| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.05.2015, 23:17
| #1 |
 |  Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig Hallo, folgendes Problem liegt vor: 1) Werbung poppt auf, trotz AdBlock in Firefox Mozilla (Problem habe ich bei anderen PC nicht). gdata meldet im Popup junkware 2) Wörter mit Werbebezug sind blau und unterstrichen und es poppen dazu Sprechblasen auf 3) Virenscan mit Gdata kann das problem nicht beheben (logfile vom Scan wird nachgereicht....muss erst einen großen Scan machen, Leerlaufscan-Ergebnis steht unten) 4) Webseiten stürzen oft ab und können nicht verwendet werden 5) Mozilla Firefox startet unregelmäßig Ich hoffe ich habe alles richtig gemacht. Danke, dass ihr mir dabei helft! Schöne Grüße, PhiGammaTau Hier die Logs: 1) "defogger_disable" Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:28 on 08/05/2015 (Eli)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Eli (administrator) on STICHLING on 08-05-2015 23:36:59
Running from C:\Users\Eli\Desktop
Loaded Profiles: Eli (Available profiles: Eli & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [865088 2014-05-22] (Razer Inc)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452280-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452296-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-09]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58471;https=127.0.0.1:58471
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC1C80B5C-CC13-4CF4-94EC-0091DCE2EC00&SearchSource=58&CUI=&UM=2&UP=SP20A5FFEC-637D-4059-827A-E240577FFCFC&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D012715-AE3372CAF8274412FA2F&form=CONBDF&conlogo=CT3330942&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {7F40D5FC-8B38-4C2C-AC25-5E124CBCA051} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ac4bd0fa00000000000084a6c87778a7&r=62
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {94047CC2-4EEE-43CC-9C7C-710AA7989960} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default
FF DefaultSearchEngine: Google Default
FF SelectedSearchEngine: Bing
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\searchplugins\google-default.xml [2015-01-31]
FF Extension: Amazon-Icon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\amazon-icon@giga.de [2014-12-11]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\donottrackplus@abine.com [2014-12-06]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\sparpilot@sparpilot.com [2014-12-11]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\veggy@veggyAddon.com [2015-03-25]
FF Extension: Zoom It - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5} [2015-05-08]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-03-01]
FF Extension: html updater - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{058146b7-3c81-4daf-8d37-cdf20fd9af4e}.xpi [2015-01-13]
FF Extension: NoScript - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-08]
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
FF Extension: Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-01]
FF Extension: Adblock Edge - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-01]
FF HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-02]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Eli\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-12-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-02-20] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-04-01] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-04-01] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-04-01] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230400 2015-04-01] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-04-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-04-01] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-03-01] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [124928 2015-04-01] (G Data Software AG)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation)
R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-12] (Duplex Secure Ltd.)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-08 23:33 - 2015-05-08 23:36 - 00046592 _____ () C:\Users\Eli\Desktop\Addition.txt
2015-05-08 23:31 - 2015-05-08 23:37 - 00026946 _____ () C:\Users\Eli\Desktop\FRST.txt
2015-05-08 23:30 - 2015-05-08 23:37 - 00000000 ____D () C:\FRST
2015-05-08 23:29 - 2015-05-08 23:29 - 02102272 _____ (Farbar) C:\Users\Eli\Desktop\FRST64.exe
2015-05-08 23:25 - 2015-05-08 23:28 - 00000520 _____ () C:\Users\Eli\Desktop\defogger_disable.log
2015-05-08 23:25 - 2015-05-08 23:25 - 00000020 _____ () C:\Users\Eli\defogger_reenable
2015-05-08 23:24 - 2015-05-08 23:24 - 00050477 _____ () C:\Users\Eli\Desktop\Defogger.exe
2015-05-07 18:18 - 2015-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 22:04 - 2015-04-14 22:04 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-08 23:34 - 2012-10-12 03:48 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-08 23:34 - 2012-10-12 03:48 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-08 23:34 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-08 23:32 - 2013-12-02 18:26 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002
2015-05-08 23:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-08 23:26 - 2013-12-02 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-08 23:26 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-08 23:25 - 2013-12-02 17:53 - 00000000 ____D () C:\Users\Eli
2015-05-08 23:25 - 2012-10-11 18:53 - 01944346 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-08 23:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-08 22:41 - 2013-12-17 11:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-08 18:28 - 2014-10-14 16:12 - 00000000 ____D () C:\Users\Eli\AppData\Local\Adobe
2015-04-22 12:35 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-15 14:37 - 2013-12-03 16:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 14:33 - 2013-12-06 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 14:33 - 2013-12-03 16:57 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 22:04 - 2013-12-17 11:24 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2013-12-02 18:15 - 2013-12-04 14:32 - 0003011 _____ () C:\Users\Eli\AppData\Roaming\AbsoluteReminder.xml
2014-10-16 13:37 - 2015-01-27 12:56 - 0000034 _____ () C:\Users\Eli\AppData\Roaming\AdobeWLCMCache.dat
2015-02-16 14:59 - 2015-02-16 14:59 - 0000000 _____ () C:\Users\Eli\AppData\Roaming\gdfw.log
2015-02-16 14:59 - 2015-02-16 14:59 - 0000779 _____ () C:\Users\Eli\AppData\Roaming\gdscan.log
2014-02-06 00:25 - 2014-02-06 00:25 - 0000784 _____ () C:\Users\Eli\AppData\Local\recently-used.xbel
2012-10-11 18:24 - 2012-10-11 18:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Eli\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Eli\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Eli\AppData\Local\Temp\BackupSetup.exe
C:\Users\Eli\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Eli\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Eli\AppData\Local\Temp\Gw2.exe
C:\Users\Eli\AppData\Local\Temp\hcuninstaller_20141209_122126_4784.exe
C:\Users\Eli\AppData\Local\Temp\installerdll354018595.dll
C:\Users\Eli\AppData\Local\Temp\InstStub.exe
C:\Users\Eli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Eli\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe
C:\Users\Eli\AppData\Local\Temp\mpa04268.exe
C:\Users\Eli\AppData\Local\Temp\MultisineV1.74.exe
C:\Users\Eli\AppData\Local\Temp\nsa683D.exe
C:\Users\Eli\AppData\Local\Temp\nsfD03.exe
C:\Users\Eli\AppData\Local\Temp\nsg1D66.exe
C:\Users\Eli\AppData\Local\Temp\nsi7DA8.exe
C:\Users\Eli\AppData\Local\Temp\nsj6FD7.exe
C:\Users\Eli\AppData\Local\Temp\nsmC563.exe
C:\Users\Eli\AppData\Local\Temp\nso62CE.exe
C:\Users\Eli\AppData\Local\Temp\nso7FEB.exe
C:\Users\Eli\AppData\Local\Temp\nsp2528.exe
C:\Users\Eli\AppData\Local\Temp\nsvC37D.exe
C:\Users\Eli\AppData\Local\Temp\ose00000.exe
C:\Users\Eli\AppData\Local\Temp\sdan.exe
C:\Users\Eli\AppData\Local\Temp\sdapk.exe
C:\Users\Eli\AppData\Local\Temp\sdaspwn.exe
C:\Users\Eli\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Eli\AppData\Local\Temp\SpOrder.dll
C:\Users\Eli\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Eli\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Eli\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-02 15:02
==================== End Of Log ============================
3) Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Eli at 2015-05-08 23:37:32
Running from C:\Users\Eli\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2344629883-704184612-3672562925-500 - Administrator - Disabled) => C:\Users\Administrator
Eli (S-1-5-21-2344629883-704184612-3672562925-1002 - Administrator - Enabled) => C:\Users\Eli
Gast (S-1-5-21-2344629883-704184612-3672562925-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.2 - G DATA Software AG)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.)
Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MultisineV1.74 (HKLM-x32\...\MultisineV1.74_is1) (Version: - SeDuTec)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wajam (HKLM-x32\...\WIntEnhance) (Version: 2.23.2.5 (i2.6) - WIntEnhance) <==== ATTENTION
Windows Driver Package - Lenovo Corporation (LAD) System (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
World of Tanks (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-05-2015 15:15:31 Windows Update
05-05-2015 03:00:02 Windows Update
08-05-2015 18:28:19 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {16FF2885-7253-4AA9-8852-2A473917C04A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2E06458F-2C06-4D11-8917-ABBC1C4E85B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {335DCE13-5A9A-4E6E-9ADC-75723C6E2C88} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2344629883-704184612-3672562925-1002
Task: {468558C6-6142-46EE-AF56-C44F1020D56B} - System32\Tasks\AdobeAAMUpdater-1.0-Stichling-Eli => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {56EDCD0C-A3CB-4D5A-A17C-4CCFF289CDF6} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {66FB7458-2ABA-44B1-AEF0-139A3D9446F4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {7B4EAAF4-BB23-4289-8328-E6270D2C1760} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {935F9D2C-4CA3-42C1-9252-4194A934B0DD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel)
Task: {AB0E2CCF-033D-4012-929E-9A75683D82F6} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {BBF19BBA-B5BA-44C4-B597-00C9F440B7F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DA5BCC5E-97CB-4BB2-B334-C36524E5D9E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {ED4716DB-CC6A-4917-ADBF-295CE4E9EF84} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-03-11 17:54 - 2014-11-04 02:04 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-10-11 18:08 - 2014-11-04 00:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-06-02 23:07 - 2014-06-07 00:49 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-06-01 03:37 - 2013-06-01 03:38 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-23 05:37 - 2012-08-20 18:58 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-11 18:22 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-05-22 10:28 - 2014-05-22 10:28 - 00619328 _____ () C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenDevProps.dll
2012-10-11 18:40 - 2012-07-18 14:27 - 00021072 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-10-11 18:08 - 2014-11-04 02:04 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-08 21:02 - 2013-12-08 21:02 - 00017920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\d4b49cde56288aa4c132208d7aba2a82\PSIClient.ni.dll
2012-10-11 18:02 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxp://aeriagames.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Updater"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE411D01-488F-44D5-884E-5EE52559E311}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{36D5C3C9-1548-4F51-990F-0D36FA953832}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AEF317AC-8B64-4CF9-AADD-16D722298F32}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6116444F-39A2-481F-B28B-3C1EB4AC825A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1A59A1C6-FFD0-412C-9967-F04508836AC6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9D5E01DB-721D-4D5D-9144-9BD6B23E059C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{16C1F45C-C07B-4138-A651-7A529A97E91D}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B63CCD4-1AB4-40D6-9BC0-AB1B6E0EE854}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E82E8D3-14EB-4CBC-A93D-C754A6D75414}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D625238B-8BCD-4FEE-BCF4-6FDCDD75086F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3343CC8B-CC8B-417F-8660-1070B80E5D1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{6296C6F2-1A61-4098-9793-EBD77FB7498E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B92E14C8-FE81-44E8-8CBD-18C5A30AB183}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{661054AE-A45C-4733-8F60-1E15E450B0C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{23AEFC51-BEB2-4422-91DD-ACBCCF2110DA}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{D68D57B4-3C61-43FB-AE82-0ED2D703490A}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [{A4FDD966-9ADB-4744-9A41-A2AEEE0CB660}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C7E508E8-74E1-4749-B08C-E6C5D7E92042}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{86AFCA5B-8EE3-4409-9A48-00B737F50B0D}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{0A596237-E7FE-48EA-AE61-46CE6D25F34A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0AF7BEAF-5D1D-41E5-A959-4D51AA40FC84}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{FA933674-7934-4A80-B8A1-8726B63FC074}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [{00B4DBC3-4697-47A9-9906-CAB83DCAEE58}] => (Allow) E:\fsetup.exe
FirewallRules: [{13F753FB-88EE-4A13-9F1F-C4E1811B6C09}] => (Allow) E:\fsetup.exe
FirewallRules: [TCP Query User{26722D95-8E5D-425F-BB66-EF46D1D4B292}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{257EF4E8-F646-440D-BAE7-2FD915BF4AED}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [{BF20EADA-FEC5-43B2-8EF2-7EEE04AF104C}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [{BA9EE5F1-2565-4315-A71B-CFACAB374097}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{D896DF0C-87E7-45B2-8F8F-18D29C7557EB}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FBAE6EDA-2ECE-497A-AEEF-7E04FFB9F5D7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{83912FFF-3BCC-457A-B433-1D650BFE1201}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{56F1213B-665E-453A-B957-B15E742D7137}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D4C394AF-CEA4-4787-A1B0-FE92195BC91B}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C27B5D62-4D23-45B8-831A-56CABA6352F7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D1EF3745-EF41-4BFC-8458-1DF98EC0866D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FE281D1A-F13B-46FE-8D75-844F84019C34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{6B3C3F2D-A0AF-403E-89F9-F82D97F7936B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{514C6518-DE3F-433D-B824-03D5988CC5CD}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{AB5B0666-867F-4225-8921-C07822FD5F2C}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{66EB7665-7D66-476F-8696-73B1659C9424}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{7B144272-3233-4A58-A5E2-BD2985EC7DC9}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{1556DDB9-D2F6-4AE4-9CB7-7431929F01A0}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{2187DA8C-E595-4CE4-BF6D-56B5C9E7C596}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{7CBA81A5-A638-4CF8-B071-98F871B357C3}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{496CF561-D54C-49E8-82B3-1E6B99FA45E0}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{F089B531-CED1-4A9F-B5FC-807F1872D5FA}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{7484905A-547D-4BC9-BBEC-A86A7C6E46C0}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{5A98C1FB-37B3-455D-BF16-09851618DF36}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [{0AFE21E2-9EC6-46A0-9C96-31AD30B5459B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{84F37044-DB78-401C-B848-D3F6ACAA92C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{06400E3E-1A60-4F8A-BF4F-DA79350980E9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6773F3DE-36A9-4D3B-AB23-91D16F48EBAD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{682AB1D3-1F34-4D87-80B8-C4F8C45A7AD1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{40A9BB0C-8A74-4402-A7C1-E061234C2593}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{EAB95CBF-A945-4C20-80FF-8CD75EB87DA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{428888B3-34AF-481D-A128-DB2557E4B123}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{D6A55DF9-C885-4BFC-B076-81F14BA5232E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C97B8697-EDE1-4C9F-B2D9-64F18BC2BF7E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{18B66FF3-C5DC-4FDE-A4A8-64C9AA96171F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E508085F-2BE0-4E7B-A226-FFC95FCB3C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D394A1CD-0698-4949-A90D-C98B1DD36E0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{52F98722-C635-4E81-ADA8-70ED6FF5F6E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E798E883-53B4-459D-812E-91997BA07996}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [UDP Query User{83665DEE-D6AE-49F2-A378-7093E023F5D9}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [{698B3957-6CC3-41CF-A021-3C78009DFE3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{3ABD6377-71A1-435D-AFB3-2F11F84D2322}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F8566532-E41F-49DF-85B3-568CFEC07AFF}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{C2D39783-211D-4EA4-B98A-3AAB6BFFC014}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{31C5EA3D-1BD5-43E8-9181-35543B3BBF69}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{88745C92-B63F-4347-BA8B-9CDD9C44A776}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{EFF43167-5DA6-464A-B786-9274BBEB3DB2}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{22840350-FF81-4BC5-9816-199C39A1EF20}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{7453EB02-9626-4B99-BA59-5234F5AA9ACA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{27E4C84F-6251-4C72-9CAF-60C52179FE9E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{B65B71E3-0387-4F5D-ADAA-635F2351E05A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{21ABDC7C-1243-45BA-84F1-A1017F798BA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{43C24E91-C2F4-4BB8-94F5-C58C878E927D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5578416F-51B9-4F43-A52A-CE71B608ED78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{93199FA7-EC52-4372-A19B-12052066419B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E436FFDA-7958-462B-BC91-CD5E56A852B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{42CFDA77-27C2-4439-A97E-5A95E731FFD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{23964328-54B5-419C-8E8C-F91ED45CF60C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FA125EB3-6A25-45C6-9C81-DAE143991C42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6EC81A98-3078-440D-B8A5-D5DD12BA54C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F06BB976-5FFA-468B-AF69-AB09DAFE94C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{807FFE94-35C9-430E-BFC5-459E3BEF7FE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{ADF4A11C-3766-40EE-B6D3-AF7B8C50ECAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{26D12EFE-6D2F-4261-917A-B3D5CCDFCF69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{164102D1-6D64-49FB-ACD5-500B64E5C41C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BFCC7624-EE53-42D8-AFD6-61483A15C9F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{5B721E22-3416-477C-9E7C-D00EE1FBA868}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{DEC44613-54DC-4AF9-A1FD-612608EBDB4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{C31B1623-7B06-499A-9472-794F28657C18}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{12F8740B-A9DE-4C6C-921F-D29DA39927DD}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C585868-E860-4637-993B-00C3D39B8514}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [UDP Query User{0ACF76D8-F51D-41F1-8690-05C9B45272D8}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [TCP Query User{1853108B-2A2D-4265-81FB-11E4480BFDAF}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{6C16FCF9-C7F1-4BFA-AE82-C601C1714F56}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{AA7ECD86-2D59-47D8-A6A9-7A3382DB3930}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [UDP Query User{E1F55399-4AB8-4183-B065-18EC09B89A4B}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [{E0C220EB-1DE4-463B-83A5-C326BF8E2ED8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0F9D5DC-3336-40CA-B1E5-1CD8006AE313}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E613D5A4-C260-41F3-8243-471CFEC06721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{35C017BE-675C-4396-9D1E-9123EC2A7569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{DD7D7D1F-3372-4E19-8109-394A0486D174}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{CB635730-436E-4A48-9AA0-9A5F211EE047}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{48E1F13C-1635-4E41-8448-39853E6476EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B49DEEB6-AE93-4911-8655-13AA917B846E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{16789348-B2F0-436C-B0E7-FAE827AFEE39}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{918A09DD-7E75-43D1-AE4C-1BA032F5B084}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{75E50E1D-EC04-4BF2-AABF-FE36297B9D93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{A6D3D9AA-BC28-46E0-929C-F765E6A561A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{D9393403-52E2-444E-8C1D-86C282B95F3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{64E61C68-111F-4EEA-930B-D3053C29889E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{59999FBA-2AC3-475A-BF91-E1EF1E7247B2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{9A015A14-72EE-456F-980A-60A303DA91C2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{85690F6D-B45A-4B8B-8DE3-4684C45740DC}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{82457885-B5E3-461C-9EBC-EF0DD33D6920}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{68834CFE-5C93-41BB-9341-3DDA1AE12CD8}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7A457934-AEB7-4F11-A04B-0F47B82DE927}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{75D3ACB4-BA02-4E8A-85B8-CA9617DE3804}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10AA34C-5023-472F-A325-CC0254B2E438}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E0EF15E-E13C-46AE-8F2E-956CC04A033B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD510CB2-E8CD-49B0-A2A7-C0DC245A2607}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C805CD0-8D14-4BE1-ABDC-8DC5432E3542}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4C5F175-A71D-460B-9786-09AFDCC41CF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DAA907E0-5157-484A-86E7-45A5C5F74132}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/08/2015 11:37:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:37:23Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:36:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:36:53Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:36:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:36:23Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:35:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:35:53Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:35:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:35:23Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:34:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:34:53Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:34:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:34:23Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:33:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:33:53Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:33:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:33:23Z. Fehlercode: 0x80041316.
Error: (05/08/2015 11:32:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:32:53Z. Fehlercode: 0x80041316.
System errors:
=============
Error: (05/07/2015 05:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)
Error: (05/07/2015 05:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)
Error: (05/06/2015 02:40:48 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (05/04/2015 02:03:15 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (05/02/2015 03:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)
Error: (05/02/2015 03:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)
Error: (05/01/2015 04:44:16 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error: (04/30/2015 07:24:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)
Error: (04/30/2015 07:24:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)
Error: (04/26/2015 04:54:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 40%
Total physical RAM: 8050.48 MB
Available physical RAM: 4776.98 MB
Total Pagefile: 10610.48 MB
Available Pagefile: 6923.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:540.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: C1CDA268)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: C1CDA275)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-08 23:45:03
Windows 6.2.9200 x64 \Device\Harddisk1\DR1 -> \Device\00000044 WDC_WD7500BPVT-24HXZT3 rev.03.01A03 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Eli\AppData\Local\Temp\uwloipog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 000007fcd541257c 8 bytes JMP 000007fdd5090340
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 000007fcd5416b10 1 byte JMP 000007fdd5090298
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW + 2 000007fcd5416b12 7 bytes {JMP 0xffffffffffc79788}
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 000007fcd5495778 7 bytes JMP 000007fdd5090260
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 000007fcd54b1564 7 bytes JMP 000007fdd50902d0
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 000007fcd54c40e4 7 bytes JMP 000007fdd5090228
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 000007fcd54c4178 8 bytes JMP 000007fdd50901f0
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 000007fcd54c479c 8 bytes JMP 000007fdd5090308
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 000007fcd50a28a0 7 bytes JMP 000007fdd50900d8
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 000007fcd50a28e8 5 bytes JMP 000007fdd5090180
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 000007fcd50bf590 6 bytes JMP 000007fdd5090148
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 000007fcd50bf8ac 5 bytes JMP 000007fdd5090110
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 000007fcd50eaa40 5 bytes JMP 000007fdd50901b8
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 000007fcd7d6c5b0 7 bytes JMP 000007fdd5090420
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 000007fcd7d731f0 1 byte JMP 000007fdd5090378
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2 000007fcd7d731f2 7 bytes {JMP 0xfffffffffd31d188}
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 000007fcd7d733e0 5 bytes JMP 000007fdd50903e8
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 000007fcd7d745d0 5 bytes JMP 000007fdd5090458
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 000007fcd7d77160 5 bytes JMP 000007fdd50903b0
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fcd5ed1070 8 bytes JMP 000007fdd50904c8
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fcd5ef0c10 8 bytes JMP 000007fdd5090490
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1 000007fcd2e16d10 5 bytes JMP 000007fdd2a50110
.text C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory 000007fcd2e1d060 5 bytes JMP 000007fdd2a500d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fccb451b32 4 bytes [45, CB, FC, 07]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fccb451b3a 4 bytes [45, CB, FC, 07]
.text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fccb451b32 4 bytes [45, CB, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fccb451b3a 4 bytes [45, CB, FC, 07]
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1664] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1664] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6300] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6300] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6612] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6612] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text C:\Program Files\iTunes\iTunesHelper.exe[4956] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fccb451b32 4 bytes [45, CB, FC, 07]
.text C:\Program Files\iTunes\iTunesHelper.exe[4956] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fccb451b3a 4 bytes [45, CB, FC, 07]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [620:644] fffff960008655e8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk1\DR1 unknown MBR code
---- EOF - GMER 2.1 ----
5) Gdata Leerlaufscan-Ergebnis Leerlauf-Scan wurde erfolgreich durchgefürt: 333783 Dateien überprüft. Keine infizierten Dateien gefunden. |
|
08.05.2015, 23:33
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig Hi und
__________________ Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte  Malwarebytes Anti-Malware
(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 2. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
09.05.2015, 10:40
| #3 |
| | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig Hallo! Das ging ja mal fix. Ich bin begeistert.
__________________Leider muss ich einen kleinen Fehler gestehen: Es handelt sich um Windows 8. Ich arbeite nur mehr mit Windows 7 und vergesse das gerne. Ich hoffe das ist kein Problem. Leider sind alle Logs zusammen zu lang, deshalb poste ich FRST und FRST Addition seperat Kommen wir zu den Logs: 1) MBAM Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 09.05.2015 Suchlauf-Zeit: 10:21:35 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.09.01 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Eli Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 416132 Verstrichene Zeit: 35 Min, 50 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 27 PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [8015b1e0c0ca53e34d063d170ff4fa06], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [8015b1e0c0ca53e34d063d170ff4fa06], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [8015b1e0c0ca53e34d063d170ff4fa06], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [0293dfb21c6e44f22b4c450ab94a25db], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F63AAEDC-3602-49EF-AA45-262380A98980}, In Quarantäne, [c7ce97fa2d5d2412cb722d288f749967], PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F63AAEDC-3602-49EF-AA45-262380A98980}, In Quarantäne, [c7ce97fa2d5d2412cb722d288f749967], PUP.Optional.Goobzo, HKLM\SOFTWARE\CLASSES\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}, In Quarantäne, [f99c29685634320416f454fed432c937], PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [a8ed96fbeaa088ae9f1898b0f60cac54], PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [a8ed96fbeaa088ae9f1898b0f60cac54], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WIntEnhance, In Quarantäne, [e5b0a8e95832ff3768245a833ec524dc], PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [2f66157c8dfdb87ea249ce0135ceeb15], PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, In Quarantäne, [1f76f49d0189ef47cf4afc6620e59967], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [c3d2642dd4b6a78f83de8d700ef5db25], PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [187d8e03840626101e435debc83daf51], PUP.Optional.GoHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\GoHD, In Quarantäne, [4550741d99f1082ee48a914953b045bb], PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, In Quarantäne, [306559382367082e61d5d30a5ba89c64], PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [deb730617119be78540596d047bea65a], PUP.Optional.Wajam.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\WajIEnhance, In Quarantäne, [51446031a2e8af871d8f5a8714ef37c9], PUP.Optional.Wajam.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\WIntEnhance, In Quarantäne, [7124256cb8d248ee5439974614efb64a], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [9df8d2bfc6c4ff37ec755aee986d8c74], PUP.Optional.ValueApps.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\CONDUIT\ValueApps, In Quarantäne, [71248908e6a41521e41357c75ba98977], PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, In Quarantäne, [6332038e0f7b1c1acf43636f9a69659b], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [eea768290b7fd95d7214889656ae30d0], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\INSTALLCORE, In Quarantäne, [197c0d847b0f6bcb1e3292a2d134738d], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [a1f47b16c8c2c3731a46708d9e6548b8], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-500\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\13641, In Quarantäne, [5b3a97fa593137ffdbd3fbf539ca13ed], PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WIntEnhance, In Quarantäne, [167f0a87b5d53afc47e05e3fcf3441bf], Registrierungswerte: 5 PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\Eli\AppData\Roaming\VOPackage\uninstall.exe", In Quarantäne, [484d8b06f59541f575816d8dfa096799] PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, In Quarantäne, [6332038e0f7b1c1acf43636f9a69659b] PUP.Optional.InstallCore.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\INSTALLCORE|tb, 0B1G1O1S0V1G1F, In Quarantäne, [197c0d847b0f6bcb1e3292a2d134738d] PUP.Optional.Trovi.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC1C80B5C-CC13-4CF4-94EC-0091DCE2EC00&SearchSource=58&CUI=&UM=2&UP=SP20A5FFEC-637D-4059-827A-E240577FFCFC&q={searchTerms}&SSPV=, In Quarantäne, [40552b6611794ee8c602431e2fd6f907] PUP.Optional.Conduit.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [d7beb7da5f2bb185833f10c24fb4ea16] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 35 PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, In Quarantäne, [167f0a87b5d53afc47e05e3fcf3441bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\08E5E7B594794F0BBE49339568DE77D9, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\332BDC0594A240118CA450B27A28DBC0, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\37F9948D03134EECA3BFA1421F80FE25, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\3C7A668A88AF446C807794C6E037863D, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\950706C9A18D4E28A7BD6B054ABEBC82, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.Conduit.A, C:\Users\Eli\AppData\Local\Temp\mam-ct3317212, In Quarantäne, [6134efa24545fb3b4b6e178bef1402fe], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Temp\mt_ffx\Softonic, In Quarantäne, [0392b5dc0a8094a2239f5251cb386e92], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Temp\mt_ffx\Softonic\Softonic, In Quarantäne, [0392b5dc0a8094a2239f5251cb386e92], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14, In Quarantäne, [0392b5dc0a8094a2239f5251cb386e92], PUP.Optional.SystemSpeedup, C:\Users\Eli\AppData\Roaming\systweak\ssd, In Quarantäne, [6c29f1a0dbaff34332b8c5eb54af956b], PUP.Optional.GlobalUpdate.A, C:\Users\Eli\AppData\Local\Temp\comh.485073, In Quarantäne, [1c79375a4149fc3a5a695c55d23114ec], PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\VOPackage, In Quarantäne, [692c5041b4d61f17a53e309546bd2ed2], PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, In Quarantäne, [2372cbc69eec8ea8c61e7a4bed16eb15], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance, In Quarantäne, [91044f42325854e2f95a4583986b10f0], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\Uninstall Wajam, In Quarantäne, [91044f42325854e2f95a4583986b10f0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\content, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\skin, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\modules, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.ValueApps.A, C:\Users\Eli\AppData\Roaming\ValueApps, In Quarantäne, [7d18b9d8d3b71c1ad6f8d8f5f80b8977], PUP.Optional.ValueApps.A, C:\Users\Eli\AppData\Roaming\ValueApps\IE, In Quarantäne, [7d18b9d8d3b71c1ad6f8d8f5f80b8977], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], Dateien: 211 PUP.Optional.OpenCandy.A, C:\Users\Eli\AppData\Roaming\OpenCandy\950706C9A18D4E28A7BD6B054ABEBC82\Setupsft_chr_p1v7.exe, In Quarantäne, [c0d5543d7c0e51e5897d745e3dc828d8], PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu.dll, In Quarantäne, [b8ddcbc6d2b8bc7a818977db5bab0000], PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu64.dll, In Quarantäne, [f99c29685634320416f454fed432c937], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsmC563.exe, In Quarantäne, [2c69e0b1f2982a0cc7a9124a50b105fb], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nso62CE.exe, In Quarantäne, [a1f46a2765252e083838f468cd34936d], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nso7FEB.exe, In Quarantäne, [266f256cc5c5f93d6e0283d929d8b14f], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsp2528.exe, In Quarantäne, [880da3eec9c11125a4cc99c3dd243ac6], PUP.Optional.Goobzo, C:\Users\Eli\AppData\Local\Temp\dufgmr4c.exe, In Quarantäne, [a9eca4ed0387063031b0f5d6bd449070], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsvC37D.exe, In Quarantäne, [dabb6d24abdf47ef234d8bd1d32e02fe], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsa683D.exe, In Quarantäne, [0392147d206ad95dc6aaa5b7956c08f8], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsfD03.exe, In Quarantäne, [eaab6a270b7fee48f47cf468b24f8080], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsg1D66.exe, In Quarantäne, [9ff65f32d1b92115620e065630d1748c], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsi7DA8.exe, In Quarantäne, [44511f72206a40f6244c4a122fd2768a], PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsj6FD7.exe, In Quarantäne, [cfc64b46a9e1fe385f116af214ed9868], PUP.Optional.Mypcbackup, C:\Users\Eli\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [049101904d3ddf574fb267eb0df90cf4], PUP.Optional.Conduit.A, C:\Users\Eli\AppData\Local\Temp\mam-ct3317212\mam_ff.exe, In Quarantäne, [d5c0b4dd8ffbf93d82ce9e95b14fce32], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleCrashHandler.exe, In Quarantäne, [7e171b76a0ea2610c7f069dfc83a4db3], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleUpdate.exe, In Quarantäne, [a8ed96fbeaa088ae9f1898b0f60cac54], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleUpdateBroker.exe, In Quarantäne, [6233eba63456be785760df690ef46f91], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleUpdateOnDemand.exe, In Quarantäne, [deb7a1f00a80ed49298e232527db8e72], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\goopdate.dll, In Quarantäne, [5b3a5041f793979f03b498b05aa8cd33], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\goopdateres_en.dll, In Quarantäne, [1481cec3bfcbf54151667eca1ae8a55b], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\npGoogleUpdate4.dll, In Quarantäne, [cacbdcb502887db98334b8909b67639d], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\psmachine.dll, In Quarantäne, [d3c2b9d8e6a467cf57604afeb34fcb35], PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\psuser.dll, In Quarantäne, [266f2b6683076ec8e6d1a4a452b0718f], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsa653F.exe, In Quarantäne, [e6afd2bf6426aa8c2749104cb54c21df], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsa78D4.exe, In Quarantäne, [6c299df42f5ba294d59b4319936ec63a], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc3C67.exe, In Quarantäne, [e1b4c7ca1b6fe353650b74e804fd36ca], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc63FB.exe, In Quarantäne, [9cf9d6bb4d3dc3735d131646fa0727d9], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc9631.exe, In Quarantäne, [375e672a325842f4a7c9b9a36a9737c9], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd46E6.exe, In Quarantäne, [3b5a3958c9c191a5e78918447091bc44], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnF83A.exe, In Quarantäne, [464fc8c97416b97d3d336bf1cd348e72], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso2433.exe, In Quarantäne, [f0a5cac761293bfb0868de7e48b936ca], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp6E41.exe, In Quarantäne, [5b3a632e8109cd6991dfee6e04fd30d0], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp8A58.exe, In Quarantäne, [2570840dbfcb4fe773fdbd9fc9385ba5], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq39A.exe, In Quarantäne, [3a5be4ad414946f05f11f06cce3346ba], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq6061.exe, In Quarantäne, [1e77e8a913775ed8b0c076e6e12014ec], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq9D4.exe, In Quarantäne, [a8ed127f9cee37ff1e5261fb669b45bb], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqA660.exe, In Quarantäne, [d0c5246d5733ad898ee291cbeb164eb2], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss792.exe, In Quarantäne, [395c4b46d2b89f97056bbaa2e0217789], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz201C.exe, In Quarantäne, [f0a5642dfd8d5cda551bb3a9917030d0], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz39CA.exe, In Quarantäne, [4352830e1f6b1422fd73bd9f857c857b], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz8702.exe, In Quarantäne, [deb7b2df3258092d4b25055748b9d030], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg24EC.exe, In Quarantäne, [4550eaa7bcced0666a06312bbf42d12f], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg3D93.exe, In Quarantäne, [e9ac8809abdf35012947e577e1206e92], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg475A.exe, In Quarantäne, [20756829e7a3261078f8ec70bb468f71], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg71FA.exe, In Quarantäne, [31645938bcce3600c8a8f8647b86f907], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg92A7.exe, In Quarantäne, [a5f0127f672393a3333db3a9b0519e62], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshAA19.exe, In Quarantäne, [7421fa97b6d43105422ec498ac55a15f], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi28E4.exe, In Quarantäne, [e7ae3c555337b086d19f0d4fe61bb749], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsj490B.exe, In Quarantäne, [395ce6abd2b8c86e74fc8fcd0cf5946c], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk652F.exe, In Quarantäne, [4e47028f8406f83ea9c7afad0af7c13f], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk76F0.exe, In Quarantäne, [4b4afd94800a5ed86d03bf9ded14aa56], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskDC26.exe, In Quarantäne, [cdc829686e1c78beb9b796c63dc46799], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl23FF.exe, In Quarantäne, [43525b366d1d082e1957421a976acd33], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm2089.exe, In Quarantäne, [286d137eb5d52f07a6ca97c52fd2ad53], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu8777.exe, In Quarantäne, [52433c55682237ff046cb1ab35cc7987], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv4CF3.exe, In Quarantäne, [3560bed33b4f1f17a3cd025aa45dc33d], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvE0AC.exe, In Quarantäne, [b1e4820fcac01323fa7694c89d6410f0], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw6858.exe, In Quarantäne, [3b5ab7dab8d242f4bcb480dc31d0cc34], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw8B21.exe, In Quarantäne, [33621978e7a34de99ad63a220af707f9], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx4B13.exe, In Quarantäne, [fd985d340c7e191de58bd78521e0fe02], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsf220B.exe, In Quarantäne, [c1d42c659ded7abced839bc1cb36619f], PUP.Optional.Giga, C:\Users\Eli\Downloads\Multisine-lnstall.exe, In Quarantäne, [6e274a47c4c61e18aff44ca9af56e11f], PUP.Optional.Goobzo.A, C:\Windows\System32\Tasks\SMupdate1, In Quarantäne, [375ea9e8593157df8e67095deb1ade22], PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, In Quarantäne, [167f0a87b5d53afc47e05e3fcf3441bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\08E5E7B594794F0BBE49339568DE77D9\dlm.exe, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\332BDC0594A240118CA450B27A28DBC0\dlm.exe, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\37F9948D03134EECA3BFA1421F80FE25\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\3C7A668A88AF446C807794C6E037863D\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\appCntrl.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.html, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\chMntz.dll, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ct.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CTB.dll, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\dpk.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.htm, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\json2.min.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\logo.png, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\manifest.json, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\pref.json, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14\softonic.xpi, In Quarantäne, [0392b5dc0a8094a2239f5251cb386e92], PUP.Optional.SystemSpeedup, C:\Users\Eli\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [6c29f1a0dbaff34332b8c5eb54af956b], PUP.Optional.GlobalUpdate.A, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleUpdateHelper.msi, In Quarantäne, [1c79375a4149fc3a5a695c55d23114ec], PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\VOPackage\Uninstall.exe, In Quarantäne, [692c5041b4d61f17a53e309546bd2ed2], PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\VOPackage\VOPackage.exe, In Quarantäne, [692c5041b4d61f17a53e309546bd2ed2], PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, In Quarantäne, [2372cbc69eec8ea8c61e7a4bed16eb15], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\uninstall.exe, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\amazon.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\argos.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ask.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\bestbuy.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ebay.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\etsy.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\facebook.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\favicon.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\google.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\homedepot.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ikea.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\imdb.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\lowes.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\mercado.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\mysearchweb.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\myshopping.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\searchresult.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\sears.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\setting.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\settings.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\shopping.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\target.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\tesco.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\tripadvisor.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\twitter.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\wajam.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\walmart.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\wiki.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\yahoo.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\zalando.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\1a79481564ec9035d56c0626bb372ba2, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\1af2a17a1d8b2a7a596f70d2e821bf62, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\ApiHandlr.dll, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\b5ee3c46972a98083c47fb2bd1f489f1, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\bc0e8acf5e9055ff0ea289d49ed16c07, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\dba5d5eaa194a5422a01e670dd73b448, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\e5cca93dc1ab51b874334bd320aadf4b, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\FiddlerCore.dll, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\HtmlAgilityPack.dll, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\makecert.exe, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\Newtonsoft.Json.dll, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\WHttpServer.exe, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\wie, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\WJManifest, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\Settings.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\SignIn with Facebook.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\SignIn with Twitter.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\WIntEnhance Website.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\Uninstall Wajam\uninstall.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome.manifest, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\install.rdf, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\content\main.js, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\content\main.xul, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\skin\icon.png, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\modules\XCipher.js, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], PUP.Optional.ValueApps.A, C:\Users\Eli\AppData\Roaming\ValueApps\IE\ValueAppLog0.log, In Quarantäne, [7d18b9d8d3b71c1ad6f8d8f5f80b8977], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome.manifest, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\install.rdf, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\content.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\html5slider.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\jquery-1.8.3.min.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\li.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\main.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\main.xul, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\options.html, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\options.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\tools.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\tr.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\zoom.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\button.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\icon32x32-disabled.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\icon32x32.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\options.css, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\options_bg.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\otaznik.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\slider.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\addon_d.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\addon_info.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\file_cacher.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\guid.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\observer.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\pref_man.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\pu_upd.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\timer.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\time_passed.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\xcipher.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools\days_passed.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools\ff_info.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools\firstrun.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools\os.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], PUP.Optional.CrossRider.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14b2c078fa4a5a65c62c0899379bac53");), Ersetzt,[d6bf7b162367e05694a21c3bbb4b19e7] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.admin", false);), Ersetzt,[0590f39e27634de9af9cd68164a2eb15] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * ), Ersetzt,[9ef7ddb4266481b57bd0b5a2c145e41c] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (references /* Do not edit this file. * * If you make changes to this file ), Ersetzt,[b4e193fe1a7064d257f465f2ea1c45bb] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (e. * * If you make changes to this file while t), Ersetzt,[e8ad058cf49677bfff4c2b2c8b7be11f] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you), Ersetzt,[801591001f6b979f85c61b3c8482b54b] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (erences /* Do not edit this file. * * If ), Ersetzt,[e7ae89088901e650da715700e620e818] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If), Ersetzt,[197c286919710333e16a3027cc3a8d73] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * * If), Ersetzt,[efa6345d296186b0301b0d4a2fd78a76] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (rences /* Do not edit this file. * * If you m), Ersetzt,[ddb88b06aedc0234f457ce8947bf9967] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (es /* Do not edit this file. * * If y), Ersetzt,[1f76e7aa890142f40e3d84d327dfd12f] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (references /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be ove), Ersetzt,[bed7167b8208c5716ae15dfa5aacbe42] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (tion is running, * the changes will be overwritten when the applicatio), Ersetzt,[e2b3aee33b4fb77f2922f463887e5aa6] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: ( this file. * * If you make changes to this fil), Ersetzt,[9afbfb960981a59191babc9b7195916f] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you make c), Ersetzt,[fa9bc6cbe8a2999da2a9f3643ec812ee] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: ( /* Do not edit this file. * * If you m), Ersetzt,[e9acf69b701a44f2173496c10afce818] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwrit), Ersetzt,[c7cef9988a00ac8abf8c1047bf47758b] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (n is running, * the changes will be overwritten w), Ersetzt,[b0e56b26602a4de996b5b7a03ccae41c] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you make ), Ersetzt,[a6ef444dc4c6bd798ac193c46c9a9d63] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (s /* Do not edit this file. * * If you m), Ersetzt,[1e77a7eab1d977bf85c6332442c426da] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (erences /* Do not edit this file. * * If y), Ersetzt,[65302a6792f8053171da381fdd298e72] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ences /* Do not edit this file. * * If you make changes to this f), Ersetzt,[eda83e533e4c1e18b79403547e886e92] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: ( this file. * * If you make changes to this file whil), Ersetzt,[593cbfd2ec9ef04675d68bcc17efb44c] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: ( /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the a), Ersetzt,[2174662b3e4cd660311a094e61a50000] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (s running, * the changes will be overwritten when), Ersetzt,[a0f5cdc42c5ec670fc4f5ff88482c33d] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ces /* Do not edit this file. * * If you make changes ), Ersetzt,[0c895e33fb8f37ff3c0f1b3cb452926e] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (Do not edit this file. * * If you make changes t), Ersetzt,[662ffd943357ce683d0e8bcc7393fb05] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=ac4bd0fa00000000000084a6c87778a7");), Ersetzt,[9bfa276a404a81b5aba88dcaf3139e62] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (AccessId", "1899b96a01f12364c4dec89def30b8ba"); user_pref("PreisHeld.Activated", true); user_pref("PreisHeld.lastUpdateDomains", 1426595474); ), Ersetzt,[ddb8048d3a502a0c6fe42b2cb155e719] PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (lastUpdateDomains", 1426595474); user_pref("accessibility.blockautorefresh", true); user_pref("accessibility.typeaheadfind.flashBar", 0); user_pr), Ersetzt,[0590444dc0ca112553002e29b35311ef] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) 2) ADW Cleaner Code:
ATTFilter # AdwCleaner v4.203 - Bericht erstellt 09/05/2015 um 11:07:40
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-08.1 [Server]
# Betriebssystem : Windows 8 (x64)
# Benutzername : Eli - STICHLING
# Gestarted von : C:\Users\Eli\Desktop\Trojaner Board\AdwCleaner_4.203.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\WINDOWS\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Eli\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Eli\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Eli\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Eli\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\invalidprefs.js
***** [ Geplante Tasks ] *****
Task Gelöscht : SMupdate1
Task Gelöscht : Microsoft\Windows\Multimedia\SMupdate3
Task Gelöscht : Microsoft\Windows\Maintenance\SMupdate2
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F40D5FC-8B38-4C2C-AC25-5E124CBCA051}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\SiteSee
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:58471;hxxps=127.0.0.1:58471
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v10.0.9200.16537
-\\ Mozilla Firefox v37.0.2 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [4840 Bytes] - [09/05/2015 11:04:58]
AdwCleaner[S0].txt - [4166 Bytes] - [09/05/2015 11:07:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4225 Bytes] ##########
3) JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.9 (05.08.2015:1)
OS: Windows 8 x64
Ran by Eli on 09.05.2015 at 11:16:35,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin
~~~ FireFox
Emptied folder: C:\Users\Eli\AppData\Roaming\mozilla\firefox\profiles\fy5swyp3.default\minidumps [48 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2015 at 11:18:29,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
09.05.2015, 10:40
| #4 |
| | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig und noch die zwei anderen Logs FRST und FRST Addition 4) FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Eli (administrator) on STICHLING on 09-05-2015 11:22:26
Running from C:\Users\Eli\Desktop\Trojaner Board
Loaded Profiles: Eli (Available profiles: Eli & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [865088 2014-05-22] (Razer Inc)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452280-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452296-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-09]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58471;https=127.0.0.1:58471
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {94047CC2-4EEE-43CC-9C7C-710AA7989960} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default
FF DefaultSearchEngine: Google Default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\searchplugins\google-default.xml [2015-01-31]
FF Extension: Amazon-Icon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\amazon-icon@giga.de [2014-12-11]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\donottrackplus@abine.com [2014-12-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-03-01]
FF Extension: html updater - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{058146b7-3c81-4daf-8d37-cdf20fd9af4e}.xpi [2015-01-13]
FF Extension: NoScript - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-08]
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
FF Extension: Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-01]
FF Extension: Adblock Edge - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-01]
FF HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Eli\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-12-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-02-20] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-04-01] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-04-01] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-04-01] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230400 2015-04-01] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-04-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-04-01] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-03-01] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [124928 2015-04-01] (G Data Software AG)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation)
R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-12] (Duplex Secure Ltd.)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-09 11:16 - 2015-05-09 11:16 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-STICHLING-Windows-8-(64-bit).dat
2015-05-09 11:12 - 2015-05-09 11:12 - 00000000 ____D () C:\RegBackup
2015-05-09 11:04 - 2015-05-09 11:07 - 00000000 ____D () C:\AdwCleaner
2015-05-09 10:20 - 2015-05-09 11:01 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 10:20 - 2015-05-09 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-09 10:20 - 2015-05-09 10:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-09 10:20 - 2015-05-09 10:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-09 10:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-09 10:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-09 10:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-09 02:05 - 2015-05-09 02:07 - 00303384 _____ () C:\WINDOWS\Minidump\050915-16203-01.dmp
2015-05-09 00:18 - 2015-05-09 11:22 - 00000000 ____D () C:\Users\Eli\Desktop\Trojaner Board
2015-05-08 23:30 - 2015-05-09 11:22 - 00000000 ____D () C:\FRST
2015-05-08 23:25 - 2015-05-08 23:25 - 00000020 _____ () C:\Users\Eli\defogger_reenable
2015-05-07 18:18 - 2015-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 22:04 - 2015-04-14 22:04 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-09 11:08 - 2012-08-01 17:51 - 00177092 _____ () C:\WINDOWS\PFRO.log
2015-05-09 11:08 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-09 11:07 - 2012-10-11 18:40 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-05-09 10:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-09 10:59 - 2012-07-26 09:20 - 00000000 ____D () C:\WINDOWS\Setup
2015-05-09 10:41 - 2013-12-17 11:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-09 10:18 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-09 02:05 - 2014-10-02 16:11 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-09 02:05 - 2014-10-02 16:10 - 1800385783 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-08 23:34 - 2012-10-12 03:48 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-08 23:34 - 2012-10-12 03:48 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-08 23:34 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-08 23:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-08 23:26 - 2013-12-02 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-08 23:25 - 2013-12-02 17:53 - 00000000 ____D () C:\Users\Eli
2015-05-08 23:25 - 2012-10-11 18:53 - 01944346 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-08 18:28 - 2014-10-14 16:12 - 00000000 ____D () C:\Users\Eli\AppData\Local\Adobe
2015-04-22 12:35 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-15 14:37 - 2013-12-03 16:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 14:33 - 2013-12-06 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 14:33 - 2013-12-03 16:57 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 22:04 - 2013-12-17 11:24 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2013-12-02 18:15 - 2013-12-04 14:32 - 0003011 _____ () C:\Users\Eli\AppData\Roaming\AbsoluteReminder.xml
2014-10-16 13:37 - 2015-01-27 12:56 - 0000034 _____ () C:\Users\Eli\AppData\Roaming\AdobeWLCMCache.dat
2015-02-16 14:59 - 2015-02-16 14:59 - 0000000 _____ () C:\Users\Eli\AppData\Roaming\gdfw.log
2015-02-16 14:59 - 2015-02-16 14:59 - 0000779 _____ () C:\Users\Eli\AppData\Roaming\gdscan.log
2014-02-06 00:25 - 2014-02-06 00:25 - 0000784 _____ () C:\Users\Eli\AppData\Local\recently-used.xbel
2012-10-11 18:24 - 2012-10-11 18:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some content of TEMP:
====================
C:\Users\Eli\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Eli\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Eli\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Eli\AppData\Local\Temp\Gw2.exe
C:\Users\Eli\AppData\Local\Temp\hcuninstaller_20141209_122126_4784.exe
C:\Users\Eli\AppData\Local\Temp\installerdll354018595.dll
C:\Users\Eli\AppData\Local\Temp\InstStub.exe
C:\Users\Eli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Eli\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe
C:\Users\Eli\AppData\Local\Temp\mpa04268.exe
C:\Users\Eli\AppData\Local\Temp\MultisineV1.74.exe
C:\Users\Eli\AppData\Local\Temp\ose00000.exe
C:\Users\Eli\AppData\Local\Temp\Quarantine.exe
C:\Users\Eli\AppData\Local\Temp\sdan.exe
C:\Users\Eli\AppData\Local\Temp\sdapk.exe
C:\Users\Eli\AppData\Local\Temp\sdaspwn.exe
C:\Users\Eli\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Eli\AppData\Local\Temp\SpOrder.dll
C:\Users\Eli\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Eli\AppData\Local\Temp\sqlite3.dll
C:\Users\Eli\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Eli\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.5-win32.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-02 15:02
==================== End Of Log ============================
5) FRST Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Eli at 2015-05-09 11:22:52
Running from C:\Users\Eli\Desktop\Trojaner Board
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2344629883-704184612-3672562925-500 - Administrator - Disabled) => C:\Users\Administrator
Eli (S-1-5-21-2344629883-704184612-3672562925-1002 - Administrator - Enabled) => C:\Users\Eli
Gast (S-1-5-21-2344629883-704184612-3672562925-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G DATA INTERNET SECURITY (Disabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Disabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.2 - G DATA Software AG)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.)
Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MultisineV1.74 (HKLM-x32\...\MultisineV1.74_is1) (Version: - SeDuTec)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo Corporation (LAD) System (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
World of Tanks (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-05-2015 15:15:31 Windows Update
05-05-2015 03:00:02 Windows Update
08-05-2015 18:28:19 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {16FF2885-7253-4AA9-8852-2A473917C04A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2E06458F-2C06-4D11-8917-ABBC1C4E85B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {335DCE13-5A9A-4E6E-9ADC-75723C6E2C88} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2344629883-704184612-3672562925-1002
Task: {468558C6-6142-46EE-AF56-C44F1020D56B} - System32\Tasks\AdobeAAMUpdater-1.0-Stichling-Eli => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {7B4EAAF4-BB23-4289-8328-E6270D2C1760} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {935F9D2C-4CA3-42C1-9252-4194A934B0DD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel)
Task: {AB0E2CCF-033D-4012-929E-9A75683D82F6} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {BBF19BBA-B5BA-44C4-B597-00C9F440B7F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BFA4409F-C4A3-468C-B39B-11E48A0D8E10} - \Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002 No Task File <==== ATTENTION
Task: {DA5BCC5E-97CB-4BB2-B334-C36524E5D9E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-03-11 17:54 - 2014-11-04 02:04 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-05-22 10:28 - 2014-05-22 10:28 - 00619328 _____ () C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenDevProps.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxp://aeriagames.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Updater"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE411D01-488F-44D5-884E-5EE52559E311}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{36D5C3C9-1548-4F51-990F-0D36FA953832}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AEF317AC-8B64-4CF9-AADD-16D722298F32}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6116444F-39A2-481F-B28B-3C1EB4AC825A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1A59A1C6-FFD0-412C-9967-F04508836AC6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9D5E01DB-721D-4D5D-9144-9BD6B23E059C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{16C1F45C-C07B-4138-A651-7A529A97E91D}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B63CCD4-1AB4-40D6-9BC0-AB1B6E0EE854}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E82E8D3-14EB-4CBC-A93D-C754A6D75414}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D625238B-8BCD-4FEE-BCF4-6FDCDD75086F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3343CC8B-CC8B-417F-8660-1070B80E5D1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{6296C6F2-1A61-4098-9793-EBD77FB7498E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B92E14C8-FE81-44E8-8CBD-18C5A30AB183}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{661054AE-A45C-4733-8F60-1E15E450B0C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{23AEFC51-BEB2-4422-91DD-ACBCCF2110DA}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{D68D57B4-3C61-43FB-AE82-0ED2D703490A}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [{A4FDD966-9ADB-4744-9A41-A2AEEE0CB660}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C7E508E8-74E1-4749-B08C-E6C5D7E92042}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{86AFCA5B-8EE3-4409-9A48-00B737F50B0D}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{0A596237-E7FE-48EA-AE61-46CE6D25F34A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0AF7BEAF-5D1D-41E5-A959-4D51AA40FC84}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{FA933674-7934-4A80-B8A1-8726B63FC074}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [{00B4DBC3-4697-47A9-9906-CAB83DCAEE58}] => (Allow) E:\fsetup.exe
FirewallRules: [{13F753FB-88EE-4A13-9F1F-C4E1811B6C09}] => (Allow) E:\fsetup.exe
FirewallRules: [TCP Query User{26722D95-8E5D-425F-BB66-EF46D1D4B292}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{257EF4E8-F646-440D-BAE7-2FD915BF4AED}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [{BF20EADA-FEC5-43B2-8EF2-7EEE04AF104C}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [{BA9EE5F1-2565-4315-A71B-CFACAB374097}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{D896DF0C-87E7-45B2-8F8F-18D29C7557EB}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FBAE6EDA-2ECE-497A-AEEF-7E04FFB9F5D7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{83912FFF-3BCC-457A-B433-1D650BFE1201}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{56F1213B-665E-453A-B957-B15E742D7137}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D4C394AF-CEA4-4787-A1B0-FE92195BC91B}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C27B5D62-4D23-45B8-831A-56CABA6352F7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D1EF3745-EF41-4BFC-8458-1DF98EC0866D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FE281D1A-F13B-46FE-8D75-844F84019C34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{6B3C3F2D-A0AF-403E-89F9-F82D97F7936B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{514C6518-DE3F-433D-B824-03D5988CC5CD}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{AB5B0666-867F-4225-8921-C07822FD5F2C}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{66EB7665-7D66-476F-8696-73B1659C9424}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{7B144272-3233-4A58-A5E2-BD2985EC7DC9}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{1556DDB9-D2F6-4AE4-9CB7-7431929F01A0}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{2187DA8C-E595-4CE4-BF6D-56B5C9E7C596}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{7CBA81A5-A638-4CF8-B071-98F871B357C3}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{496CF561-D54C-49E8-82B3-1E6B99FA45E0}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{F089B531-CED1-4A9F-B5FC-807F1872D5FA}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{7484905A-547D-4BC9-BBEC-A86A7C6E46C0}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{5A98C1FB-37B3-455D-BF16-09851618DF36}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [{0AFE21E2-9EC6-46A0-9C96-31AD30B5459B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{84F37044-DB78-401C-B848-D3F6ACAA92C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{06400E3E-1A60-4F8A-BF4F-DA79350980E9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6773F3DE-36A9-4D3B-AB23-91D16F48EBAD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{682AB1D3-1F34-4D87-80B8-C4F8C45A7AD1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{40A9BB0C-8A74-4402-A7C1-E061234C2593}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{EAB95CBF-A945-4C20-80FF-8CD75EB87DA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{428888B3-34AF-481D-A128-DB2557E4B123}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{D6A55DF9-C885-4BFC-B076-81F14BA5232E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C97B8697-EDE1-4C9F-B2D9-64F18BC2BF7E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{18B66FF3-C5DC-4FDE-A4A8-64C9AA96171F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E508085F-2BE0-4E7B-A226-FFC95FCB3C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D394A1CD-0698-4949-A90D-C98B1DD36E0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{52F98722-C635-4E81-ADA8-70ED6FF5F6E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E798E883-53B4-459D-812E-91997BA07996}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [UDP Query User{83665DEE-D6AE-49F2-A378-7093E023F5D9}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [{698B3957-6CC3-41CF-A021-3C78009DFE3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{3ABD6377-71A1-435D-AFB3-2F11F84D2322}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F8566532-E41F-49DF-85B3-568CFEC07AFF}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{C2D39783-211D-4EA4-B98A-3AAB6BFFC014}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{31C5EA3D-1BD5-43E8-9181-35543B3BBF69}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{88745C92-B63F-4347-BA8B-9CDD9C44A776}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{EFF43167-5DA6-464A-B786-9274BBEB3DB2}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{22840350-FF81-4BC5-9816-199C39A1EF20}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{7453EB02-9626-4B99-BA59-5234F5AA9ACA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{27E4C84F-6251-4C72-9CAF-60C52179FE9E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{B65B71E3-0387-4F5D-ADAA-635F2351E05A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{21ABDC7C-1243-45BA-84F1-A1017F798BA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{43C24E91-C2F4-4BB8-94F5-C58C878E927D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5578416F-51B9-4F43-A52A-CE71B608ED78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{93199FA7-EC52-4372-A19B-12052066419B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E436FFDA-7958-462B-BC91-CD5E56A852B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{42CFDA77-27C2-4439-A97E-5A95E731FFD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{23964328-54B5-419C-8E8C-F91ED45CF60C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FA125EB3-6A25-45C6-9C81-DAE143991C42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6EC81A98-3078-440D-B8A5-D5DD12BA54C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F06BB976-5FFA-468B-AF69-AB09DAFE94C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{807FFE94-35C9-430E-BFC5-459E3BEF7FE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{ADF4A11C-3766-40EE-B6D3-AF7B8C50ECAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{26D12EFE-6D2F-4261-917A-B3D5CCDFCF69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{164102D1-6D64-49FB-ACD5-500B64E5C41C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BFCC7624-EE53-42D8-AFD6-61483A15C9F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{5B721E22-3416-477C-9E7C-D00EE1FBA868}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{DEC44613-54DC-4AF9-A1FD-612608EBDB4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{C31B1623-7B06-499A-9472-794F28657C18}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{12F8740B-A9DE-4C6C-921F-D29DA39927DD}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C585868-E860-4637-993B-00C3D39B8514}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [UDP Query User{0ACF76D8-F51D-41F1-8690-05C9B45272D8}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [TCP Query User{1853108B-2A2D-4265-81FB-11E4480BFDAF}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{6C16FCF9-C7F1-4BFA-AE82-C601C1714F56}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{AA7ECD86-2D59-47D8-A6A9-7A3382DB3930}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [UDP Query User{E1F55399-4AB8-4183-B065-18EC09B89A4B}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [{E0C220EB-1DE4-463B-83A5-C326BF8E2ED8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0F9D5DC-3336-40CA-B1E5-1CD8006AE313}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E613D5A4-C260-41F3-8243-471CFEC06721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{35C017BE-675C-4396-9D1E-9123EC2A7569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{DD7D7D1F-3372-4E19-8109-394A0486D174}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{CB635730-436E-4A48-9AA0-9A5F211EE047}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{48E1F13C-1635-4E41-8448-39853E6476EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B49DEEB6-AE93-4911-8655-13AA917B846E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{16789348-B2F0-436C-B0E7-FAE827AFEE39}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{918A09DD-7E75-43D1-AE4C-1BA032F5B084}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{75E50E1D-EC04-4BF2-AABF-FE36297B9D93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{A6D3D9AA-BC28-46E0-929C-F765E6A561A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{D9393403-52E2-444E-8C1D-86C282B95F3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{64E61C68-111F-4EEA-930B-D3053C29889E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{59999FBA-2AC3-475A-BF91-E1EF1E7247B2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{9A015A14-72EE-456F-980A-60A303DA91C2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{85690F6D-B45A-4B8B-8DE3-4684C45740DC}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{82457885-B5E3-461C-9EBC-EF0DD33D6920}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{68834CFE-5C93-41BB-9341-3DDA1AE12CD8}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7A457934-AEB7-4F11-A04B-0F47B82DE927}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{75D3ACB4-BA02-4E8A-85B8-CA9617DE3804}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10AA34C-5023-472F-A325-CC0254B2E438}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E0EF15E-E13C-46AE-8F2E-956CC04A033B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD510CB2-E8CD-49B0-A2A7-C0DC245A2607}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C805CD0-8D14-4BE1-ABDC-8DC5432E3542}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4C5F175-A71D-460B-9786-09AFDCC41CF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DAA907E0-5157-484A-86E7-45A5C5F74132}] => (Allow) C:\Program Files\iTunes\iTunes.exe
==================== Faulty Device Manager Devices =============
Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
==================== Event log errors: =========================
Application errors:
==================
Error: (05/09/2015 11:22:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:22:29Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:21:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:21:59Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:21:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:21:29Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:20:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:20:59Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:20:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:20:29Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:19:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:19:59Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:19:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:19:29Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:18:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:18:59Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:18:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:18:29Z. Fehlercode: 0x80041316.
Error: (05/09/2015 11:17:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:17:59Z. Fehlercode: 0x80041316.
System errors:
=============
Error: (05/09/2015 11:16:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/09/2015 11:13:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/09/2015 11:13:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.
Error: (05/09/2015 11:13:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/09/2015 11:12:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/09/2015 11:12:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/09/2015 11:12:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/09/2015 11:12:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/09/2015 11:12:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bluetooth OBEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/09/2015 11:12:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 30%
Total physical RAM: 8050.48 MB
Available physical RAM: 5577.19 MB
Total Pagefile: 16242.48 MB
Available Pagefile: 13364.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:532.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.89 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: C1CDA268)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: C1CDA275)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
10.05.2015, 11:38
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig Da ist noch einiges was mir nicht gefällt... Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.05.2015, 10:44
| #6 |
| | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig MalwareBytes-Log (2. Log wegen Größe wieder in seperatem Post) Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16750
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 8441544704, free: 5900996608
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.2.9200 Windows 8 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16750
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 8441544704, free: 5991567360
Downloaded database version: v2015.05.12.01
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.05.09.01
=======================================
Initializing...
------------ Kernel report ------------
05/12/2015 10:56:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\system32\drivers\GDBehave.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\??\C:\WINDOWS\system32\drivers\HookCentre.sys
\??\C:\WINDOWS\system32\drivers\MiniIcpt.sys
\SystemRoot\system32\DRIVERS\excfs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\WINDOWS\system32\drivers\GRD.sys
\SystemRoot\system32\drivers\gdwfpcd64.sys
\??\C:\WINDOWS\system32\drivers\GDKBFlt64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\??\C:\WINDOWS\system32\drivers\GDKBB64.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\irstrtdv.sys
\SystemRoot\System32\drivers\LAD.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\drivers\usbccgp.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\vm332avs.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\WINDOWS\system32\drivers\PktIcpt.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.05.12.01
rootkit: v2015.04.21.01
<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009a20060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a1fb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081a4880, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8009a1f040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8009a20060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8007729e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007729060, DeviceName: \Device\00000044\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009a22060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a21b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081a5880, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8009a21040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8009a22060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80069cea90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80078067f0, DeviceName: \Device\00000043\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C1CDA268
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3440965542
GPT Header CurrentLba = 1 BackupLba 46905263
GPT Header FirstUsableLba 34 LastUsableLba 46905230
GPT Header Guid 4d055586-3d2c-4a73-9bfd-676be233c282
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3440965542
Backup GPT header CurrentLba = 46905263 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 46905230
Backup GPT header Guid 4d055586-3d2c-4a73-9bfd-676be233c282
Backup GPT header Contains 128 partition entries starting at LBA 46905231
Backup GPT header Partition entry size = 128
Partition 0 Type b8cb5058-c187-4719-baf0-379ca2d4c97e
Partition ID 4613ee39-4727-4347-8134-173f59f716f
FirstLBA 4096 Last LBA 38512639
Attributes 0
Partition Name HFS
Partition 1 Type d3bfe2de-3daf-11df-ba40-e3a556d89593
Partition ID 2a772c8c-ecf7-47a6-848b-6776473c6e7b
FirstLBA 38514688 Last LBA 46903295
Attributes 0
Partition Name Basic data partition
Disk Size: 24015495168 bytes
Sector size: 512 bytes
Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C1CDA275
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 88405477
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid 9930a47c-a834-4f7b-bdf1-c811d24d24b5
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 88405477
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid 9930a47c-a834-4f7b-bdf1-c811d24d24b5
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 67ad75f0-f79-4aa9-8dd8-f6c8c9c83084
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name Basic data partition
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID fb994476-3cd5-44b1-9ca8-16cc534e5e64
FirstLBA 2050048 Last LBA 2582527
Attributes 1
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID 1d59e3c6-7396-4886-9dd-c05dc983bc16
FirstLBA 2582528 Last LBA 4630527
Attributes 1
Partition Name Basic data partition
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 8b3a40bb-64ec-41fc-93f6-72a049f32dda
FirstLBA 4630528 Last LBA 4892671
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 706910c0-b0be-41af-bc48-6f5c65e3a9cf
FirstLBA 4892672 Last LBA 1370775551
Attributes 0
Partition Name Basic data partition
Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 988a9124-2fc7-4a0f-8146-a43f8cbfa2ab
FirstLBA 1370775552 Last LBA 1423204351
Attributes 0
Partition Name Basic data partition
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 1b13218c-1c45-440e-a521-53c13e8d5bed
FirstLBA 1423204352 Last LBA 1465147391
Attributes 1
Partition Name Basic data partition
Disk Size: 750156374016 bytes
Sector size: 512 bytes
Done!
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
|
|
12.05.2015, 10:56
| #7 |
| | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig |
|
12.05.2015, 16:13
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig Bitte das richtige Log von MBAR posten, siehe Anleitung. Und alle Logs in CODE-Tags. Auch das vom TDSS-Killer.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2015, 13:45
| #9 |
| | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig oh...sorry, dass ich das falsche gepostet hab. Ha hab ich schneller eingefügt als ich gelesen hab. nun das richtige MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2015.05.12.01
rootkit: v2015.04.21.01
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Eli :: STICHLING [administrator]
12.05.2015 10:56:50
mbar-log-2015-05-12 (10-56-50).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 419110
Time elapsed: 27 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 11:35:28.0735 0x0ffc TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:35:28.0735 0x0ffc UEFI system
11:35:52.0424 0x0ffc ============================================================
11:35:52.0424 0x0ffc Current date / time: 2015/05/12 11:35:52.0424
11:35:52.0424 0x0ffc SystemInfo:
11:35:52.0424 0x0ffc
11:35:52.0424 0x0ffc OS Version: 6.2.9200 ServicePack: 0.0
11:35:52.0424 0x0ffc Product type: Workstation
11:35:52.0424 0x0ffc ComputerName: STICHLING
11:35:52.0424 0x0ffc UserName: Eli
11:35:52.0424 0x0ffc Windows directory: C:\WINDOWS
11:35:52.0424 0x0ffc System windows directory: C:\WINDOWS
11:35:52.0424 0x0ffc Running under WOW64
11:35:52.0424 0x0ffc Processor architecture: Intel x64
11:35:52.0424 0x0ffc Number of processors: 4
11:35:52.0424 0x0ffc Page size: 0x1000
11:35:52.0424 0x0ffc Boot type: Normal boot
11:35:52.0424 0x0ffc ============================================================
11:35:52.0611 0x0ffc KLMD registered as C:\WINDOWS\system32\drivers\32867245.sys
11:35:52.0799 0x0ffc System UUID: {4807CDB9-137B-B99C-FB10-07390AB16472}
11:35:53.0425 0x0ffc Drive \Device\Harddisk0\DR0 - Size: 0x5976F6000 ( 22.37 Gb ), SectorSize: 0x200, Cylinders: 0xB67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:35:53.0441 0x0ffc Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:35:53.0456 0x0ffc ============================================================
11:35:53.0456 0x0ffc \Device\Harddisk0\DR0:
11:35:53.0456 0x0ffc GPT partitions:
11:35:53.0456 0x0ffc \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {B8CB5058-C187-4719-BAF0-379CA2D4C97E}, UniqueGUID: {4613EE39-4727-4347-8134-173F590F716F}, Name: HFS, StartLBA 0x1000, BlocksNum 0x24B9800
11:35:53.0456 0x0ffc \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {2A772C8C-ECF7-47A6-848B-6776473C6E7B}, Name: Basic data partition, StartLBA 0x24BB000, BlocksNum 0x800000
11:35:53.0456 0x0ffc MBR partitions:
11:35:53.0456 0x0ffc \Device\Harddisk1\DR1:
11:35:53.0456 0x0ffc GPT partitions:
11:35:53.0456 0x0ffc \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {67AD75F0-0F79-4AA9-8DD8-F6C8C9C83084}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
11:35:53.0456 0x0ffc \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FB994476-3CD5-44B1-9CA8-16CC534E5E64}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
11:35:53.0456 0x0ffc \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {1D59E3C6-7396-4886-9D0D-C05DC983BC16}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
11:35:53.0456 0x0ffc \Device\Harddisk1\DR1\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8B3A40BB-64EC-41FC-93F6-72A049F32DDA}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
11:35:53.0456 0x0ffc \Device\Harddisk1\DR1\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {706910C0-B0BE-41AF-BC48-6F5C65E3A9CF}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x5169B800
11:35:53.0456 0x0ffc \Device\Harddisk1\DR1\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {988A9124-2FC7-4A0F-8146-A43F8CBFA2AB}, Name: Basic data partition, StartLBA 0x51B46000, BlocksNum 0x3200000
11:35:53.0456 0x0ffc \Device\Harddisk1\DR1\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1B13218C-1C45-440E-A521-53C13E8D5BED}, Name: Basic data partition, StartLBA 0x54D46000, BlocksNum 0x2800000
11:35:53.0456 0x0ffc MBR partitions:
11:35:53.0456 0x0ffc ============================================================
11:35:53.0487 0x0ffc C: <-> \Device\Harddisk1\DR1\Partition5
11:35:53.0566 0x0ffc D: <-> \Device\Harddisk1\DR1\Partition6
11:35:53.0566 0x0ffc ============================================================
11:35:53.0566 0x0ffc Initialize success
11:35:53.0566 0x0ffc ============================================================
11:36:23.0303 0x1bf0 ============================================================
11:36:23.0303 0x1bf0 Scan started
11:36:23.0303 0x1bf0 Mode: Manual; SigCheck; TDLFS;
11:36:23.0303 0x1bf0 ============================================================
11:36:23.0303 0x1bf0 KSN ping started
11:36:28.0397 0x1bf0 KSN ping finished: true
11:36:29.0006 0x1bf0 ================ Scan system memory ========================
11:36:29.0006 0x1bf0 System memory - ok
11:36:29.0006 0x1bf0 ================ Scan services =============================
11:36:29.0256 0x1bf0 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys
11:36:29.0303 0x1bf0 1394ohci - ok
11:36:29.0334 0x1bf0 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys
11:36:29.0350 0x1bf0 3ware - ok
11:36:29.0381 0x1bf0 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys
11:36:29.0412 0x1bf0 ACPI - ok
11:36:29.0412 0x1bf0 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys
11:36:29.0428 0x1bf0 acpiex - ok
11:36:29.0444 0x1bf0 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys
11:36:29.0459 0x1bf0 acpipagr - ok
11:36:29.0475 0x1bf0 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
11:36:29.0475 0x1bf0 AcpiPmi - ok
11:36:29.0491 0x1bf0 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys
11:36:29.0506 0x1bf0 acpitime - ok
11:36:29.0538 0x1bf0 [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC C:\WINDOWS\System32\drivers\AcpiVpc.sys
11:36:29.0569 0x1bf0 ACPIVPC - ok
11:36:29.0741 0x1bf0 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:36:29.0756 0x1bf0 AdobeARMservice - ok
11:36:29.0913 0x1bf0 [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:36:29.0913 0x1bf0 AdobeFlashPlayerUpdateSvc - ok
11:36:29.0959 0x1bf0 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\WINDOWS\system32\drivers\adp94xx.sys
11:36:29.0991 0x1bf0 adp94xx - ok
11:36:30.0022 0x1bf0 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\WINDOWS\system32\drivers\adpahci.sys
11:36:30.0038 0x1bf0 adpahci - ok
11:36:30.0053 0x1bf0 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\WINDOWS\system32\drivers\adpu320.sys
11:36:30.0069 0x1bf0 adpu320 - ok
11:36:30.0116 0x1bf0 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll
11:36:30.0131 0x1bf0 AeLookupSvc - ok
11:36:30.0163 0x1bf0 [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] AFD C:\WINDOWS\system32\drivers\afd.sys
11:36:30.0194 0x1bf0 AFD - ok
11:36:30.0225 0x1bf0 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys
11:36:30.0225 0x1bf0 agp440 - ok
11:36:30.0256 0x1bf0 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\WINDOWS\System32\alg.exe
11:36:30.0272 0x1bf0 ALG - ok
11:36:30.0303 0x1bf0 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll
11:36:30.0319 0x1bf0 AllUserInstallAgent - ok
11:36:30.0350 0x1bf0 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys
11:36:30.0366 0x1bf0 AmdK8 - ok
11:36:30.0381 0x1bf0 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys
11:36:30.0397 0x1bf0 AmdPPM - ok
11:36:30.0413 0x1bf0 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys
11:36:30.0413 0x1bf0 amdsata - ok
11:36:30.0444 0x1bf0 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys
11:36:30.0459 0x1bf0 amdsbs - ok
11:36:30.0475 0x1bf0 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys
11:36:30.0475 0x1bf0 amdxata - ok
11:36:30.0522 0x1bf0 [ C7BE7FBB9B6BDE11E12A0F204384C1D6, 36A6387B90DFB2488ABF135198F0F9E19EE29F7A521818DF92E64B36A0BE0245 ] AmUStor C:\WINDOWS\system32\drivers\AmUStor.SYS
11:36:30.0522 0x1bf0 AmUStor - ok
11:36:30.0538 0x1bf0 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\WINDOWS\system32\drivers\appid.sys
11:36:30.0569 0x1bf0 AppID - ok
11:36:30.0600 0x1bf0 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll
11:36:30.0616 0x1bf0 AppIDSvc - ok
11:36:30.0631 0x1bf0 [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo C:\WINDOWS\System32\appinfo.dll
11:36:30.0647 0x1bf0 Appinfo - ok
11:36:30.0741 0x1bf0 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:36:30.0741 0x1bf0 Apple Mobile Device Service - ok
11:36:30.0772 0x1bf0 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\WINDOWS\system32\drivers\arc.sys
11:36:30.0788 0x1bf0 arc - ok
11:36:30.0803 0x1bf0 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys
11:36:30.0819 0x1bf0 arcsas - ok
11:36:30.0834 0x1bf0 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:36:30.0834 0x1bf0 AsyncMac - ok
11:36:30.0850 0x1bf0 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\WINDOWS\system32\drivers\atapi.sys
11:36:30.0866 0x1bf0 atapi - ok
11:36:30.0897 0x1bf0 [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
11:36:30.0913 0x1bf0 AudioEndpointBuilder - ok
11:36:30.0975 0x1bf0 [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll
11:36:31.0006 0x1bf0 Audiosrv - ok
11:36:31.0178 0x1bf0 [ EAC923325937602A24994969F00788B5, 254913759B6159398A452E81707D97C3BAC45D749904F5A220DB964D9ED4036C ] AVKProxy C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
11:36:31.0225 0x1bf0 AVKProxy - ok
11:36:31.0303 0x1bf0 [ BCC79D1E0605ABE4B58A9DEE696982A5, 7619EDBB1ABEE4A1B3476D42BCD718876C5BE7F7A4B972414D45F2540F17C665 ] AVKService C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
11:36:31.0319 0x1bf0 AVKService - ok
11:36:31.0428 0x1bf0 [ B61A7EBD757437DE398CCD51E559E6B5, FFDB272EC3A8C4CC92E4BDE0228E59733300AEE3AF4D9D84DDAC2FBF14FBA2D4 ] AVKWCtl C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
11:36:31.0506 0x1bf0 AVKWCtl - ok
11:36:31.0553 0x1bf0 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll
11:36:31.0569 0x1bf0 AxInstSV - ok
11:36:31.0600 0x1bf0 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys
11:36:31.0631 0x1bf0 b06bdrv - ok
11:36:31.0663 0x1bf0 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys
11:36:31.0678 0x1bf0 BasicDisplay - ok
11:36:31.0694 0x1bf0 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys
11:36:31.0694 0x1bf0 BasicRender - ok
11:36:31.0741 0x1bf0 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\WINDOWS\System32\bdesvc.dll
11:36:31.0756 0x1bf0 BDESVC - ok
11:36:31.0772 0x1bf0 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:36:31.0788 0x1bf0 Beep - ok
11:36:31.0819 0x1bf0 [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE C:\WINDOWS\System32\bfe.dll
11:36:31.0850 0x1bf0 BFE - ok
11:36:31.0897 0x1bf0 [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS C:\WINDOWS\System32\qmgr.dll
11:36:31.0928 0x1bf0 BITS - ok
11:36:32.0038 0x1bf0 [ 13C358D27CBFAF537FA7CA48B9052CF3, BC6AD061DA6B348774E9B65750C986F43148B78E8F97CCBE9AA99EA7D8759620 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:36:32.0053 0x1bf0 Bluetooth Device Monitor - ok
11:36:32.0100 0x1bf0 [ 7525C93645FDA8E9D8F677FEA833798A, 9878B88C57119580EF1F5D1DF93C62A3CFFFD0AC4E764D9AC05C727D0D1B2EED ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:36:32.0131 0x1bf0 Bluetooth OBEX Service - ok
11:36:32.0163 0x1bf0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:36:32.0194 0x1bf0 Bonjour Service - ok
11:36:32.0210 0x1bf0 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys
11:36:32.0241 0x1bf0 bowser - ok
11:36:32.0272 0x1bf0 [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
11:36:32.0288 0x1bf0 BrokerInfrastructure - ok
11:36:32.0319 0x1bf0 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\WINDOWS\System32\browser.dll
11:36:32.0335 0x1bf0 Browser - ok
11:36:32.0366 0x1bf0 [ D4FA5A33E345CFB6D635579A8EE02399, F87E622575D495AA458683C99C427508FCF14349EDBE0FE03F6AA0155E77C111 ] BthA2DP C:\WINDOWS\system32\drivers\BthA2DP.sys
11:36:32.0381 0x1bf0 BthA2DP - ok
11:36:32.0413 0x1bf0 [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
11:36:32.0428 0x1bf0 BthAvrcpTg - ok
11:36:32.0460 0x1bf0 [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys
11:36:32.0475 0x1bf0 BthEnum - ok
11:36:32.0507 0x1bf0 [ E695E706C9E11DD5201605F1F6B4505C, 994DBB540644CBA25992C63E639A8551E066DEC1648139E461892F306F77F101 ] BthHFAud C:\WINDOWS\system32\DRIVERS\BthHfAud.sys
11:36:32.0507 0x1bf0 BthHFAud - ok
11:36:32.0538 0x1bf0 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
11:36:32.0569 0x1bf0 BthHFEnum - ok
11:36:32.0585 0x1bf0 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys
11:36:32.0585 0x1bf0 bthhfhid - ok
11:36:32.0647 0x1bf0 [ 447A41162B74E345C8E80A681867C653, 415A54506FFC37E242F44886ADCF70C35433AD056CCBACA818F24500064FD17C ] BthHFSrv C:\WINDOWS\System32\BthHFSrv.dll
11:36:32.0663 0x1bf0 BthHFSrv - ok
11:36:32.0694 0x1bf0 [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
11:36:32.0710 0x1bf0 BthLEEnum - ok
11:36:32.0725 0x1bf0 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
11:36:32.0741 0x1bf0 BTHMODEM - ok
11:36:32.0772 0x1bf0 [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:36:32.0788 0x1bf0 BthPan - ok
11:36:32.0835 0x1bf0 [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys
11:36:32.0882 0x1bf0 BTHPORT - ok
11:36:32.0897 0x1bf0 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\WINDOWS\system32\bthserv.dll
11:36:32.0913 0x1bf0 bthserv - ok
11:36:32.0928 0x1bf0 [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys
11:36:32.0928 0x1bf0 BTHUSB - ok
11:36:32.0960 0x1bf0 [ 7235891AF09D13C4214DEEE57ED331D0, ADDFF2B043DA537652213381450A87301B27DC2665DA7AB494A8B0DA9E99936E ] btmaux C:\WINDOWS\system32\DRIVERS\btmaux.sys
11:36:32.0975 0x1bf0 btmaux - ok
11:36:33.0038 0x1bf0 [ 76D0DDD58A773CA1BFB4D30AAE03517A, E631CAAEEA5D1F632FF0A60F4466664A6FD9DA19F4A28A379294D8E6690ADAD9 ] btmhsf C:\WINDOWS\system32\DRIVERS\btmhsf.sys
11:36:33.0069 0x1bf0 btmhsf - ok
11:36:33.0085 0x1bf0 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys
11:36:33.0100 0x1bf0 cdfs - ok
11:36:33.0116 0x1bf0 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys
11:36:33.0147 0x1bf0 cdrom - ok
11:36:33.0178 0x1bf0 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll
11:36:33.0194 0x1bf0 CertPropSvc - ok
11:36:33.0210 0x1bf0 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\WINDOWS\System32\drivers\circlass.sys
11:36:33.0225 0x1bf0 circlass - ok
11:36:33.0257 0x1bf0 [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys
11:36:33.0272 0x1bf0 CLFS - ok
11:36:33.0303 0x1bf0 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys
11:36:33.0335 0x1bf0 CmBatt - ok
11:36:33.0366 0x1bf0 [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG C:\WINDOWS\system32\Drivers\cng.sys
11:36:33.0382 0x1bf0 CNG - ok
11:36:33.0444 0x1bf0 [ 1F925AA990A6A446E8BA926B2D0A5201, F278C272E3F40C37D04935CE19938C4B63A4BC2AA378D0F56C32FE78308D6993 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
11:36:33.0491 0x1bf0 CnxtHdAudService - ok
11:36:33.0507 0x1bf0 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys
11:36:33.0522 0x1bf0 CompositeBus - ok
11:36:33.0522 0x1bf0 COMSysApp - ok
11:36:33.0522 0x1bf0 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\WINDOWS\system32\drivers\condrv.sys
11:36:33.0538 0x1bf0 condrv - ok
11:36:33.0725 0x1bf0 [ 0691E1CEB1932B7F1B97FC70AB2AE539, 9DAA3129DAADA60C888A9B8C31C885D8E8B21CA4F6EA58B8827747BE418802F0 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
11:36:33.0741 0x1bf0 cphs - ok
11:36:33.0803 0x1bf0 [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll
11:36:33.0819 0x1bf0 CryptSvc - ok
11:36:33.0850 0x1bf0 [ 48AED45DF009081AF3F5144F7D624674, 4425C15EB9E1177EE5134A33F63DAF7FF876577946DBF1EAD92C5614025113BB ] CxAudMsg C:\WINDOWS\system32\CxAudMsg64.exe
11:36:33.0866 0x1bf0 CxAudMsg - ok
11:36:33.0897 0x1bf0 [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam C:\WINDOWS\system32\drivers\dam.sys
11:36:33.0913 0x1bf0 dam - ok
11:36:33.0960 0x1bf0 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:36:33.0991 0x1bf0 DcomLaunch - ok
11:36:34.0038 0x1bf0 [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc C:\WINDOWS\System32\defragsvc.dll
11:36:34.0069 0x1bf0 defragsvc - ok
11:36:34.0085 0x1bf0 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\WINDOWS\system32\das.dll
11:36:34.0116 0x1bf0 DeviceAssociationService - ok
11:36:34.0147 0x1bf0 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll
11:36:34.0163 0x1bf0 DeviceInstall - ok
11:36:34.0210 0x1bf0 [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys
11:36:34.0210 0x1bf0 Dfsc - ok
11:36:34.0241 0x1bf0 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys
11:36:34.0257 0x1bf0 dg_ssudbus - ok
11:36:34.0303 0x1bf0 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll
11:36:34.0319 0x1bf0 Dhcp - ok
11:36:34.0335 0x1bf0 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\WINDOWS\system32\drivers\discache.sys
11:36:34.0350 0x1bf0 discache - ok
11:36:34.0366 0x1bf0 [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk C:\WINDOWS\system32\drivers\disk.sys
11:36:34.0382 0x1bf0 disk - ok
11:36:34.0382 0x1bf0 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys
11:36:34.0397 0x1bf0 dmvsc - ok
11:36:34.0413 0x1bf0 [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:36:34.0428 0x1bf0 Dnscache - ok
11:36:34.0460 0x1bf0 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\WINDOWS\System32\dot3svc.dll
11:36:34.0475 0x1bf0 dot3svc - ok
11:36:34.0507 0x1bf0 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\WINDOWS\system32\dps.dll
11:36:34.0522 0x1bf0 DPS - ok
11:36:34.0554 0x1bf0 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:36:34.0554 0x1bf0 drmkaud - ok
11:36:34.0585 0x1bf0 [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll
11:36:34.0600 0x1bf0 DsmSvc - ok
11:36:34.0663 0x1bf0 [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys
11:36:34.0725 0x1bf0 DXGKrnl - ok
11:36:34.0772 0x1bf0 [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
11:36:34.0804 0x1bf0 e1iexpress - ok
11:36:34.0804 0x1bf0 EagleX64 - ok
11:36:34.0835 0x1bf0 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\WINDOWS\System32\eapsvc.dll
11:36:34.0850 0x1bf0 Eaphost - ok
11:36:34.0960 0x1bf0 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys
11:36:35.0069 0x1bf0 ebdrv - ok
11:36:35.0085 0x1bf0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS C:\WINDOWS\System32\lsass.exe
11:36:35.0100 0x1bf0 EFS - ok
11:36:35.0116 0x1bf0 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys
11:36:35.0132 0x1bf0 EhStorClass - ok
11:36:35.0147 0x1bf0 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
11:36:35.0163 0x1bf0 EhStorTcgDrv - ok
11:36:35.0179 0x1bf0 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys
11:36:35.0194 0x1bf0 ErrDev - ok
11:36:35.0210 0x1bf0 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\WINDOWS\system32\es.dll
11:36:35.0241 0x1bf0 EventSystem - ok
11:36:35.0382 0x1bf0 [ 21FFB87A70019E9B39C5A8469695ACBA, B41BEDB737CFD33707181DA0B69FC47C01C897AF8B42211A46B54A9FDB2B9004 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:36:35.0397 0x1bf0 EvtEng - ok
11:36:35.0413 0x1bf0 [ D2EAA04AF43154B62FA85B08BAD0A7CA, B18F09CAD04AD61A1B8DCD3BBC70A82FB50008C147389D3245E39856BA940A87 ] excfs C:\WINDOWS\system32\DRIVERS\excfs.sys
11:36:35.0429 0x1bf0 excfs - ok
11:36:35.0429 0x1bf0 [ E6082A6C109238A725D83184724C4A36, 66F0D4798C357FFCC5A35E45BE8E5F0A97E7BCF98CFAA1BB2269F6D6B910A0A3 ] excsd C:\WINDOWS\system32\DRIVERS\excsd.sys
11:36:35.0444 0x1bf0 excsd - ok
11:36:35.0475 0x1bf0 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\WINDOWS\system32\drivers\exfat.sys
11:36:35.0491 0x1bf0 exfat - ok
11:36:35.0554 0x1bf0 [ 68030FF4B7669E15916910885E2E6160, 324EC07A0135354A5D41ED841919D61C218ECA718DE8A8357B0D2AD0B621777B ] ExpressCache C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
11:36:35.0569 0x1bf0 ExpressCache - ok
11:36:35.0585 0x1bf0 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys
11:36:35.0600 0x1bf0 fastfat - ok
11:36:35.0663 0x1bf0 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\WINDOWS\system32\fxssvc.exe
11:36:35.0694 0x1bf0 Fax - ok
11:36:35.0710 0x1bf0 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\WINDOWS\System32\drivers\fdc.sys
11:36:35.0725 0x1bf0 fdc - ok
11:36:35.0741 0x1bf0 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
11:36:35.0757 0x1bf0 fdPHost - ok
11:36:35.0772 0x1bf0 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\WINDOWS\system32\fdrespub.dll
11:36:35.0788 0x1bf0 FDResPub - ok
11:36:35.0819 0x1bf0 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\WINDOWS\system32\fhsvc.dll
11:36:35.0835 0x1bf0 fhsvc - ok
11:36:35.0866 0x1bf0 [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys
11:36:35.0866 0x1bf0 FileInfo - ok
11:36:35.0897 0x1bf0 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys
11:36:35.0913 0x1bf0 Filetrace - ok
11:36:35.0929 0x1bf0 [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys
11:36:35.0944 0x1bf0 flpydisk - ok
11:36:35.0960 0x1bf0 [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:36:35.0975 0x1bf0 FltMgr - ok
11:36:36.0038 0x1bf0 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache C:\WINDOWS\system32\FntCache.dll
11:36:36.0085 0x1bf0 FontCache - ok
11:36:36.0210 0x1bf0 [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:36:36.0210 0x1bf0 FontCache3.0.0.0 - ok
11:36:36.0304 0x1bf0 [ BDF9B38E0331115B3D94157BAF368408, 9F01AB78441B04027D3C662503EAF0B20F6DC9F16A5AD82B000294454B2B12B3 ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
11:36:36.0319 0x1bf0 FreemakeVideoCapture - detected UnsignedFile.Multi.Generic ( 1 )
11:36:38.0679 0x1bf0 Detect skipped due to KSN trusted
11:36:38.0679 0x1bf0 FreemakeVideoCapture - ok
11:36:38.0726 0x1bf0 [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys
11:36:38.0741 0x1bf0 FsDepends - ok
11:36:38.0757 0x1bf0 [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:36:38.0772 0x1bf0 Fs_Rec - ok
11:36:38.0804 0x1bf0 [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys
11:36:38.0835 0x1bf0 fvevol - ok
11:36:38.0851 0x1bf0 [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys
11:36:38.0866 0x1bf0 FxPPM - ok
11:36:38.0882 0x1bf0 [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys
11:36:38.0897 0x1bf0 gagp30kx - ok
11:36:38.0913 0x1bf0 [ 22F1DEC206A6756884ED0740DBCB31AF, D1766BDE07CF24809A39264DEF6534552C6919684FB811CA4F3BE63E60250AA4 ] GDBehave C:\WINDOWS\system32\drivers\GDBehave.sys
11:36:38.0913 0x1bf0 GDBehave - ok
11:36:38.0944 0x1bf0 [ 1314062567B9ED86BFFDE5D8C48C52AE, 01DE02308E478F50DBFE4C6EAE9D0C052C1575283F2C182388E2028F3BF2E756 ] GDElam C:\WINDOWS\system32\DRIVERS\GDElam.sys
11:36:38.0960 0x1bf0 GDElam - ok
11:36:39.0069 0x1bf0 [ 73F5C62BBE0CDCDFFDC3C0B71F24E4FD, 8BB0796DF4BC6C11AEC33ECDECCAF85946C3BB19C85F1700020AA353000B4361 ] GDFwSvc C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
11:36:39.0147 0x1bf0 GDFwSvc - ok
11:36:39.0179 0x1bf0 [ FF5543CDA6B06E3D29A5F312BE5C4919, 91E0BB934EFD01576C94FDA967340563BB92ECE7C5389978FBC9587A9D21B9CF ] GDKBB C:\WINDOWS\system32\drivers\GDKBB64.sys
11:36:39.0179 0x1bf0 GDKBB - ok
11:36:39.0194 0x1bf0 [ 1543775197DD1A27D16C0FA0FF73CAFB, B149282AFA5A60CEC797B643207F2541722C360989148FBC7A06DA0EB501ABED ] GDKBFlt C:\WINDOWS\system32\drivers\GDKBFlt64.sys
11:36:39.0210 0x1bf0 GDKBFlt - ok
11:36:39.0226 0x1bf0 [ EBA67BDB064A0A86CE318E8D1B7FD16A, 6C1B7F851EE1D7CE2BEC7C1743E070646CC8E6895135D6B3E176AD6FC82E81D6 ] GDMnIcpt C:\WINDOWS\system32\drivers\MiniIcpt.sys
11:36:39.0241 0x1bf0 GDMnIcpt - ok
11:36:39.0257 0x1bf0 [ FBDCD080CC7BD1875056B3813B1F2D13, 7196B8FCED495F774A845FA6D55671368B8F94CF7B7DC6C533FE6172F2341324 ] GDPkIcpt C:\WINDOWS\system32\drivers\PktIcpt.sys
11:36:39.0257 0x1bf0 GDPkIcpt - ok
11:36:39.0351 0x1bf0 [ 2FC204FF990827303D9184B390F5C15E, A194ACE75ADD2E105C1C5555621A2E4292617C37BA17070F88D4CA56B24D9291 ] GDScan C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
11:36:39.0382 0x1bf0 GDScan - ok
11:36:39.0413 0x1bf0 [ 6DE4E91BA586977CD843BF5C7E3276E5, 5010F93820FEBC25AD2F118EDEEBDE26CCCC92B854B55300952469CB653FCDD9 ] gdwfpcd C:\WINDOWS\system32\drivers\gdwfpcd64.sys
11:36:39.0414 0x1bf0 gdwfpcd - ok
11:36:39.0445 0x1bf0 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:36:39.0445 0x1bf0 GEARAspiWDM - ok
11:36:39.0477 0x1bf0 [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
11:36:39.0492 0x1bf0 gencounter - ok
11:36:39.0586 0x1bf0 [ 5140320AEA9D96A3BD48905F68E8E1D2, 30D9719B67D81C18E18944E119BEE294DEDCD005B99F59CB77746F78BAF0B2D8 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
11:36:39.0617 0x1bf0 GfExperienceService - ok
11:36:39.0649 0x1bf0 [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys
11:36:39.0664 0x1bf0 GPIOClx0101 - ok
11:36:39.0727 0x1bf0 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc C:\WINDOWS\System32\gpsvc.dll
11:36:39.0774 0x1bf0 gpsvc - ok
11:36:39.0805 0x1bf0 [ 57875BA7B65C5FE5A87630DC1544C420, 5BB2F6CD21E3855F163B2B15E2E51A3D58637A890D0D3C6AEFB0F60214D6FBD2 ] GRD C:\WINDOWS\system32\drivers\GRD.sys
11:36:39.0805 0x1bf0 GRD - ok
11:36:39.0836 0x1bf0 [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
11:36:39.0867 0x1bf0 HdAudAddService - ok
11:36:39.0883 0x1bf0 [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys
11:36:39.0883 0x1bf0 HDAudBus - ok
11:36:39.0914 0x1bf0 [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys
11:36:39.0930 0x1bf0 HidBatt - ok
11:36:39.0961 0x1bf0 [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys
11:36:39.0977 0x1bf0 HidBth - ok
11:36:39.0992 0x1bf0 [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys
11:36:40.0008 0x1bf0 hidi2c - ok
11:36:40.0024 0x1bf0 [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
11:36:40.0039 0x1bf0 HidIr - ok
11:36:40.0070 0x1bf0 [ D42E350C3F5B9DDCE7BDDB109B413109, F015CCAB3719B1834DF3EE0265D905675C743F116526A2882B6077E540B8A74F ] hidkmdf C:\WINDOWS\System32\drivers\hidkmdf.sys
11:36:40.0086 0x1bf0 hidkmdf - ok
11:36:40.0117 0x1bf0 [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv C:\WINDOWS\system32\hidserv.dll
11:36:40.0133 0x1bf0 hidserv - ok
11:36:40.0149 0x1bf0 [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys
11:36:40.0164 0x1bf0 HidUsb - ok
11:36:40.0211 0x1bf0 [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll
11:36:40.0227 0x1bf0 hkmsvc - ok
11:36:40.0258 0x1bf0 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
11:36:40.0274 0x1bf0 HomeGroupListener - ok
11:36:40.0305 0x1bf0 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
11:36:40.0336 0x1bf0 HomeGroupProvider - ok
11:36:40.0352 0x1bf0 [ 20A8E34FE6FD617598E3B90C596D9557, 12A4EEDDB0479300122C32141C0646E48609AFFAF59608B7D7CC8C067C7AC7BB ] HookCentre C:\WINDOWS\system32\drivers\HookCentre.sys
11:36:40.0352 0x1bf0 HookCentre - ok
11:36:40.0383 0x1bf0 [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys
11:36:40.0399 0x1bf0 HpSAMD - ok
11:36:40.0430 0x1bf0 [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys
11:36:40.0461 0x1bf0 HTTP - ok
11:36:40.0477 0x1bf0 [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys
11:36:40.0492 0x1bf0 hwpolicy - ok
11:36:40.0508 0x1bf0 [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys
11:36:40.0524 0x1bf0 hyperkbd - ok
11:36:40.0539 0x1bf0 [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
11:36:40.0539 0x1bf0 HyperVideo - ok
11:36:40.0570 0x1bf0 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys
11:36:40.0570 0x1bf0 i8042prt - ok
11:36:40.0602 0x1bf0 [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys
11:36:40.0617 0x1bf0 iaStorA - ok
11:36:40.0695 0x1bf0 [ 584068E03829BC5C63F54B05E6244E97, C075E8A4853C0DE09A9BF846338F9C8997FE7ACD604B4EC02AA89F0DAA1D985B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:36:40.0711 0x1bf0 IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:36:43.0071 0x1bf0 Detect skipped due to KSN trusted
11:36:43.0071 0x1bf0 IAStorDataMgrSvc - ok
11:36:43.0102 0x1bf0 [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys
11:36:43.0133 0x1bf0 iaStorV - ok
11:36:43.0164 0x1bf0 [ C430482AC892D52CED021EDDD4D368A2, C54C12EAC14F40BE3E7D7159F8876A664D00CA928000E25306071D28B52EA33A ] ibtfltcoex C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
11:36:43.0180 0x1bf0 ibtfltcoex - ok
11:36:43.0414 0x1bf0 [ 28388795BDF79464E8FDADB127671734, 4C740A8E35462C051DE3166BF87F5061518F589D8BCF4C36247FEC4903231593 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
11:36:43.0649 0x1bf0 igfx - ok
11:36:43.0696 0x1bf0 [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp C:\WINDOWS\system32\drivers\iirsp.sys
11:36:43.0696 0x1bf0 iirsp - ok
11:36:43.0758 0x1bf0 [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT C:\WINDOWS\System32\ikeext.dll
11:36:43.0805 0x1bf0 IKEEXT - ok
11:36:43.0836 0x1bf0 [ FD2032D2EAE8D7F3381EBA5FA3E7FEEA, 46D1DC6A44E20339AD9195EE7CC719DC9BC99C78F8C74E730B671F0D78B9C683 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
11:36:43.0852 0x1bf0 intaud_WaveExtensible - ok
11:36:43.0883 0x1bf0 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
11:36:43.0899 0x1bf0 IntcDAud - ok
11:36:43.0961 0x1bf0 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:36:43.0993 0x1bf0 Intel(R) Capability Licensing Service Interface - ok
11:36:44.0055 0x1bf0 [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
11:36:44.0071 0x1bf0 Intel(R) ME Service - ok
11:36:44.0102 0x1bf0 [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide C:\WINDOWS\system32\drivers\intelide.sys
11:36:44.0118 0x1bf0 intelide - ok
11:36:44.0133 0x1bf0 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys
11:36:44.0149 0x1bf0 intelppm - ok
11:36:44.0164 0x1bf0 [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:36:44.0180 0x1bf0 IpFilterDriver - ok
11:36:44.0227 0x1bf0 [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll
11:36:44.0258 0x1bf0 iphlpsvc - ok
11:36:44.0274 0x1bf0 [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys
11:36:44.0289 0x1bf0 IPMIDRV - ok
11:36:44.0305 0x1bf0 [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
11:36:44.0321 0x1bf0 IPNAT - ok
11:36:44.0368 0x1bf0 [ 87F8EDF63C97BF0BF21359A3D8ABF0C7, BAAAE1DE50EBD1BCE46F33C5F3A7F3C39F61AB21416D78DAA7F8A19F38F67269 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:36:44.0383 0x1bf0 iPod Service - ok
11:36:44.0399 0x1bf0 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys
11:36:44.0414 0x1bf0 IRENUM - ok
11:36:44.0430 0x1bf0 [ 4D9B9A794F22415B8C3E0CCFBE61BC7A, 4CF01BC95F0AD7DC42AF8A0FCE032DF00610524A98CF52F531E9DE93137E7B87 ] irstrtdv C:\WINDOWS\System32\drivers\irstrtdv.sys
11:36:44.0430 0x1bf0 irstrtdv - ok
11:36:44.0586 0x1bf0 [ E145E934392E7A49FDC6775AC3A347F8, 8E5DBC8C34FB3B68851489E0860BA3ACE6CDF46BB5E2AEFD1DEF6E895566068B ] irstrtsv C:\WINDOWS\SysWOW64\irstrtsv.exe
11:36:44.0586 0x1bf0 irstrtsv - ok
11:36:44.0602 0x1bf0 [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys
11:36:44.0618 0x1bf0 isapnp - ok
11:36:44.0649 0x1bf0 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys
11:36:44.0680 0x1bf0 iScsiPrt - ok
11:36:44.0711 0x1bf0 [ C59B9CE2855E667809F9E63C20FC44A5, 36C71CDAB84296E408F29588E1993B6E2016841435C6F2CABBB716A2E2947BA8 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
11:36:44.0711 0x1bf0 iwdbus - ok
11:36:44.0743 0x1bf0 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:36:44.0743 0x1bf0 jhi_service - ok
11:36:44.0789 0x1bf0 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys
11:36:44.0789 0x1bf0 kbdclass - ok
11:36:44.0805 0x1bf0 [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys
11:36:44.0821 0x1bf0 kbdhid - ok
11:36:44.0821 0x1bf0 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys
11:36:44.0852 0x1bf0 kdnic - ok
11:36:44.0883 0x1bf0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso C:\WINDOWS\system32\lsass.exe
11:36:44.0883 0x1bf0 KeyIso - ok
11:36:44.0899 0x1bf0 [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys
11:36:44.0914 0x1bf0 KSecDD - ok
11:36:44.0946 0x1bf0 [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys
11:36:44.0961 0x1bf0 KSecPkg - ok
11:36:44.0961 0x1bf0 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys
11:36:44.0977 0x1bf0 ksthunk - ok
11:36:45.0024 0x1bf0 [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
11:36:45.0039 0x1bf0 KtmRm - ok
11:36:45.0071 0x1bf0 [ 61959D7B5A83C524909325AE751F19F9, 1D6AC527C36E9986CDE7B852B11DC9DC8DE367CEEDE0AE481B1FB5C6E4F26C26 ] LAD C:\WINDOWS\System32\drivers\LAD.sys
11:36:45.0102 0x1bf0 LAD - ok
11:36:45.0149 0x1bf0 [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer C:\WINDOWS\system32\srvsvc.dll
11:36:45.0180 0x1bf0 LanmanServer - ok
11:36:45.0211 0x1bf0 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
11:36:45.0227 0x1bf0 LanmanWorkstation - ok
11:36:45.0305 0x1bf0 [ 93138543A4D836E97543BA2B857BDBFF, 23B4C52AFDCA16D5DC49F08FE755B1AF457BEBBE1599EF7B9C310C105639384B ] Lenovo Smart Update Service C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
11:36:45.0305 0x1bf0 Lenovo Smart Update Service - ok
11:36:45.0321 0x1bf0 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\WINDOWS\system32\DRIVERS\LhdX64.sys
11:36:45.0336 0x1bf0 LHDmgr - ok
11:36:45.0352 0x1bf0 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys
11:36:45.0368 0x1bf0 lltdio - ok
11:36:45.0399 0x1bf0 [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll
11:36:45.0414 0x1bf0 lltdsvc - ok
11:36:45.0430 0x1bf0 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll
11:36:45.0446 0x1bf0 lmhosts - ok
11:36:45.0477 0x1bf0 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:36:45.0493 0x1bf0 LMS - ok
11:36:45.0524 0x1bf0 [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys
11:36:45.0539 0x1bf0 LSI_SAS - ok
11:36:45.0555 0x1bf0 [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys
11:36:45.0571 0x1bf0 LSI_SAS2 - ok
11:36:45.0586 0x1bf0 [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI C:\WINDOWS\system32\drivers\lsi_scsi.sys
11:36:45.0586 0x1bf0 LSI_SCSI - ok
11:36:45.0602 0x1bf0 [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys
11:36:45.0618 0x1bf0 LSI_SSS - ok
11:36:45.0664 0x1bf0 [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM C:\WINDOWS\System32\lsm.dll
11:36:45.0680 0x1bf0 LSM - ok
11:36:45.0696 0x1bf0 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv C:\WINDOWS\system32\drivers\luafv.sys
11:36:45.0711 0x1bf0 luafv - ok
11:36:45.0743 0x1bf0 [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:36:45.0758 0x1bf0 MBAMProtector - ok
11:36:45.0836 0x1bf0 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
11:36:45.0883 0x1bf0 MBAMService - ok
11:36:45.0899 0x1bf0 [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
11:36:45.0914 0x1bf0 MBAMWebAccessControl - ok
11:36:45.0930 0x1bf0 [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas C:\WINDOWS\system32\drivers\megasas.sys
11:36:45.0946 0x1bf0 megasas - ok
11:36:45.0993 0x1bf0 [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR C:\WINDOWS\system32\drivers\MegaSR.sys
11:36:46.0008 0x1bf0 MegaSR - ok
11:36:46.0055 0x1bf0 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
11:36:46.0055 0x1bf0 MEIx64 - ok
11:36:46.0086 0x1bf0 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS C:\WINDOWS\system32\mmcss.dll
11:36:46.0102 0x1bf0 MMCSS - ok
11:36:46.0118 0x1bf0 [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem C:\WINDOWS\system32\drivers\modem.sys
11:36:46.0133 0x1bf0 Modem - ok
11:36:46.0149 0x1bf0 [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor C:\WINDOWS\System32\drivers\monitor.sys
11:36:46.0164 0x1bf0 monitor - ok
11:36:46.0180 0x1bf0 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys
11:36:46.0196 0x1bf0 mouclass - ok
11:36:46.0211 0x1bf0 [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys
11:36:46.0227 0x1bf0 mouhid - ok
11:36:46.0243 0x1bf0 [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys
11:36:46.0243 0x1bf0 mountmgr - ok
11:36:46.0290 0x1bf0 [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:36:46.0290 0x1bf0 MozillaMaintenance - ok
11:36:46.0321 0x1bf0 [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys
11:36:46.0321 0x1bf0 mpsdrv - ok
11:36:46.0368 0x1bf0 [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll
11:36:46.0399 0x1bf0 MpsSvc - ok
11:36:46.0415 0x1bf0 [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys
11:36:46.0446 0x1bf0 MRxDAV - ok
11:36:46.0461 0x1bf0 [ 93179D48066918323628CB016D8C94DC, FE110BF7A10EDD1DF7F6B933D373FCA51F37413282EBC4187E7C9B1965186BCC ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:36:46.0477 0x1bf0 mrxsmb - ok
11:36:46.0493 0x1bf0 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
11:36:46.0524 0x1bf0 mrxsmb10 - ok
11:36:46.0524 0x1bf0 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26, 9822FA53E6067C0E39B7A3A3F1E88719D5D8B055D86FF894F0475B158289EA45 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
11:36:46.0540 0x1bf0 mrxsmb20 - ok
11:36:46.0571 0x1bf0 [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys
11:36:46.0586 0x1bf0 MsBridge - ok
11:36:46.0602 0x1bf0 [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC C:\WINDOWS\System32\msdtc.exe
11:36:46.0618 0x1bf0 MSDTC - ok
11:36:46.0633 0x1bf0 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:36:46.0633 0x1bf0 Msfs - ok
11:36:46.0665 0x1bf0 [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
11:36:46.0680 0x1bf0 msgpiowin32 - ok
11:36:46.0696 0x1bf0 [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys
11:36:46.0696 0x1bf0 mshidkmdf - ok
11:36:46.0711 0x1bf0 [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
11:36:46.0727 0x1bf0 mshidumdf - ok
11:36:46.0727 0x1bf0 [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys
11:36:46.0743 0x1bf0 msisadrv - ok
11:36:46.0774 0x1bf0 [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll
11:36:46.0790 0x1bf0 MSiSCSI - ok
11:36:46.0790 0x1bf0 msiserver - ok
11:36:46.0805 0x1bf0 [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:36:46.0821 0x1bf0 MSKSSRV - ok
11:36:46.0836 0x1bf0 [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys
11:36:46.0852 0x1bf0 MsLldp - ok
11:36:46.0852 0x1bf0 [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:36:46.0868 0x1bf0 MSPCLOCK - ok
11:36:46.0883 0x1bf0 [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:36:46.0899 0x1bf0 MSPQM - ok
11:36:46.0915 0x1bf0 [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys
11:36:46.0946 0x1bf0 MsRPC - ok
11:36:46.0946 0x1bf0 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys
11:36:46.0961 0x1bf0 mssmbios - ok
11:36:46.0977 0x1bf0 [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:36:46.0993 0x1bf0 MSTEE - ok
11:36:47.0008 0x1bf0 [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys
11:36:47.0008 0x1bf0 MTConfig - ok
11:36:47.0024 0x1bf0 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup C:\WINDOWS\system32\Drivers\mup.sys
11:36:47.0040 0x1bf0 Mup - ok
11:36:47.0055 0x1bf0 [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys
11:36:47.0055 0x1bf0
|
|
13.05.2015, 13:46
| #10 |
| | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig TDSS-Killer Teil 2 Code:
ATTFilter 11:36:47.0258 0x1bf0 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys
11:36:47.0290 0x1bf0 NativeWifiP - ok
11:36:47.0321 0x1bf0 [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
11:36:47.0336 0x1bf0 NcaSvc - ok
11:36:47.0352 0x1bf0 [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
11:36:47.0352 0x1bf0 NcdAutoSetup - ok
11:36:47.0399 0x1bf0 [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS C:\WINDOWS\system32\drivers\ndis.sys
11:36:47.0446 0x1bf0 NDIS - ok
11:36:47.0461 0x1bf0 [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys
11:36:47.0477 0x1bf0 NdisCap - ok
11:36:47.0493 0x1bf0 [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
11:36:47.0493 0x1bf0 NdisImPlatform - ok
11:36:47.0524 0x1bf0 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:36:47.0540 0x1bf0 NdisTapi - ok
11:36:47.0555 0x1bf0 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:36:47.0571 0x1bf0 Ndisuio - ok
11:36:47.0586 0x1bf0 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:36:47.0602 0x1bf0 NdisWan - ok
11:36:47.0618 0x1bf0 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:36:47.0633 0x1bf0 NDISWANLEGACY - ok
11:36:47.0665 0x1bf0 [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:36:47.0680 0x1bf0 NDProxy - ok
11:36:47.0696 0x1bf0 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
11:36:47.0711 0x1bf0 Ndu - ok
11:36:47.0727 0x1bf0 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:36:47.0727 0x1bf0 NetBIOS - ok
11:36:47.0743 0x1bf0 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:36:47.0774 0x1bf0 NetBT - ok
11:36:47.0774 0x1bf0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:36:47.0790 0x1bf0 Netlogon - ok
11:36:47.0821 0x1bf0 [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman C:\WINDOWS\System32\netman.dll
11:36:47.0852 0x1bf0 Netman - ok
11:36:47.0883 0x1bf0 [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm C:\WINDOWS\System32\netprofmsvc.dll
11:36:47.0915 0x1bf0 netprofm - ok
11:36:48.0024 0x1bf0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:36:48.0024 0x1bf0 NetTcpPortSharing - ok
11:36:48.0149 0x1bf0 [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64 C:\WINDOWS\system32\DRIVERS\NETwew00.sys
11:36:48.0243 0x1bf0 NETwNe64 - ok
11:36:48.0493 0x1bf0 [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64 C:\WINDOWS\system32\DRIVERS\NETwNs64.sys
11:36:48.0727 0x1bf0 NETwNs64 - ok
11:36:48.0774 0x1bf0 [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960 C:\WINDOWS\system32\drivers\nfrd960.sys
11:36:48.0790 0x1bf0 nfrd960 - ok
11:36:48.0821 0x1bf0 [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc C:\WINDOWS\System32\nlasvc.dll
11:36:48.0852 0x1bf0 NlaSvc - ok
11:36:48.0868 0x1bf0 [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] npf C:\WINDOWS\system32\drivers\npf.sys
11:36:48.0883 0x1bf0 npf - ok
11:36:48.0899 0x1bf0 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:36:48.0915 0x1bf0 Npfs - ok
11:36:48.0915 0x1bf0 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys
11:36:48.0930 0x1bf0 npsvctrig - ok
11:36:48.0993 0x1bf0 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi C:\WINDOWS\system32\nsisvc.dll
11:36:49.0008 0x1bf0 nsi - ok
11:36:49.0008 0x1bf0 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys
11:36:49.0024 0x1bf0 nsiproxy - ok
11:36:49.0087 0x1bf0 [ 76929F4A69E425911A63B407E26C2589, 17896DB6EDEF2637D159432DB61E8B5FA2F4F54B5F50BCD6215827C321ED2C2A ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:36:49.0149 0x1bf0 Ntfs - ok
11:36:49.0165 0x1bf0 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null C:\WINDOWS\system32\drivers\Null.sys
11:36:49.0180 0x1bf0 Null - ok
11:36:49.0555 0x1bf0 [ FDB03499693DEFD0B6754264C187F967, 7A011832868A685E37DFA7815AABABD7BE14D7E4F05FE1F5349E5BC96AA1DE82 ] nvlddmkm C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
11:36:49.0883 0x1bf0 nvlddmkm - ok
11:36:50.0040 0x1bf0 [ E024300408694566DDF65AB5E004F880, EE3B7863F993952308BFD8E4BB39F4D107BC94C0B97ED2A5BAAB8F4C9A6A67D0 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
11:36:50.0087 0x1bf0 NvNetworkService - ok
11:36:50.0102 0x1bf0 [ E468BB323598F1871B9EDC4725A195E6, 9731ECF4487472D91EB47B1BFCA3171237D250285E6B79D1C24547C118D0D9BC ] nvpciflt C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
11:36:50.0118 0x1bf0 nvpciflt - ok
11:36:50.0133 0x1bf0 [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys
11:36:50.0133 0x1bf0 nvraid - ok
11:36:50.0149 0x1bf0 [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys
11:36:50.0165 0x1bf0 nvstor - ok
11:36:50.0274 0x1bf0 [ 285F0E48D99FC882971A8BE107D2E74A, 224B8C232884725E5141AF9CA311940C38E7CDA12A5CC41C25F0D348E31769DA ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
11:36:50.0290 0x1bf0 NvStreamKms - ok
11:36:50.0821 0x1bf0 [ 465D714F8D79DEEBC5F0ED766C16DFFD, 6CF3E8C6BA456511541B77C63C9618C78B8C97ED087684ABE91F3BE84A5B79FD ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
11:36:51.0352 0x1bf0 NvStreamSvc - ok
11:36:51.0415 0x1bf0 [ 103C5A4A296D7958B2E150A15884B240, D57DCDD668CAE26AC4EDD30BF415421B8F63071245538FC8D940CD430A169445 ] nvsvc C:\WINDOWS\system32\nvvsvc.exe
11:36:51.0446 0x1bf0 nvsvc - ok
11:36:51.0477 0x1bf0 [ 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3, 4C3C36ADC9EC0FDED3E3FFC7918680B643652AD39458FAA8525392DAD0ABD845 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
11:36:51.0493 0x1bf0 nvvad_WaveExtensible - ok
11:36:51.0509 0x1bf0 [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys
11:36:51.0524 0x1bf0 nv_agp - ok
11:36:51.0602 0x1bf0 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:36:51.0634 0x1bf0 odserv - ok
11:36:51.0649 0x1bf0 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:36:51.0665 0x1bf0 ose - ok
11:36:51.0696 0x1bf0 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll
11:36:51.0727 0x1bf0 p2pimsvc - ok
11:36:51.0759 0x1bf0 [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc C:\WINDOWS\system32\p2psvc.dll
11:36:51.0790 0x1bf0 p2psvc - ok
11:36:51.0821 0x1bf0 [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport C:\WINDOWS\System32\drivers\parport.sys
11:36:51.0837 0x1bf0 Parport - ok
11:36:51.0884 0x1bf0 [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys
11:36:51.0899 0x1bf0 partmgr - ok
11:36:51.0930 0x1bf0 [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll
11:36:51.0946 0x1bf0 PcaSvc - ok
11:36:51.0962 0x1bf0 [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci C:\WINDOWS\system32\drivers\pci.sys
11:36:51.0977 0x1bf0 pci - ok
11:36:51.0993 0x1bf0 [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide C:\WINDOWS\system32\drivers\pciide.sys
11:36:51.0993 0x1bf0 pciide - ok
11:36:52.0009 0x1bf0 [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys
11:36:52.0024 0x1bf0 pcmcia - ok
11:36:52.0040 0x1bf0 [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw C:\WINDOWS\system32\drivers\pcw.sys
11:36:52.0040 0x1bf0 pcw - ok
11:36:52.0055 0x1bf0 [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc C:\WINDOWS\system32\drivers\pdc.sys
11:36:52.0071 0x1bf0 pdc - ok
11:36:52.0118 0x1bf0 [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys
11:36:52.0165 0x1bf0 PEAUTH - ok
11:36:52.0290 0x1bf0 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
11:36:52.0305 0x1bf0 PerfHost - ok
11:36:52.0368 0x1bf0 [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla C:\WINDOWS\system32\pla.dll
11:36:52.0415 0x1bf0 pla - ok
11:36:52.0430 0x1bf0 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll
11:36:52.0446 0x1bf0 PlugPlay - ok
11:36:52.0446 0x1bf0 PnkBstrA - ok
11:36:52.0462 0x1bf0 [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
11:36:52.0477 0x1bf0 PNRPAutoReg - ok
11:36:52.0509 0x1bf0 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll
11:36:52.0524 0x1bf0 PNRPsvc - ok
11:36:52.0555 0x1bf0 [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll
11:36:52.0587 0x1bf0 PolicyAgent - ok
11:36:52.0618 0x1bf0 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power C:\WINDOWS\system32\umpo.dll
11:36:52.0618 0x1bf0 Power - ok
11:36:52.0649 0x1bf0 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:36:52.0665 0x1bf0 PptpMiniport - ok
11:36:52.0821 0x1bf0 [ 9D59831262CAD44E709D695FC9D5E7AB, F95C5475F91DA667C8D5C96253944CE8A0F2C9B1ED4DF8703E5D1D47A0C730B5 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
11:36:52.0915 0x1bf0 PrintNotify - ok
11:36:52.0946 0x1bf0 [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor C:\WINDOWS\System32\drivers\processr.sys
11:36:52.0962 0x1bf0 Processor - ok
11:36:52.0993 0x1bf0 [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc C:\WINDOWS\system32\profsvc.dll
11:36:53.0009 0x1bf0 ProfSvc - ok
11:36:53.0040 0x1bf0 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys
11:36:53.0055 0x1bf0 Psched - ok
11:36:53.0087 0x1bf0 [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
11:36:53.0087 0x1bf0 PSI - ok
11:36:53.0118 0x1bf0 [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE C:\WINDOWS\system32\qwave.dll
11:36:53.0134 0x1bf0 QWAVE - ok
11:36:53.0149 0x1bf0 [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
11:36:53.0149 0x1bf0 QWAVEdrv - ok
11:36:53.0181 0x1bf0 [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:36:53.0181 0x1bf0 RasAcd - ok
11:36:53.0212 0x1bf0 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
11:36:53.0227 0x1bf0 RasAgileVpn - ok
11:36:53.0243 0x1bf0 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:36:53.0259 0x1bf0 RasAuto - ok
11:36:53.0290 0x1bf0 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:36:53.0305 0x1bf0 Rasl2tp - ok
11:36:53.0337 0x1bf0 [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:36:53.0352 0x1bf0 RasMan - ok
11:36:53.0368 0x1bf0 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:36:53.0384 0x1bf0 RasPppoe - ok
11:36:53.0399 0x1bf0 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp C:\WINDOWS\system32\DRIVERS\rassstp.sys
11:36:53.0415 0x1bf0 RasSstp - ok
11:36:53.0446 0x1bf0 [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:36:53.0477 0x1bf0 rdbss - ok
11:36:53.0509 0x1bf0 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
11:36:53.0524 0x1bf0 rdpbus - ok
11:36:53.0556 0x1bf0 [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys
11:36:53.0571 0x1bf0 RDPDR - ok
11:36:53.0602 0x1bf0 [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
11:36:53.0602 0x1bf0 RdpVideoMiniport - ok
11:36:53.0618 0x1bf0 [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:36:53.0634 0x1bf0 RDPWD - ok
11:36:53.0665 0x1bf0 [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
11:36:53.0681 0x1bf0 rdyboost - ok
11:36:53.0774 0x1bf0 [ 1791B1C8C72E13D193ADE659E7DB87C1, F0C1EA05283BB89ACBE721D0CDBB30FD8F1E75D5545158D29D6EC11E41B145BA ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:36:53.0790 0x1bf0 RegSrvc - ok
11:36:53.0821 0x1bf0 [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:36:53.0837 0x1bf0 RemoteAccess - ok
11:36:53.0884 0x1bf0 [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:36:53.0899 0x1bf0 RemoteRegistry - ok
11:36:53.0931 0x1bf0 [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
11:36:53.0946 0x1bf0 RFCOMM - ok
11:36:53.0962 0x1bf0 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll
11:36:53.0977 0x1bf0 RpcEptMapper - ok
11:36:54.0009 0x1bf0 [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:36:54.0024 0x1bf0 RpcLocator - ok
11:36:54.0071 0x1bf0 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:36:54.0087 0x1bf0 RpcSs - ok
11:36:54.0118 0x1bf0 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys
11:36:54.0134 0x1bf0 rspndr - ok
11:36:54.0181 0x1bf0 [ 7D9DA8EC6784A9EE213C676709D46BE6, 9861D1EF107F7D1590B89098EAEA7F509C1EF46999C37703F3766BAD733D8AD2 ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
11:36:54.0212 0x1bf0 RTL8168 - ok
11:36:54.0243 0x1bf0 [ B6105E2B2F81D8CBA5A5E005F97EA4F5, CDFDEEEB1C351DF0C55B4FFE318B93939DC57AC9919B64B2FC67F6D39CF4A77F ] rzendpt C:\WINDOWS\System32\drivers\rzendpt.sys
11:36:54.0243 0x1bf0 rzendpt - ok
11:36:54.0259 0x1bf0 [ D30A8C2D23A7AB6664028A9C72E1809E, 1F2486F02A332CA68BA82B69B0188861EA0BA470D0A8CA1C0A4A771D84BC3613 ] rzudd C:\WINDOWS\System32\drivers\rzudd.sys
11:36:54.0274 0x1bf0 rzudd - ok
11:36:54.0290 0x1bf0 [ 9B64E507A0A31F73AEAA1308A49064E2, A53BF15B20811DB6D100C77A7A9DC8D5229D3F0633C12B14EBF1FFDCED46DB73 ] rzvkeyboard C:\WINDOWS\System32\drivers\rzvkeyboard.sys
11:36:54.0290 0x1bf0 rzvkeyboard - ok
11:36:54.0306 0x1bf0 [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
11:36:54.0321 0x1bf0 s3cap - ok
11:36:54.0352 0x1bf0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs C:\WINDOWS\system32\lsass.exe
11:36:54.0352 0x1bf0 SamSs - ok
11:36:54.0368 0x1bf0 [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys
11:36:54.0384 0x1bf0 sbp2port - ok
11:36:54.0431 0x1bf0 [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll
11:36:54.0446 0x1bf0 SCardSvr - ok
11:36:54.0462 0x1bf0 [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys
11:36:54.0477 0x1bf0 scfilter - ok
11:36:54.0540 0x1bf0 [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:36:54.0587 0x1bf0 Schedule - ok
11:36:54.0618 0x1bf0 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll
11:36:54.0634 0x1bf0 SCPolicySvc - ok
11:36:54.0649 0x1bf0 [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys
11:36:54.0665 0x1bf0 sdbus - ok
11:36:54.0696 0x1bf0 [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC C:\WINDOWS\System32\SDRSVC.dll
11:36:54.0696 0x1bf0 SDRSVC - ok
11:36:54.0743 0x1bf0 [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys
11:36:54.0743 0x1bf0 sdstor - ok
11:36:54.0774 0x1bf0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys
11:36:54.0774 0x1bf0 secdrv - ok
11:36:54.0790 0x1bf0 [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon C:\WINDOWS\system32\seclogon.dll
11:36:54.0806 0x1bf0 seclogon - ok
11:36:54.0899 0x1bf0 [ 5E0E975998BF1612E18B898E5D17838B, 76C11C62DB8055F03F868685E8E2016D99D3FC48313CB51C69E7CEA589D80890 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
11:36:54.0946 0x1bf0 Secunia PSI Agent - ok
11:36:54.0977 0x1bf0 [ 508DD2E1D5F272B2D3196335DEA2BC26, 2BDC828DB9D9766445C345E82751FA7EF94A089EC84565675EDADE3EC7EB5748 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
11:36:54.0993 0x1bf0 Secunia Update Agent - ok
11:36:55.0009 0x1bf0 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS C:\WINDOWS\System32\sens.dll
11:36:55.0024 0x1bf0 SENS - ok
11:36:55.0040 0x1bf0 [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
11:36:55.0056 0x1bf0 SensrSvc - ok
11:36:55.0087 0x1bf0 [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys
11:36:55.0102 0x1bf0 SerCx - ok
11:36:55.0102 0x1bf0 [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys
11:36:55.0118 0x1bf0 Serenum - ok
11:36:55.0165 0x1bf0 [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial C:\WINDOWS\System32\drivers\serial.sys
11:36:55.0181 0x1bf0 Serial - ok
11:36:55.0181 0x1bf0 [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys
11:36:55.0181 0x1bf0 sermouse - ok
11:36:55.0212 0x1bf0 [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv C:\WINDOWS\system32\sessenv.dll
11:36:55.0227 0x1bf0 SessionEnv - ok
11:36:55.0243 0x1bf0 [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys
11:36:55.0259 0x1bf0 sfloppy - ok
11:36:55.0306 0x1bf0 [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:36:55.0321 0x1bf0 SharedAccess - ok
11:36:55.0368 0x1bf0 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:36:55.0399 0x1bf0 ShellHWDetection - ok
11:36:55.0399 0x1bf0 [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys
11:36:55.0415 0x1bf0 SiSRaid2 - ok
11:36:55.0431 0x1bf0 [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys
11:36:55.0431 0x1bf0 SiSRaid4 - ok
11:36:55.0462 0x1bf0 [ 23D6E5B073B9848D6B9973306A1E9591, 169F690898D4E85E3129C9C2FBD53D9A40DF68BDBDE7FE0E394808989173B649 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
11:36:55.0462 0x1bf0 SmbDrvI - ok
11:36:55.0477 0x1bf0 [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
11:36:55.0493 0x1bf0 SNMPTRAP - ok
11:36:55.0524 0x1bf0 [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys
11:36:55.0540 0x1bf0 spaceport - ok
11:36:55.0571 0x1bf0 [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys
11:36:55.0571 0x1bf0 SpbCx - ok
11:36:55.0602 0x1bf0 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler C:\WINDOWS\System32\spoolsv.exe
11:36:55.0634 0x1bf0 Spooler - ok
11:36:55.0790 0x1bf0 [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc C:\WINDOWS\system32\sppsvc.exe
11:36:55.0931 0x1bf0 sppsvc - ok
11:36:55.0946 0x1bf0 sptd - ok
11:36:55.0962 0x1bf0 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:36:55.0978 0x1bf0 srv - ok
11:36:56.0024 0x1bf0 [ 56218A571ECF8D55E0CDFF8DF2546CF1, 44B34722108EDDC8757A0B7C939A854457BB7EBC92A83C4284DFFAECFC2E3619 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys
11:36:56.0071 0x1bf0 srv2 - ok
11:36:56.0087 0x1bf0 [ 14FC338B80CFF7E04215133B568D15C4, 1F437BE0EC887097F0C3409D4198A20981FC325FDF915532AB85070D337DEF2B ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys
11:36:56.0118 0x1bf0 srvnet - ok
11:36:56.0181 0x1bf0 [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:36:56.0196 0x1bf0 SSDPSRV - ok
11:36:56.0259 0x1bf0 [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll
11:36:56.0274 0x1bf0 SstpSvc - ok
11:36:56.0290 0x1bf0 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
11:36:56.0306 0x1bf0 ssudmdm - ok
11:36:56.0353 0x1bf0 [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys
11:36:56.0353 0x1bf0 stexstor - ok
11:36:56.0415 0x1bf0 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc C:\WINDOWS\System32\wiaservc.dll
11:36:56.0446 0x1bf0 stisvc - ok
11:36:56.0462 0x1bf0 [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci C:\WINDOWS\system32\drivers\storahci.sys
11:36:56.0478 0x1bf0 storahci - ok
11:36:56.0493 0x1bf0 [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
11:36:56.0509 0x1bf0 storflt - ok
11:36:56.0524 0x1bf0 [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc C:\WINDOWS\system32\storsvc.dll
11:36:56.0540 0x1bf0 StorSvc - ok
11:36:56.0556 0x1bf0 [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys
11:36:56.0556 0x1bf0 storvsc - ok
11:36:56.0571 0x1bf0 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc C:\WINDOWS\system32\svsvc.dll
11:36:56.0587 0x1bf0 svsvc - ok
11:36:56.0603 0x1bf0 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum C:\WINDOWS\System32\drivers\swenum.sys
11:36:56.0603 0x1bf0 swenum - ok
11:36:56.0634 0x1bf0 [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv C:\WINDOWS\System32\swprv.dll
11:36:56.0665 0x1bf0 swprv - ok
11:36:56.0681 0x1bf0 [ EC3D443A4D29AA584DB8FD44C27E3262, F45711B62939B4F666251B3F949CDA55FAD6A0D7B52B424963C98585892013F4 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:36:56.0696 0x1bf0 SynTP - ok
11:36:56.0759 0x1bf0 [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain C:\WINDOWS\system32\sysmain.dll
11:36:56.0806 0x1bf0 SysMain - ok
11:36:56.0837 0x1bf0 [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
11:36:56.0853 0x1bf0 SystemEventsBroker - ok
11:36:56.0884 0x1bf0 [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
11:36:56.0899 0x1bf0 TabletInputService - ok
11:36:56.0915 0x1bf0 [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:36:56.0931 0x1bf0 TapiSrv - ok
11:36:57.0009 0x1bf0 [ 37D85E873C9531A2F88DD9C63D3F8A9E, C31FF8324962B72DAED445F0A264E3E2E51296DDC98A5914DCE155693FB18868 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys
11:36:57.0087 0x1bf0 Tcpip - ok
11:36:57.0149 0x1bf0 [ 37D85E873C9531A2F88DD9C63D3F8A9E, C31FF8324962B72DAED445F0A264E3E2E51296DDC98A5914DCE155693FB18868 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:36:57.0212 0x1bf0 TCPIP6 - ok
11:36:57.0259 0x1bf0 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
11:36:57.0274 0x1bf0 tcpipreg - ok
11:36:57.0290 0x1bf0 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys
11:36:57.0306 0x1bf0 tdx - ok
11:36:57.0306 0x1bf0 [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
11:36:57.0321 0x1bf0 terminpt - ok
11:36:57.0353 0x1bf0 [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService C:\WINDOWS\System32\termsrv.dll
11:36:57.0384 0x1bf0 TermService - ok
11:36:57.0399 0x1bf0 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes C:\WINDOWS\system32\themeservice.dll
11:36:57.0415 0x1bf0 Themes - ok
11:36:57.0446 0x1bf0 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER C:\WINDOWS\system32\mmcss.dll
11:36:57.0446 0x1bf0 THREADORDER - ok
11:36:57.0478 0x1bf0 [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll
11:36:57.0493 0x1bf0 TimeBroker - ok
11:36:57.0524 0x1bf0 [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM C:\WINDOWS\system32\drivers\tpm.sys
11:36:57.0540 0x1bf0 TPM - ok
11:36:57.0556 0x1bf0 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks C:\WINDOWS\System32\trkwks.dll
11:36:57.0571 0x1bf0 TrkWks - ok
11:36:57.0618 0x1bf0 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
11:36:57.0634 0x1bf0 TrustedInstaller - ok
11:36:57.0665 0x1bf0 [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
11:36:57.0681 0x1bf0 TsUsbFlt - ok
11:36:57.0696 0x1bf0 [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys
11:36:57.0712 0x1bf0 TsUsbGD - ok
11:36:57.0728 0x1bf0 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys
11:36:57.0743 0x1bf0 tunnel - ok
11:36:57.0759 0x1bf0 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys
11:36:57.0790 0x1bf0 uagp35 - ok
11:36:57.0806 0x1bf0 [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys
11:36:57.0806 0x1bf0 UASPStor - ok
11:36:57.0837 0x1bf0 [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys
11:36:57.0853 0x1bf0 UCX01000 - ok
11:36:57.0884 0x1bf0 [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys
11:36:57.0915 0x1bf0 udfs - ok
11:36:57.0931 0x1bf0 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe
11:36:57.0946 0x1bf0 UI0Detect - ok
11:36:57.0962 0x1bf0 [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys
11:36:57.0962 0x1bf0 uliagpkx - ok
11:36:57.0978 0x1bf0 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus C:\WINDOWS\System32\drivers\umbus.sys
11:36:57.0993 0x1bf0 umbus - ok
11:36:58.0009 0x1bf0 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass C:\WINDOWS\System32\drivers\umpass.sys
11:36:58.0024 0x1bf0 UmPass - ok
11:36:58.0040 0x1bf0 [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService C:\WINDOWS\System32\umrdp.dll
11:36:58.0056 0x1bf0 UmRdpService - ok
11:36:58.0150 0x1bf0 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:36:58.0165 0x1bf0 UNS - ok
11:36:58.0196 0x1bf0 [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:36:58.0228 0x1bf0 upnphost - ok
11:36:58.0259 0x1bf0 [ 30F02F642C2D141CAABD412B48A29D76, E94610E0CB46A9DD811AC03B028310D91E13B63A57A39749EEAC70FB5E729EE3 ] usb3Hub C:\WINDOWS\System32\drivers\usb3Hub.sys
11:36:58.0274 0x1bf0 usb3Hub - ok
11:36:58.0306 0x1bf0 [ 9E9F21FF91D7ECC0BCCB94D3FE52A959, 85461393D62ED939F6741C2D0A90C8AB34F4415173223BB4CFC119715D10E7A7 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:36:58.0321 0x1bf0 usbaudio - ok
11:36:58.0353 0x1bf0 [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys
11:36:58.0368 0x1bf0 usbccgp - ok
11:36:58.0400 0x1bf0 [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
11:36:58.0415 0x1bf0 usbcir - ok
11:36:58.0446 0x1bf0 [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys
11:36:58.0446 0x1bf0 usbehci - ok
11:36:58.0493 0x1bf0 [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys
11:36:58.0509 0x1bf0 usbhub - ok
11:36:58.0540 0x1bf0 [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys
11:36:58.0556 0x1bf0 USBHUB3 - ok
11:36:58.0603 0x1bf0 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys
11:36:58.0603 0x1bf0 usbohci - ok
11:36:58.0618 0x1bf0 [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys
11:36:58.0634 0x1bf0 usbprint - ok
11:36:58.0650 0x1bf0 [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:36:58.0665 0x1bf0 usbscan - ok
11:36:58.0696 0x1bf0 [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS
11:36:58.0696 0x1bf0 USBSTOR - ok
11:36:58.0743 0x1bf0 [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys
11:36:58.0759 0x1bf0 usbuhci - ok
11:36:58.0790 0x1bf0 [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys
11:36:58.0806 0x1bf0 usbvideo - ok
11:36:58.0821 0x1bf0 [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS
11:36:58.0837 0x1bf0 USBXHCI - ok
11:36:58.0853 0x1bf0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc C:\WINDOWS\system32\lsass.exe
11:36:58.0868 0x1bf0 VaultSvc - ok
11:36:58.0900 0x1bf0 [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys
11:36:58.0915 0x1bf0 vdrvroot - ok
11:36:58.0962 0x1bf0 [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds C:\WINDOWS\System32\vds.exe
11:36:58.0978 0x1bf0 vds - ok
11:36:58.0993 0x1bf0 [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys
11:36:59.0009 0x1bf0 VerifierExt - ok
11:36:59.0040 0x1bf0 [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys
11:36:59.0071 0x1bf0 vhdmp - ok
11:36:59.0087 0x1bf0 [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide C:\WINDOWS\system32\drivers\viaide.sys
11:36:59.0103 0x1bf0 viaide - ok
11:36:59.0150 0x1bf0 [ 71B51CF0B12E216D1FA8262B3B8E7DB4, E392CE09E02519AD2E31FB42ECEEDA5D252A9F3F1F9E137AA0726784EF7DFB71 ] vm332avs C:\WINDOWS\System32\Drivers\vm332avs.sys
11:36:59.0181 0x1bf0 vm332avs - ok
11:36:59.0212 0x1bf0 [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys
11:36:59.0228 0x1bf0 vmbus - ok
11:36:59.0228 0x1bf0 [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys
11:36:59.0243 0x1bf0 VMBusHID - ok
11:36:59.0290 0x1bf0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll
11:36:59.0306 0x1bf0 vmicheartbeat - ok
11:36:59.0321 0x1bf0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
11:36:59.0337 0x1bf0 vmickvpexchange - ok
11:36:59.0337 0x1bf0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv C:\WINDOWS\System32\ICSvc.dll
11:36:59.0368 0x1bf0 vmicrdv - ok
11:36:59.0368 0x1bf0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll
11:36:59.0384 0x1bf0 vmicshutdown - ok
11:36:59.0400 0x1bf0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync C:\WINDOWS\System32\ICSvc.dll
11:36:59.0415 0x1bf0 vmictimesync - ok
11:36:59.0431 0x1bf0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss C:\WINDOWS\System32\ICSvc.dll
11:36:59.0446 0x1bf0 vmicvss - ok
11:36:59.0462 0x1bf0 [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys
11:36:59.0462 0x1bf0 volmgr - ok
11:36:59.0478 0x1bf0 [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys
11:36:59.0493 0x1bf0 volmgrx - ok
11:36:59.0525 0x1bf0 [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys
11:36:59.0540 0x1bf0 volsnap - ok
11:36:59.0556 0x1bf0 [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci C:\WINDOWS\System32\drivers\vpci.sys
11:36:59.0556 0x1bf0 vpci - ok
11:36:59.0587 0x1bf0 [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys
11:36:59.0603 0x1bf0 vsmraid - ok
11:36:59.0665 0x1bf0 [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS C:\WINDOWS\system32\vssvc.exe
11:36:59.0728 0x1bf0 VSS - ok
11:36:59.0759 0x1bf0 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys
11:36:59.0775 0x1bf0 VSTXRAID - ok
11:36:59.0790 0x1bf0 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys
11:36:59.0790 0x1bf0 vwifibus - ok
11:36:59.0806 0x1bf0 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys
11:36:59.0821 0x1bf0 vwififlt - ok
11:36:59.0821 0x1bf0 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys
11:36:59.0837 0x1bf0 vwifimp - ok
11:36:59.0884 0x1bf0 [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time C:\WINDOWS\system32\w32time.dll
11:36:59.0900 0x1bf0 W32Time - ok
11:36:59.0915 0x1bf0 WacHidRouter - ok
11:36:59.0915 0x1bf0 [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys
11:36:59.0931 0x1bf0 WacomPen - ok
11:36:59.0931 0x1bf0 wacomrouterfilter - ok
11:36:59.0946 0x1bf0 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:36:59.0962 0x1bf0 Wanarp - ok
11:36:59.0962 0x1bf0 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6 C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:36:59.0978 0x1bf0 Wanarpv6 - ok
11:37:00.0040 0x1bf0 [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine C:\WINDOWS\system32\wbengine.exe
11:37:00.0087 0x1bf0 wbengine - ok
11:37:00.0118 0x1bf0 [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll
11:37:00.0134 0x1bf0 WbioSrvc - ok
11:37:00.0181 0x1bf0 [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll
11:37:00.0196 0x1bf0 Wcmsvc - ok
11:37:00.0228 0x1bf0 [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll
11:37:00.0243 0x1bf0 wcncsvc - ok
11:37:00.0259 0x1bf0 [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
11:37:00.0275 0x1bf0 WcsPlugInService - ok
11:37:00.0322 0x1bf0 [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd C:\WINDOWS\system32\drivers\wd.sys
11:37:00.0322 0x1bf0 Wd - ok
11:37:00.0353 0x1bf0 [ FD47DF026B32969B8A68721A0243E8EE, 57A7B9B40CEDADFB023AEDD9F29869F1B93EA2596F47B5DDC233D57FC585CCE1 ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys
11:37:00.0368 0x1bf0 WdBoot - ok
11:37:00.0400 0x1bf0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys
11:37:00.0431 0x1bf0 Wdf01000 - ok
11:37:00.0462 0x1bf0 [ 5F425D842DD6ADE9F95A51A0616AFAD7, 807B8E6A4FE443A362076C225F588A8C897CFE24A6367F4D461C8F6D3EF004C5 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys
11:37:00.0478 0x1bf0 WdFilter - ok
11:37:00.0493 0x1bf0 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
11:37:00.0509 0x1bf0 WdiServiceHost - ok
11:37:00.0525 0x1bf0 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
11:37:00.0540 0x1bf0 WdiSystemHost - ok
11:37:00.0587 0x1bf0 [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient C:\WINDOWS\System32\webclnt.dll
11:37:00.0603 0x1bf0 WebClient - ok
11:37:00.0618 0x1bf0 [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc C:\WINDOWS\system32\wecsvc.dll
11:37:00.0650 0x1bf0 Wecsvc - ok
11:37:00.0650 0x1bf0 [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll
11:37:00.0681 0x1bf0 wercplsupport - ok
11:37:00.0712 0x1bf0 [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc C:\WINDOWS\System32\WerSvc.dll
11:37:00.0728 0x1bf0 WerSvc - ok
11:37:00.0743 0x1bf0 [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
11:37:00.0759 0x1bf0 WFPLWFS - ok
11:37:00.0775 0x1bf0 [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll
11:37:00.0790 0x1bf0 WiaRpc - ok
11:37:00.0822 0x1bf0 [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys
11:37:00.0837 0x1bf0 WIMMount - ok
11:37:00.0853 0x1bf0 WinDefend - ok
11:37:00.0915 0x1bf0 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
11:37:00.0947 0x1bf0 WinHttpAutoProxySvc - ok
11:37:01.0009 0x1bf0 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:37:01.0040 0x1bf0 Winmgmt - ok
11:37:01.0134 0x1bf0 [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM C:\WINDOWS\system32\WsmSvc.dll
11:37:01.0228 0x1bf0 WinRM - ok
11:37:01.0259 0x1bf0 [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb C:\WINDOWS\system32\DRIVERS\WinUsb.sys
11:37:01.0275 0x1bf0 WinUsb - ok
11:37:01.0337 0x1bf0 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc C:\WINDOWS\System32\wlansvc.dll
11:37:01.0384 0x1bf0 WlanSvc - ok
11:37:01.0462 0x1bf0 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll
11:37:01.0525 0x1bf0 wlidsvc - ok
11:37:01.0556 0x1bf0 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys
11:37:01.0572 0x1bf0 WmiAcpi - ok
11:37:01.0603 0x1bf0 [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe
11:37:01.0618 0x1bf0 wmiApSrv - ok
11:37:01.0650 0x1bf0 WMPNetworkSvc - ok
11:37:01.0665 0x1bf0 [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
11:37:01.0681 0x1bf0 wpcfltr - ok
11:37:01.0728 0x1bf0 [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll
11:37:01.0743 0x1bf0 WPCSvc - ok
11:37:01.0759 0x1bf0 [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll
11:37:01.0775 0x1bf0 WPDBusEnum - ok
11:37:01.0806 0x1bf0 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
11:37:01.0806 0x1bf0 WpdUpFltr - ok
11:37:01.0837 0x1bf0 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:37:01.0853 0x1bf0 ws2ifsl - ok
11:37:01.0884 0x1bf0 [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc C:\WINDOWS\System32\wscsvc.dll
11:37:01.0900 0x1bf0 wscsvc - ok
11:37:01.0931 0x1bf0 [ 74EFDA0526862C3D8D01A776182798EA, 7C9AD6118CB344C63B60A8BA5FA8C85ADED30933821ABD1427857E826EFC2952 ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys
11:37:01.0947 0x1bf0 WSDPrintDevice - ok
11:37:01.0962 0x1bf0 [ FA07DF46070F0826139709EF4D31FB71, 8F46A55D5C4336536E7974C9CEAFED55E7E9E9BF133D2AD0F6A55174F70B2F03 ] WSDScan C:\WINDOWS\system32\DRIVERS\WSDScan.sys
11:37:01.0962 0x1bf0 WSDScan - ok
11:37:01.0978 0x1bf0 WSearch - ok
11:37:02.0072 0x1bf0 [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService C:\WINDOWS\System32\WSService.dll
11:37:02.0165 0x1bf0 WSService - ok
11:37:02.0197 0x1bf0 [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd C:\WINDOWS\system32\DRIVERS\wsvd.sys
11:37:02.0212 0x1bf0 wsvd - ok
11:37:02.0322 0x1bf0 [ 311E5E1976E0BD9110A88B93158055D5, F1AA738D6AD74C33785EEFE1FBE8A869AAB62417B7D079389293AB1209A849C1 ] wuauserv C:\WINDOWS\system32\wuaueng.dll
11:37:02.0415 0x1bf0 wuauserv - ok
11:37:02.0462 0x1bf0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
11:37:02.0478 0x1bf0 WudfPf - ok
11:37:02.0493 0x1bf0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
11:37:02.0509 0x1bf0 WUDFRd - ok
11:37:02.0540 0x1bf0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll
11:37:02.0556 0x1bf0 wudfsvc - ok
11:37:02.0572 0x1bf0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:37:02.0587 0x1bf0 WUDFWpdFs - ok
11:37:02.0603 0x1bf0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:37:02.0618 0x1bf0 WUDFWpdMtp - ok
11:37:02.0650 0x1bf0 [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc C:\WINDOWS\System32\wwansvc.dll
11:37:02.0665 0x1bf0 WwanSvc - ok
11:37:02.0712 0x1bf0 [ 6FDEE5E0741A3FFA5E5772C6C94E3F64, 859EBC7F8FF3CE9F3301B5BF93CF0C84C2A4271F205B67D9B8DC463DC67DE661 ] XHCIPort C:\WINDOWS\System32\drivers\XHCIPort.sys
11:37:02.0728 0x1bf0 XHCIPort - ok
11:37:02.0900 0x1bf0 [ 2AC426C57AC3D6A226D66E5A03223C90, 45AD44153D280E4066BA62260CE7733AC3DC23D59951BBCC0F8D4F5226F97203 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
11:37:02.0993 0x1bf0 ZeroConfigService - ok
11:37:02.0993 0x1bf0 ================ Scan global ===============================
11:37:03.0040 0x1bf0 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\WINDOWS\system32\basesrv.dll
11:37:03.0072 0x1bf0 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\WINDOWS\system32\winsrv.dll
11:37:03.0118 0x1bf0 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\WINDOWS\system32\sxssrv.dll
11:37:03.0150 0x1bf0 [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\WINDOWS\system32\services.exe
11:37:03.0165 0x1bf0 [ Global ] - ok
11:37:03.0165 0x1bf0 ================ Scan MBR ==================================
11:37:03.0165 0x1bf0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:37:03.0197 0x1bf0 \Device\Harddisk0\DR0 - ok
11:37:03.0212 0x1bf0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
11:37:04.0087 0x1bf0 \Device\Harddisk1\DR1 - ok
11:37:04.0087 0x1bf0 ================ Scan VBR ==================================
11:37:04.0087 0x1bf0 [ 4442C0A6C04745FB6E5882AD4133A05F ] \Device\Harddisk0\DR0\Partition1
11:37:04.0087 0x1bf0 \Device\Harddisk0\DR0\Partition1 - ok
11:37:04.0087 0x1bf0 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
11:37:04.0087 0x1bf0 \Device\Harddisk0\DR0\Partition2 - ok
11:37:04.0087 0x1bf0 [ 7D4CD281F9782D49DA51F9F6FA82A928 ] \Device\Harddisk1\DR1\Partition1
11:37:04.0103 0x1bf0 \Device\Harddisk1\DR1\Partition1 - ok
11:37:04.0134 0x1bf0 [ 3CF36EAD2469C67ACCB7D886203D1877 ] \Device\Harddisk1\DR1\Partition2
11:37:04.0165 0x1bf0 \Device\Harddisk1\DR1\Partition2 - ok
11:37:04.0181 0x1bf0 [ 60E867BF43E85A53E606029EDB86B4C9 ] \Device\Harddisk1\DR1\Partition3
11:37:04.0228 0x1bf0 \Device\Harddisk1\DR1\Partition3 - ok
11:37:04.0244 0x1bf0 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition4
11:37:04.0244 0x1bf0 \Device\Harddisk1\DR1\Partition4 - ok
11:37:04.0259 0x1bf0 [ 25397A095B029666AA67A3F43565A7E0 ] \Device\Harddisk1\DR1\Partition5
11:37:04.0259 0x1bf0 \Device\Harddisk1\DR1\Partition5 - ok
11:37:04.0290 0x1bf0 [ 90B8C7F7F116D89D5F3D2BE0D1FE6523 ] \Device\Harddisk1\DR1\Partition6
11:37:04.0306 0x1bf0 \Device\Harddisk1\DR1\Partition6 - ok
11:37:04.0322 0x1bf0 [ 6A34FFAA14A3769DBA0A8C51D4ADD22B ] \Device\Harddisk1\DR1\Partition7
11:37:04.0322 0x1bf0 \Device\Harddisk1\DR1\Partition7 - ok
11:37:04.0322 0x1bf0 ================ Scan generic autorun ======================
11:37:04.0369 0x1bf0 [ 2A7839D0AF1EBE4173FD7D652487C8A3, 5E4FC2D1E983C1759FA3590123EEE3F492685350B4D5FCDE0753BC23D7E69D32 ] C:\WINDOWS\system32\igfxtray.exe
11:37:04.0384 0x1bf0 IgfxTray - ok
11:37:04.0431 0x1bf0 [ C598B49A2E91FA2AF19B703D39F755DB, EBB9572BD00635576B7BFB4CD605BB702C19FB36480570D1AF48644EB366C0FA ] C:\WINDOWS\system32\hkcmd.exe
11:37:04.0447 0x1bf0 HotKeysCmds - ok
11:37:04.0462 0x1bf0 [ 343938B466553E657B438DC123A53037, 6181902478D7BAC7D6E763A629D10C5EA41982B4716DADFB5006ECFFEAAC3353 ] C:\WINDOWS\system32\igfxpers.exe
11:37:04.0478 0x1bf0 Persistence - ok
11:37:04.0540 0x1bf0 [ 552894CB0AB64664A48E544F4B50FEA2, 3C8B89444D5B32E01284C9C02448995E41FA4A29EE789170A43679AA119F7395 ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
11:37:04.0556 0x1bf0 AmIcoSinglun64 - ok
11:37:04.0556 0x1bf0 BTMTrayAgent - ok
11:37:04.0556 0x1bf0 SynTPEnh - ok
11:37:04.0556 0x1bf0 SynLenovoGestureMgr - ok
11:37:04.0619 0x1bf0 [ DD8C5A331E1F83510C5A788CB9AA8727, BDEDB9B9D3B0C16B217A67B9B02C9E339E133E4FE05E144DCB344D80C6786078 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
11:37:04.0650 0x1bf0 cAudioFilterAgent - ok
11:37:04.0665 0x1bf0 [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
11:37:04.0665 0x1bf0 ForteConfig - ok
11:37:04.0744 0x1bf0 [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
11:37:04.0790 0x1bf0 SmartAudio - detected UnsignedFile.Multi.Generic ( 1 )
11:37:07.0353 0x1bf0 Detect skipped due to KSN trusted
11:37:07.0353 0x1bf0 SmartAudio - ok
11:37:07.0853 0x1bf0 [ 65EE16AACAEBAF3D8EDEA422177B2DA0, D15F841043D04ACE2F3D376F0EA2A3F42B4FAAE78C82913529EB8576608D0B22 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
11:37:08.0213 0x1bf0 Energy Management - ok
11:37:08.0322 0x1bf0 [ 5EAF38FC08B9DE07AE8A3D814A3CF959, F9F1844F20106EE77664B848A056D6E06105647C61FC2F2B64BDFD05F76E7E3D ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
11:37:08.0338 0x1bf0 EnergyUtility - ok
11:37:08.0931 0x1bf0 [ C08AF3D7162084119A3089D40240E592, B68F51E176A1193496108E60999C96656A166B7868A6C403B329AA2DBA3EAFD2 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
11:37:08.0978 0x1bf0 NvBackend - ok
11:37:09.0041 0x1bf0 [ 3A6209AC494296C24C2065CB4392B5F4, 944556A8521D4E59EE35B364C9FB1A3846924D512E73C2CB32DD440022E6B1B5 ] C:\WINDOWS\system32\rundll32.exe
11:37:09.0072 0x1bf0 ShadowPlay - ok
11:37:09.0322 0x1bf0 [ E265333FED70984757A2506DE17CF381, B31FE2E6505C182B65FD73127165F4FF84D63C8BF53D644117FE15191E690369 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
11:37:09.0353 0x1bf0 AdobeAAMUpdater-1.0 - ok
11:37:09.0556 0x1bf0 [ FF0FAB199882C00D6DC54CA035865C49, BF4D65D96F8DC0057042C2A4B70106D156B0D13C75839935BC9051089363C495 ] C:\Program Files\iTunes\iTunesHelper.exe
11:37:09.0572 0x1bf0 iTunesHelper - ok
11:37:09.0681 0x1bf0 [ 3A5D0E1BF0D7B954FD3A8BE474FCAABA, 2B41DF59122496519C8B68518AD566F3B7F28BECD089BF15B50D3D78C7369760 ] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
11:37:09.0713 0x1bf0 332BigDog - ok
11:37:09.0838 0x1bf0 [ 50D1476C84446135A990F4939DC2DC1D, D062F92863E32EC075BD672F3C185CE8C9329F8B679D5508C396131B1DB30EF7 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
11:37:09.0853 0x1bf0 Dolby Home Theater v4 - ok
11:37:10.0072 0x1bf0 [ A1741C3B79F9DF8895E05EF43579E74B, 446094FDBA93518ABE1CDEC50E24AB60BC7CA78022A289AF5C21461778FD8001 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
11:37:10.0088 0x1bf0 YouCam Mirage - ok
11:37:10.0103 0x1bf0 [ 79EDDBCBFFC23585BC1495AFC03CC4D7, 325A6C067A52BAD7070C1C758EA69645FD8083AC6D0ABA8340BDBE1A712E005F ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
11:37:10.0119 0x1bf0 YouCam Tray - ok
11:37:10.0447 0x1bf0 [ E77D7E64EF93D0DFA5C3EC560B02FC0C, 4EE508B1D5A16AF71AC5E9C45F7A712A13EA25D6C8ED8B1FC4F1D1DF093F9BD5 ] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe
11:37:10.0494 0x1bf0 Smart Update - ok
11:37:10.0744 0x1bf0 [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
11:37:10.0760 0x1bf0 Intel AppUp(SM) center - ok
11:37:10.0885 0x1bf0 [ 574A817D9F08444166907FDC28DE4E0B, D3142EF23C5D07E17F0AC09D61B4AD1589DC39FD35C90AD768789CB14FF9C4C8 ] C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
11:37:10.0916 0x1bf0 KrakenLauncher - ok
11:37:11.0088 0x1bf0 [ FF568C146B9D2C2EE86DBEB1784DD739, 2BB426476650B3ADBB066D0D3ABC233629E25ADE9DCE7CD2630FAED4B08CAA5D ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
11:37:11.0166 0x1bf0 Adobe Creative Cloud - ok
11:37:11.0244 0x1bf0 [ 442CC2A5247327548826D284B7CC7287, 8005CB98F7519EDC84FE88009EE354B753929DDA71761571E68BECCBC3D88D02 ] C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
11:37:11.0291 0x1bf0 GDFirewallTray - ok
11:37:11.0306 0x1bf0 Waiting for KSN requests completion. In queue: 15
11:37:12.0322 0x1bf0 Waiting for KSN requests completion. In queue: 15
11:37:13.0338 0x1bf0 Waiting for KSN requests completion. In queue: 15
11:37:14.0353 0x1bf0 AV detected via SS2: G DATA INTERNET SECURITY, C:\Program Files (x86)\G DATA\InternetSecurity\AVK\avkwscpe.exe ( 25.1.0.0 ), 0x41010 ( enabled : outofdate )
11:37:14.0353 0x1bf0 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.3.215.0 ), 0x60100 ( disabled : updated )
11:37:14.0353 0x1bf0 FW detected via SS2: G*DATA Personal Firewall, C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe ( 22.0.0.1 ), 0x41010 ( enabled )
11:37:16.0776 0x1bf0 ============================================================
11:37:16.0776 0x1bf0 Scan finished
11:37:16.0776 0x1bf0 ============================================================
11:37:16.0776 0x0540 Detected object count: 0
11:37:16.0776 0x0540 Actual detected object count: 0
|
|
13.05.2015, 14:04
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
Task: {BFA4409F-C4A3-468C-B39B-11E48A0D8E10} - \Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002 No Task File <==== ATTENTION
RemoveProxy:
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.05.2015, 22:33
| #12 |
| | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtigCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Eli at 2015-05-15 23:19:31 Run:1
Running from C:\Users\Eli\Desktop\Trojaner Board
Loaded Profiles: Eli (Available profiles: Eli & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
Task: {BFA4409F-C4A3-468C-B39B-11E48A0D8E10} - \Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002 No Task File <==== ATTENTION
RemoveProxy:
EmptyTemp:
*****************
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA4409F-C4A3-468C-B39B-11E48A0D8E10} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002" => Key deleted successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
========= End of RemoveProxy: =========
EmptyTemp: => Removed 3.8 GB temporary data.
The system needed a reboot.
==== End of Fixlog 23:21:03 ====
|
|
16.05.2015, 12:29
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.05.2015, 22:36
| #14 |
| | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.05.2015 Suchlauf-Zeit: 15:20:03 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.18.03 Rootkit Datenbank: v2015.05.16.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: Eli Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 404265 Verstrichene Zeit: 28 Min, 44 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 3 PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CA228C2-B948-403D-83CD-C820283770A9}, In Quarantäne, [40dbc5d01179290ddb780f60739228d8], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CA228C2-B948-403D-83CD-C820283770A9}, In Quarantäne, [9f7c5f36701a82b4f75ccfa0ae5734cc], PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86C00F97-6B26-48E9-80E0-8B2598DC3BC3}, In Quarantäne, [64b755407c0e43f39db539361ce90bf5], Registrierungswerte: 3 PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CA228C2-B948-403D-83CD-C820283770A9}|AppName, e29da3ee-f709-4bd1-9e68-f6aed42bdb9f-2.exe-codedownloader.exe, In Quarantäne, [40dbc5d01179290ddb780f60739228d8] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CA228C2-B948-403D-83CD-C820283770A9}|AppName, e29da3ee-f709-4bd1-9e68-f6aed42bdb9f-2.exe-codedownloader.exe, In Quarantäne, [9f7c5f36701a82b4f75ccfa0ae5734cc] PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86C00F97-6B26-48E9-80E0-8B2598DC3BC3}|AppName, iWebar-enabler.exe-buttonutil.exe, In Quarantäne, [64b755407c0e43f39db539361ce90bf5] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 0 (Keine schädliche Elemente gefunden) Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f98c3b3f7f2ee54a8ec99f8bb931ecbc
# engine=23900
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-18 04:05:54
# local_time=2015-05-18 06:05:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7877267 59248629 0 0
# scanned=338893
# found=67
# cleaned=0
# scan_time=7793
sh=08A5CE348D319335A92076C65C1091277AFED1B9 ft=1 fh=158b9db86261fb7d vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=D0227C65B2F0F39645BD725986B09DB6E304724A ft=1 fh=7e4b7455bc0c3d48 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\Autodesk SketchBook - CHIP-Installer.exe"
sh=1297D09CC8DEAD0393BED14FAFCE2F9B65F27C13 ft=1 fh=9f3eda1b132edd36 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\MP3 schneiden 2015 - CHIP-Installer.exe"
sh=A2A621BC4263312E6E9268DE177F0D69D08611DC ft=1 fh=31688d33b9a64798 vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\MP3CutterSetup.exe"
sh=B0C76EBBBBC7233DA994EC5739F61A6BEF3966B1 ft=1 fh=ea0d0894559c4cce vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\PaintTool SAI - CHIP-Installer.exe"
sh=838B7CEDBDFC850CA951F4293CC74011F763A114 ft=1 fh=1cec1feb8e462f54 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\Secunia Personal Software Inspector PSI - CHIP-Installer.exe"
sh=4EC1CCC669F9573DB0FECA6803FBB247C24ECF45 ft=1 fh=301078c3b1327434 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\Thunderbird - CHIP-Installer.exe"
sh=4E625E1536AE21EF16121F600E6D2CD519A78F88 ft=1 fh=f22fcd0c28258089 vn="Variante von Win32/Packed.Komodia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\LavasoftTcpService.dll"
sh=4E625E1536AE21EF16121F600E6D2CD519A78F88 ft=1 fh=f22fcd0c28258089 vn="Variante von Win32/Packed.Komodia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\LavasoftTcpService.dll"
sh=EDAF8A2B6318DD482F0BBDC2A96C109697D86E5A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\arcadi2_sourceID_m[1].js"
sh=FBB7D706F207407D497E9D92FFAEB182CCDEECC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\base[1].js"
sh=140BE41E58E7CB6E9B38B4ED892886CED78C2E58 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\corticas_m[1].js"
sh=414BA1B7AEF9A844B50F88BC0548E60F296EF5F5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\corticas_ru_m[1].js"
sh=EE0C01CA81EBB2B46504012816E1B3EC0FE5F29C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\cortica_m[1].js"
sh=A7400B116369A3142513FD9A3E93134369137036 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\coupons_intext_ads_5_m[1].js"
sh=839E6E1F5A9176E34A973717146FCD1CBFB1F44C ft=1 fh=94e7912e1fc3f926 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\IminentMinibarIE[1].exe"
sh=CCC3C799A2C39E3513F5C5DBEC392D4C873732F6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.K evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\iminent[1].msi"
sh=64E1E6B4EF399CFE19D4D144505F344FF97E8CCB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\intext_fa_m[1].js"
sh=CF138C16214F3451EE8CF965CB30532461AA0614 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\superfish_no_search_no_coupons_m[1].js"
sh=5BD7B82662A263F1138F5E2A90138A8BFA5C4853 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\widdit_m[1].js"
sh=40364CD66B83A2B2D060BAF8948B89BBEF4E024B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\50onred_ads_only_no_fb_m[1].js"
sh=C7C186E54D042C9DCAACD170347F10C188AEC85D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\arcadi2_m[1].js"
sh=D67303051C4C06CDA7B352169D649F4AEFF862B6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\arcadi3_m[1].js"
sh=DED4D5AC65600899CE571E960D7B9D20DBEFD9BB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\coupish_m[1].js"
sh=DB51332A37F65FD4863EE1B8A5BA62A02DA885F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\ibario_pops_m[1].js"
sh=52E4B498947D3D88D7C6042611258238D71CA0C4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\monetizationLoader[1].js"
sh=1F2641FFCA5C1DACAAA217BE7C9989F7AC05C1A1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\similar_web_m[1].js"
sh=69C3AF55C20BCCC3E20E0FD53946E475A79FC691 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\superfish_m[1].js"
sh=288FB4BEC59EEF7E0827216B4286A69802EDC05F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\cortica_rollover_m[1].js"
sh=83CDCE21D2E22142F1D24D0C225529B9D8485EAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\dealply_m[1].js"
sh=1D0D0004624903CF66D059CC3EFB513926B2B8BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\icm_m[1].js"
sh=4666A52D4EEF9AD0B5BEF9DFF1A9163C17D03398 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\initializer[1].js"
sh=63362C65C083ABF77E174E7351F333927EB9A5C9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\luck_m[1].js"
sh=5DB1EA4D428D69A859A6A2D90A649C17BB42E02C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\revizer_p_m[1].js"
sh=A1AAE6746EE56E39AB7C51C70B8215BE3D0F4ACD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\revizer_ws_m[1].js"
sh=17455E3C3ACDC5230501BB3BA992829B8669DDC5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\superfish_no_coupons_m[1].js"
sh=F8BD38D50F0348CEF64D0B397BF6BAC1EC8A3CD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\ads_only_5_m[1].js"
sh=BA13B61D2A823E7CBBDC85CD5CE511946BC86E65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\debug[1].js"
sh=5F4085D36D3743A164582B9628469218ECD72EBA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\getdeal_m[1].js"
sh=C5DD383664008DA61501CCBAF1279A498CC468F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\icm1_5_m[1].js"
sh=60D25EF0BC5392D5A28A39F59C89C2D51915213B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\intext_5_m[1].js"
sh=24AA0A999D9AA9ED69DBD3AD37D4C0C1A4D8DC89 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\intext_adv_m[1].js"
sh=E008307C95AD4C1D040B009D307E13C03146B1BF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\jollywallet_m[1].js"
sh=2F35EDB7F0766853F74783CBC08D786A5A951C44 ft=1 fh=e60ee7886b57df84 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\MinibarChrome[1].exe"
sh=176D4038122B1FF7370825F721F36F73103C5873 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\superfish_pricora_m[1].js"
sh=E0C5DA830661148F1D2401700F094155E38A2BA0 ft=1 fh=53f7a24e2a3a886d vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\BackupSetup.exe"
sh=CE89DB7BD06670FD77A7C1B37FF1A66BB99DF770 ft=1 fh=0247e0c60ea383d8 vn="Variante von Win32/Toolbar.Iminent.K evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\IminentSetup_20130624.exe"
sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsh182D.exe"
sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsn1A22.exe"
sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsuF6E8.exe"
sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsvFAE0.exe"
sh=1A54ACCFE082C9E5DFE27DDC9F4DF2F0873BD16A ft=1 fh=495e9f00037b22a4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\BabMaint.exe"
sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\BExternal.dll"
sh=E7DA69DC319E3A568AF676E7C010E504D36769CF ft=1 fh=d44f21574d5abbac vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\BUSolForMontiera.dll"
sh=26E07D42BAB3A34C96AE91D3718CFFD471B58D1D ft=1 fh=c7113caa6531040e vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\BUSolution.dll"
sh=64F13C808BEAA930DD0D72293FBDCB2AB3A1907F ft=1 fh=78152fcda9790a4e vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\ChromeToolbarSetup.dll"
sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\CrxInstaller.dll"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\DSearchLink.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\IEHelper.dll"
sh=25EA5C7F4A48D166A2006CA37B936ECA340F58ED ft=1 fh=c71c0011e4611a52 vn="Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\MntrDLLInstall.dll"
sh=63B9ACAA33978D6BA181B45C51DABE9FF76B50AA ft=1 fh=75ac944de1f3f413 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\Setup.exe"
sh=FD77BC87BEE4F586A299540541FE37A2F7180FBE ft=1 fh=5fa0813bf2381fde vn="Win32/Toolbar.Babylon.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\bus9F21\CrxUpdater_d.exe"
sh=2B371F487F7913191E68EE2E12534E82AFDD3CB0 ft=1 fh=cc1a05615fab866c vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\Desk365\eInstall\eInstall.exe"
sh=8D42292E1F367536E3A0E40F8F8BE763A44BFFDC ft=1 fh=4e44c9fd2ff900af vn="Variante von MSIL/DomaIQ.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\Java.exe\fd408aac63dd468fbf89d48b3f3b830c\Java.exe"
sh=BCFC6E8124ABACDB78DA6A77E8295EB9161774DF ft=1 fh=950b2dabbce3725b vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\Java.exe\fd408aac63dd468fbf89d48b3f3b830c\software\DeltaTB.exe"
sh=6E8456842327BFF5D9E4626C4BC1ACF7D47B743B ft=1 fh=65f221955421308c vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\Java.exe\fd408aac63dd468fbf89d48b3f3b830c\software\speedupmypc.exe"
sh=CFEA4966763430CC0959E80BE57007C4E6796BE8 ft=1 fh=72a97c1669f92c5b vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsh5FB4.tmp\Helper.dll"
|
|
19.05.2015, 10:32
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtigZitat:
FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Eli\Downloads\Autodesk SketchBook - CHIP-Installer.exe
C:\Users\Eli\Downloads\MP3 schneiden 2015 - CHIP-Installer.exe
C:\Users\Eli\Downloads\MP3CutterSetup.exe
C:\Users\Eli\Downloads\PaintTool SAI - CHIP-Installer.exe
C:\Users\Eli\Downloads\Secunia Personal Software Inspector PSI - CHIP-Installer.exe
C:\Users\Eli\Downloads\Thunderbird - CHIP-Installer.exe
C:\Windows\System32\LavasoftTcpService.dll
C:\Windows\SysWOW64\LavasoftTcpService.dll
C:\Windows.old
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
