PC voll von Viren? ADWCleaner zeigt eine sehr lange Log-File!

LederLappen · 01.06.2015, 18:13

Hallo ihr lieben,

ADWCleaner zeigt, wie im Titel beschreiben, eine sehr lange Log-File an. Habe noch nichts gelöscht! Weil, davon auch keine Ahnung

Betriebssystem: Windows XP Sp3!

Danke schon mal für die Hilfe und hoffe es ist nicht zu schlimm?

M-K-D-B · 01.06.2015, 18:30

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

LederLappen · 01.06.2015, 20:47

Hier die Log-Dateien! Danke schon mal für schnelle Antwort

FRST first und danach Killer!

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Helge (administrator) on HANSA on 01-06-2015 21:11:41
Running from C:\Documents and Settings\Helge\Desktop
Loaded Profiles: Helge (Available Profiles: Helge)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation ) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
() C:\Program Files\Winamp\winampa.exe
(Siano Mobile Silicon) C:\Program Files\Siano Mobile Silicon\SMS\SmsIRProcess.exe
(Apple Inc.) C:\creezy\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe
(Dropbox, Inc.) C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\Helge\LOCALS~1\Temp\RtkBtMnt.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Spotify Ltd) C:\SpotifyWebHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1028096 2009-08-08] (Synaptics, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16858112 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2009-08-08] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [999424 2008-01-09] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2008-01-09] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [12288 2003-04-17] ()
HKLM\...\Run: [SmsIrProcess] => C:\Program Files\Siano Mobile Silicon\SMS\SmsIrProcess.exe [90112 2014-04-27] (Siano Mobile Silicon)
HKLM\...\Run: [iTunesHelper] => C:\creezy\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [Taplika] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Helge\APPLIC~1\Taplika\UpdateProc\bkup.dat"
HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [Spotify Web Helper] => C:\SpotifyWebHelper.exe [2021944 2015-06-01] (Spotify Ltd)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\RunOnce: [Taplika] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Helge\APPLIC~1\Taplika\UpdateProc\bkup.dat"
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\MountPoints2: {cedb9ff6-6c91-11e2-a41d-001f3b23b875} - G:\PMCsetup.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [Taplika] => C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Helge\APPLIC~1\Taplika\UpdateProc\bkup.dat"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk [2016-03-05]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe (ArcSoft, Inc.)
Startup: C:\Documents and Settings\Helge\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-20]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hp&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735&q={searchTerms}
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://taplika.com/?f=2&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1424766930&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WXE908LK2735K2735&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1343024091-562591055-1801674531-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1343024091-562591055-1801674531-1004 -> {589B893E-773C-4941-88C2-0DCC718E621C} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-20] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 25 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984 2015-03-20] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default
FF SelectedSearchEngine: Google
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\creezy\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF user.js: detected! => C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\user.js [2015-02-26]
FF SearchPlugin: C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\searchplugins\Taplika.xml [2015-02-26]
FF Extension: Avira Browser Safety - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: SmartSaver+ 8.1 - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\KUKDSXGS67213349@EDCBUFV5900769.com [2015-05-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-20]
FF Extension: Browser Good 1.0.1 - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\{62eca849-70b6-47ed-932e-18163afa5bee}.xpi [2015-02-26]
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\extensions\faststartff@gmail.com
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-06-01]

Chrome: 
=======
CHR HomePage: Default -> hxxp://taplika.com/?f=1&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
CHR StartupUrls: Default -> "hxxp://taplika.com/?f=7&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir="
CHR DefaultSearchKeyword: Default -> taplika.com
CHR DefaultSearchURL: Default -> hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll No File
CHR Profile: C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (avast! WebRep) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-09-02]
CHR Extension: (Taplika New Tab) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn [2015-03-20]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lfkjojacgdjkninepeghaamnapdjmlfn] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [823296 2008-01-09] (Intel Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [438272 2008-04-14] (Microsoft Corporation) [File not signed]
R2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159812 2008-06-18] (NVIDIA Corporation) [File not signed]
R2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2008-01-09] (Intel Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
R2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1187840 2008-01-09] (Intel Corporation ) [File not signed]
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-09-02] (Cisco Systems, Inc.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [107400 2015-05-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2015-05-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-02] (DT Soft Ltd)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2009-08-08] (Atheros Communications, Inc.)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2529280 2008-01-09] (Intel Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6010752 2008-06-18] (NVIDIA Corporation) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-12] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-12] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2008-01-02] (Intel Corporation)
S3 smsbda; C:\WINDOWS\System32\drivers\smsbda.sys [71944 2014-03-23] (Siano)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
R1 {15005ce0-4adb-4842-9f2a-405172e87bce}t; C:\WINDOWS\System32\drivers\{15005ce0-4adb-4842-9f2a-405172e87bce}t.sys [55832 2015-03-12] () [File not signed]
R1 {62eca849-70b6-47ed-932e-18163afa5bee}Gt; C:\WINDOWS\System32\drivers\{62eca849-70b6-47ed-932e-18163afa5bee}Gt.sys [55832 2015-02-26] () [File not signed]
R1 {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t; C:\WINDOWS\System32\drivers\{c44114b8-1134-4aeb-950a-2e0ff4eceaae}t.sys [55832 2015-03-10] () [File not signed]
S3 cpuz134; \??\C:\DOCUME~1\Helge\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 07:59 - 2016-03-05 07:59 - 00001675 _____ () C:\Documents and Settings\Helge\Desktop\ArcSoft TV 5.0.lnk
2016-03-05 07:59 - 2016-03-05 07:59 - 00000000 ____D () C:\Program Files\ArcSoft
2016-03-05 07:59 - 2016-03-05 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft TV
2016-03-05 07:59 - 2005-07-16 03:35 - 00245408 _____ (Microsoft Corporation) C:\WINDOWS\system32\unicows.dll
2016-03-05 07:56 - 2016-03-05 07:56 - 00000000 ____D () C:\Program Files\Siano Mobile Silicon
2016-03-05 07:56 - 2016-03-05 07:56 - 00000000 ____D () C:\Program Files\Common Files\Siano Mobile Silicon
2016-03-05 07:56 - 2014-03-23 17:32 - 00071944 _____ (Siano) C:\WINDOWS\system32\Drivers\smsbda.sys
2016-03-05 07:56 - 2014-03-23 17:32 - 00021768 _____ (Siano) C:\WINDOWS\system32\smsprops.dll
2016-03-04 15:26 - 2016-03-04 15:26 - 00009642 _____ () C:\WINDOWS\KB2868038.log
2016-03-04 15:26 - 2016-03-04 15:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2016-03-04 15:25 - 2016-03-04 15:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2016-03-04 15:25 - 2016-03-04 15:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2016-03-04 15:24 - 2016-03-04 15:25 - 00008561 _____ () C:\WINDOWS\KB2803821-v2.log
2016-03-04 15:24 - 2016-03-04 15:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2016-03-04 15:23 - 2016-03-04 15:23 - 00008474 _____ () C:\WINDOWS\KB2909210-IE8.log
2016-03-04 15:23 - 2016-03-04 15:23 - 00006743 _____ () C:\WINDOWS\KB2510531-IE8.log
2016-03-04 15:23 - 2016-03-04 15:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2016-03-04 15:23 - 2015-02-10 22:23 - 00000000 ____D () C:\WINDOWS\ie8updates
2016-03-04 15:23 - 2015-02-10 22:02 - 00019174 _____ () C:\WINDOWS\KB2936068-IE8.log
2016-03-04 15:19 - 2016-03-04 15:19 - 00004470 _____ () C:\WINDOWS\KB2914368.log
2016-03-04 15:19 - 2016-03-04 15:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2016-03-04 14:42 - 2008-04-14 06:42 - 00363520 _____ () C:\WINDOWS\system32\PsisDecd.dll
2016-03-04 14:42 - 2008-04-14 06:42 - 00363520 _____ () C:\WINDOWS\system32\dllcache\psisdecd.dll
2016-03-04 14:42 - 2008-04-14 06:42 - 00056832 _____ () C:\WINDOWS\system32\MSDvbNP.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00056832 _____ () C:\WINDOWS\system32\dllcache\msdvbnp.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00033280 _____ () C:\WINDOWS\system32\PsisRndr.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00033280 _____ () C:\WINDOWS\system32\dllcache\psisrndr.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdaPlgIn.ax
2016-03-04 14:42 - 2008-04-14 01:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MPE.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BdaSup.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2016-03-04 14:40 - 2016-03-05 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ArcSoft
2016-03-04 14:40 - 2016-03-04 14:40 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\ArcSoft
2016-03-04 14:40 - 2005-02-23 15:58 - 00011776 _____ (Arcsoft, Inc.) C:\WINDOWS\system32\Drivers\afc.sys
2015-06-01 21:11 - 2015-06-01 21:12 - 00023289 _____ () C:\Documents and Settings\Helge\Desktop\FRST.txt
2015-06-01 21:11 - 2015-06-01 21:11 - 00000000 ____D () C:\FRST
2015-06-01 21:10 - 2015-06-01 21:10 - 01147392 _____ (Farbar) C:\Documents and Settings\Helge\Desktop\FRST.exe
2015-06-01 18:37 - 2015-06-01 18:38 - 00000000 ____D () C:\AdwCleaner
2015-06-01 13:30 - 2015-06-01 13:31 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-06-01 03:10 - 2015-06-01 03:10 - 00000000 ____D () C:\Documents and Settings\Helge\Desktop\New Folder
2015-05-20 23:44 - 2015-05-31 20:45 - 00000000 ___RD () C:\Documents and Settings\Helge\My Documents\Dropbox
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D () C:\Program Files\Dropbox
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D () C:\Documents and Settings\Helge\Start Menu\Programs\Dropbox
2015-05-20 23:41 - 2015-05-31 20:25 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\Dropbox
2015-05-15 10:51 - 2015-06-01 14:25 - 00000020 _____ () C:\inst_ver.dat
2015-05-15 10:51 - 2015-06-01 14:24 - 41287224 _____ () C:\libcef.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 10457856 _____ () C:\icudtl.dat
2015-05-15 10:51 - 2015-06-01 14:24 - 07323192 _____ (Spotify Ltd) C:\Spotify.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 04253463 _____ () C:\devtools_resources.pak
2015-05-15 10:51 - 2015-06-01 14:24 - 03457592 _____ (Microsoft Corporation) C:\d3dcompiler_47.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 02106424 _____ (Microsoft Corporation) C:\d3dcompiler_43.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 02021944 _____ (Spotify Ltd) C:\SpotifyWebHelper.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 02018406 _____ () C:\cef.pak
2015-05-15 10:51 - 2015-06-01 14:24 - 01488440 _____ () C:\libGLESv2.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 00968248 _____ (The Chromium Authors) C:\ffmpegsumo.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 00777272 _____ (Spotify Ltd) C:\SpotifyCrashService.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 00598403 _____ () C:\cef_200_percent.pak
2015-05-15 10:51 - 2015-06-01 14:24 - 00444515 _____ () C:\cef_100_percent.pak
2015-05-15 10:51 - 2015-06-01 14:24 - 00124472 _____ (Spotify Ltd) C:\SpotifyLauncher.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 00079928 _____ () C:\libEGL.dll
2015-05-15 10:51 - 2015-06-01 14:24 - 00073272 _____ () C:\wow_helper.exe
2015-05-15 10:51 - 2015-06-01 14:24 - 00000000 ____D () C:\locales
2015-05-15 10:51 - 2015-05-15 10:51 - 00000000 ____D () C:\pdf.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 07:58 - 2012-10-10 20:12 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2016-03-05 07:58 - 2012-09-03 21:22 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2016-03-05 07:52 - 2013-01-11 19:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
2016-03-05 07:52 - 2013-01-11 19:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2016-03-04 15:25 - 2014-05-31 15:24 - 00012818 _____ () C:\WINDOWS\KB2893294.log
2016-03-04 15:24 - 2014-05-31 15:24 - 00012318 _____ () C:\WINDOWS\KB2892075.log
2016-03-04 15:23 - 2013-04-08 17:33 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2016-03-04 15:23 - 2012-09-02 01:15 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2016-02-27 07:02 - 2014-07-07 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Diablo
2015-06-01 21:12 - 2012-09-01 22:39 - 00000000 ____D () C:\Documents and Settings\Helge\Local Settings\Temp
2015-06-01 20:50 - 2012-09-02 00:14 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 20:36 - 2015-02-24 10:36 - 00003090 _____ () C:\WINDOWS\Tasks\11a623c5-4868-4253-879e-252a0911b26b-1-6.job
2015-06-01 17:17 - 2012-09-01 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-06-01 16:21 - 2015-02-10 21:05 - 00000000 ____D () C:\Documents and Settings\Helge\Local Settings\Application Data\Spotify
2015-06-01 16:05 - 2015-02-10 21:04 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\Spotify
2015-06-01 11:53 - 2012-09-02 00:05 - 00000507 _____ () C:\WINDOWS\system32\nvapps.xml
2015-06-01 11:11 - 2012-09-01 20:43 - 01426023 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-01 10:50 - 2012-09-02 00:14 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 20:29 - 2012-09-01 21:32 - 00521886 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-31 20:25 - 2004-08-12 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-31 20:24 - 2012-09-01 21:35 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-05-31 20:24 - 2012-09-01 21:35 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-05-31 20:23 - 2015-02-10 22:35 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-31 20:23 - 2012-09-01 22:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-31 20:22 - 2012-09-01 22:39 - 00000178 ___SH () C:\Documents and Settings\Helge\ntuser.ini
2015-05-31 20:22 - 2012-09-01 22:39 - 00000000 ____D () C:\Documents and Settings\Helge
2015-05-31 20:22 - 2012-09-01 22:36 - 00032552 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-31 14:49 - 2012-09-01 22:38 - 00000000 __SHD () C:\WINDOWS\CSC
2015-05-24 15:21 - 2015-03-20 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-05-24 15:21 - 2012-09-01 22:36 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-24 15:19 - 2015-03-20 00:51 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-24 15:19 - 2015-03-20 00:51 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-24 15:19 - 2015-03-20 00:51 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-05-21 15:04 - 2013-04-03 16:58 - 00464547 _____ () C:\WINDOWS\setupapi.log
2015-05-15 11:05 - 2012-09-01 21:31 - 00123728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 16:14 - 2015-02-10 21:05 - 00001860 _____ () C:\Documents and Settings\Helge\Start Menu\Programs\Spotify.lnk
2015-05-13 12:39 - 2012-09-02 00:07 - 00020440 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-13 12:16 - 2015-03-20 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache

==================== Files in the root of some directories =======

2015-01-25 18:12 - 2015-01-25 18:12 - 0002086 _____ () C:\Documents and Settings\Helge\Application Data\ACFAF
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Documents and Settings\Helge\Application Data\SQKPEW
2015-02-27 11:43 - 2015-03-20 01:08 - 0000110 _____ () C:\Documents and Settings\Helge\Application Data\WB.CFG
2012-09-03 21:41 - 2015-03-26 04:52 - 0035328 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-09 08:29 - 2015-03-09 08:29 - 0274045 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\dsi1.dat
2015-03-09 08:29 - 2015-03-09 08:29 - 0161916 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\dsi2.dat
2012-09-02 00:24 - 2012-09-02 00:24 - 0007199 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\HWVendorDetection.log

Some files in TEMP:
====================
C:\Documents and Settings\Helge\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Helge\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Helge\Local Settings\Temp\binkw32.dll
C:\Documents and Settings\Helge\Local Settings\Temp\d2l_Install.exe
C:\Documents and Settings\Helge\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\Helge\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsunzpg.dll
C:\Documents and Settings\Helge\Local Settings\Temp\ReimagePackage.exe
C:\Documents and Settings\Helge\Local Settings\Temp\ReiSysUpdate.exe
C:\Documents and Settings\Helge\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Helge\Local Settings\Temp\supoptsetup.exe
C:\Documents and Settings\Helge\Local Settings\Temp\sysrestore.exe
C:\Documents and Settings\Helge\Local Settings\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Helge at 2015-06-01 21:12:30
Running from C:\Documents and Settings\Helge\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1343024091-562591055-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1343024091-562591055-1801674531-1005 - Limited - Enabled)
Guest (S-1-5-21-1343024091-562591055-1801674531-501 - Limited - Disabled)
Helge (S-1-5-21-1343024091-562591055-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Helge
HelpAssistant (S-1-5-21-1343024091-562591055-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-562591055-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TV 5.0 (HKLM\...\{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}) (Version: 5.0.28.218 - ArcSoft, Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM\...\Battle.net) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Good (HKLM\...\Browser Good) (Version: 2015.02.26.150430 - Browser Good) <==== ATTENTION
Command & Conquer Renegade (HKLM\...\Renegade) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Diablo (HKLM\...\Diablo) (Version:  - )
Dropbox (HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Far Cry (Version: 1.00.0000 - Ihr Firmenname) Hidden
Frontschweine (HKLM\...\Hogs Of War) (Version: 1.0 - Infogrames)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0.0 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
mCore (Version: 11.50.0000 - Intel Corporation) Hidden
mDriver (Version: 11.50.0000 - Intel) Hidden
mDrWiFi (Version: 11.50.0000 - Intel Corporation) Hidden
mHelp (Version: 11.50.0000 - Intel) Hidden
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 11.50.0000 - Intel Corporation) Hidden
mLogView (Version: 11.50.0000 - Intel Corporation) Hidden
mMHouse (Version: 11.50.0000 - Intel Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
mPfMgr (Version: 11.50.0000 - Intel Corporation) Hidden
mPfWiz (Version: 11.50.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 11.50.0000 - Intel Corporation) Hidden
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUI Help Package - DEU (Version:  - Microsoft Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mZConfig (Version: 11.50.0000 - Intel Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Prey (HKLM\...\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}) (Version: 1.0 - Human Head Studios)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Sid Meier's Colonization 1.0 (HKLM\...\Sid Meier's Colonization) (Version: 1.0 - 2K Games)
SMS (HKLM\...\InstallShield_{CA86CD92-22BB-4BBE-A6A5-BF1B4BAD791A}) (Version: 5.1.59 - Siano Mobile Silicon)
SMS (Version: 5.1.59 - Siano Mobile Silicon) Hidden
Spotify (HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
Titan Quest (HKLM\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
VirtualDJ Home FREE (HKLM\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (nur entfernen) (HKLM\...\Winamp) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-01-2016 11:14:46 System Checkpoint
02-02-2016 11:17:01 System Checkpoint
15-02-2016 11:17:54 System Checkpoint
20-02-2016 11:14:49 System Checkpoint
22-02-2016 11:16:20 System Checkpoint
23-02-2016 11:16:31 System Checkpoint
27-02-2016 05:46:25 System Checkpoint
28-02-2016 06:04:27 System Checkpoint
29-02-2016 06:40:39 System Checkpoint
01-03-2016 06:54:40 System Checkpoint
04-03-2016 14:39:52 Installiert ArcSoft TV
04-03-2016 14:40:53 Installed SMS
04-03-2016 14:42:33 Unsigned driver install
04-03-2016 14:47:50 Unsigned driver install
04-03-2016 14:50:49 Configured SMS
04-03-2016 14:53:31 Entfernt ArcSoft TV
04-03-2016 14:53:59 Configured SMS
04-03-2016 14:54:27 Installed SMS
04-03-2016 14:57:35 Installiert ArcSoft TV
04-03-2016 15:00:07 Unsigned driver install
04-03-2016 15:02:11 Unsigned driver install
04-03-2016 15:03:02 Entfernt ArcSoft TV
04-03-2016 15:03:29 Configured SMS
04-03-2016 15:04:11 Installed SMS
04-03-2016 15:04:47 Unsigned driver install
04-03-2016 15:06:36 Installiert ArcSoft TV
04-03-2016 15:10:54 Unsigned driver install
04-03-2016 15:19:46 Software Distribution Service 3.0
05-03-2016 07:54:23 Configured SMS
05-03-2016 07:55:34 Entfernt ArcSoft TV
05-03-2016 07:56:37 Installed SMS
05-03-2016 07:57:44 Unsigned driver install
05-03-2016 07:58:57 Installiert ArcSoft TV
15-09-2014 19:45:23 System Checkpoint
18-09-2014 19:54:17 System Checkpoint
23-09-2014 20:21:32 System Checkpoint
25-09-2014 20:43:43 System Checkpoint
30-09-2014 20:24:33 System Checkpoint
06-10-2014 21:47:10 System Checkpoint
08-10-2014 20:23:13 System Checkpoint
09-10-2014 20:46:48 System Checkpoint
15-10-2014 20:59:33 System Checkpoint
20-10-2014 19:54:04 System Checkpoint
21-10-2014 20:45:14 System Checkpoint
22-10-2014 21:20:50 System Checkpoint
27-10-2014 21:44:41 System Checkpoint
28-10-2014 21:53:16 System Checkpoint
30-10-2014 21:53:18 System Checkpoint
03-11-2014 21:47:25 System Checkpoint
06-11-2014 22:03:10 System Checkpoint
11-11-2014 21:23:59 System Checkpoint
13-11-2014 21:52:42 System Checkpoint
17-11-2014 21:46:31 System Checkpoint
18-11-2014 22:02:13 System Checkpoint
20-11-2014 21:48:34 System Checkpoint
24-11-2014 20:39:52 System Checkpoint
25-11-2014 22:51:23 System Checkpoint
27-11-2014 22:31:27 System Checkpoint
10-12-2014 21:06:43 System Checkpoint
06-01-2015 22:01:29 System Checkpoint
08-01-2015 21:25:06 System Checkpoint
12-01-2015 21:07:08 System Checkpoint
13-01-2015 22:03:21 System Checkpoint
15-01-2015 22:00:01 System Checkpoint
16-01-2015 22:04:35 System Checkpoint
30-01-2015 21:53:47 System Checkpoint
09-02-2015 22:30:01 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
09-02-2015 22:30:26 OpenOffice 4.1.1 wird installiert
10-02-2015 21:30:38 iTunes wird installiert
10-02-2015 22:02:18 Software Distribution Service 3.0
11-02-2015 04:31:12 Software Distribution Service 3.0
24-02-2015 10:34:56 Uniblue SpeedUpMyPC installation
24-02-2015 10:35:52 Uniblue DriverScanner installation
26-02-2015 17:43:20 Software Distribution Service 3.0
10-03-2015 21:19:27 Unsigned driver install
12-03-2015 12:42:40 System Checkpoint
20-03-2015 01:01:41 Avira Free Antivirus - 3/20/2015 0:01
20-03-2015 01:09:29 avast! Free Antivirus Setup
20-03-2015 01:13:00 Avira Free Antivirus - 3/20/2015 0:12
20-03-2015 01:18:09 Software Distribution Service 3.0
20-03-2015 01:59:57 Software Distribution Service 3.0
24-03-2015 22:00:01 System Checkpoint
25-03-2015 22:03:46 System Checkpoint
26-03-2015 20:23:38 Unsigned driver install
29-03-2015 03:32:04 System Checkpoint
30-03-2015 17:32:00 System Checkpoint
02-04-2015 13:03:00 System Checkpoint
03-04-2015 22:07:58 System Checkpoint
13-04-2015 12:21:25 System Checkpoint
13-05-2015 17:20:00 System Checkpoint
14-05-2015 21:39:59 System Checkpoint
21-05-2015 01:40:27 System Checkpoint
23-05-2015 00:36:32 System Checkpoint
24-05-2015 16:12:46 System Checkpoint
25-05-2015 16:28:21 System Checkpoint
27-05-2015 13:31:36 System Checkpoint
28-05-2015 20:38:20 System Checkpoint
29-05-2015 20:58:40 System Checkpoint
30-05-2015 21:08:26 System Checkpoint
01-06-2015 16:36:30 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-12 14:00 - 2004-08-12 14:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\11a623c5-4868-4253-879e-252a0911b26b-1-6.job => C:\Program Files\ss8\11a623c5-4868-4253-879e-252a0911b26b-1-6.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2008-01-09 09:49 - 2008-01-09 09:49 - 00245760 _____ () C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
2012-09-02 00:05 - 2008-06-18 07:46 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2003-04-17 08:54 - 2003-04-17 08:54 - 00012288 _____ () C:\Program Files\Winamp\Winampa.exe
2016-03-05 07:59 - 2007-04-19 10:33 - 00035584 _____ () C:\Program Files\ArcSoft\ArcSoft TV 5.0\uPiApi.dll
2007-04-02 18:19 - 2007-04-02 18:19 - 00355112 _____ () C:\WINDOWS\system32\msjetoledb40.dll
2016-03-05 07:59 - 2013-09-02 10:45 - 00016384 _____ () C:\Program Files\ArcSoft\ArcSoft TV 5.0\uTVMUIEngine.dll
2015-05-31 20:25 - 2015-05-31 20:25 - 00043008 _____ () c:\Documents and Settings\Helge\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsunzpg.dll
2015-05-20 23:43 - 2015-03-04 23:45 - 00750080 _____ () C:\Documents and Settings\Helge\Application Data\Dropbox\bin\libGLESv2.dll
2015-05-20 23:43 - 2015-03-04 23:45 - 00047616 _____ () C:\Documents and Settings\Helge\Application Data\Dropbox\bin\libEGL.dll
2015-05-20 23:43 - 2015-03-04 23:45 - 00865280 _____ () C:\Documents and Settings\Helge\Application Data\Dropbox\bin\plugins\platforms\qwindows.dll
2015-05-20 23:43 - 2015-03-04 23:45 - 00200704 _____ () C:\Documents and Settings\Helge\Application Data\Dropbox\bin\plugins\imageformats\qjpeg.dll
2007-12-14 15:11 - 2007-12-14 15:11 - 01167360 _____ () C:\Program Files\Intel\Wireless\Bin\acAuth.dll
2015-03-20 14:29 - 2015-03-20 14:29 - 16858288 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Helge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe] => Enabled:Far Cry
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Helge\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Dienst "Bonjour"
StandardProfile\AuthorizedApplications: [C:\creezy\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: USB Device
Description: USB Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).


System errors:
=============
Error: (03/05/2016 08:12:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (03/05/2016 08:12:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/05/2016 07:57:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/05/2016 07:57:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.
Reference error message: The operation completed successfully.
.

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: Manifest Parse Error : XML document must have a top level element.
.

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : XML document must have a top level element.
1" on line Manifest Parse Error : XML document must have a top level element.
2.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\ArcSoft\ArcSoft TV 5.0\EndPointCtrl.dll.
Reference error message: The operation completed successfully.
.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: Manifest Parse Error : XML document must have a top level element.
.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : XML document must have a top level element.
1" on line Manifest Parse Error : XML document must have a top level element.
2.


Microsoft Office:
=========================
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 44%
Total physical RAM: 3070.36 MB
Available physical RAM: 1718.8 MB
Total Pagefile: 4955.57 MB
Available Pagefile: 3477.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:204.27 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: C3BA16E0)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of log ============================

LederLappen · 01.06.2015, 20:48

Code:

ATTFilter

21:17:21.0046 0x1674  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:17:30.0218 0x1674  ============================================================
21:17:30.0218 0x1674  Current date / time: 2015/06/01 21:17:30.0218
21:17:30.0218 0x1674  SystemInfo:
21:17:30.0218 0x1674  
21:17:30.0218 0x1674  OS Version: 5.1.2600 ServicePack: 3.0
21:17:30.0218 0x1674  Product type: Workstation
21:17:30.0218 0x1674  ComputerName: HANSA
21:17:30.0218 0x1674  UserName: Helge
21:17:30.0218 0x1674  Windows directory: C:\WINDOWS
21:17:30.0218 0x1674  System windows directory: C:\WINDOWS
21:17:30.0218 0x1674  Processor architecture: Intel x86
21:17:30.0218 0x1674  Number of processors: 2
21:17:30.0218 0x1674  Page size: 0x1000
21:17:30.0218 0x1674  Boot type: Normal boot
21:17:30.0218 0x1674  ============================================================
21:17:30.0468 0x1674  KLMD registered as C:\WINDOWS\system32\drivers\51423892.sys
21:17:30.0609 0x1674  System UUID: {4E423AFA-77A7-85D1-B8C8-FBA7EA1E1D97}
21:17:31.0125 0x1674  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:17:31.0125 0x1674  ============================================================
21:17:31.0125 0x1674  \Device\Harddisk0\DR0:
21:17:31.0125 0x1674  MBR partitions:
21:17:31.0125 0x1674  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
21:17:31.0125 0x1674  ============================================================
21:17:31.0234 0x1674  C: <-> \Device\Harddisk0\DR0\Partition1
21:17:31.0234 0x1674  ============================================================
21:17:31.0234 0x1674  Initialize success
21:17:31.0234 0x1674  ============================================================
21:19:45.0203 0x1698  ============================================================
21:19:45.0203 0x1698  Scan started
21:19:45.0203 0x1698  Mode: Manual; SigCheck; TDLFS; 
21:19:45.0203 0x1698  ============================================================
21:19:45.0203 0x1698  KSN ping started
21:19:45.0328 0x1698  KSN ping finished: true
21:19:45.0687 0x1698  ================ Scan system memory ========================
21:19:45.0687 0x1698  System memory - ok
21:19:45.0687 0x1698  ================ Scan services =============================
21:19:46.0937 0x1698  Abiosdsk - ok
21:19:46.0953 0x1698  abp480n5 - ok
21:19:46.0984 0x1698  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:19:47.0296 0x1698  ACPI - ok
21:19:47.0359 0x1698  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:19:47.0468 0x1698  ACPIEC - ok
21:19:47.0468 0x1698  adpu160m - ok
21:19:47.0500 0x1698  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
21:19:47.0625 0x1698  aec - ok
21:19:47.0656 0x1698  [ 023867B6606FBABCDD52E089C4A507DA, 30BE26F63B7EC6C9607AB46A97ACE83DD8140191D28BAB9E6292DA835A922289 ] AegisP          C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:19:47.0671 0x1698  AegisP - ok
21:19:47.0703 0x1698  [ A7B8A3A79D35215D798A300DF49ED23F, D441633C0F8E22F8976B95D6A3DCD552AA07C616AC5FE4379472954F7BE6075E ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
21:19:47.0718 0x1698  Afc - detected UnsignedFile.Multi.Generic ( 1 )
21:19:47.0781 0x1698  Detect skipped due to KSN trusted
21:19:47.0781 0x1698  Afc - ok
21:19:47.0812 0x1698  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
21:19:47.0828 0x1698  AFD - ok
21:19:47.0859 0x1698  [ 8ED60797908FD394EEE0D6949F493224, E07C471050F8D13F0BE52BC2CF88BA0EB8612B4957C43FF16B90197C57738C99 ] AgereModemAudio C:\WINDOWS\system32\agrsmsvc.exe
21:19:47.0875 0x1698  AgereModemAudio - ok
21:19:47.0953 0x1698  [ 38325C6AA8EAE011897D61CE48EC6435, 6F96F992022692E354BB61610936F39EA89F31F58135D0F5339A3690402F74ED ] AgereSoftModem  C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:19:48.0031 0x1698  AgereSoftModem - ok
21:19:48.0031 0x1698  Aha154x - ok
21:19:48.0046 0x1698  aic78u2 - ok
21:19:48.0046 0x1698  aic78xx - ok
21:19:48.0078 0x1698  [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
21:19:48.0093 0x1698  Alerter - detected UnsignedFile.Multi.Generic ( 1 )
21:19:48.0156 0x1698  Detect skipped due to KSN trusted
21:19:48.0156 0x1698  Alerter - ok
21:19:48.0156 0x1698  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
21:19:48.0218 0x1698  ALG - ok
21:19:48.0234 0x1698  AliIde - ok
21:19:48.0234 0x1698  amsint - ok
21:19:48.0687 0x1698  [ 4428DC966DD5D0659AA7CA913D1D7652, 267D0F64354A105A2A64AB41607E3EB22CF8B448D2EBEC62C31829F03736836D ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
21:19:48.0734 0x1698  AntiVirMailService - ok
21:19:48.0812 0x1698  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:19:48.0859 0x1698  AntiVirSchedulerService - ok
21:19:48.0906 0x1698  [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:19:48.0937 0x1698  AntiVirService - ok
21:19:49.0000 0x1698  [ 266C0506DF8BA3990E12885E64EE4420, 60995CFE54B8594179BEAB06C4498CBF997B0C85147E5DD747CE238C89F6979D ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
21:19:49.0078 0x1698  AntiVirWebService - ok
21:19:49.0250 0x1698  [ D2B87FC03BE28CD0B33C2B5C1119FD8E, 97EB74CB7F62C0D06D45CB250E3A90657A0F107C2FC20738FF6B2C87B0240080 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:19:49.0265 0x1698  Apple Mobile Device - ok
21:19:49.0296 0x1698  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
21:19:49.0359 0x1698  AppMgmt - ok
21:19:49.0359 0x1698  asc - ok
21:19:49.0375 0x1698  asc3350p - ok
21:19:49.0375 0x1698  asc3550 - ok
21:19:49.0515 0x1698  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:19:49.0562 0x1698  aspnet_state - ok
21:19:49.0578 0x1698  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:19:49.0687 0x1698  AsyncMac - ok
21:19:49.0703 0x1698  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
21:19:49.0828 0x1698  atapi - ok
21:19:49.0828 0x1698  Atdisk - ok
21:19:49.0843 0x1698  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:19:49.0953 0x1698  Atmarpc - ok
21:19:49.0968 0x1698  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
21:19:50.0078 0x1698  AudioSrv - ok
21:19:50.0093 0x1698  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
21:19:50.0203 0x1698  audstub - ok
21:19:50.0250 0x1698  [ EC17E91BC9026C5ED580FB2B13E341AB, 2D9421AE05F3D4A8DBD69D73B4B562EA4F93FBD12AB2F77C52DA8B411626EBF1 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:19:50.0281 0x1698  avgntflt - ok
21:19:50.0328 0x1698  [ 7BAA36ED6C6098899D9E1269A61085C3, 2D101F1C6C79B0BD722BDB5939344F65728EC2F5B747B6619640775E6FDEFC0A ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:19:50.0343 0x1698  avipbb - ok
21:19:50.0484 0x1698  [ 0D32033DCB359FD98B4C3513EF849FE6, 5870D67526BC29D888DAF8DBAB04B1E97ED5C7C51484ED400A5E65D0EB61576A ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
21:19:50.0500 0x1698  Avira.OE.ServiceHost - ok
21:19:50.0531 0x1698  [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
21:19:50.0546 0x1698  avkmgr - ok
21:19:50.0578 0x1698  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
21:19:50.0687 0x1698  Beep - ok
21:19:50.0718 0x1698  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
21:19:50.0875 0x1698  BITS - ok
21:19:50.0968 0x1698  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:19:50.0984 0x1698  Bonjour Service - ok
21:19:51.0031 0x1698  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
21:19:51.0062 0x1698  Browser - ok
21:19:51.0109 0x1698  [ 92A964547B96D697E5E9ED43B4297F5A, 01A84802B68253FF093EAFED5B85DE716BB85EBD080D92D4814B6FB39286CD24 ] BrScnUsb        C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
21:19:51.0140 0x1698  BrScnUsb - ok
21:19:51.0171 0x1698  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
21:19:51.0281 0x1698  cbidf2k - ok
21:19:51.0296 0x1698  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:19:51.0390 0x1698  CCDECODE - ok
21:19:51.0406 0x1698  cd20xrnt - ok
21:19:51.0406 0x1698  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
21:19:51.0515 0x1698  Cdaudio - ok
21:19:51.0546 0x1698  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
21:19:51.0640 0x1698  Cdfs - ok
21:19:51.0671 0x1698  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:19:51.0765 0x1698  Cdrom - ok
21:19:51.0765 0x1698  Changer - ok
21:19:51.0781 0x1698  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
21:19:51.0796 0x1698  CiSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:19:51.0843 0x1698  Detect skipped due to KSN trusted
21:19:51.0843 0x1698  CiSvc - ok
21:19:51.0859 0x1698  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
21:19:51.0968 0x1698  ClipSrv - ok
21:19:52.0031 0x1698  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:19:52.0093 0x1698  clr_optimization_v4.0.30319_32 - ok
21:19:52.0140 0x1698  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:19:52.0250 0x1698  CmBatt - ok
21:19:52.0265 0x1698  CmdIde - ok
21:19:52.0281 0x1698  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:19:52.0375 0x1698  Compbatt - ok
21:19:52.0375 0x1698  COMSysApp - ok
21:19:52.0390 0x1698  Cpqarray - ok
21:19:52.0578 0x1698  cpuz134 - ok
21:19:52.0625 0x1698  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
21:19:52.0734 0x1698  CryptSvc - ok
21:19:52.0734 0x1698  dac2w2k - ok
21:19:52.0750 0x1698  dac960nt - ok
21:19:52.0796 0x1698  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
21:19:52.0859 0x1698  DcomLaunch - ok
21:19:52.0890 0x1698  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
21:19:52.0984 0x1698  Dhcp - ok
21:19:53.0000 0x1698  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
21:19:53.0109 0x1698  Disk - ok
21:19:53.0109 0x1698  dmadmin - ok
21:19:53.0156 0x1698  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
21:19:53.0281 0x1698  dmboot - ok
21:19:53.0312 0x1698  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
21:19:53.0421 0x1698  dmio - ok
21:19:53.0453 0x1698  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
21:19:53.0546 0x1698  dmload - ok
21:19:53.0546 0x1698  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
21:19:53.0656 0x1698  dmserver - ok
21:19:53.0687 0x1698  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
21:19:53.0812 0x1698  DMusic - ok
21:19:53.0828 0x1698  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
21:19:53.0843 0x1698  Dnscache - ok
21:19:53.0875 0x1698  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
21:19:53.0968 0x1698  Dot3svc - ok
21:19:53.0968 0x1698  dpti2o - ok
21:19:53.0984 0x1698  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
21:19:54.0078 0x1698  drmkaud - ok
21:19:54.0125 0x1698  [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01     C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
21:19:54.0140 0x1698  dtsoftbus01 - ok
21:19:54.0156 0x1698  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
21:19:54.0265 0x1698  EapHost - ok
21:19:54.0281 0x1698  [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
21:19:54.0296 0x1698  ERSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:19:54.0343 0x1698  Detect skipped due to KSN trusted
21:19:54.0343 0x1698  ERSvc - ok
21:19:54.0390 0x1698  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
21:19:54.0421 0x1698  Eventlog - ok
21:19:54.0453 0x1698  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
21:19:54.0500 0x1698  EventSystem - ok
21:19:54.0609 0x1698  [ 79C6476C27168A7F0A7BE6DF75C4DBF3, 3170265E1A4AFD688291E49251C6142E0586F170CB33AB798A47BB8EE76126BE ] EvtEng          C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
21:19:54.0687 0x1698  EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
21:19:54.0734 0x1698  Detect skipped due to KSN trusted
21:19:54.0734 0x1698  EvtEng - ok
21:19:54.0765 0x1698  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
21:19:54.0875 0x1698  Fastfat - ok
21:19:54.0906 0x1698  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
21:19:54.0953 0x1698  FastUserSwitchingCompatibility - ok
21:19:54.0953 0x1698  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
21:19:55.0062 0x1698  Fdc - ok
21:19:55.0078 0x1698  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
21:19:55.0171 0x1698  Fips - ok
21:19:55.0171 0x1698  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
21:19:55.0281 0x1698  Flpydisk - ok
21:19:55.0312 0x1698  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:19:55.0406 0x1698  FltMgr - ok
21:19:55.0468 0x1698  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
21:19:55.0484 0x1698  FontCache3.0.0.0 - ok
21:19:55.0515 0x1698  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:19:55.0609 0x1698  Fs_Rec - ok
21:19:55.0625 0x1698  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:19:55.0734 0x1698  Ftdisk - ok
21:19:55.0765 0x1698  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:19:55.0781 0x1698  GEARAspiWDM - ok
21:19:55.0781 0x1698  globalUpdatem - ok
21:19:55.0812 0x1698  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:19:55.0921 0x1698  Gpc - ok
21:19:55.0968 0x1698  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:55.0984 0x1698  gupdate - ok
21:19:56.0000 0x1698  [ F172AD4E906D97ED8F071896FC6789DC, FC10B3CE3DB0D3BF84DFD28E900EB6A11EDAAE32AC50F23CB03AACC6AA496911 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
21:19:56.0015 0x1698  gupdatem - ok
21:19:56.0046 0x1698  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:19:56.0156 0x1698  HDAudBus - ok
21:19:56.0203 0x1698  [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
21:19:56.0218 0x1698  helpsvc - detected UnsignedFile.Multi.Generic ( 1 )
21:19:56.0453 0x1698  Detect skipped due to KSN trusted
21:19:56.0453 0x1698  helpsvc - ok
21:19:56.0515 0x1698  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
21:19:56.0609 0x1698  HidServ - ok
21:19:56.0640 0x1698  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:19:56.0734 0x1698  HidUsb - ok
21:19:56.0750 0x1698  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
21:19:56.0843 0x1698  hkmsvc - ok
21:19:56.0843 0x1698  hpn - ok
21:19:56.0890 0x1698  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
21:19:56.0906 0x1698  HTTP - ok
21:19:56.0937 0x1698  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
21:19:57.0046 0x1698  HTTPFilter - ok
21:19:57.0046 0x1698  i2omgmt - ok
21:19:57.0046 0x1698  i2omp - ok
21:19:57.0078 0x1698  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:19:57.0187 0x1698  i8042prt - ok
21:19:57.0218 0x1698  [ 2358C53F30CB9DCD1D3843C4E2F299B2, C3E5F2D60133B10DEA52AF11E192DFDC4160611F5F0A86ED66138DB91532CA4A ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:19:57.0250 0x1698  iaStor - ok
21:19:57.0265 0x1698  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
21:19:57.0375 0x1698  Imapi - ok
21:19:57.0390 0x1698  [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService    C:\WINDOWS\system32\imapi.exe
21:19:57.0406 0x1698  ImapiService - detected UnsignedFile.Multi.Generic ( 1 )
21:19:57.0453 0x1698  Detect skipped due to KSN trusted
21:19:57.0453 0x1698  ImapiService - ok
21:19:57.0468 0x1698  ini910u - ok
21:19:57.0656 0x1698  [ 6708CFA52D71374371F61435845F3C9B, 35AEA06FE161BA7C7777BA9E9BBD7C2C31AED8A6FA2E4DCBF438D9A0A40178B6 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:19:57.0921 0x1698  IntcAzAudAddService - ok
21:19:57.0953 0x1698  IntelIde - ok
21:19:57.0968 0x1698  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:19:58.0078 0x1698  intelppm - ok
21:19:58.0109 0x1698  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:19:58.0203 0x1698  Ip6Fw - ok
21:19:58.0234 0x1698  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:19:58.0328 0x1698  IpFilterDriver - ok
21:19:58.0343 0x1698  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:19:58.0453 0x1698  IpInIp - ok
21:19:58.0468 0x1698  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:19:58.0562 0x1698  IpNat - ok
21:19:58.0609 0x1698  [ 39D4F18B4D1B2C72097E74D45D36202C, 822076F946210CCFE76311341D588A5145127F41817EE2DFCDAEDFC8E581CE2B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:19:58.0640 0x1698  iPod Service - ok
21:19:58.0671 0x1698  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:19:58.0765 0x1698  IPSec - ok
21:19:58.0796 0x1698  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
21:19:58.0843 0x1698  IRENUM - ok
21:19:58.0875 0x1698  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:19:58.0968 0x1698  isapnp - ok
21:19:58.0984 0x1698  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:19:59.0093 0x1698  Kbdclass - ok
21:19:59.0109 0x1698  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
21:19:59.0203 0x1698  kmixer - ok
21:19:59.0234 0x1698  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
21:19:59.0250 0x1698  KSecDD - ok
21:19:59.0281 0x1698  [ FB8EFEEF40E079B479D83D86F6A3B614, 5A9809D888DA5E2E40202217E00A7F9940F14BE4D9F6D6D760E42B75D4FEB0C5 ] L1e             C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
21:19:59.0296 0x1698  L1e - ok
21:19:59.0343 0x1698  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
21:19:59.0359 0x1698  LanmanServer - ok
21:19:59.0390 0x1698  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
21:19:59.0421 0x1698  lanmanworkstation - ok
21:19:59.0437 0x1698  lbrtfdc - ok
21:19:59.0468 0x1698  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
21:19:59.0578 0x1698  LmHosts - ok
21:19:59.0593 0x1698  [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
21:19:59.0593 0x1698  Messenger - detected UnsignedFile.Multi.Generic ( 1 )
21:19:59.0750 0x1698  Detect skipped due to KSN trusted
21:19:59.0750 0x1698  Messenger - ok
21:19:59.0781 0x1698  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
21:19:59.0859 0x1698  mnmdd - ok
21:19:59.0890 0x1698  [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
21:19:59.0890 0x1698  mnmsrvc - detected UnsignedFile.Multi.Generic ( 1 )
21:19:59.0953 0x1698  Detect skipped due to KSN trusted
21:19:59.0953 0x1698  mnmsrvc - ok
21:19:59.0968 0x1698  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
21:20:00.0062 0x1698  Modem - ok
21:20:00.0093 0x1698  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:20:00.0203 0x1698  Mouclass - ok
21:20:00.0218 0x1698  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:20:00.0312 0x1698  mouhid - ok
21:20:00.0328 0x1698  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
21:20:00.0437 0x1698  MountMgr - ok
21:20:00.0468 0x1698  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:20:00.0500 0x1698  MozillaMaintenance - ok
21:20:00.0531 0x1698  [ C0F8E0C2C3C0437CF37C6781896DC3EC, 12196EF5A94BD011B5D578E755B51424E3238437A028CC1EDFB53138C00D3339 ] MPE             C:\WINDOWS\system32\DRIVERS\MPE.sys
21:20:00.0640 0x1698  MPE - ok
21:20:00.0656 0x1698  mraid35x - ok
21:20:00.0671 0x1698  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:20:00.0781 0x1698  MRxDAV - ok
21:20:00.0828 0x1698  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:20:00.0859 0x1698  MRxSmb - ok
21:20:00.0890 0x1698  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
21:20:01.0000 0x1698  MSDTC - ok
21:20:01.0031 0x1698  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
21:20:01.0125 0x1698  Msfs - ok
21:20:01.0140 0x1698  MSIServer - ok
21:20:01.0156 0x1698  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:20:01.0265 0x1698  MSKSSRV - ok
21:20:01.0281 0x1698  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:20:01.0375 0x1698  MSPCLOCK - ok
21:20:01.0375 0x1698  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
21:20:01.0484 0x1698  MSPQM - ok
21:20:01.0500 0x1698  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:20:01.0578 0x1698  mssmbios - ok
21:20:01.0609 0x1698  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
21:20:01.0703 0x1698  MSTEE - ok
21:20:01.0734 0x1698  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
21:20:01.0750 0x1698  Mup - ok
21:20:01.0781 0x1698  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:20:01.0875 0x1698  NABTSFEC - ok
21:20:01.0906 0x1698  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
21:20:02.0015 0x1698  napagent - ok
21:20:02.0046 0x1698  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
21:20:02.0156 0x1698  NDIS - ok
21:20:02.0171 0x1698  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:20:02.0250 0x1698  NdisIP - ok
21:20:02.0296 0x1698  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:20:02.0312 0x1698  NdisTapi - ok
21:20:02.0312 0x1698  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:20:02.0406 0x1698  Ndisuio - ok
21:20:02.0406 0x1698  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:20:02.0500 0x1698  NdisWan - ok
21:20:02.0531 0x1698  [ 2F597BB467E05B1FE3830EABD821B8E0, 141497F5A49D47CCE3C9289644F4BD838DCB238F6D8E847FC006652E21FE02AC ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
21:20:02.0546 0x1698  NDProxy - ok
21:20:02.0562 0x1698  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
21:20:02.0671 0x1698  NetBIOS - ok
21:20:02.0671 0x1698  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
21:20:02.0781 0x1698  NetBT - ok
21:20:02.0796 0x1698  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
21:20:02.0890 0x1698  NetDDE - ok
21:20:02.0890 0x1698  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
21:20:03.0000 0x1698  NetDDEdsdm - ok
21:20:03.0046 0x1698  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
21:20:03.0156 0x1698  Netlogon - ok
21:20:03.0187 0x1698  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
21:20:03.0281 0x1698  Netman - ok
21:20:03.0343 0x1698  [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:20:03.0406 0x1698  NetTcpPortSharing - ok
21:20:03.0531 0x1698  [ 2118826A98AC371B110840CF690ED6CA, FFB6EA9E4CA92C6B14CF6DEB948EA33CDC70176F7621245F3DCFDEFC9049F095 ] NETw4x32        C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
21:20:03.0687 0x1698  NETw4x32 - ok
21:20:03.0734 0x1698  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
21:20:03.0765 0x1698  Nla - ok
21:20:03.0781 0x1698  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
21:20:03.0875 0x1698  Npfs - ok
21:20:03.0906 0x1698  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
21:20:04.0078 0x1698  Ntfs - ok
21:20:04.0093 0x1698  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
21:20:04.0187 0x1698  NtLmSsp - ok
21:20:04.0218 0x1698  [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
21:20:04.0281 0x1698  NtmsSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:20:04.0359 0x1698  Detect skipped due to KSN trusted
21:20:04.0359 0x1698  NtmsSvc - ok
21:20:04.0390 0x1698  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
21:20:04.0484 0x1698  Null - ok
21:20:04.0750 0x1698  [ B2AD13D428A8494955CA056912D1EF71, C5095804C8B20959EC65BEA03D6E156C48B967697CF124310AFC6D85FD3AF974 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:20:05.0140 0x1698  nv - detected UnsignedFile.Multi.Generic ( 1 )
21:20:05.0203 0x1698  Detect skipped due to KSN trusted
21:20:05.0203 0x1698  nv - ok
21:20:05.0234 0x1698  [ D71C8B9FD9BB16770984E931829AD227, A1B44805A756AB9455D1CE850A924BF843A48F717E4762324A58FE5B2959DE81 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
21:20:05.0250 0x1698  NVSvc - detected UnsignedFile.Multi.Generic ( 1 )
21:20:05.0296 0x1698  Detect skipped due to KSN trusted
21:20:05.0296 0x1698  NVSvc - ok
21:20:05.0296 0x1698  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:20:05.0390 0x1698  NwlnkFlt - ok
21:20:05.0390 0x1698  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:20:05.0500 0x1698  NwlnkFwd - ok
21:20:05.0515 0x1698  [ 8B8B1BE2DBA4025DA6786C645F77F123, E47D5EED2F3AF85E2332C325DA80AEF2C4EC989E38A175194EBBFA967BA8BF81 ] NwlnkIpx        C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
21:20:05.0625 0x1698  NwlnkIpx - ok
21:20:05.0625 0x1698  [ 56D34A67C05E94E16377C60609741FF8, ABE48D3E7D38DB20E9D4884FC6FE42FAE0C5FAFD3AC86F1E585A4BB17C6F09C5 ] NwlnkNb         C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
21:20:05.0734 0x1698  NwlnkNb - ok
21:20:05.0750 0x1698  [ C0BB7D1615E1ACBDC99757F6CEAF8CF0, 899905C0EB182ABCDAE0D0D749C0BC39CD231B9FAEE733D5DFDAE86EB8BC755B ] NwlnkSpx        C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
21:20:05.0828 0x1698  NwlnkSpx - ok
21:20:05.0859 0x1698  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
21:20:05.0953 0x1698  Parport - ok
21:20:05.0953 0x1698  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
21:20:06.0046 0x1698  PartMgr - ok
21:20:06.0078 0x1698  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
21:20:06.0171 0x1698  ParVdm - ok
21:20:06.0187 0x1698  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
21:20:06.0281 0x1698  PCI - ok
21:20:06.0281 0x1698  PCIDump - ok
21:20:06.0296 0x1698  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
21:20:06.0390 0x1698  PCIIde - ok
21:20:06.0390 0x1698  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
21:20:06.0484 0x1698  Pcmcia - ok
21:20:06.0484 0x1698  PDCOMP - ok
21:20:06.0500 0x1698  PDFRAME - ok
21:20:06.0500 0x1698  PDRELI - ok
21:20:06.0515 0x1698  PDRFRAME - ok
21:20:06.0515 0x1698  perc2 - ok
21:20:06.0515 0x1698  perc2hib - ok
21:20:06.0546 0x1698  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
21:20:06.0562 0x1698  PlugPlay - ok
21:20:06.0578 0x1698  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
21:20:06.0671 0x1698  PolicyAgent - ok
21:20:06.0687 0x1698  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:20:06.0781 0x1698  PptpMiniport - ok
21:20:06.0781 0x1698  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
21:20:06.0875 0x1698  ProtectedStorage - ok
21:20:06.0890 0x1698  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
21:20:07.0000 0x1698  PSched - ok
21:20:07.0015 0x1698  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:20:07.0125 0x1698  Ptilink - ok
21:20:07.0125 0x1698  ql1080 - ok
21:20:07.0125 0x1698  Ql10wnt - ok
21:20:07.0140 0x1698  ql12160 - ok
21:20:07.0140 0x1698  ql1240 - ok
21:20:07.0140 0x1698  ql1280 - ok
21:20:07.0156 0x1698  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:20:07.0234 0x1698  RasAcd - ok
21:20:07.0265 0x1698  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
21:20:07.0359 0x1698  RasAuto - ok
21:20:07.0375 0x1698  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:20:07.0453 0x1698  Rasl2tp - ok
21:20:07.0468 0x1698  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
21:20:07.0578 0x1698  RasMan - ok
21:20:07.0593 0x1698  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:20:07.0687 0x1698  RasPppoe - ok
21:20:07.0703 0x1698  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
21:20:07.0781 0x1698  Raspti - ok
21:20:07.0812 0x1698  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:20:07.0906 0x1698  Rdbss - ok
21:20:07.0921 0x1698  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:20:08.0000 0x1698  RDPCDD - ok
21:20:08.0062 0x1698  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:20:08.0171 0x1698  rdpdr - ok
21:20:08.0234 0x1698  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
21:20:08.0281 0x1698  RDPWD - ok
21:20:08.0343 0x1698  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
21:20:08.0453 0x1698  RDSessMgr - ok
21:20:08.0468 0x1698  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
21:20:08.0562 0x1698  redbook - ok
21:20:08.0593 0x1698  [ E24B0C41685FB8DFFA80233F13EDF839, 7BCAA3BE0C529BF0550D8DD6F8D1E7F59D1C1F821A1133526AC4D2993F8E168C ] RegSrvc         C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
21:20:08.0640 0x1698  RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
21:20:08.0718 0x1698  Detect skipped due to KSN trusted
21:20:08.0718 0x1698  RegSrvc - ok
21:20:08.0734 0x1698  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
21:20:08.0828 0x1698  RemoteAccess - ok
21:20:08.0859 0x1698  [ E4CD1F3D84E1C2CA0B8CF7501E201593, 649CC0B04F94D407EB6B4C7FDE2C6E4D2B1531307BC67C5775E44D66EF2E4F8A ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
21:20:08.0859 0x1698  RemoteRegistry - detected UnsignedFile.Multi.Generic ( 1 )
21:20:09.0093 0x1698  Detect skipped due to KSN trusted
21:20:09.0093 0x1698  RemoteRegistry - ok
21:20:09.0125 0x1698  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
21:20:09.0218 0x1698  RpcLocator - ok
21:20:09.0250 0x1698  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\system32\rpcss.dll
21:20:09.0281 0x1698  RpcSs - ok
21:20:09.0312 0x1698  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
21:20:09.0406 0x1698  RSVP - ok
21:20:09.0468 0x1698  [ E995EB7A1D9F59306747687C868EA7B4, 70AD453967856D16A89A6BB3038136D630156F01538E10D81007316D1C4E06E6 ] S24EventMonitor C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
21:20:09.0562 0x1698  S24EventMonitor - detected UnsignedFile.Multi.Generic ( 1 )
21:20:09.0625 0x1698  Detect skipped due to KSN trusted
21:20:09.0625 0x1698  S24EventMonitor - ok
21:20:09.0640 0x1698  [ E38FAB70FC993ECEC5EBAA98D0378025, 9F9D94FB3368C4B4BC668F1AC001E27D1F9EC8AEC940F9C062F6A4CB9D4F39E2 ] s24trans        C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:20:09.0656 0x1698  s24trans - ok
21:20:09.0671 0x1698  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
21:20:09.0765 0x1698  SamSs - ok
21:20:09.0796 0x1698  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
21:20:09.0890 0x1698  SCardSvr - ok
21:20:09.0921 0x1698  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
21:20:10.0015 0x1698  Schedule - ok
21:20:10.0046 0x1698  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:20:10.0140 0x1698  sdbus - ok
21:20:10.0140 0x1698  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:20:10.0187 0x1698  Secdrv - ok
21:20:10.0203 0x1698  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
21:20:10.0281 0x1698  seclogon - ok
21:20:10.0312 0x1698  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
21:20:10.0406 0x1698  SENS - ok
21:20:10.0421 0x1698  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
21:20:10.0515 0x1698  Serial - ok
21:20:10.0531 0x1698  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
21:20:10.0625 0x1698  Sfloppy - ok
21:20:10.0640 0x1698  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
21:20:10.0750 0x1698  SharedAccess - ok
21:20:10.0765 0x1698  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
21:20:10.0781 0x1698  ShellHWDetection - ok
21:20:10.0796 0x1698  Simbad - ok
21:20:10.0812 0x1698  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:20:10.0906 0x1698  SLIP - ok
21:20:10.0937 0x1698  [ F23825B21698D686ACFE4AF03E653364, 76583174A48B89242BC57D725A18C01E67A6A065F5970791E5756E09E0605C6D ] smsbda          C:\WINDOWS\system32\drivers\smsbda.sys
21:20:10.0953 0x1698  smsbda - ok
21:20:10.0953 0x1698  Sparrow - ok
21:20:11.0000 0x1698  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
21:20:11.0078 0x1698  splitter - ok
21:20:11.0125 0x1698  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
21:20:11.0140 0x1698  Spooler - ok
21:20:11.0156 0x1698  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
21:20:11.0218 0x1698  sr - ok
21:20:11.0234 0x1698  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
21:20:11.0281 0x1698  srservice - ok
21:20:11.0328 0x1698  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
21:20:11.0390 0x1698  Srv - ok
21:20:11.0421 0x1698  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
21:20:11.0468 0x1698  SSDPSRV - ok
21:20:11.0500 0x1698  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:20:11.0515 0x1698  ssmdrv - ok
21:20:11.0562 0x1698  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
21:20:11.0703 0x1698  stisvc - ok
21:20:11.0718 0x1698  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:20:11.0812 0x1698  streamip - ok
21:20:11.0828 0x1698  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
21:20:11.0921 0x1698  swenum - ok
21:20:11.0921 0x1698  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
21:20:12.0031 0x1698  swmidi - ok
21:20:12.0031 0x1698  SwPrv - ok
21:20:12.0031 0x1698  symc810 - ok
21:20:12.0046 0x1698  symc8xx - ok
21:20:12.0046 0x1698  sym_hi - ok
21:20:12.0062 0x1698  sym_u3 - ok
21:20:12.0078 0x1698  [ 13E0D1974CE03E88C265A68325CB16DE, 010A15C35AC7966AEC8CD684F508D441454B375608E663A9813D5598E691D767 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
21:20:12.0109 0x1698  SynTP - ok
21:20:12.0125 0x1698  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
21:20:12.0218 0x1698  sysaudio - ok
21:20:12.0250 0x1698  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
21:20:12.0343 0x1698  SysmonLog - ok
21:20:12.0375 0x1698  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
21:20:12.0468 0x1698  TapiSrv - ok
21:20:12.0515 0x1698  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:20:12.0531 0x1698  Tcpip - ok
21:20:12.0562 0x1698  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
21:20:12.0671 0x1698  TDPIPE - ok
21:20:12.0687 0x1698  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
21:20:12.0781 0x1698  TDTCP - ok
21:20:12.0796 0x1698  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
21:20:12.0890 0x1698  TermDD - ok
21:20:12.0937 0x1698  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
21:20:13.0046 0x1698  TermService - ok
21:20:13.0093 0x1698  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
21:20:13.0109 0x1698  Themes - ok
21:20:13.0140 0x1698  [ 03681A1CE77F51586903869A5AB1DEAB, E2EC0A481412166B654682C2F3D953E96E757466135CBD2D813B967EDB13C721 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
21:20:13.0156 0x1698  TlntSvr - detected UnsignedFile.Multi.Generic ( 1 )
21:20:13.0312 0x1698  Detect skipped due to KSN trusted
21:20:13.0312 0x1698  TlntSvr - ok
21:20:13.0312 0x1698  TosIde - ok
21:20:13.0375 0x1698  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
21:20:13.0468 0x1698  TrkWks - ok
21:20:13.0500 0x1698  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
21:20:13.0578 0x1698  Udfs - ok
21:20:13.0593 0x1698  ultra - ok
21:20:13.0625 0x1698  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
21:20:13.0734 0x1698  Update - ok
21:20:13.0765 0x1698  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
21:20:13.0812 0x1698  upnphost - ok
21:20:13.0828 0x1698  [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS             C:\WINDOWS\System32\ups.exe
21:20:13.0843 0x1698  UPS - detected UnsignedFile.Multi.Generic ( 1 )
21:20:13.0890 0x1698  Detect skipped due to KSN trusted
21:20:13.0890 0x1698  UPS - ok
21:20:13.0921 0x1698  [ EC1C23779BB41A8B2AB2AA6FCE308BDE, D027A2B472CAE97AECB16F69BE52E06CB61E1C61AE196C22662050B711C1C72D ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
21:20:13.0937 0x1698  USBAAPL - ok
21:20:13.0984 0x1698  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
21:20:14.0015 0x1698  usbaudio - ok
21:20:14.0046 0x1698  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:20:14.0078 0x1698  usbccgp - ok
21:20:14.0109 0x1698  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:20:14.0125 0x1698  usbehci - ok
21:20:14.0140 0x1698  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:20:14.0234 0x1698  usbhub - ok
21:20:14.0281 0x1698  [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:20:14.0390 0x1698  usbprint - ok
21:20:14.0421 0x1698  [ F8EDE2B6928970DCE3D5614C27D9E7F6, 6E5EBBC8B70C1D593634DAF0C190DEADFDA18C3CBC8F552A76F156F3869EF05B ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:20:14.0437 0x1698  usbscan - ok
21:20:14.0468 0x1698  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:20:14.0546 0x1698  USBSTOR - ok
21:20:14.0562 0x1698  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:20:14.0671 0x1698  usbuhci - ok
21:20:14.0703 0x1698  [ 813236B1183CFCF289E367BD5DE6E29E, 167FE18A96F330AEEC1A4C419770C15EFEB536D43838285E51E7A62E95DF4674 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
21:20:14.0718 0x1698  usbvideo - ok
21:20:14.0750 0x1698  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
21:20:14.0828 0x1698  VgaSave - ok
21:20:14.0843 0x1698  ViaIde - ok
21:20:14.0843 0x1698  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
21:20:14.0968 0x1698  VolSnap - ok
21:20:15.0000 0x1698  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
21:20:15.0109 0x1698  VSS - ok
21:20:15.0125 0x1698  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
21:20:15.0234 0x1698  W32Time - ok
21:20:15.0250 0x1698  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:20:15.0359 0x1698  Wanarp - ok
21:20:15.0359 0x1698  WDICA - ok
21:20:15.0375 0x1698  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
21:20:15.0468 0x1698  wdmaud - ok
21:20:15.0484 0x1698  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
21:20:15.0593 0x1698  WebClient - ok
21:20:15.0718 0x1698  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
21:20:15.0828 0x1698  winmgmt - ok
21:20:15.0843 0x1698  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
21:20:15.0937 0x1698  WmdmPmSN - ok
21:20:15.0968 0x1698  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
21:20:16.0046 0x1698  Wmi - ok
21:20:16.0062 0x1698  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
21:20:16.0156 0x1698  WmiAcpi - ok
21:20:16.0203 0x1698  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
21:20:16.0312 0x1698  WmiApSrv - ok
21:20:16.0421 0x1698  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:20:16.0468 0x1698  WPFFontCache_v0400 - ok
21:20:16.0500 0x1698  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
21:20:16.0593 0x1698  wscsvc - ok
21:20:16.0609 0x1698  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:20:16.0718 0x1698  WSTCODEC - ok
21:20:16.0734 0x1698  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
21:20:16.0828 0x1698  wuauserv - ok
21:20:16.0859 0x1698  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
21:20:17.0000 0x1698  WZCSVC - ok
21:20:17.0015 0x1698  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
21:20:17.0109 0x1698  xmlprov - ok
21:20:17.0156 0x1698  [ 2507D3134BA4647CC54C3AB79B9B316A, 5E94DF50E32651C67B8FD273E5843CA8A44F2750CC25620A0836024BAFDA50C0 ] {15005ce0-4adb-4842-9f2a-405172e87bce}t C:\WINDOWS\system32\drivers\{15005ce0-4adb-4842-9f2a-405172e87bce}t.sys
21:20:17.0437 0x1698  Suspicious file ( NoAccess ): C:\WINDOWS\system32\drivers\{15005ce0-4adb-4842-9f2a-405172e87bce}t.sys. md5: 2507D3134BA4647CC54C3AB79B9B316A, sha256: 5E94DF50E32651C67B8FD273E5843CA8A44F2750CC25620A0836024BAFDA50C0
21:20:17.0437 0x1698  {15005ce0-4adb-4842-9f2a-405172e87bce}t - detected LockedFile.Multi.Generic ( 1 )
21:20:17.0562 0x1698  {15005ce0-4adb-4842-9f2a-405172e87bce}t ( LockedFile.Multi.Generic ) - warning
21:20:17.0562 0x1698  Force sending object to P2P due to detect: {15005ce0-4adb-4842-9f2a-405172e87bce}t
21:20:17.0750 0x1698  Object send P2P result: true
21:20:17.0968 0x1698  [ 5D75F6684E1437E7045DEDF005D7D6A8, 2FCAFC21E380ED11A07000EAD7209A3FCF6038D9AE8BE52F5D2560B246096E80 ] {62eca849-70b6-47ed-932e-18163afa5bee}Gt C:\WINDOWS\system32\drivers\{62eca849-70b6-47ed-932e-18163afa5bee}Gt.sys
21:20:18.0281 0x1698  Suspicious file ( NoAccess ): C:\WINDOWS\system32\drivers\{62eca849-70b6-47ed-932e-18163afa5bee}Gt.sys. md5: 5D75F6684E1437E7045DEDF005D7D6A8, sha256: 2FCAFC21E380ED11A07000EAD7209A3FCF6038D9AE8BE52F5D2560B246096E80
21:20:18.0281 0x1698  {62eca849-70b6-47ed-932e-18163afa5bee}Gt - detected LockedFile.Multi.Generic ( 1 )
21:20:18.0359 0x1698  {62eca849-70b6-47ed-932e-18163afa5bee}Gt ( LockedFile.Multi.Generic ) - warning
21:20:18.0359 0x1698  Force sending object to P2P due to detect: {62eca849-70b6-47ed-932e-18163afa5bee}Gt
21:20:18.0546 0x1698  Object send P2P result: true
21:20:18.0734 0x1698  [ D3FD254B3FFF8C0D8B32A9912BBF68B7, AAAC96A48CC46D97A8810116EC9FF4376525123924CB9E4EC27F7425011E1BFB ] {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t C:\WINDOWS\system32\drivers\{c44114b8-1134-4aeb-950a-2e0ff4eceaae}t.sys
21:20:19.0046 0x1698  Suspicious file ( NoAccess ): C:\WINDOWS\system32\drivers\{c44114b8-1134-4aeb-950a-2e0ff4eceaae}t.sys. md5: D3FD254B3FFF8C0D8B32A9912BBF68B7, sha256: AAAC96A48CC46D97A8810116EC9FF4376525123924CB9E4EC27F7425011E1BFB
21:20:19.0046 0x1698  {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t - detected LockedFile.Multi.Generic ( 1 )
21:20:19.0109 0x1698  {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t ( LockedFile.Multi.Generic ) - warning
21:20:19.0234 0x1698  ================ Scan global ===============================
21:20:19.0265 0x1698  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
21:20:19.0312 0x1698  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:20:19.0390 0x1698  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
21:20:19.0421 0x1698  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
21:20:19.0421 0x1698  [ Global ] - ok
21:20:19.0421 0x1698  ================ Scan MBR ==================================
21:20:19.0453 0x1698  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
21:20:19.0765 0x1698  \Device\Harddisk0\DR0 - ok
21:20:19.0765 0x1698  ================ Scan VBR ==================================
21:20:19.0781 0x1698  [ 0FA5584E9D08B54DDD7555CD140E5E6F ] \Device\Harddisk0\DR0\Partition1
21:20:19.0828 0x1698  \Device\Harddisk0\DR0\Partition1 - ok
21:20:19.0828 0x1698  ================ Scan generic autorun ======================
21:20:19.0906 0x1698  [ 51FCAA0393C64CC5649F934BC61D915F, FEEC42462619FBD0BEC1DB4A3502C295351F6AEBC8FDE3B7FDA5814776A5BF42 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
21:20:20.0015 0x1698  SynTPEnh - ok
21:20:20.0734 0x1698  [ 9BC781F5249FA5F325DFAD2EBB2F6A31, 5821507B52FDCABCA9CDB27B5929B9FB9D754883599342AC2CC8D68106DD4F85 ] C:\WINDOWS\RTHDCPL.EXE
21:20:21.0968 0x1698  RTHDCPL - ok
21:20:22.0078 0x1698  [ EE3A4A77C9143AB748693955019BF57E, C6831E1816AFE21FA0CE8D6E2E793E61F0EF351EAACFC3A1EC2D6A28A1A8EFF0 ] C:\WINDOWS\SOUNDMAN.EXE
21:20:22.0109 0x1698  SoundMan - ok
21:20:22.0218 0x1698  [ F74273A2A51DD73C9A06BAC485A6D02A, 8321064E122B24FB9E48A22D503363EAFA8E57BB2943E613DC067EEDA677339E ] C:\WINDOWS\ALCWZRD.EXE
21:20:22.0453 0x1698  AlcWzrd - ok
21:20:22.0468 0x1698  [ 2E3717C4204D266B896C2632EB9B9A62, 8C28DB3142308266A9B977C32CA908A927CA4B939B9048F25F65DAA62984E0C3 ] C:\WINDOWS\ALCMTR.EXE
21:20:22.0500 0x1698  Alcmtr - ok
21:20:22.0562 0x1698  [ ABB548ED388F02A2F3B5F0182611835B, 95960B61DF7B40A9A33C4C66D202E5DBA0C2B068CB7961E1C3A1CE22306650C6 ] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
21:20:22.0640 0x1698  IntelZeroConfig - detected UnsignedFile.Multi.Generic ( 1 )
21:20:22.0875 0x1698  Detect skipped due to KSN trusted
21:20:22.0875 0x1698  IntelZeroConfig - ok
21:20:22.0953 0x1698  [ 7D7B7469EEB7E0D9DD0990488988F91A, 3F88ECB2B30CE5D8217AC228A05B11AC2AC9364E13804B0F61916A27E71D9532 ] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
21:20:23.0062 0x1698  IntelWireless - detected UnsignedFile.Multi.Generic ( 1 )
21:20:23.0125 0x1698  Detect skipped due to KSN trusted
21:20:23.0125 0x1698  IntelWireless - ok
21:20:23.0125 0x1698  NvCplDaemon - ok
21:20:23.0125 0x1698  nwiz - ok
21:20:23.0125 0x1698  NvMediaCenter - ok
21:20:23.0203 0x1698  [ 69B16C7B7746BA5C642FC05B3561FC73, 0DECEB6B1B7A2DD1F13133AC7328FF420DAD4610CEE1FA7466E8E0F6BAA39116 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
21:20:23.0203 0x1698  Adobe Reader Speed Launcher - ok
21:20:23.0281 0x1698  [ 3F5D3051112747AC7307620641FAC63B, 483B5D04560C8831A363915F08DB8B4857C6B863A8AFABE401FC429F068CECD8 ] C:\Program Files\Winamp\Winampa.exe
21:20:23.0296 0x1698  WinampAgent - detected UnsignedFile.Multi.Generic ( 1 )
21:20:23.0437 0x1698  Detect skipped due to KSN trusted
21:20:23.0437 0x1698  WinampAgent - ok
21:20:23.0531 0x1698  [ B3E806D8349BCF5DE3EA01A33DDDF13E, 6197C4BFF8B6BAEB1675C9B7FB752CC6174CAF1057F58A9435E546FD435C3D51 ] C:\Program Files\Siano Mobile Silicon\SMS\SmsIrProcess.exe
21:20:23.0562 0x1698  SmsIrProcess - detected UnsignedFile.Multi.Generic ( 1 )
21:20:23.0625 0x1698  SmsIrProcess ( UnsignedFile.Multi.Generic ) - warning
21:20:23.0625 0x1698  Force sending object to P2P due to detect: C:\Program Files\Siano Mobile Silicon\SMS\SmsIrProcess.exe
21:20:23.0781 0x1698  Object send P2P result: true
21:20:24.0031 0x1698  [ C493E204784A3076D1E33764C7CAFAC6, EB427542A87E481A764D8543A76C5086923414ECD4C7BA71B714358B8F5573C7 ] C:\creezy\iTunes\iTunesHelper.exe
21:20:24.0046 0x1698  iTunesHelper - ok
21:20:24.0453 0x1698  [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
21:20:24.0484 0x1698  avgnt - ok
21:20:24.0531 0x1698  [ CB08561AB36857CCF74BF11475C9AEB2, 5F15F6868A719A0A84D3E0FE2BC4E76975C50FA99D642279DDA972269ADFDB8B ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
21:20:24.0546 0x1698  Avira Systray - ok
21:20:24.0625 0x1698  [ CEA8F7E45B7B098F5FB085BB6A6A4432, 2F68AEF4C0396FBD6591295465A00BB101471FFA720E55BF0D63F65D3AEF69B1 ] C:\WINDOWS\system32\wscript.exe
21:20:24.0671 0x1698  Taplika - ok
21:20:24.0671 0x1698  nltide_3 - ok
21:20:24.0687 0x1698  _nltide_3 - ok
21:20:24.0687 0x1698  nltide_3 - ok
21:20:24.0687 0x1698  _nltide_3 - ok
21:20:24.0718 0x1698  [ 5F1D5F88303D4A4DBC8E5F97BA967CC3, 5FB24FC7916A6E6B3BE7D84CB1684215B266CD1495575C2E5672B8447932E5B1 ] C:\WINDOWS\system32\ctfmon.exe
21:20:24.0828 0x1698  ctfmon.exe - ok
21:20:24.0906 0x1698  [ E2AA953ED6A296B6BF399A783B32CCDE, 123380F79427FB05BB17699B34EF07E38C587A26C6380FA9311EF1F5E4F6A129 ] C:\Program Files\Messenger\msmsgs.exe
21:20:25.0062 0x1698  MSMSGS - ok
21:20:25.0312 0x1698  [ A974F7EB760451D7CF7342F9E088DBB0, 71D789252C837DA6A276F47B78D5A9F8E087EDCB35840A908802B9954A21F2CE ] C:\Program Files\DAEMON Tools Lite\DTLite.exe
21:20:25.0593 0x1698  DAEMON Tools Lite - ok
21:20:25.0718 0x1698  [ C3E6128725B7C509EB6742A6F2310576, C8348D91AF275185FE90BAB2315AC05B4009E36ECF321E5CECF34D1C3F8AC8B6 ] C:\SpotifyWebHelper.exe
21:20:25.0875 0x1698  Spotify Web Helper - ok
21:20:25.0906 0x1698  [ CEA8F7E45B7B098F5FB085BB6A6A4432, 2F68AEF4C0396FBD6591295465A00BB101471FFA720E55BF0D63F65D3AEF69B1 ] C:\WINDOWS\system32\wscript.exe
21:20:25.0937 0x1698  Taplika - ok
21:20:25.0937 0x1698  Waiting for KSN requests completion. In queue: 15
21:20:27.0093 0x1698  AV detected via SS1: Avira Antivirus, 15.0.10.414, enabled, updated
21:20:27.0109 0x1698  Win FW state via NFM: enabled
21:20:27.0203 0x1698  ============================================================
21:20:27.0203 0x1698  Scan finished
21:20:27.0203 0x1698  ============================================================
21:20:27.0203 0x12e0  Detected object count: 4
21:20:27.0203 0x12e0  Actual detected object count: 4
21:21:41.0906 0x12e0  {15005ce0-4adb-4842-9f2a-405172e87bce}t ( LockedFile.Multi.Generic ) - skipped by user
21:21:41.0906 0x12e0  {15005ce0-4adb-4842-9f2a-405172e87bce}t ( LockedFile.Multi.Generic ) - User select action: Skip 
21:21:41.0906 0x12e0  {62eca849-70b6-47ed-932e-18163afa5bee}Gt ( LockedFile.Multi.Generic ) - skipped by user
21:21:41.0906 0x12e0  {62eca849-70b6-47ed-932e-18163afa5bee}Gt ( LockedFile.Multi.Generic ) - User select action: Skip 
21:21:41.0906 0x12e0  {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t ( LockedFile.Multi.Generic ) - skipped by user
21:21:41.0906 0x12e0  {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t ( LockedFile.Multi.Generic ) - User select action: Skip 
21:21:41.0921 0x12e0  SmsIrProcess ( UnsignedFile.Multi.Generic ) - skipped by user
21:21:41.0921 0x12e0  SmsIrProcess ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:40:07.0312 0x15ec  Deinitialize success

M-K-D-B · 02.06.2015, 12:11

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.

Starte die sc-cleaner.exe mit einem Doppelclick.
Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
Eine Logdatei wird sich öffnen (sc-cleaner.txt).
Poste mir den Inhalt mit deiner nächsten Antwort.

Schritt 5

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die Logdatei von Shortcut-Cleaner,
die beiden neuen Logdateien von FRST.

LederLappen · 03.06.2015, 05:52

Guten Morgen

So, alles erledigt!

Code:

ATTFilter

# AdwCleaner v4.206 - Logfile created 03/06/2015 at 04:50:11
# Updated 01/06/2015 by Xplode
# Database : 2015-06-01.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Helge - HANSA
# Running from : C:\Documents and Settings\Helge\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : globalUpdatem
[#] Service Deleted : {15005ce0-4adb-4842-9f2a-405172e87bce}t
[#] Service Deleted : {62eca849-70b6-47ed-932e-18163afa5bee}Gt
[#] Service Deleted : {c44114b8-1134-4aeb-950a-2e0ff4eceaae}t

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\8b182ab200006a71
Folder Deleted : C:\Program Files\ss8
Folder Deleted : C:\Program Files\WSE_Taplika
Folder Deleted : C:\Program Files\Browser Good
Folder Deleted : C:\DOCUME~1\Helge\LOCALS~1\Temp\Browser Good
Folder Deleted : C:\Documents and Settings\Helge\Local Settings\Application Data\globalUpdate
Folder Deleted : C:\Documents and Settings\Helge\Local Settings\Application Data\gmsd_de_249
Folder Deleted : C:\Documents and Settings\Helge\Application Data\Taplika
Folder Deleted : C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\KUKDSXGS67213349@EDCBUFV5900769.com
[!] Folder Deleted : C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
File Deleted : C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\{62eca849-70b6-47ed-932e-18163afa5bee}.xpi
File Deleted : C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfkjojacgdjkninepeghaamnapdjmlfn_0.localstorage
File Deleted : C:\WINDOWS\Reimage.ini
File Deleted : C:\WINDOWS\system32\drivers\{15005ce0-4adb-4842-9f2a-405172e87bce}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{62eca849-70b6-47ed-932e-18163afa5bee}Gt.sys
File Deleted : C:\WINDOWS\system32\drivers\{c44114b8-1134-4aeb-950a-2e0ff4eceaae}t.sys
File Deleted : C:\Documents and Settings\Helge\Application Data\ACFAF
File Deleted : C:\Documents and Settings\Helge\Application Data\SQKPEW
File Deleted : C:\Documents and Settings\Helge\Favorites\Startfenster.lnk
File Deleted : C:\Documents and Settings\Helge\Favorites\Links\Startfenster.lnk
File Deleted : C:\Documents and Settings\Helge\Start Menu\Startfenster.lnk
File Deleted : C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\searchplugins\Taplika.xml
File Deleted : C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\user.js
File Deleted : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Scheduled tasks ] *****

Task Deleted : 11a623c5-4868-4253-879e-252a0911b26b-1-6

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lfkjojacgdjkninepeghaamnapdjmlfn
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1
Key Deleted : HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine
Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Browser Good
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Browser Good
Key Deleted : HKLM\SOFTWARE\9316781e-038b-4647-beb0-34036ff36f59
Key Deleted : HKLM\SOFTWARE\b45f9fad-8914-61b3-c77f-c676912144e9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{589B893E-773C-4941-88C2-0DCC718E621C}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\HomeTab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\simplytech
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\Reimage
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\Taplika Browser
Key Deleted : HKCU\Software\WSE_Taplika
Key Deleted : HKCU\Software\WajIntEnhance
Key Deleted : HKCU\Software\SearchProtectWS
Key Deleted : HKCU\Software\ss8
Key Deleted : HKCU\Software\ss8-nv
Key Deleted : HKCU\Software\ss8-nv-ie
Key Deleted : HKCU\Software\Browser Good
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\Reimage
Key Deleted : HKLM\SOFTWARE\WajIntEnhance
Key Deleted : HKLM\SOFTWARE\SpeedBit
Key Deleted : HKLM\SOFTWARE\ss8
Key Deleted : HKLM\SOFTWARE\ss8-nv
Key Deleted : HKLM\SOFTWARE\ss8-nv-ie
Key Deleted : HKLM\SOFTWARE\Browser Good
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Good
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Browser Good
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v38.0.1 (x86 de)

[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22an[...]
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22hxxp%3A//www.holasearc[...]
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%2[...]
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14bbabbbd996048b4c88f224d45aa4f3");
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[vkq9fj3q.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v43.0.2357.81

[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : lfkjojacgdjkninepeghaamnapdjmlfn
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : hxxp://taplika.com/?f=1&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://taplika.com/?f=7&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=
[C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://taplika.com/results.php?f=4&q={searchTerms}&a=tpl_tuto12_15_09&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DtC0A0DyCyCzz0BtBzz0DzztN0D0Tzu0StCtCyDtBtN1L2XzutAtFyBtFtBtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StBtByCtAzy0DzytDtG0F0ByBtDtGyD0DtByEtGyEyEtD0CtGyE0E0Bzz0A0ByE0EtBzz0DtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DyByCyE0EyDtCyEtGtBtCyE0FtGyEzz0A0DtG0B0A0CyEtGyCtAyEzytDtA0ByE0E0EtByD2Q&cr=678922612&ir=

*************************

AdwCleaner[R0].txt - [13645 bytes] - [01/06/2015 18:37:12]
AdwCleaner[R1].txt - [13690 bytes] - [03/06/2015 04:48:09]
AdwCleaner[S0].txt - [12340 bytes] - [03/06/2015 04:50:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12400  bytes] ##########

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 03.06.2015
Suchlauf-Zeit: 05:41:07
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.06.03.01
Rootkit Datenbank: v2015.06.02.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows XP Service Pack 3
CPU: x86
Dateisystem: NTFS
Benutzer: Helge

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 314015
Verstrichene Zeit: 40 Min, 51 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 4
PUP.Optional.Trovi.A, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{589B893E-773C-4941-88C2-0DCC718E621C}, In Quarantäne, [1934ffb7533721156d9ee876fd0639c7], 
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [95b84d69e9a1f343dfeb054641c1e818], 
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{22134214}, In Quarantäne, [e766a0162862c86eeb27394655b07a86], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [f35ac6f0d2b862d44ddad0b159ac1fe1], 

Registrierungswerte: 6
PUP.Optional.Taplika.C, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files\WSE_Taplika\\, In Quarantäne, [9fae7f371575e254647edf06b2515ba5]
Hijack.ControlPanelStyle, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantäne, [f15cdbdbe4a66ec8a934168ea262eb15]
PUP.Optional.Taplika.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Taplika, C:\WINDOWS\system32\wscript.exe /E:vbscript /B "C:\DOCUME~1\Helge\APPLIC~1\Taplika\UpdateProc\bkup.dat", In Quarantäne, [04495a5c6f1b23134f36c72ace35fd03]
Hijack.ControlPanelStyle, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantäne, [89c4397d0981181ec5186143f31136ca]
Hijack.ControlPanelStyle, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantäne, [4d0013a37f0bd165b627a3011de77d83]
Hijack.ControlPanelStyle, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceClassicControlPanel, 1, In Quarantäne, [54f97541d4b6b48236a7465ea36107f9]

Registrierungsdaten: 5
PUM.Hijack.Help, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Gut: (0), Schlecht: (1),Ersetzt,[410c1d990486dc5a8dd606285ea835cb]
PUM.Hijack.Help, HKU\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Gut: (0), Schlecht: (1),Ersetzt,[78d565517218280e94cf46e8877f8080]
PUM.Hijack.Help, HKU\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Gut: (0), Schlecht: (1),Ersetzt,[db72cee8fc8e5ed8243f87a71ee8ec14]
PUM.Hijack.StartMenu, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowHelp, 0, Gut: (1), Schlecht: (0),Ersetzt,[b499ae087b0fe254b1fe0c23c541bc44]
PUM.Hijack.Help, HKU\S-1-5-21-1343024091-562591055-1801674531-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoSMHelp, 1, Gut: (0), Schlecht: (1),Ersetzt,[ba93ccea7f0bcc6a2241a08ef511ef11]

Ordner: 2
PUP.Optional.Multiplug.A, C:\Documents and Settings\All Users\Application Data\{db50cd3a-b2de-58e8-db50-0cd3ab2d34ea}, In Quarantäne, [6ae37b3bbbcf7abcae81ceb190750df3], 
PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146, In Quarantäne, [05482690375325112fea9333f40fa957], 

Dateien: 34
PUP.Optional.Nova.A, C:\Program Files\5e96cb34-cc43-4cfe-a72c-e7fd8275f4c8\3a62beb1-3006-4be3-9094-3a636b9dcc22.dll, In Quarantäne, [28252c8a0387df5781c19183639fda26], 
PUP.Optional.Nova.A, C:\Program Files\5e96cb34-cc43-4cfe-a72c-e7fd8275f4c8\b5b015af-2930-4408-a284-6e65821f0882.dll, In Quarantäne, [d17cc3f39dedde5829194aca32d02bd5], 
PUP.Optional.APNToolBar.A, C:\Documents and Settings\Helge\Local Settings\Temp\MSI60.tmp, In Quarantäne, [61ec4670ccbe80b6614cb4afeb175ea2], 
Trojan.FakeMS.ED, C:\Documents and Settings\Helge\Local Settings\Temp\1E.tmp, In Quarantäne, [53faebcb5337c76f2b6429116d958977], 
PUP.Optional.SuperOptimizer.A, C:\Documents and Settings\Helge\Local Settings\Temp\supoptsetup.exe, In Quarantäne, [65e8d1e5098149ed4b3aadb33dc5956b], 
PUP.Optional.MyPCBackup.SID.A, C:\Documents and Settings\Helge\Local Settings\Temp\dd3cf709-c09b-47bf-8a03-d62752e74aad\cloud_backup_setup.exe, In Quarantäne, [64e9971fc9c142f41bf3690649bd1ee2], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Helge\Local Settings\Temp\dd492191-3932-4959-ab56-ed88390d475e\smarts8.exe, In Quarantäne, [91bcddd9e6a4191d877642ef2bd702fe], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-29BH8.tmp\gentlemjmp_ieu.exe, In Quarantäne, [50fd86306d1dbc7a1e156f008e78aa56], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-7H7GG.tmp\gentlemjmp_ieu.exe, In Quarantäne, [b29b229458322313f1429bd43fc74eb2], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-9MRNM.tmp\gentlemjmp_ieu.exe, In Quarantäne, [25280caa9beff93de74c1f5045c111ef], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-B7MKI.tmp\package_browsergood_installer_multilang.exe, In Quarantäne, [08452e88fb8f3303bef919ebaa58a35d], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-B7MKI.tmp\package_superpc_installer_multilang.exe, In Quarantäne, [b6975165cfbb9e981b9c5ba94db5b050], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-B7MKI.tmp\package_taplika_installer_multilang.exe, In Quarantäne, [fe4f1e981971c373f2c547bde022847c], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-POULO.tmp\package_zombie_installer_multilang.exe, In Quarantäne, [db727541bbcf290d9a1dfc08f60c9a66], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-POULO.tmp\package_optimizerpro_installer_multilang.exe, In Quarantäne, [97b66d49b2d849ed981f7f851de518e8], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-POULO.tmp\package_plushd_installer_multilang.exe, In Quarantäne, [2924c1f5f99149ed53644eb6ec16936d], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-UIFMF.tmp\package_plushd_installer_multilang.exe, In Quarantäne, [97b626900e7c2c0aa215699b639f3bc5], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\is-UIFMF.tmp\package_optimizerpro_installer_multilang.exe, In Quarantäne, [90bd6b4bc7c3f640cbec9b6925dd35cb], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleCrashHandler.exe, In Quarantäne, [c7864c6a7e0c24122aa09ab1c53d24dc], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleUpdate.exe, In Quarantäne, [95b84d69e9a1f343dfeb054641c1e818], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleUpdateBroker.exe, In Quarantäne, [420b0da9444692a410ba4dfe82805da3], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleUpdateOnDemand.exe, In Quarantäne, [222b4076c0cae254fad018331be7d12f], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\goopdate.dll, In Quarantäne, [400da412602a11256367bf8c669cc63a], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\goopdateres_en.dll, In Quarantäne, [0d40bbfb2664d56162686edd689a5ea2], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\npGoogleUpdate4.dll, In Quarantäne, [3b12ecca3951b28482484efd8979b050], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\psmachine.dll, In Quarantäne, [410c43731773be784a80ba91b1514bb5], 
PUP.Optional.ModGoog, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\psuser.dll, In Quarantäne, [78d5e6d024667eb89436f853c53db749], 
PUP.Optional.IStartsurf.A, C:\Documents and Settings\Helge\Local Settings\Temp\7576eadf-8f0e-4af9-a6ac-877c3e270f3f\lly_istartsurf.exe, In Quarantäne, [f75652641c6e3600b24490dcb74fba46], 
PUP.Optional.Tuto4PC.A, C:\Documents and Settings\Helge\Local Settings\Temp\7e92182a-27e2-4c1b-8e16-16eeb3fa30f5\games desktop.exe, In Quarantäne, [9fae42749af0ac8a85af67b9a959b749], 
PUP.Optional.APNToolBar.A, C:\WINDOWS\Installer\49ba66.msi, In Quarantäne, [60edf9bdef9bc4726d406300ce34a957], 
Exploit.Drop.GS, C:\Documents and Settings\Helge\Local Settings\Temp\sysrestore.exe, In Quarantäne, [f5584373f496bd793e3afe54828220e0], 
PUP.Optional.Multiplug.A, C:\Documents and Settings\All Users\Application Data\{db50cd3a-b2de-58e8-db50-0cd3ab2d34ea}\superpc_soft_partner.dat, In Quarantäne, [6ae37b3bbbcf7abcae81ceb190750df3], 
PUP.Optional.GlobalUpdate.A, C:\Documents and Settings\Helge\Local Settings\Temp\comh.106146\GoogleUpdateHelper.msi, In Quarantäne, [05482690375325112fea9333f40fa957], 
PUP.Optional.CrossRider.A, C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14bbabbbd996048b4c88f224d45aa4f3");), Ersetzt,[bb92b8feb9d183b35326d2a170968080]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.7 (06.01.2015:1)
OS: Microsoft Windows XP x86
Ran by Helge on 03.06.2015 at  6:37:53,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\Helge\Application Data\mozilla\firefox\profiles\vkq9fj3q.default\prefs.js

user_pref(extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.__ICM_LITE__blacklist_domain.value, %7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2
user_pref(extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.__ICM_LITE__fifty_test_rules.value, %7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C
user_pref(extensions.aKUKDSXGS67213349EDCBUFV5900769com61804.61804.internaldb.monetization_plugin_bundledUrls.value, %7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%
user_pref(extensions.crossrider.bic, 14bbabbbd996048b4c88f224d45aa4f3);
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
Emptied folder: C:\Documents and Settings\Helge\Application Data\mozilla\firefox\profiles\vkq9fj3q.default\minidumps [4 files]



~~~ Chrome


[C:\Documents and Settings\Helge\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Documents and Settings\Helge\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Documents and Settings\Helge\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Documents and Settings\Helge\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.06.2015 at  6:41:11,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Microsoft Windows XP Service Pack 3
Program started at: 06/03/2015 06:42:41 AM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Documents and Settings\Helge\Start Menu\

Searching C:\Documents and Settings\All Users\Start Menu\

Searching C:\Documents and Settings\Helge\Application Data\Microsoft\Internet Explorer\Quick Launch\

Searching C:\Documents and Settings\All Users\Desktop\

Searching C:\Documents and Settings\Helge\Desktop\

Searching C:\Documents and Settings\All Users\Desktop\


0 bad shortcuts found.

Program finished at: 06/03/2015 06:42:41 AM
Execution time: 0 hours(s), 0 minute(s), and 0 seconds(s)

Und die beiden letzten Log-Dateien

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-05-2015
Ran by Helge (administrator) on HANSA on 03-06-2015 06:43:51
Running from C:\Documents and Settings\Helge\Desktop
Loaded Profiles: Helge (Available Profiles: Helge)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1028096 2009-08-08] (Synaptics, Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16858112 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [86016 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2009-08-08] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2009-08-08] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [999424 2008-01-09] (Intel Corporation)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [1101824 2008-01-09] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\Winampa.exe [12288 2003-04-17] ()
HKLM\...\Run: [SmsIrProcess] => C:\Program Files\Siano Mobile Silicon\SMS\SmsIrProcess.exe [90112 2014-04-27] (Siano Mobile Silicon)
HKLM\...\Run: [iTunesHelper] => C:\creezy\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-05-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3671872 2012-04-17] (DT Soft Ltd)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Run: [Spotify Web Helper] => C:\SpotifyWebHelper.exe [2021944 2015-06-02] (Spotify Ltd)
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\MountPoints2: {cedb9ff6-6c91-11e2-a41d-001f3b23b875} - G:\PMCsetup.exe
HKU\S-1-5-18\...\RunOnce: [nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TMMonitor.lnk [2016-03-05]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\ArcSoft TV 5.0\TMTV5Monitor.exe (ArcSoft, Inc.)
Startup: C:\Documents and Settings\Helge\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-20]
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll [2015-05-05] (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.google.com" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-20] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\creezy\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Extension: Avira Browser Safety - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Adblock Plus Pop-up Addon - C:\Documents and Settings\Helge\Application Data\Mozilla\Firefox\Profiles\vkq9fj3q.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-20]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll No File
CHR Profile: C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (avast! WebRep) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-09-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Helge\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc.exe [825856 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-05-24] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1186040 2015-05-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
S2 EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [823296 2008-01-09] (Intel Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [438272 2008-04-14] (Microsoft Corporation) [File not signed]
S2 NVSvc; C:\WINDOWS\system32\nvsvc32.exe [159812 2008-06-18] (NVIDIA Corporation) [File not signed]
S2 RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [483328 2008-01-09] (Intel Corporation) [File not signed]
R2 RemoteRegistry; C:\WINDOWS\system32\regsvc.dll [59904 2008-04-14] (Microsoft Corporation) [File not signed]
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [1187840 2008-01-09] (Intel Corporation ) [File not signed]
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [21361 2012-09-02] (Cisco Systems, Inc.)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [107400 2015-05-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [136216 2015-05-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\System32\DRIVERS\avkmgr.sys [37896 2015-05-24] (Avira Operations GmbH & Co. KG)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-04-02] (DT Soft Ltd)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2009-08-08] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS\System32\DRIVERS\NETw4x32.sys [2529280 2008-01-09] (Intel Corporation)
R3 nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [6010752 2008-06-18] (NVIDIA Corporation) [File not signed]
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2004-08-12] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-12] (Microsoft Corporation)
R2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [12288 2008-01-02] (Intel Corporation)
R3 smsbda; C:\WINDOWS\System32\drivers\smsbda.sys [71944 2014-03-23] (Siano)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2015-03-17] (Avira GmbH)
S3 cpuz134; \??\C:\DOCUME~1\Helge\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 07:59 - 2016-03-05 07:59 - 00001675 _____ () C:\Documents and Settings\Helge\Desktop\ArcSoft TV 5.0.lnk
2016-03-05 07:59 - 2016-03-05 07:59 - 00000000 ____D () C:\Program Files\ArcSoft
2016-03-05 07:59 - 2016-03-05 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft TV
2016-03-05 07:59 - 2005-07-16 03:35 - 00245408 _____ (Microsoft Corporation) C:\WINDOWS\system32\unicows.dll
2016-03-05 07:56 - 2016-03-05 07:56 - 00000000 ____D () C:\Program Files\Siano Mobile Silicon
2016-03-05 07:56 - 2016-03-05 07:56 - 00000000 ____D () C:\Program Files\Common Files\Siano Mobile Silicon
2016-03-05 07:56 - 2014-03-23 17:32 - 00071944 _____ (Siano) C:\WINDOWS\system32\Drivers\smsbda.sys
2016-03-05 07:56 - 2014-03-23 17:32 - 00021768 _____ (Siano) C:\WINDOWS\system32\smsprops.dll
2016-03-04 15:26 - 2016-03-04 15:26 - 00009642 _____ () C:\WINDOWS\KB2868038.log
2016-03-04 15:26 - 2016-03-04 15:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868038$
2016-03-04 15:25 - 2016-03-04 15:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2016-03-04 15:25 - 2016-03-04 15:25 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2_WM9$
2016-03-04 15:24 - 2016-03-04 15:25 - 00008561 _____ () C:\WINDOWS\KB2803821-v2.log
2016-03-04 15:24 - 2016-03-04 15:24 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892075$
2016-03-04 15:23 - 2016-03-04 15:23 - 00008474 _____ () C:\WINDOWS\KB2909210-IE8.log
2016-03-04 15:23 - 2016-03-04 15:23 - 00006743 _____ () C:\WINDOWS\KB2510531-IE8.log
2016-03-04 15:23 - 2016-03-04 15:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2016-03-04 15:23 - 2015-02-10 22:23 - 00000000 ____D () C:\WINDOWS\ie8updates
2016-03-04 15:23 - 2015-02-10 22:02 - 00019174 _____ () C:\WINDOWS\KB2936068-IE8.log
2016-03-04 15:19 - 2016-03-04 15:19 - 00004470 _____ () C:\WINDOWS\KB2914368.log
2016-03-04 15:19 - 2016-03-04 15:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2016-03-04 14:42 - 2008-04-14 06:42 - 00363520 _____ () C:\WINDOWS\system32\PsisDecd.dll
2016-03-04 14:42 - 2008-04-14 06:42 - 00363520 _____ () C:\WINDOWS\system32\dllcache\psisdecd.dll
2016-03-04 14:42 - 2008-04-14 06:42 - 00056832 _____ () C:\WINDOWS\system32\MSDvbNP.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00056832 _____ () C:\WINDOWS\system32\dllcache\msdvbnp.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00033280 _____ () C:\WINDOWS\system32\PsisRndr.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00033280 _____ () C:\WINDOWS\system32\dllcache\psisrndr.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdaplgin.ax
2016-03-04 14:42 - 2008-04-14 06:42 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdaPlgIn.ax
2016-03-04 14:42 - 2008-04-14 01:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MPE.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mpe.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BdaSup.sys
2016-03-04 14:42 - 2008-04-14 01:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllcache\bdasup.sys
2016-03-04 14:40 - 2016-03-05 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ArcSoft
2016-03-04 14:40 - 2016-03-04 14:40 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\ArcSoft
2016-03-04 14:40 - 2005-02-23 15:58 - 00011776 _____ (Arcsoft, Inc.) C:\WINDOWS\system32\Drivers\afc.sys
2015-06-03 06:43 - 2015-06-03 06:44 - 00016592 _____ () C:\Documents and Settings\Helge\Desktop\FRST.txt
2015-06-03 06:42 - 2015-06-03 06:42 - 00001992 _____ () C:\Documents and Settings\Helge\Desktop\sc-cleaner.txt
2015-06-03 06:41 - 2015-06-03 06:41 - 00002087 _____ () C:\Documents and Settings\Helge\Desktop\JRT.txt
2015-06-03 06:37 - 2015-06-03 06:37 - 00000000 ____D () C:\RegBackup
2015-06-03 06:36 - 2015-06-03 06:36 - 00010010 _____ () C:\Documents and Settings\Helge\Desktop\mbam.txt
2015-06-03 05:09 - 2015-06-03 06:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-06-03 04:55 - 2015-06-03 06:35 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 04:55 - 2015-06-03 04:55 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-06-03 04:55 - 2015-06-03 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-06-03 04:55 - 2015-06-03 04:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-03 04:55 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-03 04:55 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-03 04:50 - 2015-06-03 04:50 - 00012481 _____ () C:\Documents and Settings\Helge\Desktop\AdwCleaner[S0].txt
2015-06-03 04:44 - 2015-06-03 04:44 - 00463688 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Helge\Desktop\sc-cleaner.exe
2015-06-03 04:43 - 2015-06-03 04:44 - 02947766 _____ (Thisisu) C:\Documents and Settings\Helge\Desktop\JRT.exe
2015-06-02 00:25 - 2015-06-02 00:25 - 00000008 _____ () C:\WINDOWS\system32\nvModes.dat
2015-06-01 21:16 - 2015-06-01 21:16 - 04197016 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Helge\Desktop\tdsskiller.exe
2015-06-01 21:11 - 2015-06-03 06:43 - 00000000 ____D () C:\FRST
2015-06-01 21:10 - 2015-06-01 21:10 - 01147392 _____ (Farbar) C:\Documents and Settings\Helge\Desktop\FRST.exe
2015-06-01 18:37 - 2015-06-03 04:53 - 00000000 ____D () C:\AdwCleaner
2015-06-01 18:36 - 2015-06-01 18:36 - 02231296 _____ () C:\Documents and Settings\Helge\Desktop\AdwCleaner.exe
2015-06-01 03:10 - 2015-06-01 03:10 - 00000000 ____D () C:\Documents and Settings\Helge\Desktop\New Folder
2015-05-20 23:44 - 2015-06-03 06:26 - 00000000 ___RD () C:\Documents and Settings\Helge\My Documents\Dropbox
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D () C:\Program Files\Dropbox
2015-05-20 23:43 - 2015-05-20 23:43 - 00000000 ____D () C:\Documents and Settings\Helge\Start Menu\Programs\Dropbox
2015-05-20 23:41 - 2015-06-03 06:26 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\Dropbox
2015-05-15 10:51 - 2015-06-02 03:10 - 41287224 _____ () C:\libcef.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 10457856 _____ () C:\icudtl.dat
2015-05-15 10:51 - 2015-06-02 03:10 - 07323192 _____ (Spotify Ltd) C:\Spotify.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 04253463 _____ () C:\devtools_resources.pak
2015-05-15 10:51 - 2015-06-02 03:10 - 03457592 _____ (Microsoft Corporation) C:\d3dcompiler_47.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 02106424 _____ (Microsoft Corporation) C:\d3dcompiler_43.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 02021944 _____ (Spotify Ltd) C:\SpotifyWebHelper.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 02018406 _____ () C:\cef.pak
2015-05-15 10:51 - 2015-06-02 03:10 - 01488440 _____ () C:\libGLESv2.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 00968248 _____ (The Chromium Authors) C:\ffmpegsumo.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 00777272 _____ (Spotify Ltd) C:\SpotifyCrashService.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 00598403 _____ () C:\cef_200_percent.pak
2015-05-15 10:51 - 2015-06-02 03:10 - 00444515 _____ () C:\cef_100_percent.pak
2015-05-15 10:51 - 2015-06-02 03:10 - 00124472 _____ (Spotify Ltd) C:\SpotifyLauncher.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 00079928 _____ () C:\libEGL.dll
2015-05-15 10:51 - 2015-06-02 03:10 - 00073272 _____ () C:\wow_helper.exe
2015-05-15 10:51 - 2015-06-02 03:10 - 00000020 _____ () C:\inst_ver.dat
2015-05-15 10:51 - 2015-06-02 03:10 - 00000000 ____D () C:\locales
2015-05-15 10:51 - 2015-05-15 10:51 - 00000000 ____D () C:\pdf.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 07:58 - 2012-10-10 20:12 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2016-03-05 07:58 - 2012-09-03 21:22 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2016-03-05 07:52 - 2013-01-11 19:17 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
2016-03-05 07:52 - 2013-01-11 19:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2016-03-04 15:25 - 2014-05-31 15:24 - 00012818 _____ () C:\WINDOWS\KB2893294.log
2016-03-04 15:24 - 2014-05-31 15:24 - 00012318 _____ () C:\WINDOWS\KB2892075.log
2016-03-04 15:23 - 2013-04-08 17:33 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2016-03-04 15:23 - 2012-09-02 01:15 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2016-02-27 07:02 - 2014-07-07 19:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Diablo
2015-06-03 06:44 - 2012-09-01 22:39 - 00000000 ____D () C:\Documents and Settings\Helge\Local Settings\Temp
2015-06-03 06:38 - 2012-09-01 20:43 - 01467305 _____ () C:\WINDOWS\WindowsUpdate.log
2015-06-03 06:34 - 2012-09-01 23:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-06-03 06:28 - 2012-09-01 21:32 - 00521886 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-03 06:25 - 2012-09-02 00:05 - 00000507 _____ () C:\WINDOWS\system32\nvapps.xml
2015-06-03 06:24 - 2012-09-01 21:35 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2015-06-03 06:24 - 2012-09-01 21:35 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-06-03 06:24 - 2004-08-12 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-06-03 06:23 - 2015-02-10 22:35 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-06-03 06:23 - 2013-08-19 19:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-06-03 06:23 - 2012-09-02 00:14 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-03 06:23 - 2012-09-01 22:36 - 00032642 _____ () C:\WINDOWS\SchedLgU.Txt
2015-06-03 06:23 - 2012-09-01 22:36 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-06-03 06:22 - 2015-02-24 10:36 - 00000000 ____D () C:\Program Files\5e96cb34-cc43-4cfe-a72c-e7fd8275f4c8
2015-06-03 06:22 - 2012-09-01 22:39 - 00000178 ___SH () C:\Documents and Settings\Helge\ntuser.ini
2015-06-03 06:22 - 2012-09-01 22:39 - 00000000 ____D () C:\Documents and Settings\Helge
2015-06-03 05:50 - 2012-09-02 00:14 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-02 17:34 - 2015-02-10 21:05 - 00000000 ____D () C:\Documents and Settings\Helge\Local Settings\Application Data\Spotify
2015-06-02 13:55 - 2015-02-10 21:04 - 00000000 ____D () C:\Documents and Settings\Helge\Application Data\Spotify
2015-05-31 14:49 - 2012-09-01 22:38 - 00000000 __SHD () C:\WINDOWS\CSC
2015-05-24 15:21 - 2015-03-20 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Avira
2015-05-24 15:21 - 2012-09-01 22:36 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-05-24 15:19 - 2015-03-20 00:51 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2015-05-24 15:19 - 2015-03-20 00:51 - 00107400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2015-05-24 15:19 - 2015-03-20 00:51 - 00037896 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2015-05-21 15:04 - 2013-04-03 16:58 - 00464547 _____ () C:\WINDOWS\setupapi.log
2015-05-15 11:05 - 2012-09-01 21:31 - 00123728 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-05-13 16:14 - 2015-02-10 21:05 - 00001860 _____ () C:\Documents and Settings\Helge\Start Menu\Programs\Spotify.lnk
2015-05-13 12:39 - 2012-09-02 00:07 - 00020440 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-05-13 12:16 - 2015-03-20 00:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Package Cache

==================== Files in the root of some directories =======

2015-02-27 11:43 - 2015-03-20 01:08 - 0000110 _____ () C:\Documents and Settings\Helge\Application Data\WB.CFG
2012-09-03 21:41 - 2015-03-26 04:52 - 0035328 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-09 08:29 - 2015-03-09 08:29 - 0274045 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\dsi1.dat
2015-03-09 08:29 - 2015-03-09 08:29 - 0161916 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\dsi2.dat
2012-09-02 00:24 - 2012-09-02 00:24 - 0007199 _____ () C:\Documents and Settings\Helge\Local Settings\Application Data\HWVendorDetection.log

Some files in TEMP:
====================
C:\Documents and Settings\Helge\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Helge\Local Settings\Temp\BackupSetup.exe
C:\Documents and Settings\Helge\Local Settings\Temp\binkw32.dll
C:\Documents and Settings\Helge\Local Settings\Temp\d2l_Install.exe
C:\Documents and Settings\Helge\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\Helge\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdert68.dll
C:\Documents and Settings\Helge\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Helge\Local Settings\Temp\ReimagePackage.exe
C:\Documents and Settings\Helge\Local Settings\Temp\ReiSysUpdate.exe
C:\Documents and Settings\Helge\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Helge\Local Settings\Temp\sqlite3.dll
C:\Documents and Settings\Helge\Local Settings\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-05-2015
Ran by Helge at 2015-06-03 06:44:39
Running from C:\Documents and Settings\Helge\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1343024091-562591055-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1343024091-562591055-1801674531-1005 - Limited - Enabled)
Guest (S-1-5-21-1343024091-562591055-1801674531-501 - Limited - Disabled)
Helge (S-1-5-21-1343024091-562591055-1801674531-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Helge
HelpAssistant (S-1-5-21-1343024091-562591055-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1343024091-562591055-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {AD166499-45F9-482A-A743-FDD3350758C7}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader 9 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TV 5.0 (HKLM\...\{94ED52E0-24A0-4AD8-9BFD-0560CA680A80}) (Version: 5.0.28.218 - ArcSoft, Inc.)
Avira (HKLM\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM\...\Battle.net) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Command & Conquer Renegade (HKLM\...\Renegade) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Diablo (HKLM\...\Diablo) (Version:  - )
Dropbox (HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Far Cry (Version: 1.00.0000 - Ihr Firmenname) Hidden
Frontschweine (HKLM\...\Hogs Of War) (Version: 1.0 - Infogrames)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Intel(R) PROSet/Wireless Software (HKLM\...\ProInst) (Version: 11.5.0.0 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
mCore (Version: 11.50.0000 - Intel Corporation) Hidden
mDriver (Version: 11.50.0000 - Intel) Hidden
mDrWiFi (Version: 11.50.0000 - Intel Corporation) Hidden
mHelp (Version: 11.50.0000 - Intel) Hidden
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
mIWA (Version: 11.50.0000 - Intel Corporation) Hidden
mLogView (Version: 11.50.0000 - Intel Corporation) Hidden
mMHouse (Version: 11.50.0000 - Intel Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
mPfMgr (Version: 11.50.0000 - Intel Corporation) Hidden
mPfWiz (Version: 11.50.0000 - Intel Corporation) Hidden
mProSafe (Version: 9.00.0000 - Intel) Hidden
mSCfg (Version: 11.50.0000 - Intel Corporation) Hidden
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
MUI Help Package - DEU (Version:  - Microsoft Corporation) Hidden
mWlsSafe (Version: 9.00.0000 - Intel) Hidden
mZConfig (Version: 11.50.0000 - Intel Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice 4.1.1 (HKLM\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Prey (HKLM\...\{A785BBA7-3FB9-4D81-BC35-4A2028915ACB}) (Version: 1.0 - Human Head Studios)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Sid Meier's Colonization 1.0 (HKLM\...\Sid Meier's Colonization) (Version: 1.0 - 2K Games)
SMS (HKLM\...\InstallShield_{CA86CD92-22BB-4BBE-A6A5-BF1B4BAD791A}) (Version: 5.1.59 - Siano Mobile Silicon)
SMS (Version: 5.1.59 - Siano Mobile Silicon) Hidden
Spotify (HKU\S-1-5-21-1343024091-562591055-1801674531-1004\...\Spotify) (Version: 1.0.6.80.g2a801a53 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
Titan Quest (HKLM\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
VirtualDJ Home FREE (HKLM\...\{77C2D5D4-ADC5-49F9-B36E-5992FCF35EA3}) (Version: 7.4.1 - Atomix Productions)
VLC media player 2.0.3 (HKLM\...\VLC media player) (Version: 2.0.3 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Winamp (nur entfernen) (HKLM\...\Winamp) (Version:  - )
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1343024091-562591055-1801674531-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Helge\Application Data\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-01-2016 11:14:46 System Checkpoint
02-02-2016 11:17:01 System Checkpoint
15-02-2016 11:17:54 System Checkpoint
20-02-2016 11:14:49 System Checkpoint
22-02-2016 11:16:20 System Checkpoint
23-02-2016 11:16:31 System Checkpoint
27-02-2016 05:46:25 System Checkpoint
28-02-2016 06:04:27 System Checkpoint
29-02-2016 06:40:39 System Checkpoint
01-03-2016 06:54:40 System Checkpoint
04-03-2016 14:39:52 Installiert ArcSoft TV
04-03-2016 14:40:53 Installed SMS
04-03-2016 14:42:33 Unsigned driver install
04-03-2016 14:47:50 Unsigned driver install
04-03-2016 14:50:49 Configured SMS
04-03-2016 14:53:31 Entfernt ArcSoft TV
04-03-2016 14:53:59 Configured SMS
04-03-2016 14:54:27 Installed SMS
04-03-2016 14:57:35 Installiert ArcSoft TV
04-03-2016 15:00:07 Unsigned driver install
04-03-2016 15:02:11 Unsigned driver install
04-03-2016 15:03:02 Entfernt ArcSoft TV
04-03-2016 15:03:29 Configured SMS
04-03-2016 15:04:11 Installed SMS
04-03-2016 15:04:47 Unsigned driver install
04-03-2016 15:06:36 Installiert ArcSoft TV
04-03-2016 15:10:54 Unsigned driver install
04-03-2016 15:19:46 Software Distribution Service 3.0
05-03-2016 07:54:23 Configured SMS
05-03-2016 07:55:34 Entfernt ArcSoft TV
05-03-2016 07:56:37 Installed SMS
05-03-2016 07:57:44 Unsigned driver install
05-03-2016 07:58:57 Installiert ArcSoft TV
15-09-2014 19:45:23 System Checkpoint
18-09-2014 19:54:17 System Checkpoint
23-09-2014 20:21:32 System Checkpoint
25-09-2014 20:43:43 System Checkpoint
30-09-2014 20:24:33 System Checkpoint
06-10-2014 21:47:10 System Checkpoint
08-10-2014 20:23:13 System Checkpoint
09-10-2014 20:46:48 System Checkpoint
15-10-2014 20:59:33 System Checkpoint
20-10-2014 19:54:04 System Checkpoint
21-10-2014 20:45:14 System Checkpoint
22-10-2014 21:20:50 System Checkpoint
27-10-2014 21:44:41 System Checkpoint
28-10-2014 21:53:16 System Checkpoint
30-10-2014 21:53:18 System Checkpoint
03-11-2014 21:47:25 System Checkpoint
06-11-2014 22:03:10 System Checkpoint
11-11-2014 21:23:59 System Checkpoint
13-11-2014 21:52:42 System Checkpoint
17-11-2014 21:46:31 System Checkpoint
18-11-2014 22:02:13 System Checkpoint
20-11-2014 21:48:34 System Checkpoint
24-11-2014 20:39:52 System Checkpoint
25-11-2014 22:51:23 System Checkpoint
27-11-2014 22:31:27 System Checkpoint
10-12-2014 21:06:43 System Checkpoint
06-01-2015 22:01:29 System Checkpoint
08-01-2015 21:25:06 System Checkpoint
12-01-2015 21:07:08 System Checkpoint
13-01-2015 22:03:21 System Checkpoint
15-01-2015 22:00:01 System Checkpoint
16-01-2015 22:04:35 System Checkpoint
30-01-2015 21:53:47 System Checkpoint
09-02-2015 22:30:01 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
09-02-2015 22:30:26 OpenOffice 4.1.1 wird installiert
10-02-2015 21:30:38 iTunes wird installiert
10-02-2015 22:02:18 Software Distribution Service 3.0
11-02-2015 04:31:12 Software Distribution Service 3.0
24-02-2015 10:34:56 Uniblue SpeedUpMyPC installation
24-02-2015 10:35:52 Uniblue DriverScanner installation
26-02-2015 17:43:20 Software Distribution Service 3.0
10-03-2015 21:19:27 Unsigned driver install
12-03-2015 12:42:40 System Checkpoint
20-03-2015 01:01:41 Avira Free Antivirus - 3/20/2015 0:01
20-03-2015 01:09:29 avast! Free Antivirus Setup
20-03-2015 01:13:00 Avira Free Antivirus - 3/20/2015 0:12
20-03-2015 01:18:09 Software Distribution Service 3.0
20-03-2015 01:59:57 Software Distribution Service 3.0
24-03-2015 22:00:01 System Checkpoint
25-03-2015 22:03:46 System Checkpoint
26-03-2015 20:23:38 Unsigned driver install
29-03-2015 03:32:04 System Checkpoint
30-03-2015 17:32:00 System Checkpoint
02-04-2015 13:03:00 System Checkpoint
03-04-2015 22:07:58 System Checkpoint
13-04-2015 12:21:25 System Checkpoint
13-05-2015 17:20:00 System Checkpoint
14-05-2015 21:39:59 System Checkpoint
21-05-2015 01:40:27 System Checkpoint
23-05-2015 00:36:32 System Checkpoint
24-05-2015 16:12:46 System Checkpoint
25-05-2015 16:28:21 System Checkpoint
27-05-2015 13:31:36 System Checkpoint
28-05-2015 20:38:20 System Checkpoint
29-05-2015 20:58:40 System Checkpoint
30-05-2015 21:08:26 System Checkpoint
01-06-2015 16:36:30 System Checkpoint
02-06-2015 17:28:14 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-12 14:00 - 2004-08-12 14:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1343024091-562591055-1801674531-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Helge\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe] => Enabled:Far Cry
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Helge\Application Data\Spotify\spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Dienst "Bonjour"
StandardProfile\AuthorizedApplications: [C:\creezy\iTunes\iTunes.exe] => Enabled:iTunes
StandardProfile\AuthorizedApplications: [C:\Spotify.exe] => Enabled:Spotify
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Helge\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:Dropbox
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

==================== Faulty Device Manager Devices =============

Name: USB Device
Description: USB Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard (848) An attempt to open the file "C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db" for read only access failed with system error 3 (0x00000003): "The system cannot find the path specified. ".  The open file operation will fail with error -1023 (0xfffffc01).


System errors:
=============
Error: (03/05/2016 08:12:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 30 minutes.
NtpClient has no source of accurate time.

Error: (03/05/2016 08:12:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/05/2016 07:57:53 AM) (Source: W32Time) (EventID: 29) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible. 
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (03/05/2016 07:57:53 AM) (Source: W32Time) (EventID: 17) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll.
Reference error message: The operation completed successfully.
.

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: Manifest Parse Error : XML document must have a top level element.
.

Error: (03/05/2016 07:49:57 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : XML document must have a top level element.
1" on line Manifest Parse Error : XML document must have a top level element.
2.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Generate Activation Context failed for C:\Program Files\ArcSoft\ArcSoft TV 5.0\EndPointCtrl.dll.
Reference error message: The operation completed successfully.
.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Resolve Partial Assembly failed for Microsoft.VC80.CRT.
Reference error message: Manifest Parse Error : XML document must have a top level element.
.

Error: (03/05/2016 07:49:49 AM) (Source: SideBySide) (EventID: 58) (User: )
Description: Syntax error in manifest or policy file "Manifest Parse Error : XML document must have a top level element.
1" on line Manifest Parse Error : XML document must have a top level element.
2.


Microsoft Office:
=========================
Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.

Error: (05/24/2015 00:17:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: avguard848C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\EVENTDB\gavi3.db-1023 (0xfffffc01)3 (0x00000003)The system cannot find the path specified.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz
Percentage of memory in use: 31%
Total physical RAM: 3070.36 MB
Available physical RAM: 2110.64 MB
Total Pagefile: 4955.52 MB
Available Pagefile: 3921.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.27 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:203.35 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: C3BA16E0)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End of log ============================

M-K-D-B · 03.06.2015, 12:16

Servus,

Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in die Zeile:
Code:
ATTFilter
```
Crossrider;Taplika;Browser Good;globalUpdate;gmsd_de_249;
         
```
Drücke auf Search Registry.
FRST beginnt mit dem Suchlauf. Dies kann einige Zeit dauern.
Am Ende erstellt FRST eine Textdatei Search.txt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

M-K-D-B · 07.06.2015, 08:58

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

PC voll von Viren? ADWCleaner zeigt eine sehr lange Log-File!

Log-Analyse und Auswertung: PC voll von Viren? ADWCleaner zeigt eine sehr lange Log-File!