9C11E1CC762A0, 60297CBEE5638E4E5EEF1098B2391A72DE75DC72B1DD812277758BEF770D6C71 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
21:23:44.0616 0x0b20  NTI IScheduleSvc - ok
21:23:44.0632 0x0b20  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
21:23:44.0632 0x0b20  NTIDrvr - ok
21:23:44.0647 0x0b20  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:23:44.0647 0x0b20  Null - ok
21:23:45.0467 0x0b20  [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
21:23:46.0216 0x0b20  nvlddmkm - ok
21:23:46.0278 0x0b20  [ F76296368BB813E0C6996501A3271C7C, FA1C127F881C09C5066CB83A686AFD7A40D731922185EA4001A52ABA230FD812 ] nvpciflt        C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
21:23:46.0278 0x0b20  nvpciflt - ok
21:23:46.0325 0x0b20  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
21:23:46.0341 0x0b20  nvraid - ok
21:23:46.0372 0x0b20  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
21:23:46.0372 0x0b20  nvstor - ok
21:23:46.0466 0x0b20  [ A9495A3AAAB5E470F2460F85849A5F66, C84675F39BD07E2A7B0FB491709A2D83476208D235CD78F4ECB947BED82CE01C ] nvsvc           C:\Windows\system32\nvvsvc.exe
21:23:46.0528 0x0b20  nvsvc - ok
21:23:46.0653 0x0b20  [ FAA2048284D763409F7BB84F61601C80, 9ED505AC0D0E124D2EBD2AC7EF463FC4640F67B54533FA560DF47A6CBB86E623 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:23:46.0731 0x0b20  nvUpdatusService - ok
21:23:46.0778 0x0b20  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
21:23:46.0778 0x0b20  nv_agp - ok
21:23:46.0856 0x0b20  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:23:46.0872 0x0b20  ose64 - ok
21:23:47.0231 0x0b20  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:23:47.0528 0x0b20  osppsvc - ok
21:23:47.0653 0x0b20  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
21:23:47.0684 0x0b20  p2pimsvc - ok
21:23:47.0762 0x0b20  [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
21:23:47.0809 0x0b20  p2psvc - ok
21:23:47.0856 0x0b20  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
21:23:47.0856 0x0b20  Parport - ok
21:23:47.0888 0x0b20  [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
21:23:47.0888 0x0b20  partmgr - ok
21:23:47.0934 0x0b20  [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
21:23:47.0966 0x0b20  PcaSvc - ok
21:23:48.0012 0x0b20  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci             C:\WINDOWS\system32\drivers\pci.sys
21:23:48.0028 0x0b20  pci - ok
21:23:48.0059 0x0b20  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
21:23:48.0059 0x0b20  pciide - ok
21:23:48.0091 0x0b20  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
21:23:48.0091 0x0b20  pcmcia - ok
21:23:48.0106 0x0b20  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
21:23:48.0106 0x0b20  pcw - ok
21:23:48.0153 0x0b20  [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
21:23:48.0169 0x0b20  pdc - ok
21:23:48.0247 0x0b20  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
21:23:48.0309 0x0b20  PEAUTH - ok
21:23:48.0450 0x0b20  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
21:23:48.0450 0x0b20  PerfHost - ok
21:23:48.0606 0x0b20  [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla             C:\WINDOWS\system32\pla.dll
21:23:48.0731 0x0b20  pla - ok
21:23:48.0778 0x0b20  [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
21:23:48.0794 0x0b20  PlugPlay - ok
21:23:48.0809 0x0b20  [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
21:23:48.0809 0x0b20  PNRPAutoReg - ok
21:23:48.0841 0x0b20  [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
21:23:48.0872 0x0b20  PNRPsvc - ok
21:23:48.0950 0x0b20  [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
21:23:48.0997 0x0b20  PolicyAgent - ok
21:23:49.0013 0x0b20  [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power           C:\WINDOWS\system32\umpo.dll
21:23:49.0028 0x0b20  Power - ok
21:23:49.0281 0x0b20  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
21:23:49.0500 0x0b20  PrintNotify - ok
21:23:49.0547 0x0b20  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor       C:\WINDOWS\System32\drivers\processr.sys
21:23:49.0562 0x0b20  Processor - ok
21:23:49.0609 0x0b20  [ 19424364D8C03B990C4281BE53963FD0, 958FC8436E6B754858E20BC48B0D4B269991E8CA94C15C2761BF04ED52591907 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
21:23:49.0625 0x0b20  ProfSvc - ok
21:23:49.0656 0x0b20  [ 138DBAE80F390B22297ACD861BDA996E, F0799F40266A11058710AD8ED5D8797A350DCB2A55D3DEF179C1D8C87AFB5208 ] Ps2Kb2Hid       C:\WINDOWS\System32\drivers\aPs2Kb2Hid.sys
21:23:49.0656 0x0b20  Ps2Kb2Hid - ok
21:23:49.0687 0x0b20  [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
21:23:49.0703 0x0b20  Psched - ok
21:23:49.0765 0x0b20  [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE           C:\WINDOWS\system32\qwave.dll
21:23:49.0781 0x0b20  QWAVE - ok
21:23:49.0812 0x0b20  [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
21:23:49.0812 0x0b20  QWAVEdrv - ok
21:23:49.0859 0x0b20  [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:23:49.0859 0x0b20  RasAcd - ok
21:23:49.0906 0x0b20  [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:23:49.0906 0x0b20  RasAuto - ok
21:23:49.0953 0x0b20  [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:23:50.0000 0x0b20  RasMan - ok
21:23:50.0015 0x0b20  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:23:50.0031 0x0b20  RasPppoe - ok
21:23:50.0078 0x0b20  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:23:50.0094 0x0b20  rdbss - ok
21:23:50.0125 0x0b20  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
21:23:50.0125 0x0b20  rdpbus - ok
21:23:50.0156 0x0b20  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
21:23:50.0156 0x0b20  RDPDR - ok
21:23:50.0219 0x0b20  [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
21:23:50.0219 0x0b20  RdpVideoMiniport - ok
21:23:50.0250 0x0b20  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
21:23:50.0265 0x0b20  rdyboost - ok
21:23:50.0344 0x0b20  [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS            C:\WINDOWS\system32\drivers\ReFS.sys
21:23:50.0422 0x0b20  ReFS - ok
21:23:50.0484 0x0b20  [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:23:50.0515 0x0b20  RemoteAccess - ok
21:23:50.0562 0x0b20  [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:23:50.0594 0x0b20  RemoteRegistry - ok
21:23:50.0625 0x0b20  [ F61333867216EDE1A09A7C55FEDCB6A8, 991FC810FB281F4E91B7D22A7C5AF5D11419ACE05BBB3F664812391069A336F0 ] RfButtonDriverService C:\Windows\RfBtnSvc64.exe
21:23:50.0625 0x0b20  RfButtonDriverService - ok
21:23:50.0687 0x0b20  [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
21:23:50.0687 0x0b20  RpcEptMapper - ok
21:23:50.0734 0x0b20  [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:23:50.0734 0x0b20  RpcLocator - ok
21:23:50.0797 0x0b20  [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:23:50.0859 0x0b20  RpcSs - ok
21:23:50.0890 0x0b20  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
21:23:50.0906 0x0b20  rspndr - ok
21:23:50.0922 0x0b20  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
21:23:50.0922 0x0b20  s3cap - ok
21:23:50.0969 0x0b20  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:23:50.0969 0x0b20  SamSs - ok
21:23:51.0015 0x0b20  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
21:23:51.0031 0x0b20  sbp2port - ok
21:23:51.0078 0x0b20  [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
21:23:51.0094 0x0b20  SCardSvr - ok
21:23:51.0125 0x0b20  [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
21:23:51.0140 0x0b20  ScDeviceEnum - ok
21:23:51.0156 0x0b20  [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
21:23:51.0156 0x0b20  scfilter - ok
21:23:51.0266 0x0b20  [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:23:51.0375 0x0b20  Schedule - ok
21:23:51.0422 0x0b20  [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
21:23:51.0422 0x0b20  SCPolicySvc - ok
21:23:51.0469 0x0b20  [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
21:23:51.0484 0x0b20  sdbus - ok
21:23:51.0531 0x0b20  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
21:23:51.0547 0x0b20  sdstor - ok
21:23:51.0578 0x0b20  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
21:23:51.0578 0x0b20  secdrv - ok
21:23:51.0625 0x0b20  [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon        C:\WINDOWS\system32\seclogon.dll
21:23:51.0641 0x0b20  seclogon - ok
21:23:51.0656 0x0b20  [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS            C:\WINDOWS\System32\sens.dll
21:23:51.0656 0x0b20  SENS - ok
21:23:51.0687 0x0b20  [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
21:23:51.0719 0x0b20  SensrSvc - ok
21:23:51.0750 0x0b20  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
21:23:51.0750 0x0b20  SerCx - ok
21:23:51.0781 0x0b20  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
21:23:51.0797 0x0b20  SerCx2 - ok
21:23:51.0812 0x0b20  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
21:23:51.0812 0x0b20  Serenum - ok
21:23:51.0844 0x0b20  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
21:23:51.0859 0x0b20  Serial - ok
21:23:51.0891 0x0b20  [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
21:23:51.0891 0x0b20  sermouse - ok
21:23:51.0969 0x0b20  [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
21:23:52.0000 0x0b20  SessionEnv - ok
21:23:52.0047 0x0b20  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
21:23:52.0047 0x0b20  sfloppy - ok
21:23:52.0141 0x0b20  [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:23:52.0172 0x0b20  SharedAccess - ok
21:23:52.0266 0x0b20  [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:23:52.0312 0x0b20  ShellHWDetection - ok
21:23:52.0344 0x0b20  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
21:23:52.0344 0x0b20  SiSRaid2 - ok
21:23:52.0375 0x0b20  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
21:23:52.0391 0x0b20  SiSRaid4 - ok
21:23:52.0437 0x0b20  [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost         C:\WINDOWS\System32\smphost.dll
21:23:52.0437 0x0b20  smphost - ok
21:23:52.0484 0x0b20  [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
21:23:52.0500 0x0b20  SNMPTRAP - ok
21:23:52.0578 0x0b20  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
21:23:52.0594 0x0b20  Sony PC Companion - ok
21:23:52.0672 0x0b20  [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
21:23:52.0703 0x0b20  spaceport - ok
21:23:52.0719 0x0b20  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
21:23:52.0734 0x0b20  SpbCx - ok
21:23:52.0812 0x0b20  [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler         C:\WINDOWS\System32\spoolsv.exe
21:23:52.0875 0x0b20  Spooler - ok
21:23:53.0328 0x0b20  [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
21:23:53.0812 0x0b20  sppsvc - ok
21:23:53.0875 0x0b20  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:23:53.0906 0x0b20  srv - ok
21:23:53.0969 0x0b20  [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
21:23:54.0016 0x0b20  srv2 - ok
21:23:54.0047 0x0b20  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
21:23:54.0070 0x0b20  srvnet - ok
21:23:54.0164 0x0b20  [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:23:54.0195 0x0b20  SSDPSRV - ok
21:23:54.0257 0x0b20  [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
21:23:54.0273 0x0b20  SstpSvc - ok
21:23:54.0289 0x0b20  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
21:23:54.0289 0x0b20  stexstor - ok
21:23:54.0398 0x0b20  [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
21:23:54.0445 0x0b20  stisvc - ok
21:23:54.0476 0x0b20  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
21:23:54.0492 0x0b20  storahci - ok
21:23:54.0507 0x0b20  [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
21:23:54.0527 0x0b20  storflt - ok
21:23:54.0543 0x0b20  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
21:23:54.0559 0x0b20  stornvme - ok
21:23:54.0622 0x0b20  [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
21:23:54.0622 0x0b20  StorSvc - ok
21:23:54.0653 0x0b20  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
21:23:54.0653 0x0b20  storvsc - ok
21:23:54.0700 0x0b20  [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc           C:\WINDOWS\system32\svsvc.dll
21:23:54.0700 0x0b20  svsvc - ok
21:23:54.0747 0x0b20  [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
21:23:54.0747 0x0b20  swenum - ok
21:23:54.0809 0x0b20  [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv           C:\WINDOWS\System32\swprv.dll
21:23:54.0872 0x0b20  swprv - ok
21:23:54.0981 0x0b20  [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain         C:\WINDOWS\system32\sysmain.dll
21:23:55.0059 0x0b20  SysMain - ok
21:23:55.0106 0x0b20  [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
21:23:55.0153 0x0b20  SystemEventsBroker - ok
21:23:55.0200 0x0b20  [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
21:23:55.0231 0x0b20  TabletInputService - ok
21:23:55.0262 0x0b20  [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:23:55.0293 0x0b20  TapiSrv - ok
21:23:55.0512 0x0b20  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
21:23:55.0700 0x0b20  Tcpip - ok
21:23:55.0903 0x0b20  [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:23:56.0044 0x0b20  TCPIP6 - ok
21:23:56.0106 0x0b20  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
21:23:56.0106 0x0b20  tcpipreg - ok
21:23:56.0153 0x0b20  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
21:23:56.0169 0x0b20  tdx - ok
21:23:56.0184 0x0b20  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
21:23:56.0200 0x0b20  terminpt - ok
21:23:56.0309 0x0b20  [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:23:56.0372 0x0b20  TermService - ok
21:23:56.0387 0x0b20  [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes          C:\WINDOWS\system32\themeservice.dll
21:23:56.0387 0x0b20  Themes - ok
21:23:56.0434 0x0b20  [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
21:23:56.0450 0x0b20  THREADORDER - ok
21:23:56.0481 0x0b20  [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
21:23:56.0512 0x0b20  TimeBroker - ok
21:23:56.0559 0x0b20  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
21:23:56.0575 0x0b20  TPM - ok
21:23:56.0606 0x0b20  [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
21:23:56.0622 0x0b20  TrkWks - ok
21:23:56.0700 0x0b20  [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
21:23:56.0700 0x0b20  TrustedInstaller - ok
21:23:56.0731 0x0b20  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
21:23:56.0731 0x0b20  TsUsbFlt - ok
21:23:56.0762 0x0b20  [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
21:23:56.0778 0x0b20  TsUsbGD - ok
21:23:56.0809 0x0b20  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
21:23:56.0809 0x0b20  tunnel - ok
21:23:56.0840 0x0b20  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
21:23:56.0840 0x0b20  uagp35 - ok
21:23:56.0903 0x0b20  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
21:23:56.0903 0x0b20  UASPStor - ok
21:23:56.0919 0x0b20  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:23:56.0934 0x0b20  UBHelper - ok
21:23:56.0965 0x0b20  [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
21:23:56.0981 0x0b20  UCX01000 - ok
21:23:57.0012 0x0b20  [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
21:23:57.0059 0x0b20  udfs - ok
21:23:57.0090 0x0b20  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
21:23:57.0090 0x0b20  UEFI - ok
21:23:57.0153 0x0b20  [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
21:23:57.0153 0x0b20  UI0Detect - ok
21:23:57.0200 0x0b20  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
21:23:57.0215 0x0b20  uliagpkx - ok
21:23:57.0231 0x0b20  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
21:23:57.0247 0x0b20  umbus - ok
21:23:57.0262 0x0b20  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
21:23:57.0262 0x0b20  UmPass - ok
21:23:57.0325 0x0b20  [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
21:23:57.0372 0x0b20  UmRdpService - ok
21:23:57.0465 0x0b20  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:23:57.0497 0x0b20  UNS - ok
21:23:57.0544 0x0b20  [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:23:57.0590 0x0b20  upnphost - ok
21:23:57.0637 0x0b20  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
21:23:57.0653 0x0b20  usbccgp - ok
21:23:57.0731 0x0b20  [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
21:23:57.0747 0x0b20  usbcir - ok
21:23:57.0762 0x0b20  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
21:23:57.0762 0x0b20  usbehci - ok
21:23:57.0809 0x0b20  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
21:23:57.0840 0x0b20  usbhub - ok
21:23:57.0887 0x0b20  [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
21:23:57.0919 0x0b20  USBHUB3 - ok
21:23:57.0966 0x0b20  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
21:23:57.0981 0x0b20  usbohci - ok
21:23:57.0997 0x0b20  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
21:23:58.0012 0x0b20  usbprint - ok
21:23:58.0055 0x0b20  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
21:23:58.0061 0x0b20  USBSTOR - ok
21:23:58.0092 0x0b20  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
21:23:58.0092 0x0b20  usbuhci - ok
21:23:58.0139 0x0b20  [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
21:23:58.0155 0x0b20  usbvideo - ok
21:23:58.0202 0x0b20  [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
21:23:58.0217 0x0b20  USBXHCI - ok
21:23:58.0233 0x0b20  [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
21:23:58.0248 0x0b20  VaultSvc - ok
21:23:58.0264 0x0b20  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
21:23:58.0264 0x0b20  vdrvroot - ok
21:23:58.0389 0x0b20  [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds             C:\WINDOWS\System32\vds.exe
21:23:58.0498 0x0b20  vds - ok
21:23:58.0514 0x0b20  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
21:23:58.0530 0x0b20  VerifierExt - ok
21:23:58.0623 0x0b20  [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
21:23:58.0655 0x0b20  vhdmp - ok
21:23:58.0686 0x0b20  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
21:23:58.0686 0x0b20  viaide - ok
21:23:58.0717 0x0b20  [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
21:23:58.0717 0x0b20  vmbus - ok
21:23:58.0748 0x0b20  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
21:23:58.0748 0x0b20  VMBusHID - ok
21:23:58.0842 0x0b20  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll
21:23:58.0889 0x0b20  vmicguestinterface - ok
21:23:58.0952 0x0b20  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
21:23:58.0998 0x0b20  vmicheartbeat - ok
21:23:59.0030 0x0b20  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
21:23:59.0077 0x0b20  vmickvpexchange - ok
21:23:59.0123 0x0b20  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
21:23:59.0155 0x0b20  vmicrdv - ok
21:23:59.0186 0x0b20  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
21:23:59.0233 0x0b20  vmicshutdown - ok
21:23:59.0264 0x0b20  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
21:23:59.0311 0x0b20  vmictimesync - ok
21:23:59.0342 0x0b20  [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
21:23:59.0373 0x0b20  vmicvss - ok
21:23:59.0405 0x0b20  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
21:23:59.0420 0x0b20  volmgr - ok
21:23:59.0452 0x0b20  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
21:23:59.0467 0x0b20  volmgrx - ok
21:23:59.0514 0x0b20  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
21:23:59.0530 0x0b20  volsnap - ok
21:23:59.0577 0x0b20  [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
21:23:59.0592 0x0b20  vpci - ok
21:23:59.0624 0x0b20  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
21:23:59.0624 0x0b20  vsmraid - ok
21:23:59.0749 0x0b20  [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS             C:\WINDOWS\system32\vssvc.exe
21:23:59.0858 0x0b20  VSS - ok
21:23:59.0905 0x0b20  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
21:23:59.0920 0x0b20  VSTXRAID - ok
21:24:00.0155 0x0b20  [ C22E26DEDA8CDDCD45B5E0751CD9ABCC, B913266BCB85F1C67AD5A44A53F4DAF4026D46B058EE6174FEC355FF2EA0F338 ] vToolbarUpdater18.1.9 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
21:24:00.0264 0x0b20  vToolbarUpdater18.1.9 - ok
21:24:00.0327 0x0b20  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
21:24:00.0327 0x0b20  vwifibus - ok
21:24:00.0374 0x0b20  [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
21:24:00.0374 0x0b20  vwififlt - ok
21:24:00.0405 0x0b20  [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
21:24:00.0405 0x0b20  vwifimp - ok
21:24:00.0467 0x0b20  [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time         C:\WINDOWS\system32\w32time.dll
21:24:00.0514 0x0b20  W32Time - ok
21:24:00.0561 0x0b20  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
21:24:00.0561 0x0b20  WacomPen - ok
21:24:00.0702 0x0b20  [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine        C:\WINDOWS\system32\wbengine.exe
21:24:00.0827 0x0b20  wbengine - ok
21:24:00.0889 0x0b20  [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
21:24:00.0936 0x0b20  WbioSrvc - ok
21:24:00.0967 0x0b20  [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
21:24:00.0999 0x0b20  Wcmsvc - ok
21:24:01.0045 0x0b20  [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
21:24:01.0077 0x0b20  wcncsvc - ok
21:24:01.0092 0x0b20  [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
21:24:01.0092 0x0b20  WcsPlugInService - ok
21:24:01.0139 0x0b20  [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
21:24:01.0155 0x0b20  WdBoot - ok
21:24:01.0217 0x0b20  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
21:24:01.0280 0x0b20  Wdf01000 - ok
21:24:01.0311 0x0b20  [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
21:24:01.0342 0x0b20  WdFilter - ok
21:24:01.0358 0x0b20  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
21:24:01.0374 0x0b20  WdiServiceHost - ok
21:24:01.0389 0x0b20  [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
21:24:01.0405 0x0b20  WdiSystemHost - ok
21:24:01.0436 0x0b20  [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
21:24:01.0452 0x0b20  WdNisDrv - ok
21:24:01.0483 0x0b20  WdNisSvc - ok
21:24:01.0499 0x0b20  [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:24:01.0530 0x0b20  WebClient - ok
21:24:01.0561 0x0b20  [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
21:24:01.0577 0x0b20  Wecsvc - ok
21:24:01.0592 0x0b20  [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
21:24:01.0592 0x0b20  WEPHOSTSVC - ok
21:24:01.0608 0x0b20  [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
21:24:01.0624 0x0b20  wercplsupport - ok
21:24:01.0639 0x0b20  [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
21:24:01.0655 0x0b20  WerSvc - ok
21:24:01.0702 0x0b20  [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
21:24:01.0717 0x0b20  WFPLWFS - ok
21:24:01.0733 0x0b20  [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
21:24:01.0749 0x0b20  WiaRpc - ok
21:24:01.0780 0x0b20  [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
21:24:01.0780 0x0b20  WIMMount - ok
21:24:01.0795 0x0b20  WinDefend - ok
21:24:01.0905 0x0b20  [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
21:24:01.0967 0x0b20  WinHttpAutoProxySvc - ok
21:24:02.0045 0x0b20  [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:24:02.0077 0x0b20  Winmgmt - ok
21:24:02.0296 0x0b20  [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
21:24:02.0483 0x0b20  WinRM - ok
21:24:02.0546 0x0b20  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
21:24:02.0561 0x0b20  WinUsb - ok
21:24:02.0702 0x0b20  [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
21:24:02.0858 0x0b20  WlanSvc - ok
21:24:02.0999 0x0b20  [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
21:24:03.0108 0x0b20  wlidsvc - ok
21:24:03.0155 0x0b20  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
21:24:03.0171 0x0b20  WmiAcpi - ok
21:24:03.0217 0x0b20  [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
21:24:03.0233 0x0b20  wmiApSrv - ok
21:24:03.0280 0x0b20  WMPNetworkSvc - ok
21:24:03.0296 0x0b20  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
21:24:03.0311 0x0b20  Wof - ok
21:24:03.0452 0x0b20  [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
21:24:03.0577 0x0b20  workfolderssvc - ok
21:24:03.0624 0x0b20  [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
21:24:03.0624 0x0b20  wpcfltr - ok
21:24:03.0639 0x0b20  [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
21:24:03.0655 0x0b20  WPCSvc - ok
21:24:03.0671 0x0b20  [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
21:24:03.0671 0x0b20  WPDBusEnum - ok
21:24:03.0702 0x0b20  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
21:24:03.0702 0x0b20  WpdUpFltr - ok
21:24:03.0733 0x0b20  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
21:24:03.0733 0x0b20  ws2ifsl - ok
21:24:03.0749 0x0b20  [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
21:24:03.0780 0x0b20  wscsvc - ok
21:24:03.0796 0x0b20  WSearch - ok
21:24:04.0030 0x0b20  [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService       C:\WINDOWS\System32\WSService.dll
21:24:04.0264 0x0b20  WSService - ok
21:24:04.0561 0x0b20  [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
21:24:04.0811 0x0b20  wuauserv - ok
21:24:04.0874 0x0b20  [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
21:24:04.0874 0x0b20  WudfPf - ok
21:24:04.0936 0x0b20  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
21:24:04.0968 0x0b20  WUDFRd - ok
21:24:04.0983 0x0b20  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP    C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:24:04.0999 0x0b20  WUDFSensorLP - ok
21:24:05.0030 0x0b20  [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
21:24:05.0046 0x0b20  wudfsvc - ok
21:24:05.0061 0x0b20  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdComp     C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:24:05.0077 0x0b20  WUDFWpdComp - ok
21:24:05.0108 0x0b20  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:24:05.0124 0x0b20  WUDFWpdFs - ok
21:24:05.0139 0x0b20  [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
21:24:05.0155 0x0b20  WUDFWpdMtp - ok
21:24:05.0233 0x0b20  [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
21:24:05.0280 0x0b20  WwanSvc - ok
21:24:05.0327 0x0b20  [ BB1842E3AA602B401F7692718B0D0F9A, 6DE508F6CC917D046E61730706C70EF2965B12A7A31F180C22DF8BFA30C0CF67 ] ZAtheros Wlan Agent C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
21:24:05.0327 0x0b20  ZAtheros Wlan Agent - ok
21:24:05.0358 0x0b20  ================ Scan global ===============================
21:24:05.0405 0x0b20  [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll
21:24:05.0468 0x0b20  [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll
21:24:05.0561 0x0b20  [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll
21:24:05.0593 0x0b20  [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe
21:24:05.0624 0x0b20  [ Global ] - ok
21:24:05.0624 0x0b20  ================ Scan MBR ==================================
21:24:05.0639 0x0b20  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
21:24:05.0639 0x0b20  \Device\Harddisk0\DR0 - ok
21:24:05.0655 0x0b20  ================ Scan VBR ==================================
21:24:05.0655 0x0b20  [ 42EC3B682BC4DB96AB097F9FEF412D9C ] \Device\Harddisk0\DR0\Partition1
21:24:05.0718 0x0b20  \Device\Harddisk0\DR0\Partition1 - ok
21:24:05.0733 0x0b20  [ B9F77672308EE9EB1286D056F4F4BF19 ] \Device\Harddisk0\DR0\Partition2
21:24:05.0796 0x0b20  \Device\Harddisk0\DR0\Partition2 - ok
21:24:05.0811 0x0b20  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
21:24:05.0811 0x0b20  \Device\Harddisk0\DR0\Partition3 - ok
21:24:05.0827 0x0b20  [ CDCEBD576B2CFFF322F777B8308B33A8 ] \Device\Harddisk0\DR0\Partition4
21:24:05.0889 0x0b20  \Device\Harddisk0\DR0\Partition4 - ok
21:24:05.0921 0x0b20  [ 960EBE06ADE4DFE78B86CA6FFBE71C13 ] \Device\Harddisk0\DR0\Partition5
21:24:05.0936 0x0b20  \Device\Harddisk0\DR0\Partition5 - ok
21:24:05.0952 0x0b20  [ ADCC5CEB8A41CFF47D5E2207A3EE98D5 ] \Device\Harddisk0\DR0\Partition6
21:24:05.0968 0x0b20  \Device\Harddisk0\DR0\Partition6 - ok
21:24:05.0968 0x0b20  ================ Scan generic autorun ======================
21:24:06.0014 0x0b20  [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\WINDOWS\system32\igfxtray.exe
21:24:06.0030 0x0b20  IgfxTray - ok
21:24:06.0061 0x0b20  [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\WINDOWS\system32\hkcmd.exe
21:24:06.0093 0x0b20  HotKeysCmds - ok
21:24:06.0124 0x0b20  [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\WINDOWS\system32\igfxpers.exe
21:24:06.0155 0x0b20  Persistence - ok
21:24:07.0092 0x0b20  [ 834A309C2FDF52FC09353F348CFE1235, FF8D5B0C4D8DEF3B313E11B01D6A2A29758E8721EF2EC0AAC2DB3C9AAF399276 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
21:24:07.0827 0x0b20  RTHDVCPL - ok
21:24:07.0905 0x0b20  [ 1FAD6ACA65366E1AFF10EC6B02F47A84, 2DA16D06F553FC081E374F1699EC240D7FFFDD39D42774F044AE3DE09F2C8619 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
21:24:07.0921 0x0b20  BCSSync - ok
21:24:07.0952 0x0b20  [ FF7CB5344094510654C240486B4B1B3F, 2A50A3BC366D5293C61FEDC5639C0EB2BB3176933599B6C1533F06F9B6C5D2DF ] C:\Program Files (x86)\RadioController\RfBtnHelper.exe
21:24:07.0967 0x0b20  RadioController - ok
21:24:08.0071 0x0b20  [ 07A37CB5C5A01E73FB69F138FAE2DB0E, 9E8B5D78D7EAB8FA35133763EDA91AFE5CDEE275D604F02CDB56FB00A0D5AA0F ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
21:24:08.0131 0x0b20  Adobe ARM - ok
21:24:08.0225 0x0b20  [ 7516C453B017706D857A6E57F75D72AD, EDB67298B432990D16168C023FB8079B475DAEC540594E2020BBE8EBD017B5E9 ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
21:24:08.0272 0x0b20  DivXMediaServer - ok
21:24:08.0428 0x0b20  [ FB1A303207C1124C2B61A50E5A32AC21, 5BE93B9FDE657DCDAF4E8C02BC3F364C58B115DCE3AD10044FBCDC0FF90C2EBC ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
21:24:08.0553 0x0b20  DivXUpdate - ok
21:24:08.0584 0x0b20  vProt - ok
21:24:08.0663 0x0b20  [ 887CAA31048EB8ED09A0CBD0E6F46F09, BBCED0BD4EB00C3FECFC9448223D4C441A868787877291F5489B07B43FAB65A4 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
21:24:08.0678 0x0b20  SunJavaUpdateSched - ok
21:24:09.0004 0x0b20  [ 9DB4F8D6F900D0511CC216783C7F7D48, 63FD23A41C26186302104B9752EFEC91FDCB7AEF68ECC4956809F5009B6A65C5 ] C:\Program Files (x86)\AVG\AVG2015\avgui.exe
21:24:09.0217 0x0b20  AVG_UI - ok
21:24:09.0373 0x0b20  [ 34560253EF56416ED5F9192AA258407E, 1915FED010A852C65A4BF809D9DC8E8C96ECCABFC6707F1EBA946630F4E56CAF ] C:\Program Files (x86)\Trojan Remover\Trjscan.exe
21:24:09.0498 0x0b20  TrojanScanner - ok
21:24:09.0608 0x0b20  [ 2A65AE735E0C439762072787AD61FA07, 19E4A96924BBD51F45DD5D34D18B16D614779F508B3DF5895DF2218043BEF0E0 ] C:\Program Files (x86)\Windows Mail\wab.exe
21:24:09.0639 0x0b20  WAB Migrate - ok
21:24:09.0686 0x0b20  [ 00E10C74F2C0350277B5B0500D51D7D2, 92A41B0CCACE751DDBF0369354FC5182B94B035775CE79BE96C0CF6E944B9024 ] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
21:24:09.0733 0x0b20  Sony PC Companion - ok
21:24:09.0951 0x0b20  [ 46C65974CA912E5751905432D649BC25, FEA2E185F2C8517F6A5B923BE320D2BB1B648C88CF2E1902B04A3EADA66ABA4A ] C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
21:24:10.0108 0x0b20  AVG-Secure-Search-Update_0414c - ok
21:24:10.0123 0x0b20  Waiting for KSN requests completion. In queue: 122
21:24:11.0139 0x0b20  Waiting for KSN requests completion. In queue: 122
21:24:12.0140 0x0b20  Waiting for KSN requests completion. In queue: 122
21:24:13.0202 0x0b20  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated )
21:24:13.0218 0x0b20  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5646 ), 0x41000 ( enabled : updated )
21:24:13.0218 0x0b20  Win FW state via NFP2: enabled
21:24:15.0728 0x0b20  ============================================================
21:24:15.0728 0x0b20  Scan finished
21:24:15.0728 0x0b20  ============================================================
21:24:15.0743 0x097c  Detected object count: 0
21:24:15.0743 0x097c  Actual detected object count: 0
21:24:36.0448 0x0e94  Deinitialize success

schrauber · 25.01.2015, 08:57

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Jenny94 · 25.01.2015, 19:01

Guten Abend,
hier die Dateien!

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 25.01.2015
Suchlauf-Zeit: 11:34:57
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.01.25.06
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Jenny Nix

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 408616
Verstrichene Zeit: 41 Min, 10 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 8
PUP.Optional.Babylon.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [f6a42fcc2861b77f55d6b83b6a98be42], 
PUP.Optional.Snapdo.T, HKU\S-1-5-21-3192750341-2543641923-3795283259-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [bdddb7446c1dd363e43a55db7a89fa06], 
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\kdfbddbdpnahdahmamlolacimfdbeckk, In Quarantäne, [1e7cb546c4c5ab8b2ba0c838a263de22], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [7e1c8477dcad989e1da36932f60dba46], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [2b6f8675563326103bdecbb57c87e61a], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\kdfbddbdpnahdahmamlolacimfdbeckk, In Quarantäne, [a6f44ead9eebb482c3096c948e7705fb], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [bae04ab163261c1a18d05a327d8605fb], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3192750341-2543641923-3795283259-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [4c4e22d9c1c84ee8d6e9a9f2bd4615eb], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 6
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Ersetzt,[4555e91208811e18db654a4f1de8a060]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=hp&installDate=25/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=hp&installDate=25/09/2013),Ersetzt,[6f2bab50a0e9df57f849bfdafe079868]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Ersetzt,[a5f5c338daaf5ed887b82b6ea461ec14]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Ersetzt,[e0ba05f61e6b92a4c77bcbceb4510df3]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Ersetzt,[bae0bb40c0c916204201ebaed5301ee2]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-3192750341-2543641923-3795283259-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=a18cba48-090d-6dca-8b6a-2a88677f535f&searchtype=ds&q={searchTerms}&installDate=25/09/2013),Ersetzt,[d5c5da211b6ed85edf5f76234db8946c]

Ordner: 4
PUP.Optional.OpenCandy, C:\Users\Jenny Nix\AppData\Roaming\OpenCandy, In Quarantäne, [cfcb01fa6128a096554b8eb26d96956b], 
PUP.Optional.OpenCandy, C:\Users\Jenny Nix\AppData\Roaming\OpenCandy\3C22309F4CE4478CB44DFC8BA2E78470, In Quarantäne, [cfcb01fa6128a096554b8eb26d96956b], 
PUP.Optional.OpenCandy, C:\Users\Jenny Nix\AppData\Roaming\OpenCandy\D79CD7E3338A4E8E8C7E126D7B426939, In Quarantäne, [cfcb01fa6128a096554b8eb26d96956b], 
PUP.Optional.MySpeedDial.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [d7c376853f4a092d83af2627c83b936d], 

Dateien: 14
PUP.Optional.OpenCandy, C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RQI3FRI\Daemon Tools.exe, In Quarantäne, [d8c2e01b96f321151f1404c7c4413cc4], 
PUP.Optional.OpenCandy, C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RMUA6JA\Daemon Tools.exe, In Quarantäne, [2674d72491f8f145b0838942a65f6d93], 
PUP.Optional.OpenCandy, C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RNFC8QE\Daemon Tools.exe, In Quarantäne, [b5e552a9870216202a098c3feb1a09f7], 
PUP.Optional.Conduit, C:\Users\Jenny Nix\AppData\Local\Temp\scoped_dir_4784_30275\CRX_INSTALL\plugins\ChromeApproveTBPlugin.dll, In Quarantäne, [3961e9121c6d33035ef1cbc770957888], 
PUP.Optional.Wajam.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage, In Quarantäne, [c3d79b605a2faf879bf2d6d4c53e4ab6], 
PUP.Optional.Wajam.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal, In Quarantäne, [8e0c9a6136533204fa936644ed16f010], 
PUP.Optional.Conduit.A, C:\Users\Jenny Nix\AppData\Local\CRE\kdfbddbdpnahdahmamlolacimfdbeckk.crx, In Quarantäne, [a7f39467ff8a3bfbd6f4a7590bfa4bb5], 
PUP.Optional.MySpeedDial.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000005.ldb, In Quarantäne, [d7c376853f4a092d83af2627c83b936d], 
PUP.Optional.MySpeedDial.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000012.log, In Quarantäne, [d7c376853f4a092d83af2627c83b936d], 
PUP.Optional.MySpeedDial.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, In Quarantäne, [d7c376853f4a092d83af2627c83b936d], 
PUP.Optional.MySpeedDial.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, In Quarantäne, [d7c376853f4a092d83af2627c83b936d], 
PUP.Optional.MySpeedDial.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, In Quarantäne, [d7c376853f4a092d83af2627c83b936d], 
PUP.Optional.MySpeedDial.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, In Quarantäne, [d7c376853f4a092d83af2627c83b936d], 
PUP.Optional.MySpeedDial.A, C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000011, In Quarantäne, [d7c376853f4a092d83af2627c83b936d], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Code:

ATTFilter

# AdwCleaner v4.109 - Bericht erstellt am 25/01/2015 um 18:40:02
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-01-25.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Jenny Nix - JENNY
# Gestartet von : C:\Users\Jenny Nix\Downloads\AdwCleaner_4.109.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : vToolbarUpdater18.1.9

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG SafeGuard toolbar
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Security Toolbar
Ordner Gelöscht : C:\Program Files (x86)\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Program Files (x86)\AVG Security Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Ordner Gelöscht : C:\Users\Jenny Nix\AppData\Local\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\Jenny Nix\AppData\LocalLow\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\Jenny Nix\AppData\Roaming\ASP
Ordner Gelöscht : C:\Users\Jenny Nix\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Jenny Nix\AppData\Roaming\RHEng
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe

***** [ Tasks ] *****

Task Gelöscht : Dealply
Task Gelöscht : DealPlyLiveUpdateTaskMachineCore
Task Gelöscht : DealPlyLiveUpdateTaskMachineUA
Task Gelöscht : DealPlyUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{570BEAD8-EE36-78F9-3220-79AFD8160926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EFB02F6B-8B86-495D-9CDF-2CB49A024DBF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F7922A0-EB23-4A7B-8FB2-7DE09FFEF3CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F7922A0-EB23-4A7B-8FB2-7DE09FFEF3CC}
Schlüssel Gelöscht : HKCU\Software\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v


-\\ Google Chrome v40.0.2214.91


*************************

AdwCleaner[R0].txt - [19352 octets] - [14/01/2014 21:48:22]
AdwCleaner[R1].txt - [907 octets] - [26/01/2014 12:12:26]
AdwCleaner[R2].txt - [7703 octets] - [25/01/2015 18:32:11]
AdwCleaner[S0].txt - [16900 octets] - [14/01/2014 22:10:36]
AdwCleaner[S1].txt - [967 octets] - [26/01/2014 12:51:32]
AdwCleaner[S2].txt - [7120 octets] - [25/01/2015 18:40:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [7180 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Jenny Nix on 25.01.2015 at 18:48:32,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jenny Nix\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.01.2015 at 18:56:52,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Jenny Nix (administrator) on JENNY on 25-01-2015 18:59:28
Running from C:\Users\Jenny Nix\Downloads
Loaded Profiles: UpdatusUser & Jenny Nix (Available profiles: UpdatusUser & Jenny Nix)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Dropbox, Inc.) C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Mega Limited) C:\Users\Jenny Nix\AppData\Local\MEGAsync\MEGAsync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [DivXUpdate] => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2733080 2014-05-29] ()
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Jenny Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jenny Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
ShortcutTarget: MEGAsync.lnk -> C:\Users\Jenny Nix\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52144;https=127.0.0.1:52144
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> {2F7922A0-EB23-4A7B-8FB2-7DE09FFEF3CC} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3192750341-2543641923-3795283259-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google-Suche) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR Extension: (Google Mail) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-02] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-06] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-13] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-02] (Dritek System Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-06] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 18:56 - 2015-01-25 18:56 - 00000825 _____ () C:\Users\Jenny Nix\Desktop\JRT.txt
2015-01-25 18:48 - 2015-01-25 18:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-25 18:47 - 2015-01-25 18:47 - 01707939 _____ (Thisisu) C:\Users\Jenny Nix\Downloads\JRT.exe
2015-01-25 18:44 - 2015-01-25 18:44 - 00007300 _____ () C:\Users\Jenny Nix\Desktop\AdwCleaner[S2].txt
2015-01-25 18:31 - 2015-01-25 18:31 - 02194432 _____ () C:\Users\Jenny Nix\Downloads\AdwCleaner_4.109.exe
2015-01-25 12:44 - 2015-01-25 12:44 - 00009484 _____ () C:\Users\Jenny Nix\Desktop\mbam.txt
2015-01-25 11:33 - 2015-01-25 11:33 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 11:33 - 2015-01-25 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 11:33 - 2015-01-25 11:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 11:33 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-25 11:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-25 11:30 - 2015-01-25 11:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jenny Nix\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-24 21:21 - 2015-01-24 21:22 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jenny Nix\Downloads\tdsskiller.exe
2015-01-24 16:51 - 2015-01-25 11:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-24 16:50 - 2015-01-25 12:43 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 16:50 - 2015-01-24 17:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-24 16:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-24 16:45 - 2015-01-24 17:45 - 00000000 ____D () C:\Users\Jenny Nix\mbar
2015-01-24 16:44 - 2015-01-24 16:45 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Jenny Nix\Downloads\mbar-1.08.3.1004.exe
2015-01-24 16:42 - 2015-01-24 16:50 - 00000000 ___RD () C:\Users\Jenny Nix\Documents\MEGA
2015-01-24 16:41 - 2015-01-24 16:43 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\MEGAsync
2015-01-24 16:41 - 2015-01-24 16:41 - 00001115 _____ () C:\Users\Jenny Nix\Desktop\MEGAsync.lnk
2015-01-24 16:41 - 2015-01-24 16:41 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-01-24 16:41 - 2015-01-24 16:41 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\Mega Limited
2015-01-24 16:38 - 2015-01-24 16:38 - 08360152 _____ (MEGA Limited) C:\Users\Jenny Nix\Downloads\MEGAsync37Setup.exe
2015-01-24 16:35 - 2015-01-24 16:35 - 00001288 _____ () C:\Users\Jenny Nix\Desktop\Revo Uninstaller.lnk
2015-01-24 16:34 - 2015-01-24 16:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jenny Nix\Downloads\revosetup95.exe
2015-01-24 12:37 - 2015-01-24 12:39 - 00026694 _____ () C:\Users\Jenny Nix\Downloads\Addition.txt
2015-01-24 12:35 - 2015-01-25 18:59 - 00018812 _____ () C:\Users\Jenny Nix\Downloads\FRST.txt
2015-01-24 12:35 - 2015-01-25 18:59 - 00000000 ____D () C:\FRST
2015-01-24 12:34 - 2015-01-24 12:34 - 02129920 _____ (Farbar) C:\Users\Jenny Nix\Downloads\FRST64.exe
2015-01-24 11:48 - 2015-01-24 11:48 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Simply Super Software
2015-01-24 11:48 - 2015-01-24 11:48 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-24 11:47 - 2015-01-24 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-24 11:46 - 2015-01-24 11:47 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-24 11:46 - 2015-01-24 11:46 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-24 11:44 - 2015-01-24 11:44 - 31390952 _____ (Simply Super Software ) C:\Users\Jenny Nix\Downloads\trjsetup691.exe
2015-01-24 10:43 - 2015-01-24 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-24 10:03 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-24 09:55 - 2015-01-24 09:56 - 00000247 _____ () C:\WINDOWS\system32\2015-01-24-08-55-56.057-aswFe.exe-5560.log
2015-01-24 09:46 - 2015-01-24 09:55 - 00000247 _____ () C:\WINDOWS\system32\2015-01-24-08-46-13.065-aswFe.exe-1176.log
2015-01-24 09:46 - 2015-01-24 09:46 - 00000197 _____ () C:\WINDOWS\system32\2015-01-24-08-46-11.015-AvastVBoxSVC.exe-3860.log
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\AVAST Software
2015-01-24 09:33 - 2015-01-24 09:33 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.1422088429546
2015-01-24 09:33 - 2015-01-24 09:33 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-24 09:33 - 2015-01-24 09:32 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1422088428859
2015-01-24 09:31 - 2015-01-24 09:31 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-24 09:29 - 2015-01-24 09:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-22 19:21 - 2015-01-22 19:36 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Arbeiten
2015-01-22 06:49 - 2015-01-24 16:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-22 06:36 - 2012-11-20 11:48 - 02213776 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-01-14 06:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 06:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 06:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 06:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 06:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 06:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 06:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 06:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 06:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 06:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 06:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 06:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 06:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 06:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 06:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 06:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 06:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 06:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 06:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 06:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 06:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:36 - 2015-01-13 21:36 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\dvdcss
2015-01-08 11:38 - 2015-01-08 11:38 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\BMDNTCS
2015-01-08 11:38 - 2015-01-08 11:38 - 00000000 ____D () C:\ProgramData\BMDNTCS
2015-01-08 11:11 - 2015-01-08 11:21 - 00000000 ____D () C:\BMDCRW
2015-01-08 11:11 - 2015-01-08 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMD Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-25 18:55 - 2014-12-06 13:06 - 01192553 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-25 18:48 - 2013-06-25 00:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3192750341-2543641923-3795283259-1002
2015-01-25 18:43 - 2013-06-27 10:18 - 00000000 ___RD () C:\Users\Jenny Nix\Dropbox
2015-01-25 18:43 - 2013-06-27 10:13 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\Dropbox
2015-01-25 18:42 - 2014-09-23 22:06 - 00736972 _____ () C:\WINDOWS\PFRO.log
2015-01-25 18:42 - 2014-05-29 21:39 - 00000386 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-01-25 18:42 - 2014-05-29 21:39 - 00000386 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-01-25 18:42 - 2014-04-18 20:27 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\AVG SafeGuard toolbar
2015-01-25 18:42 - 2013-08-22 15:46 - 00340468 _____ () C:\WINDOWS\setupact.log
2015-01-25 18:42 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-25 18:42 - 2013-06-26 23:21 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-25 18:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-25 18:40 - 2014-01-14 21:48 - 00000000 ____D () C:\AdwCleaner
2015-01-25 18:24 - 2013-06-26 23:21 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-25 18:20 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-25 18:20 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-25 18:20 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-25 17:34 - 2014-12-06 13:53 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{508B9F10-E260-487A-92D3-397342E45419}
2015-01-25 16:51 - 2013-06-25 19:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 12:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System
2015-01-25 11:24 - 2014-12-06 13:13 - 00000000 ____D () C:\Users\Jenny Nix
2015-01-24 17:43 - 2014-12-08 19:00 - 00565760 ___SH () C:\Users\Jenny Nix\Desktop\Thumbs.db
2015-01-24 16:39 - 2013-06-25 18:57 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Bilder
2015-01-24 11:48 - 2012-11-23 06:58 - 00000000 ____D () C:\ProgramData\Temp
2015-01-24 11:23 - 2013-12-01 13:58 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Hörspiele
2015-01-24 11:19 - 2014-12-10 21:52 - 00000000 ____D () C:\Users\Jenny Nix\Documents\USB
2015-01-24 10:52 - 2013-09-17 14:38 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Schule
2015-01-24 10:46 - 2014-10-06 12:15 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Bewerbung + Lebenslauf
2015-01-24 10:44 - 2014-11-24 16:58 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-24 10:43 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-24 10:42 - 2013-06-25 19:51 - 00000000 ___HD () C:\$AVG
2015-01-24 10:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-24 09:38 - 2014-11-24 06:59 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\Avg2015
2015-01-23 18:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-23 16:27 - 2013-09-09 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-22 06:57 - 2013-10-19 09:51 - 00000000 ____D () C:\ProgramData\DivX
2015-01-20 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 22:32 - 2014-12-11 08:45 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-11 08:45 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 15:58 - 2013-09-29 11:00 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\vlc
2015-01-14 22:17 - 2013-07-28 19:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 22:08 - 2013-06-27 11:45 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-13 20:16 - 2014-12-08 19:08 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\Deployment
2015-01-08 11:11 - 2012-11-23 06:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2014-02-18 23:23 - 2014-03-05 07:49 - 0011758 _____ () C:\Users\Jenny Nix\AppData\Roaming\LogBuch.txt
2014-02-17 20:57 - 2014-03-05 17:05 - 0003126 _____ () C:\Users\Jenny Nix\AppData\Roaming\PData.MM1
2014-02-17 20:57 - 2014-03-05 17:05 - 0003126 _____ () C:\Users\Jenny Nix\AppData\Roaming\PData.MMM
2013-09-14 15:09 - 2014-01-10 12:23 - 0000140 _____ () C:\Users\Jenny Nix\AppData\Roaming\WB.CFG
2014-06-07 11:11 - 2014-06-07 11:11 - 0002737 _____ () C:\Users\Jenny Nix\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Jenny Nix\appnimi-zip-password-unlocker.dat


Some content of TEMP:
====================
C:\Users\Jenny Nix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0hanss.dll
C:\Users\Jenny Nix\AppData\Local\Temp\Quarantine.exe
C:\Users\Jenny Nix\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 12:32

==================== End Of Log ============================

--- --- ---

Danke und liebe Grüße,
Jenny

schrauber · 26.01.2015, 09:20

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Jenny94 · 26.01.2015, 20:46

Puh, der ESET Scanner arbeitet bei mir schon seit ca. 2,5 Stunden und hat erst 33 % geschafft.
Ich glaube ich kann heute keine Antwort mehr posten

Schicke meine Files sobald es geht.

Liebe Grüße

schrauber · 27.01.2015, 07:34

ok

Jenny94 · 27.01.2015, 11:06

Nach 12 Stunden Scan ist es endlich geschafft =)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=31553218c93ff3489bd9ba56b8d39b86
# engine=22153
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-26 05:26:39
# local_time=2015-01-26 06:26:39 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 115034 109427183 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4429574 47174492 0 0
# scanned=10221
# found=5
# cleaned=0
# scan_time=2688
sh=A4C7CB680C11D71FA908A84B0B09DE0FA5D94AB9 ft=1 fh=5fe834c2d9f9392a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$R5KGBKF.exe"
sh=792F41E8858D51522C5B5E992B5DDFFA44105365 ft=1 fh=1a4265f23e541de8 vn="NSIS/TrojanDownloader.Adload.AA Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RHH6CFR.exe"
sh=B252D6D931DDB132CF8C1A6E5D5DE6FC76264E6E ft=1 fh=31d7d762ebc86a10 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RO3NSIX.exe"
sh=792F41E8858D51522C5B5E992B5DDFFA44105365 ft=1 fh=1a4265f23e541de8 vn="NSIS/TrojanDownloader.Adload.AA Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$ROCOZEJ.exe"
sh=4AD807845C44AD58B997D26C512276ADA5EBFB17 ft=1 fh=dee932d125fd5ccf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RX7UBDR.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=31553218c93ff3489bd9ba56b8d39b86
# engine=22153
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-27 05:38:31
# local_time=2015-01-27 06:38:31 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 155346 109471095 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4469886 47218404 0 0
# scanned=387232
# found=61
# cleaned=0
# scan_time=43824
sh=A4C7CB680C11D71FA908A84B0B09DE0FA5D94AB9 ft=1 fh=5fe834c2d9f9392a vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$R5KGBKF.exe"
sh=792F41E8858D51522C5B5E992B5DDFFA44105365 ft=1 fh=1a4265f23e541de8 vn="NSIS/TrojanDownloader.Adload.AA Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RHH6CFR.exe"
sh=B252D6D931DDB132CF8C1A6E5D5DE6FC76264E6E ft=1 fh=31d7d762ebc86a10 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RO3NSIX.exe"
sh=792F41E8858D51522C5B5E992B5DDFFA44105365 ft=1 fh=1a4265f23e541de8 vn="NSIS/TrojanDownloader.Adload.AA Trojaner" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$ROCOZEJ.exe"
sh=4AD807845C44AD58B997D26C512276ADA5EBFB17 ft=1 fh=dee932d125fd5ccf vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3192750341-2543641923-3795283259-1002\$RX7UBDR.exe"
sh=DB5DEC21F203A3AE275461D03FF977C87C6C00F9 ft=1 fh=09feb8da0d515751 vn="Win32/Toolbar.Conduit.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\CT3281675\plugins\TBVerifier.dll.vir"
sh=BF5216BA0FC39EA5AD1A0C9A757E902C265A823B ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.crx.vir"
sh=359A92C15F0AD3A7D1029D260148EC522E18BA3F ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPly.xpi.vir"
sh=301D76EDD0C41858B28915E06D395B746B434187 ft=1 fh=669084b2e965dc27 vn="Variante von Win32/DealPly.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir"
sh=4A83D07CD3A2E23C41B47609301AB8F6D835918C ft=1 fh=4beb8c61673c35e8 vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdate.exe.vir"
sh=15A8BE96BCAAD50B1F987603FC7ADA1C61EE2671 ft=1 fh=17dc8e215076b726 vn="Variante von Win32/DealPly.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateRun.exe.vir"
sh=548957F540E363553DEC20AFBC4B2EA814D5E17E ft=1 fh=cdfbdc51a30f9cbb vn="Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPly\DealPlyUpdateVer.exe.vir"
sh=0F081DBA3288108E77AA7797D5EE28B077C43B88 ft=1 fh=827545bc3cf01bf5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe.vir"
sh=0F081DBA3288108E77AA7797D5EE28B077C43B88 ft=1 fh=827545bc3cf01bf5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe.vir"
sh=D1337408DE8FC6409BCB0F52A3F84F2863A94C40 ft=1 fh=b4f71a4e9c68bca5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe.vir"
sh=0F081DBA3288108E77AA7797D5EE28B077C43B88 ft=1 fh=827545bc3cf01bf5 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe.vir"
sh=E1124A98F09A6EBCE59FEA2E918FFE2DCB245146 ft=1 fh=c29d58234e843b86 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe.vir"
sh=A658B92B519F7898937EE2AE8CF53A62F620C923 ft=1 fh=7f9bfa912e5e181c vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll.vir"
sh=6D00C85C60CAF98D39E5CD07AACE53C757A99C49 ft=1 fh=ed4a7cab0d6835d6 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll.vir"
sh=7489D541CA03F640A02B20A33A88C70691D689D5 ft=1 fh=5216003ac57facf4 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir"
sh=0652CF8AA5ACCADDDD31EE32521742F0CF6A62B0 ft=1 fh=6730b7aa2ee36939 vn="Win32/DealPly.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll.vir"
sh=2A3D80E83C3244A138F165DBA15B67CDE281D636 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebCake\WebCakeLayers.crx.vir"
sh=034BE991CB00B240F574CF8B7F0B1F407B1FD9B8 ft=1 fh=d540e00c2c6e80d8 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll.vir"
sh=C7759E1F0D3AD2530280372D806703390469B07C ft=1 fh=930db3a9eb64adf6 vn="MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Betcat\WebCakeDesktop.exe.vir"
sh=7760A54D309D6F505D7A9D76BE59364E29D16343 ft=1 fh=07d18bc14c7c0804 vn="Variante von MSIL/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Betcat\dat\cst.exe.vir"
sh=97D10A94D3A5CBD227545D6B595106D8C8CF71EB ft=1 fh=66b5464a9db41a46 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Betcat\dat\Desktop.OS.dll.vir"
sh=76521F4582540A7EC43E1BE19C93E15BCF1496C9 ft=1 fh=cc8d98f366a1b949 vn="Variante von MSIL/BrowseFox.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Betcat\dat\DIBS.dat.vir"
sh=5E9AF9B16CADF60371BD946E05C62E88BB3C8CA3 ft=1 fh=49cf5f646ed154fe vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Betcat\dat\Dora.dat.vir"
sh=22685DC94848550F07467C2E59705F3E8E3BA364 ft=1 fh=079f83b17c3f95a7 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Betcat\dat\Maintain.dat.vir"
sh=3463A5C8EEB00DCD4F1DAE530D9D4F997DE360F9 ft=1 fh=97a108d1f83f7f9b vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Betcat\dat\Paladin.dat.vir"
sh=A9E528007F510A7E46D3E1E375443AF378F57CF0 ft=1 fh=cb1e91dcdcc6c9aa vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Betcat\dat\Phoenix.dat.vir"
sh=548957F540E363553DEC20AFBC4B2EA814D5E17E ft=1 fh=cdfbdc51a30f9cbb vn="Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\OpenCandy\11C20D703A66409A9A9D670AB18F8C57\SSStub_SearchProtect_p1v0.exe.vir"
sh=BD2FB2B5AB6E8D248C0FB11425B108C17B696835 ft=1 fh=75ed9a1f38cde0e4 vn="Variante von Win32/DealPly.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\OpenCandy\4D8FE0B6EF7F4EF9A603F58CD3D3C22E\dp.exe.vir"
sh=3AFB53DDFC81A47E4335B232481F8D3A7469B1E5 ft=1 fh=73b161e50e1ad296 vn="Win32/Toolbar.Conduit.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\OpenCandy\56851E7A8AA840BCBFE92EBE9D773780\mconduitinstaller.exe.vir"
sh=C6856C32ECEF81A37AFEE5929F0AF5CBB7F4029C ft=1 fh=1edb99ab84c070e7 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\OpenCandy\715E149CC9DE4D64B2BBF467AF03CE06\Installer.exe.vir"
sh=37CCAD86409E08816A4C00F1DBEA4604BA36D3A1 ft=1 fh=919a9505016e0e1e vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\OpenCandy\7E49C68EC4CF400FAF15AB32504D23D1\DeltaTB.exe.vir"
sh=0426E4867C924953E13659997D92D9398C4C78D5 ft=1 fh=b751e6e1d6037e00 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\OpenCandy\D978D2C4273D45AD804861DB396AE810\Softonic_chr_p1v3.exe.vir"
sh=C7759E1F0D3AD2530280372D806703390469B07C ft=1 fh=930db3a9eb64adf6 vn="MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\Web Cake\WebCakeDesktop.exe.vir"
sh=3974AF6435D0019AA8C84BE925611F9287976CC4 ft=1 fh=8821c6c28bcd590e vn="MSIL/WebCake.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\WebCake\WebCakeDesktop.exe.vir"
sh=74B8790FFA9CD47FBC1F86D7E0742828AA3834AF ft=1 fh=69d831ccf0385465 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\WebCake\dat\Desktop.OS.dll.vir"
sh=769727FD17408B4FB051A5062DAE6C45EFDE7288 ft=1 fh=f7eaf69907b5b1c6 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\WebCake\dat\Dora.dat.vir"
sh=D3DDE80F947D835ECA1E4000BB6CC5647BE1E930 ft=1 fh=22ccd58d510d52b3 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\WebCake\dat\Maintain.dat.vir"
sh=1CD330953E443B78B91ED9F5FD3E5A4A2016ACEF ft=1 fh=a77d7df660e618ca vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\WebCake\dat\Paladin.dat.vir"
sh=143A8D06E36495B062714306C96818D0DD17559E ft=1 fh=2cec664552f410f7 vn="Variante von MSIL/WebCake.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Jenny Nix\AppData\Roaming\WebCake\dat\Phoenix.dat.vir"
sh=A5AFD43F80036873D9CF6AEBD2F6A2EABBA072D6 ft=1 fh=9f46438dbe9f0851 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=F20CA3170A7BEEF6EFA578F2229367EF3498A043 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jenny Nix\AppData\Local\Temp\scoped_dir_4784_30275\kdfbddbdpnahdahmamlolacimfdbeckk.crx"
sh=6AFAEEC56C44C74542369A58D1E2F57B508F0E0D ft=1 fh=b223f168b5e1d79a vn="Variante von Win32/Toolbar.Conduit.AH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jenny Nix\AppData\Local\Temp\scoped_dir_4784_30275\CRX_INSTALL\plugins\ConduitChromeApiPlugin.dll"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jenny Nix\Documents\Schule\Microsoft Office Professional Plus 2010 SP1-64\Daemon Tools.exe"
sh=1867142971E46CEFBDC91D1C32BDDB89B9CC2FCB ft=1 fh=bed49cb1acf2aab9 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Jenny Nix\Documents\USB\stick\Neuer Ordner\Microsoft Office Professional Plus 2010 SP1-64\Daemon Tools.exe"
sh=600771D2910928E3CEFE3B24E8F97C8DB4CF326C ft=1 fh=8a8ff7b6c3c6013d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1201265197-270377739-4244603850-1000\$R07PQFQ.exe"
sh=08247662F495318938F8269FDB1D410EF8345148 ft=1 fh=2a97b12ab7f2ca45 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1201265197-270377739-4244603850-1000\$RFEYRWG.exe"
sh=087346E5C4FE3745BA46A4F13C5405FBDB3D328B ft=1 fh=3e860ecb04e33871 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1201265197-270377739-4244603850-1000\$RHUKI3R.exe"
sh=15F5662DAFB688A2E0241A9EFCD86280E50549CE ft=1 fh=dfc028090734695c vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1201265197-270377739-4244603850-1000\$RLP5S7I.exe"
sh=20BA51F96F4EA5423FC90E17F635791D97DA4D44 ft=1 fh=c8ec0d8ad2660144 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1201265197-270377739-4244603850-1000\$RMDNMJJ.exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="Variante von Win32/Adware.CiDHelp Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1201265197-270377739-4244603850-1000\$RM4T7UY\MsgPlusLive-482.exe"
sh=C2571730AFAB285335CBF6A35387DE5962F2819A ft=1 fh=398a74cd366f257e vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1201265197-270377739-4244603850-1000\$RNN1S6W\FreeYouTubeToMp3Converter.exe"
sh=889671DBE5E6529F2DD444A46F95350F11AC9ED3 ft=1 fh=cab42f9231be6cc0 vn="Variante von Win32/Adware.CiDHelp Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-1201265197-270377739-4244603850-1000\$RZM0YF9\MsgPlusLive-482.exe"
sh=FF42995D8E24E05FF9EBA12DCB27B9AAB183A290 ft=1 fh=605214e765268a80 vn="Variante von Win32/Toolbar.Conduit.AI evtl. unerwünschte Anwendung" ac=I fn="G:\$RECYCLE.BIN\S-1-5-21-3665572547-1905888868-2464230718-1002\$RJEONF2\FreeYouTubeToMP3Converter31011.exe"
sh=A25E69B87E21E76226508C4287FE98D1E654412F ft=1 fh=d36b3e1a5b9444d7 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\SoftonicDownloader_fuer_photo-collage.exe"
sh=3B4EDA1E5C3379515B42D0AA7750693B5A93A6C5 ft=1 fh=82ee282e6aec17d2 vn="Win32/SoftonicDownloader.D evtl. unerwünschte Anwendung" ac=I fn="G:\Downloads\SoftonicDownloader_fuer_safari.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.95  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender                  
AVG AntiVirus Free Edition 2015   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Trojan Remover 6.9.1   
 Java 8 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Java 64-bit 8 Update 31  
  Adobe Flash Player 	10.3.181.34 Flash Player out of Date!  
 Adobe Reader XI  
 Google Chrome (40.0.2214.91) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

Mein Laptop hat bis jetzt keine Werbung mehr abgespielt!

Liebe Grüße,
Jenny

Hier das FRST log noch

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Jenny Nix (administrator) on JENNY on 27-01-2015 11:03:56
Running from C:\Users\Jenny Nix\Downloads
Loaded Profiles: UpdatusUser & Jenny Nix (Available profiles: UpdatusUser & Jenny Nix)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Dritek System INC.) C:\Windows\RfBtnSvc64.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Dropbox, Inc.) C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Mega Limited) C:\Users\Jenny Nix\AppData\Local\MEGAsync\MEGAsync.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => [X]
HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-04-02] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
HKLM-x32\...\Run: [DivXUpdate] => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3674576 2015-01-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TrojanScanner] => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [1791856 2014-10-16] (Simply Super Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2733080 2014-05-29] ()
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk
ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
Startup: C:\Users\Jenny Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jenny Nix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Jenny Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
ShortcutTarget: MEGAsync.lnk -> C:\Users\Jenny Nix\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52144;https=127.0.0.1:52144
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3192750341-2543641923-3795283259-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-3192750341-2543641923-3795283259-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://at.search.yahoo.com/?fr=hp-avast&type=avastbcl
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://at.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3192750341-2543641923-3795283259-1002 -> {2F7922A0-EB23-4A7B-8FB2-7DE09FFEF3CC} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 213.129.232.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll No File
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3192750341-2543641923-3795283259-1002: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Profile: C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-25]
CHR Extension: (Google Docs) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-25]
CHR Extension: (Google Drive) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-25]
CHR Extension: (Google-Suche) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-25]
CHR Extension: (Google Tabellen) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-25]
CHR Extension: (Google Wallet) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-29]
CHR Extension: (Google Mail) - C:\Users\Jenny Nix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3440080 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [309232 2015-01-06] (AVG Technologies CZ, s.r.o.)
R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2449552 2012-10-25] (Acer Incorporated)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658064 2012-10-23] (Acer Incorporated)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-11-03] (NTI Corporation)
R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-04-02] (Dritek System INC.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-12-06] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-12-06] (Microsoft Corporation)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-11-09] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-13] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [277784 2014-09-24] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-04-02] (Dritek System Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-12-06] (Microsoft Corporation)
R3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 10:53 - 2015-01-27 10:53 - 00000165 ____H () C:\Users\Jenny Nix\Desktop\~$Microsoft Excel-Arbeitsblatt (neu).xlsx
2015-01-27 08:51 - 2015-01-27 08:51 - 00008833 _____ () C:\Users\Jenny Nix\Desktop\Microsoft Excel-Arbeitsblatt (neu).xlsx
2015-01-27 07:56 - 2015-01-27 07:57 - 00852573 _____ () C:\Users\Jenny Nix\Downloads\SecurityCheck.exe
2015-01-26 18:06 - 2015-01-26 18:06 - 00200160 _____ () C:\Users\Jenny Nix\Downloads\Organisation einer Firmenpräsentation.pptx
2015-01-26 17:33 - 2015-01-26 17:33 - 02347384 _____ (ESET) C:\Users\Jenny Nix\Downloads\esetsmartinstaller_deu.exe
2015-01-25 18:56 - 2015-01-25 18:56 - 00000825 _____ () C:\Users\Jenny Nix\Desktop\JRT.txt
2015-01-25 18:48 - 2015-01-25 18:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2015-01-25 18:47 - 2015-01-25 18:47 - 01707939 _____ (Thisisu) C:\Users\Jenny Nix\Downloads\JRT.exe
2015-01-25 18:44 - 2015-01-25 18:44 - 00007300 _____ () C:\Users\Jenny Nix\Desktop\AdwCleaner[S2].txt
2015-01-25 18:31 - 2015-01-25 18:31 - 02194432 _____ () C:\Users\Jenny Nix\Downloads\AdwCleaner_4.109.exe
2015-01-25 12:44 - 2015-01-25 12:44 - 00009484 _____ () C:\Users\Jenny Nix\Desktop\mbam.txt
2015-01-25 11:33 - 2015-01-25 11:33 - 00001122 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-25 11:33 - 2015-01-25 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-25 11:33 - 2015-01-25 11:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-01-25 11:33 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-25 11:33 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-25 11:30 - 2015-01-25 11:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jenny Nix\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-24 21:21 - 2015-01-24 21:22 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jenny Nix\Downloads\tdsskiller.exe
2015-01-24 16:51 - 2015-01-25 11:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-24 16:50 - 2015-01-25 12:43 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-24 16:50 - 2015-01-24 17:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-24 16:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-24 16:45 - 2015-01-24 17:45 - 00000000 ____D () C:\Users\Jenny Nix\mbar
2015-01-24 16:44 - 2015-01-24 16:45 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Jenny Nix\Downloads\mbar-1.08.3.1004.exe
2015-01-24 16:42 - 2015-01-24 16:50 - 00000000 ___RD () C:\Users\Jenny Nix\Documents\MEGA
2015-01-24 16:41 - 2015-01-24 16:43 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\MEGAsync
2015-01-24 16:41 - 2015-01-24 16:41 - 00001115 _____ () C:\Users\Jenny Nix\Desktop\MEGAsync.lnk
2015-01-24 16:41 - 2015-01-24 16:41 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-01-24 16:41 - 2015-01-24 16:41 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\Mega Limited
2015-01-24 16:38 - 2015-01-24 16:38 - 08360152 _____ (MEGA Limited) C:\Users\Jenny Nix\Downloads\MEGAsync37Setup.exe
2015-01-24 16:35 - 2015-01-24 16:35 - 00001288 _____ () C:\Users\Jenny Nix\Desktop\Revo Uninstaller.lnk
2015-01-24 16:34 - 2015-01-24 16:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jenny Nix\Downloads\revosetup95.exe
2015-01-24 12:37 - 2015-01-24 12:39 - 00026694 _____ () C:\Users\Jenny Nix\Downloads\Addition.txt
2015-01-24 12:35 - 2015-01-27 11:03 - 00018746 _____ () C:\Users\Jenny Nix\Downloads\FRST.txt
2015-01-24 12:35 - 2015-01-27 11:03 - 00000000 ____D () C:\FRST
2015-01-24 12:34 - 2015-01-24 12:34 - 02129920 _____ (Farbar) C:\Users\Jenny Nix\Downloads\FRST64.exe
2015-01-24 11:48 - 2015-01-24 11:48 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Simply Super Software
2015-01-24 11:48 - 2015-01-24 11:48 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-24 11:47 - 2015-01-24 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2015-01-24 11:46 - 2015-01-24 11:47 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2015-01-24 11:46 - 2015-01-24 11:46 - 00000000 ____D () C:\ProgramData\Simply Super Software
2015-01-24 11:44 - 2015-01-24 11:44 - 31390952 _____ (Simply Super Software ) C:\Users\Jenny Nix\Downloads\trjsetup691.exe
2015-01-24 10:43 - 2015-01-24 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-01-24 10:03 - 2014-12-31 12:14 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-01-24 09:55 - 2015-01-24 09:56 - 00000247 _____ () C:\WINDOWS\system32\2015-01-24-08-55-56.057-aswFe.exe-5560.log
2015-01-24 09:46 - 2015-01-24 09:55 - 00000247 _____ () C:\WINDOWS\system32\2015-01-24-08-46-13.065-aswFe.exe-1176.log
2015-01-24 09:46 - 2015-01-24 09:46 - 00000197 _____ () C:\WINDOWS\system32\2015-01-24-08-46-11.015-AvastVBoxSVC.exe-3860.log
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\WINDOWS\system32\vbox
2015-01-24 09:34 - 2015-01-24 09:34 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\AVAST Software
2015-01-24 09:33 - 2015-01-24 09:33 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys.1422088429546
2015-01-24 09:33 - 2015-01-24 09:33 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-01-24 09:33 - 2015-01-24 09:32 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.1422088428859
2015-01-24 09:31 - 2015-01-24 09:31 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-24 09:29 - 2015-01-24 09:31 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-22 19:21 - 2015-01-22 19:36 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Arbeiten
2015-01-22 06:49 - 2015-01-24 16:35 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-01-22 06:36 - 2012-11-20 11:48 - 02213776 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll
2015-01-14 06:11 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 06:11 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 06:11 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 06:11 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 06:11 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 06:11 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 06:11 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 06:11 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 06:11 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 06:11 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 06:11 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 06:11 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 06:11 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 06:11 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 06:11 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 06:11 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 06:11 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 06:11 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 06:11 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 06:11 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 06:11 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 06:11 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 06:11 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-13 21:36 - 2015-01-13 21:36 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\dvdcss
2015-01-08 11:38 - 2015-01-08 11:38 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\BMDNTCS
2015-01-08 11:38 - 2015-01-08 11:38 - 00000000 ____D () C:\ProgramData\BMDNTCS
2015-01-08 11:11 - 2015-01-08 11:21 - 00000000 ____D () C:\BMDCRW
2015-01-08 11:11 - 2015-01-08 11:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMD Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-27 11:03 - 2013-06-27 10:18 - 00000000 ___RD () C:\Users\Jenny Nix\Dropbox
2015-01-27 11:02 - 2013-06-27 10:13 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\Dropbox
2015-01-27 11:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-27 10:56 - 2013-06-25 00:12 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3192750341-2543641923-3795283259-1002
2015-01-27 10:51 - 2014-05-29 21:39 - 00000386 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2015-01-27 10:51 - 2014-05-29 21:39 - 00000386 _____ () C:\WINDOWS\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2015-01-27 10:51 - 2013-06-26 23:21 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 10:24 - 2013-06-26 23:21 - 00001130 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 10:11 - 2014-12-06 13:06 - 01677627 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-27 07:55 - 2014-12-08 19:00 - 00565760 ___SH () C:\Users\Jenny Nix\Desktop\Thumbs.db
2015-01-27 06:38 - 2013-08-22 15:46 - 00341417 _____ () C:\WINDOWS\setupact.log
2015-01-27 06:30 - 2014-12-06 13:53 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{508B9F10-E260-487A-92D3-397342E45419}
2015-01-26 18:06 - 2014-12-08 19:08 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\Deployment
2015-01-26 17:38 - 2014-09-24 07:17 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-26 17:38 - 2014-09-24 06:43 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-26 17:38 - 2014-09-24 06:43 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-25 18:42 - 2014-09-23 22:06 - 00736972 _____ () C:\WINDOWS\PFRO.log
2015-01-25 18:42 - 2014-04-18 20:27 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\AVG SafeGuard toolbar
2015-01-25 18:42 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-25 18:41 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-25 18:40 - 2014-01-14 21:48 - 00000000 ____D () C:\AdwCleaner
2015-01-25 16:51 - 2013-06-25 19:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-25 12:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\System
2015-01-25 11:24 - 2014-12-06 13:13 - 00000000 ____D () C:\Users\Jenny Nix
2015-01-24 16:39 - 2013-06-25 18:57 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Bilder
2015-01-24 11:48 - 2012-11-23 06:58 - 00000000 ____D () C:\ProgramData\Temp
2015-01-24 11:23 - 2013-12-01 13:58 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Hörspiele
2015-01-24 11:19 - 2014-12-10 21:52 - 00000000 ____D () C:\Users\Jenny Nix\Documents\USB
2015-01-24 10:52 - 2013-09-17 14:38 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Schule
2015-01-24 10:46 - 2014-10-06 12:15 - 00000000 ____D () C:\Users\Jenny Nix\Documents\Bewerbung + Lebenslauf
2015-01-24 10:44 - 2014-11-24 16:58 - 00000000 ____D () C:\ProgramData\AVG2015
2015-01-24 10:43 - 2012-07-26 09:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2015-01-24 10:42 - 2013-06-25 19:51 - 00000000 ___HD () C:\$AVG
2015-01-24 10:00 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-01-24 09:38 - 2014-11-24 06:59 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Local\Avg2015
2015-01-23 18:13 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-23 16:27 - 2013-09-09 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-22 06:57 - 2013-10-19 09:51 - 00000000 ____D () C:\ProgramData\DivX
2015-01-20 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-19 22:32 - 2014-12-11 08:45 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-19 22:32 - 2014-12-11 08:45 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-17 15:58 - 2013-09-29 11:00 - 00000000 ____D () C:\Users\Jenny Nix\AppData\Roaming\vlc
2015-01-14 22:17 - 2013-07-28 19:08 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 22:08 - 2013-06-27 11:45 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-08 11:11 - 2012-11-23 06:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

==================== Files in the root of some directories =======

2014-02-18 23:23 - 2014-03-05 07:49 - 0011758 _____ () C:\Users\Jenny Nix\AppData\Roaming\LogBuch.txt
2014-02-17 20:57 - 2014-03-05 17:05 - 0003126 _____ () C:\Users\Jenny Nix\AppData\Roaming\PData.MM1
2014-02-17 20:57 - 2014-03-05 17:05 - 0003126 _____ () C:\Users\Jenny Nix\AppData\Roaming\PData.MMM
2013-09-14 15:09 - 2014-01-10 12:23 - 0000140 _____ () C:\Users\Jenny Nix\AppData\Roaming\WB.CFG
2014-06-07 11:11 - 2014-06-07 11:11 - 0002737 _____ () C:\Users\Jenny Nix\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Jenny Nix\appnimi-zip-password-unlocker.dat


Some content of TEMP:
====================
C:\Users\Jenny Nix\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppnp7nt.dll
C:\Users\Jenny Nix\AppData\Local\Temp\Quarantine.exe
C:\Users\Jenny Nix\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 19:27

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 27.01.2015, 19:46

Java und Flash updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$Recycle.Bin
G:\$RECYCLE.BIN
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52144;https=127.0.0.1:52144
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 213.129.232.1
C:\Users\Jenny Nix\appnimi-zip-password-unlocker.dat
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Jenny94 · 28.01.2015, 15:41

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Jenny Nix at 2015-01-28 15:31:40 Run:1
Running from C:\Users\Jenny Nix\Downloads
Loaded Profiles: UpdatusUser & Jenny Nix (Available profiles: UpdatusUser & Jenny Nix)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\$Recycle.Bin
G:\$RECYCLE.BIN
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Jenny Nix\AppData\Local\MEGAsync\ShellExtX32.dll ()
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52144;https=127.0.0.1:52144
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 213.129.232.1
C:\Users\Jenny Nix\appnimi-zip-password-unlocker.dat
Emptytemp:
         
*****************

C:\$Recycle.Bin => Moved successfully.
"G:\$RECYCLE.BIN" => File/Directory not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => Key deleted successfully.
"HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => Key deleted successfully.
"HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => Key deleted successfully.
"HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value deleted successfully.
C:\Users\Jenny Nix\appnimi-zip-password-unlocker.dat => Moved successfully.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 15:32:33 ====

Vielen vielen Dank für die tolle und rasche Hilfe!!

Toll, dass es Menschen gibt die das machen

Liebe Grüße Jenny

24.01.2015, 20:51	#6
schrauber /// the machine /// TB-Ausbilder	Töne und Werbung, ohne etwas geöffnet zu haben (evtl. Audio Trojaner?) Dann bitte noch TDSSKiller wie oben beschrieben __________________ --> Töne und Werbung, ohne etwas geöffnet zu haben (evtl. Audio Trojaner?)

27.01.2015, 07:34	#12
schrauber /// the machine /// TB-Ausbilder	Töne und Werbung, ohne etwas geöffnet zu haben (evtl. Audio Trojaner?) ok __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Töne und Werbung, ohne etwas geöffnet zu haben (evtl. Audio Trojaner?)

Plagegeister aller Art und deren Bekämpfung: Töne und Werbung, ohne etwas geöffnet zu haben (evtl. Audio Trojaner?)