Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.08.2014, 18:46   #1
Asmoteus
 
Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Hallo,

vor einiger Zeit wurde meine Frau bei Nutzung ihres Laptop Opfer eines Virus oder Trojaners, der beim Öffnen des Internetbanking eine Fake-Abfrage über das Banking geschoben hat und leider erfolgreich eine TAN abgefischt hat. das Ergebnis war ein leeres Konto und viele viele Tränen. Seitdem haben wir Angst diesen Laptop zu benutzen und ich möchte dieses Forum nutzen, um den Laptop wieder sicher zu machen.

Zum Start habe ich die Ergebnisse von FRST64 erzeugt:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-08-2014 01
Ran by Gursky (administrator) on THUNDERBIRD on 10-08-2014 19:35:21
Running from C:\Users\Gursky\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Babylon Ltd.) C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Babylon) C:\Program Files\Babylon\Babylon-Pro\BabylonHelper64.exe
(Ginger Software) C:\Program Files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107688 2010-04-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3577712 2010-03-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Babylon Client] => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe [3462296 2012-07-02] (Babylon Ltd.)
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [AnyProtect Tray] => "C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe"
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Google Update] => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-04-27] (Google Inc.)
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 11\AudialsNotifier.exe
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Acti-1-0] => C:\Windows\system32\crypring.exe [299008 2014-07-14] ()
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=58&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=58&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ie-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ie_ds_IS0&query={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon IE plugin -> {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} -> C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: MyEmoticons Class -> {DCC39ACE-709B-44EA-B062-5F6BE2774644} -> C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons-1.3.dll (GreenTree Applications)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Amazon 
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.yahoo.com
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Babylon Spelling and Proofreading - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\adapter@babylontc.com.xpi [2012-07-24]
FF Extension: Babylon Translation Activation - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\ocr@babylon.com.xpi [2012-07-24]
FF Extension: Greasemonkey - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-16]
FF HKLM-x32\...\Firefox\Extensions: [myemoticons@myemoticons.com] - C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3
FF Extension: MyEmoticons - C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3 [2012-10-08]

Chrome: 
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=55&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=55&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&SSPV="
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Extension: (Babylon Translator) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2012-07-30]
CHR Extension: (Google Wallet) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12]
CHR Extension: (MyEmoticons) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf [2013-01-20]
CHR Extension: (Extutil) - C:\Users\Gursky\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-02]
CHR Extension: (Managera) - C:\Users\Gursky\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-02]
CHR HKLM-x32\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [oopofgccipckckifenoicncegojimpmf] - C:\Users\Gursky\AppData\Roaming\MyEmoticons\oopofgccipckckifenoicncegojimpmf.crx [2012-08-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3456880 2010-03-08] (Egis Technology Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-09-01] (Windows (R) Win 7 DDK provider)
R3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [625152 2009-05-23] (LiteOn)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-09-01] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-06-11] (Audials AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-02-25] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 19:35 - 2014-08-10 19:35 - 00023434 _____ () C:\Users\Gursky\Downloads\FRST.txt
2014-08-10 19:35 - 2014-08-10 19:35 - 00000000 ____D () C:\FRST
2014-08-10 19:34 - 2014-08-10 19:35 - 02099712 _____ (Farbar) C:\Users\Gursky\Downloads\FRST64.exe
2014-08-08 18:57 - 2014-08-08 18:28 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
2014-07-14 22:26 - 2014-07-14 22:26 - 00299008 _____ () C:\Windows\system32\crypring.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-10 19:35 - 2014-08-10 19:35 - 00023434 _____ () C:\Users\Gursky\Downloads\FRST.txt
2014-08-10 19:35 - 2014-08-10 19:35 - 00000000 ____D () C:\FRST
2014-08-10 19:35 - 2014-08-10 19:34 - 02099712 _____ (Farbar) C:\Users\Gursky\Downloads\FRST64.exe
2014-08-10 19:33 - 2012-07-24 20:57 - 00000000 ____D () C:\ProgramData\Babylon
2014-08-10 19:33 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 19:33 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-10 19:29 - 2011-03-02 19:05 - 01248570 _____ () C:\Windows\WindowsUpdate.log
2014-08-10 19:26 - 2011-04-25 15:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-10 19:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-10 19:26 - 2009-07-14 06:51 - 00198585 _____ () C:\Windows\setupact.log
2014-08-10 19:26 - 2009-07-14 06:45 - 00379576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-09 16:01 - 2011-04-25 15:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 15:54 - 2011-05-08 11:10 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job
2014-08-09 15:46 - 2012-07-30 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 14:54 - 2011-05-08 11:10 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job
2014-08-08 18:32 - 2011-03-03 03:56 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-08-08 18:32 - 2011-03-03 03:56 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-08-08 18:32 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 18:28 - 2014-08-08 18:57 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
2014-07-18 07:57 - 2011-05-08 11:10 - 00002368 _____ () C:\Users\Gursky\Desktop\Google Chrome.lnk
2014-07-14 22:26 - 2014-07-14 22:26 - 00299008 _____ () C:\Windows\system32\crypring.exe
2014-07-14 19:03 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Gursky\AppData\Local\Temp\AskSLib.dll
C:\Users\Gursky\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gursky\AppData\Local\Temp\COMAP.EXE
C:\Users\Gursky\AppData\Local\Temp\EAD86BB.exe
C:\Users\Gursky\AppData\Local\Temp\EAD888F.exe
C:\Users\Gursky\AppData\Local\Temp\EAD9146.exe
C:\Users\Gursky\AppData\Local\Temp\EAD94EE.exe
C:\Users\Gursky\AppData\Local\Temp\EAD9F89.exe
C:\Users\Gursky\AppData\Local\Temp\EAD9FE6.exe
C:\Users\Gursky\AppData\Local\Temp\EADB0F6.exe
C:\Users\Gursky\AppData\Local\Temp\EADB6FF.exe
C:\Users\Gursky\AppData\Local\Temp\EADB99D.exe
C:\Users\Gursky\AppData\Local\Temp\EADBAD5.exe
C:\Users\Gursky\AppData\Local\Temp\EADBF29.exe
C:\Users\Gursky\AppData\Local\Temp\EADC725.exe
C:\Users\Gursky\AppData\Local\Temp\EADCD5C.exe
C:\Users\Gursky\AppData\Local\Temp\EADD161.exe
C:\Users\Gursky\AppData\Local\Temp\EADD355.exe
C:\Users\Gursky\AppData\Local\Temp\EADD3B2.exe
C:\Users\Gursky\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gursky\AppData\Local\Temp\htmlayout.dll
C:\Users\Gursky\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Gursky\AppData\Local\Temp\nsc1206.exe
C:\Users\Gursky\AppData\Local\Temp\nsc97C.exe
C:\Users\Gursky\AppData\Local\Temp\nscE61F.exe
C:\Users\Gursky\AppData\Local\Temp\nsf7FFD.exe
C:\Users\Gursky\AppData\Local\Temp\nsiE296.exe
C:\Users\Gursky\AppData\Local\Temp\nssDD1.exe
C:\Users\Gursky\AppData\Local\Temp\nsxE9F7.exe
C:\Users\Gursky\AppData\Local\Temp\RegClean2.exe
C:\Users\Gursky\AppData\Local\Temp\toolbar1437143.exe
C:\Users\Gursky\AppData\Local\Temp\toolbar1438485.exe
C:\Users\Gursky\AppData\Local\Temp\toolbar1438547.exe
C:\Users\Gursky\AppData\Local\Temp\uninstall188480.exe
C:\Users\Gursky\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Gursky\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Gursky\AppData\Local\Temp\VuuPC.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 07:24

==================== End Of Log ============================
         


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01
Ran by Gursky at 2014-08-10 19:36:03
Running from C:\Users\Gursky\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7501 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.1.7501 - CyberLink Corp.) Hidden
Acer Arcade Instant On (x32 Version: 3.0.34.2 - Acer) Hidden
Acer Arcade Movie (x32 Version: 9.0.6302 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.5.76 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.12.1 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{AFBE654A-4597-89DB-EF5F-7CC7D0475691}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Babylon (HKLM-x32\...\Babylon) (Version:  - Babylon)
Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden
bwin Poker (HKLM-x32\...\bwin Poker_is1) (Version:  - bwin)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Fingerprint Solution (x32 Version: 6.1.76.0 - Egis Technology Inc.) Hidden
Fragen-Lern-CD 4.0 international (HKLM-x32\...\de.3m5.wendel.flcd.FLCDint.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.0.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.0 international (x32 Version: 4.0.0 - Wendel-Verlag GmbH) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.)
MediaDrug (HKCU\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyEmoticons (HKCU\...\MyEmoticons) (Version: 1.3.0.0 - GreenTree Applications SRL)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Nuvoton CIR Device Drivers (HKLM-x32\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation)
O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.)
O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5FAD2AAE-C6DD-4CC8-B325-BFCBB3D32249}) (Version: 2.0.37.D - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D - O2Micro International LTD.) Hidden
ODF Add-In für Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PartyPoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.2 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

17-07-2014 05:45:28 Geplanter Prüfpunkt
24-07-2014 16:42:59 Geplanter Prüfpunkt
31-07-2014 20:48:02 Geplanter Prüfpunkt
08-08-2014 05:31:36 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2EE742A3-8553-4CA4-B801-A2AA9223536C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {45642250-B034-4683-B5BF-A80925E82EA1} - System32\Tasks\Digital Sites => C:\Users\Gursky\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {4A411131-3DF8-49B1-A988-368994F073E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {4B203BC5-1FA7-491E-90DA-47B92FDD49A1} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {640A23E2-2E60-45B3-B093-B4558DC42561} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6ACF023F-5D47-48BF-9ADF-07809EE1BC99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8148C350-814E-4103-821B-EE64A1172966} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {977CEC33-8DB2-4BC1-A130-52B8784FA3F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {DCF8A36C-FB3A-4AC1-A36D-F8142DFBFDF1} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {E8FC529F-7B2B-4338-9DB6-4D48A6A732FF} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {F20D94DC-D65C-46D0-9AE0-2346C1D5A7CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Gursky\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-08 04:35 - 2010-03-08 04:35 - 00108912 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2011-03-02 19:32 - 2010-02-03 10:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2011-03-02 19:18 - 2010-01-13 11:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-03-26 12:46 - 2010-03-26 12:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-01-07 15:42 - 2010-01-07 15:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-02 19:07 - 2011-03-02 19:07 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-28 14:13 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-07-24 20:58 - 2010-03-29 14:02 - 00520234 _____ () C:\ProgramData\Babylon\sqlite3.dll
2011-05-24 20:06 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-04-28 13:28 - 2010-04-28 13:28 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a52290f344ad5c5e513d71251549f5c2\IsdiInterop.ni.dll
2010-04-28 13:28 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2014 08:58:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 26c

Startzeit: 01cfaf3059b69912

Endzeit: 26

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID: 34016a79-1b40-11e4-8187-c80aa9907234

Error: (08/03/2014 05:33:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d7370
ID des fehlerhaften Prozesses: 0x1268
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/30/2014 08:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005d9039
ID des fehlerhaften Prozesses: 0xb68
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/27/2014 00:43:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x3308cd0c
ID des fehlerhaften Prozesses: 0x1070
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/22/2014 10:06:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x005d9039
ID des fehlerhaften Prozesses: 0x1f10
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/17/2014 11:46:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 794

Startzeit: 01cfa1f6fe5a1e2b

Endzeit: 45

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID: c9db22d4-0dfb-11e4-bd8f-c80aa9907234

Error: (07/12/2014 08:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: Flash32_14_0_0_145.ocx, Version: 14.0.0.145, Zeitstempel: 0x53aa18ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000d7370
ID des fehlerhaften Prozesses: 0x1108
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/11/2014 11:17:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16421, Zeitstempel: 0x4d76255d
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x1299fc30
ID des fehlerhaften Prozesses: 0x1328
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3

Error: (07/10/2014 10:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm iexplore.exe, Version 9.0.8112.16421 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1300

Startzeit: 01cf9c6cd5e419da

Endzeit: 30

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Berichts-ID: 0d7848d6-0871-11e4-8fc1-c80aa9907234

Error: (07/10/2014 07:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450, Zeitstempel: 0x4aebab8d
Name des fehlerhaften Moduls: Captlib64.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4fb1251e
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0000000009ac68e0
ID des fehlerhaften Prozesses: 0x468
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3


System errors:
=============
Error: (08/09/2014 01:07:13 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/08/2014 05:39:06 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (08/08/2014 07:49:57 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}

Error: (08/07/2014 10:30:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.

Error: (08/07/2014 10:30:34 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.

Error: (08/07/2014 10:30:30 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.

Error: (08/07/2014 10:11:55 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.

Error: (08/07/2014 10:01:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (08/05/2014 11:09:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.

Error: (08/05/2014 11:09:31 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR4 gefunden.


Microsoft Office Sessions:
=========================
Error: (08/03/2014 08:58:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1642126c01cfaf3059b6991226C:\Program Files (x86)\Internet Explorer\iexplore.exe34016a79-1b40-11e4-8187-c80aa9907234

Error: (08/03/2014 05:33:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005000d7370126801cfaf2835c33cefC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx93910ea9-1b23-11e4-8187-c80aa9907234

Error: (07/30/2014 08:20:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005005d9039b6801cfac05d1287918C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx3f610a8f-1816-11e4-9199-c80aa9907234

Error: (07/27/2014 00:43:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dunknown0.0.0.000000000c00000053308cd0c107001cfa96004a957edC:\Program Files (x86)\Internet Explorer\iexplore.exeunknowne9429654-157a-11e4-a1e7-c80aa9907234

Error: (07/22/2014 10:06:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005005d90391f1001cfa5da10672285C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocxa6118c80-11db-11e4-b4ea-78e400251bc4

Error: (07/17/2014 11:46:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.1642179401cfa1f6fe5a1e2b45C:\Program Files (x86)\Internet Explorer\iexplore.exec9db22d4-0dfb-11e4-bd8f-c80aa9907234

Error: (07/12/2014 08:56:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dFlash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005000d7370110801cf9df49739a24bC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx3fb49b8c-09f6-11e4-be75-c80aa9907234

Error: (07/11/2014 11:17:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe9.0.8112.164214d76255dunknown0.0.0.000000000c00000051299fc30132801cf9d46d072c7d3C:\Program Files (x86)\Internet Explorer\iexplore.exeunknowncb477b74-0940-11e4-9341-c80aa9907234

Error: (07/10/2014 10:30:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe9.0.8112.16421130001cf9c6cd5e419da30C:\Program Files (x86)\Internet Explorer\iexplore.exe0d7848d6-0871-11e4-8fc1-c80aa9907234

Error: (07/10/2014 07:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7600.164504aebab8dCaptlib64.dll_unloaded0.0.0.04fb1251ec000041d0000000009ac68e046801cf9c4e251f2e7cC:\Windows\Explorer.EXECaptlib64.dll7cf488d3-085b-11e4-8b02-c80aa9907234


CodeIntegrity Errors:
===================================
  Date: 2013-02-18 20:35:55.006
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 11:05:09.507
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 09:47:40.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 08:01:48.995
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 07:58:25.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-22 16:23:15.468
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-11 07:06:38.654
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-10 22:08:13.151
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-08 11:24:42.315
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-08 10:22:42.112
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 19%
Total physical RAM: 8124.5 MB
Available physical RAM: 6503.89 MB
Total Pagefile: 16247.14 MB
Available Pagefile: 14380.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:288.8 GB) (Free:184.9 GB) NTFS
Drive d: (DATA) (Fixed) (Total:288.14 GB) (Free:288.04 GB) NTFS
Drive e: (DATA) (Fixed) (Total:596.17 GB) (Free:565.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 3E9DEFF9)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=577 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 596 GB) (Disk ID: 0F4BC564)
Partition 1: (Not Active) - (Size=596 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 10.08.2014, 19:06   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 11.08.2014, 23:04   #3
Asmoteus
 
Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Hallo,

anbei das Ergebnis des Scans:
Code:
ATTFilter
23:56:42.0135 0x087c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:56:49.0633 0x087c  ============================================================
23:56:49.0633 0x087c  Current date / time: 2014/08/11 23:56:49.0633
23:56:49.0633 0x087c  SystemInfo:
23:56:49.0633 0x087c  
23:56:49.0633 0x087c  OS Version: 6.1.7600 ServicePack: 0.0
23:56:49.0633 0x087c  Product type: Workstation
23:56:49.0634 0x087c  ComputerName: THUNDERBIRD
23:56:49.0634 0x087c  UserName: Gursky
23:56:49.0634 0x087c  Windows directory: C:\Windows
23:56:49.0634 0x087c  System windows directory: C:\Windows
23:56:49.0634 0x087c  Running under WOW64
23:56:49.0634 0x087c  Processor architecture: Intel x64
23:56:49.0634 0x087c  Number of processors: 8
23:56:49.0634 0x087c  Page size: 0x1000
23:56:49.0634 0x087c  Boot type: Normal boot
23:56:49.0634 0x087c  ============================================================
23:56:52.0010 0x087c  KLMD registered as C:\Windows\system32\drivers\62980868.sys
23:56:52.0354 0x087c  System UUID: {89B552C9-29EA-F46D-19B7-9B367F31AEDD}
23:56:52.0922 0x087c  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:56:56.0608 0x087c  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:56:56.0622 0x087c  ============================================================
23:56:56.0622 0x087c  \Device\Harddisk0\DR0:
23:56:56.0678 0x087c  MBR partitions:
23:56:56.0678 0x087c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2640800, BlocksNum 0x32000
23:56:56.0687 0x087c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2673000, BlocksNum 0x2419A800
23:56:56.0710 0x087c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2680E000, BlocksNum 0x24049800
23:56:56.0710 0x087c  \Device\Harddisk1\DR1:
23:56:56.0849 0x087c  MBR partitions:
23:56:56.0853 0x087c  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
23:56:56.0853 0x087c  ============================================================
23:56:56.0886 0x087c  C: <-> \Device\Harddisk0\DR0\Partition2
23:56:56.0926 0x087c  D: <-> \Device\Harddisk0\DR0\Partition3
23:56:56.0940 0x087c  E: <-> \Device\Harddisk1\DR1\Partition1
23:56:56.0940 0x087c  ============================================================
23:56:56.0940 0x087c  Initialize success
23:56:56.0940 0x087c  ============================================================
23:58:14.0500 0x1294  ============================================================
23:58:14.0500 0x1294  Scan started
23:58:14.0500 0x1294  Mode: Manual; SigCheck; TDLFS; 
23:58:14.0500 0x1294  ============================================================
23:58:14.0500 0x1294  KSN ping started
23:58:17.0202 0x1294  KSN ping finished: true
23:58:18.0596 0x1294  ================ Scan system memory ========================
23:58:18.0597 0x1294  System memory - ok
23:58:18.0597 0x1294  ================ Scan services =============================
23:58:18.0852 0x1294  [ 1B00662092F9F9568B995902F0CC40D5, D345014CF146FA57B2682C189D5E7F27D4C78F321F2723D912D623E777C2BB70 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:58:18.0960 0x1294  1394ohci - ok
23:58:19.0003 0x1294  [ 6F11E88748CDEFD2F76AA215F97DDFE5, BD0B3561EDCDE5EFD89372793CFD09DF879709BF469542F4A049705CBA9FD060 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:58:19.0018 0x1294  ACPI - ok
23:58:19.0048 0x1294  [ 63B05A0420CE4BF0E4AF6DCC7CADA254, 56BCC219D6B886FD42B7D335B4A7BBA3C9BC148220CBD99F8583FB505DAE63BF ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
23:58:19.0127 0x1294  AcpiPmi - ok
23:58:19.0445 0x1294  [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:58:19.0474 0x1294  AdobeFlashPlayerUpdateSvc - ok
23:58:19.0628 0x1294  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:58:19.0651 0x1294  adp94xx - ok
23:58:19.0694 0x1294  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:58:19.0710 0x1294  adpahci - ok
23:58:19.0732 0x1294  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:58:19.0744 0x1294  adpu320 - ok
23:58:19.0764 0x1294  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:58:19.0895 0x1294  AeLookupSvc - ok
23:58:19.0941 0x1294  [ B9384E03479D2506BC924C16A3DB87BC, AB5FD2BC1F005E7D664F5DE3D5CB54499024A83B716DD52C56582DB7EFB4F01B ] AFD             C:\Windows\system32\drivers\afd.sys
23:58:19.0998 0x1294  AFD - ok
23:58:20.0030 0x1294  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:58:20.0050 0x1294  agp440 - ok
23:58:20.0098 0x1294  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:58:20.0137 0x1294  ALG - ok
23:58:20.0173 0x1294  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:58:20.0190 0x1294  aliide - ok
23:58:20.0246 0x1294  [ B4143CB1DD16AE73C6177C72F33450A6, D675AEF56FF030314AB3B4F13A81D72272E67AE10E415058928182A3B8370FE1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:58:20.0339 0x1294  AMD External Events Utility - ok
23:58:20.0389 0x1294  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:58:20.0406 0x1294  amdide - ok
23:58:20.0442 0x1294  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:58:20.0489 0x1294  AmdK8 - ok
23:58:21.0147 0x1294  [ D1D06810BF7E21F5763EB06CB7E7262B, 77DEEA2C76D1C3E65E3D4F1FB2C671195019E9B78336EA4E040565DB88228611 ] amdkmdag        C:\Windows\system32\DRIVERS\atipmdag.sys
23:58:21.0526 0x1294  amdkmdag - ok
23:58:21.0569 0x1294  [ 6BA71D6616B56816E57394D77DD1BB6F, 5250378D4CA31578D8E92DD4402E2AA34C2299EA2D9471AC5A9A7CEA46A54CB3 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:58:21.0594 0x1294  amdkmdap - ok
23:58:21.0627 0x1294  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:58:21.0667 0x1294  AmdPPM - ok
23:58:21.0697 0x1294  [ 7A4B413614C055935567CF88A9734D38, A3BB7CDF3EE0EEF67F89263E81145E73C7142EF5F0AF265375C2ECCE74F932C4 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
23:58:21.0715 0x1294  amdsata - ok
23:58:21.0750 0x1294  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:58:21.0767 0x1294  amdsbs - ok
23:58:21.0788 0x1294  [ B4AD0CACBAB298671DD6F6EF7E20679D, FB566C892D0A3DC0A523AE20F35011996958D670937DD5C1A1FCCD36AAC714D7 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
23:58:21.0795 0x1294  amdxata - ok
23:58:21.0841 0x1294  [ 42FD751B27FA0E9C69BB39F39E409594, DE349CAA570957868CA1CB0BE0FAF551CD4D44FD53EBC4391B9C1C7B9CF295D2 ] AppID           C:\Windows\system32\drivers\appid.sys
23:58:21.0911 0x1294  AppID - ok
23:58:21.0943 0x1294  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:58:21.0989 0x1294  AppIDSvc - ok
23:58:22.0033 0x1294  [ D065BE66822847B7F127D1F90158376E, 20F911F390FF23C2C42361A449C4344DB59F1DC21EDD1E7EBC4E80914DEF7824 ] Appinfo         C:\Windows\System32\appinfo.dll
23:58:22.0102 0x1294  Appinfo - ok
23:58:22.0133 0x1294  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:58:22.0141 0x1294  arc - ok
23:58:22.0170 0x1294  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:58:22.0180 0x1294  arcsas - ok
23:58:22.0208 0x1294  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:58:22.0279 0x1294  AsyncMac - ok
23:58:22.0316 0x1294  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
23:58:22.0324 0x1294  atapi - ok
23:58:22.0367 0x1294  [ 77C149E6D702737B2E372DEE166FAEF8, D18FEAE9D915D5F25B787B755F9C6321A9C9506D4F563DD637E3586401E36053 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
23:58:22.0423 0x1294  AtiHdmiService - ok
23:58:22.0506 0x1294  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:58:22.0572 0x1294  AudioEndpointBuilder - ok
23:58:22.0591 0x1294  [ 07721A77180EDD4D39CCB865BF63C7FD, 9E8117E747C86154F98F2686D805A981029CC5D11AFB115A529429C9A4579BE5 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:58:22.0633 0x1294  AudioSrv - ok
23:58:22.0690 0x1294  [ B20B5FA5CA050E9926E4D1DB81501B32, 91B9038349BA07E32DE809E6798167EE44087809EB1174B84EC16580040F1BE0 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:58:22.0791 0x1294  AxInstSV - ok
23:58:22.0862 0x1294  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:58:22.0922 0x1294  b06bdrv - ok
23:58:22.0985 0x1294  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:58:23.0018 0x1294  b57nd60a - ok
23:58:23.0220 0x1294  [ FDE8C8DC07E75347E4C6B455A0964217, A5CFF5BDBE9989328269FB422A0DBE18CF9CA6974F530A6DE9BCF66A2B766A68 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
23:58:23.0329 0x1294  BCM43XX - ok
23:58:23.0356 0x1294  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:58:23.0388 0x1294  BDESVC - ok
23:58:23.0410 0x1294  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:58:23.0447 0x1294  Beep - ok
23:58:23.0506 0x1294  [ 4992C609A6315671463E30F6512BC022, 3020034556EAC25CD90F41D3BFFDD0BB2C3D1C5BAC4359F4B71B84A9FC404495 ] BFE             C:\Windows\System32\bfe.dll
23:58:23.0567 0x1294  BFE - ok
23:58:23.0684 0x1294  [ 7F0C323FE3DA28AA4AA1BDA3F575707F, 7FF09CBC16A9E5F357A76FF79A3F0DD047957D474031F51A6BB4916C7911F005 ] BITS            C:\Windows\System32\qmgr.dll
23:58:23.0774 0x1294  BITS - ok
23:58:23.0808 0x1294  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:58:23.0838 0x1294  blbdrive - ok
23:58:23.0867 0x1294  [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:58:23.0916 0x1294  bowser - ok
23:58:23.0948 0x1294  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:58:23.0990 0x1294  BrFiltLo - ok
23:58:24.0015 0x1294  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:58:24.0027 0x1294  BrFiltUp - ok
23:58:24.0077 0x1294  [ 94FBC06F294D58D02361918418F996E3, 62C7CC2AF8F5A0BB0C262DACDE3F72C6AC318C3840CE60E46EE2064B32BDA5EF ] Browser         C:\Windows\System32\browser.dll
23:58:24.0147 0x1294  Browser - ok
23:58:24.0182 0x1294  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:58:24.0241 0x1294  Brserid - ok
23:58:24.0272 0x1294  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:58:24.0329 0x1294  BrSerWdm - ok
23:58:24.0343 0x1294  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:58:24.0379 0x1294  BrUsbMdm - ok
23:58:24.0402 0x1294  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:58:24.0438 0x1294  BrUsbSer - ok
23:58:24.0485 0x1294  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
23:58:24.0522 0x1294  BthEnum - ok
23:58:24.0539 0x1294  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:58:24.0570 0x1294  BTHMODEM - ok
23:58:24.0593 0x1294  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:58:24.0614 0x1294  BthPan - ok
23:58:24.0664 0x1294  [ A51FA9D0E85D5ADABEF72E67F386309C, 4F6F44D5E3A43239B50BCA75CBAA48FE40097E2AFF9360E1956F41ED52BD8183 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
23:58:24.0692 0x1294  BTHPORT - ok
23:58:24.0724 0x1294  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:58:24.0752 0x1294  bthserv - ok
23:58:24.0765 0x1294  [ F740B9A16B2C06700F2130E19986BF3B, 92158FD1B3706DE068F077ACA9A25F5479EF282E8B81F5A2FF8A66CBB5F80FCF ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
23:58:24.0786 0x1294  BTHUSB - ok
23:58:24.0852 0x1294  [ 380B798D30C56EDE4AF58619D0E86CCB, 6830E0C0A5DA74B6E3122702135AF4E018D938FB18F59C5501FB88C994EA1845 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
23:58:24.0885 0x1294  btwampfl - ok
23:58:24.0904 0x1294  [ BA5622F5544C6C445DFF1A05ACC8B19D, D9B3FBED2EDE92E16AEC5A6E3E69768540083A9AB3D80E3E8DC9218B7BD78DED ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
23:58:24.0911 0x1294  btwaudio - ok
23:58:24.0934 0x1294  [ A11905D0F4BD34771F195217B6AA5AE0, 2E7096E278978773C42E06833D2207DE7B4A9DBC4AF09415DCADD27372C4C0AE ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
23:58:24.0942 0x1294  btwavdt - ok
23:58:25.0094 0x1294  [ 3930E53EE0BED9DFF9AFA09F505D0CAE, 4DD6EC1A669A1063AB5CFC71DDF021EA0B241C10A284EB9C82B7F95BDDF3ECD8 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:58:25.0133 0x1294  btwdins - ok
23:58:25.0160 0x1294  [ 07096D2BC22CCB6CEA5A532DF0BE8A75, A9B7F2EFFDF1E4EC0A5DC098F0ED2BE44E271844A4F1CBAD2FA1655DE1E03F6E ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
23:58:25.0166 0x1294  btwl2cap - ok
23:58:25.0201 0x1294  [ BD776F32D64EC615BE4563DC2747224E, D0CFB25919051DC5654CC47BBD785D304BEEA4BEBC99BEFCE74C53C439AB33ED ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
23:58:25.0206 0x1294  btwrchid - ok
23:58:25.0242 0x1294  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:58:25.0286 0x1294  cdfs - ok
23:58:25.0342 0x1294  [ 83D2D75E1EFB81B3450C18131443F7DB, F2C686C980D818E797818E75B808E1E0B51B2045840A4BFC32D860B7DB4DFA22 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:58:25.0381 0x1294  cdrom - ok
23:58:25.0432 0x1294  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:58:25.0473 0x1294  CertPropSvc - ok
23:58:25.0492 0x1294  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:58:25.0530 0x1294  circlass - ok
23:58:25.0561 0x1294  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:58:25.0577 0x1294  CLFS - ok
23:58:25.0647 0x1294  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:58:25.0664 0x1294  clr_optimization_v2.0.50727_32 - ok
23:58:25.0710 0x1294  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:58:25.0718 0x1294  clr_optimization_v2.0.50727_64 - ok
23:58:25.0756 0x1294  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:58:25.0791 0x1294  CmBatt - ok
23:58:25.0804 0x1294  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:58:25.0816 0x1294  cmdide - ok
23:58:25.0858 0x1294  [ F95FD4CB7DA00BA2A63CE9F6B5C053E1, D1FBCA0416D38B9CA510FB01CF251E60B244D38080E6668948ED927D2350ED49 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:58:25.0887 0x1294  CNG - ok
23:58:25.0923 0x1294  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:58:25.0930 0x1294  Compbatt - ok
23:58:25.0960 0x1294  [ F26B3A86F6FA87CA360B879581AB4123, 723904362614FE47F6CC0EA0656BA1B47EA32D73BAFB61688A5E5CAE4340B1BF ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:58:25.0985 0x1294  CompositeBus - ok
23:58:26.0004 0x1294  COMSysApp - ok
23:58:26.0016 0x1294  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:58:26.0024 0x1294  crcdisk - ok
23:58:26.0071 0x1294  [ 8C57411B66282C01533CB776F98AD384, 65BCF1B0BA521CBE39E974C7ACAEA9C9E3F89D86754275C6B2616E7691876AEE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:58:26.0117 0x1294  CryptSvc - ok
23:58:26.0167 0x1294  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:58:26.0223 0x1294  DcomLaunch - ok
23:58:26.0280 0x1294  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:58:26.0341 0x1294  defragsvc - ok
23:58:26.0369 0x1294  [ 3F1DC527070ACB87E40AFE46EF6DA749, 5CB9CB94854AF06BEA02AF3E0562B8ECF72B2B23ED657A3F5E17CD3552F3EF84 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:58:26.0428 0x1294  DfsC - ok
23:58:26.0468 0x1294  [ CE3B9562D997F69B330D181A8875960F, 6FEE6622859198C5C13545867EF7CFE8EDC991360E976F792313DAA9C82CC5C8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:58:26.0533 0x1294  Dhcp - ok
23:58:26.0558 0x1294  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:58:26.0600 0x1294  discache - ok
23:58:26.0633 0x1294  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:58:26.0642 0x1294  Disk - ok
23:58:26.0675 0x1294  [ 676108C4E3AA6F6B34633748BD0BEBD9, 953286126E482EF3A9A1833680EFF86D657BD6C5411B9AEC2D7828ADE63D25AD ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:58:26.0726 0x1294  Dnscache - ok
23:58:26.0748 0x1294  [ 14452ACDB09B70964C8C21BF80A13ACB, DA0AAAC04626EFF4256D7095FF1DDA1F1B17676E26990C418BDF5090476F2AB4 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:58:26.0792 0x1294  dot3svc - ok
23:58:26.0813 0x1294  [ 8C2BA6BEA949EE6E68385F5692BAFB94, 1047F473DCE0FB56BEA5C1B7929752C1FBAB5983C8202ABB4EEA48FCD60A353A ] DPS             C:\Windows\system32\dps.dll
23:58:26.0844 0x1294  DPS - ok
23:58:26.0870 0x1294  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:58:26.0898 0x1294  drmkaud - ok
23:58:27.0004 0x1294  [ 61E894FE1E9CC720C909E6E343351794, 2C8540ED0A2C7028B242289078B4C2D8678D26FB7429AB3B33C136BB47B178C3 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:58:27.0022 0x1294  DsiWMIService - ok
23:58:27.0112 0x1294  [ 1633B9ABF52784A1331476397A48CBEF, 697780697C4C55FCCF5FB65C93FB37B3F5A43BF0C59FDBB9EF822D0E993E47BD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:58:27.0141 0x1294  DXGKrnl - ok
23:58:27.0177 0x1294  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:58:27.0221 0x1294  EapHost - ok
23:58:27.0386 0x1294  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:58:27.0592 0x1294  ebdrv - ok
23:58:27.0624 0x1294  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS             C:\Windows\System32\lsass.exe
23:58:27.0648 0x1294  EFS - ok
23:58:27.0739 0x1294  [ B91D81B3B54A54CCAFC03733DBC2E29E, B08CFD3136F678CF902722B32CA55C4983EEE5AEBDCEE036BEB746914742141C ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:58:27.0803 0x1294  ehRecvr - ok
23:58:27.0842 0x1294  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:58:27.0874 0x1294  ehSched - ok
23:58:27.0939 0x1294  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:58:27.0960 0x1294  elxstor - ok
23:58:28.0058 0x1294  [ 91C2E6234F6884C6FEEF9658D8EDE6B6, 5CD0CED05FD9FB3C134DD87C0115CDD314CE20B7E4BAB95AC4AA181EAE6C855E ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
23:58:28.0086 0x1294  ePowerSvc - ok
23:58:28.0104 0x1294  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:58:28.0114 0x1294  ErrDev - ok
23:58:28.0248 0x1294  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:58:28.0306 0x1294  EventSystem - ok
23:58:28.0331 0x1294  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:58:28.0377 0x1294  exfat - ok
23:58:28.0413 0x1294  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:58:28.0462 0x1294  fastfat - ok
23:58:28.0545 0x1294  [ D607B2F1BEE3992AA6C2C92C0A2F0855, E22301C8F01DBF0A38A85165959BB070647C996CB1BCD50FDFE3DDDCA427DF2A ] Fax             C:\Windows\system32\fxssvc.exe
23:58:28.0588 0x1294  Fax - ok
23:58:28.0621 0x1294  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:58:28.0650 0x1294  fdc - ok
23:58:28.0691 0x1294  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:58:28.0754 0x1294  fdPHost - ok
23:58:28.0771 0x1294  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:58:28.0798 0x1294  FDResPub - ok
23:58:28.0831 0x1294  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:58:28.0839 0x1294  FileInfo - ok
23:58:28.0854 0x1294  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:58:28.0882 0x1294  Filetrace - ok
23:58:28.0901 0x1294  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:58:28.0912 0x1294  flpydisk - ok
23:58:28.0938 0x1294  [ F7866AF72ABBAF84B1FA5AA195378C59, 9D522044FE9C18FB3EC327E675737C01F2A8231DDE900421D3A431596946A7F8 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:58:28.0952 0x1294  FltMgr - ok
23:58:29.0005 0x1294  [ BC00505CFDA789ED3BE95D2FF38C4875, 9CB98AFF8A9740CFB53BDFB3DD40A76EB79C160CF2DF03E5EEFF6F2109216FEB ] FontCache       C:\Windows\system32\FntCache.dll
23:58:29.0081 0x1294  FontCache - ok
23:58:29.0142 0x1294  [ 8D89E3131C27FDD6932189CB785E1B7A, AC7DA4C5E6D2E41D1A1DE146E46F034FAF0FB11AD801F070F2D5CD08166E9EB7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:58:29.0157 0x1294  FontCache3.0.0.0 - ok
23:58:29.0195 0x1294  [ 54A9C5A6AA0BB0041A4AF7172FFC3D9F, 2CAA44443651188B6614B657536F8A21B6329585A1D9D1ABBEC2CA6050C8928E ] FPSensor        C:\Windows\system32\Drivers\FPSensor.sys
23:58:29.0207 0x1294  FPSensor - ok
23:58:29.0248 0x1294  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:58:29.0268 0x1294  FsDepends - ok
23:58:29.0296 0x1294  [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:58:29.0313 0x1294  Fs_Rec - ok
23:58:29.0356 0x1294  [ B8B2A6E1558F8F5DE5CE431C5B2C7B09, 24A9F04A0622681A4E4B6BCC47C45016787C6036EAD828920812D9FAD49A71E3 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:58:29.0387 0x1294  fvevol - ok
23:58:29.0419 0x1294  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:58:29.0439 0x1294  gagp30kx - ok
23:58:29.0528 0x1294  [ FE5AB4525BC2EC68B9119A6E5D40128B, 088DE37982CEE78A0C1181389A3BFF1E352DF504074B3E8F3EA244DB271BF216 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:58:29.0580 0x1294  gpsvc - ok
23:58:29.0635 0x1294  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
23:58:29.0646 0x1294  GREGService - ok
23:58:29.0749 0x1294  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:58:29.0768 0x1294  gupdate - ok
23:58:29.0802 0x1294  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:58:29.0813 0x1294  gupdatem - ok
23:58:29.0851 0x1294  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:58:29.0864 0x1294  gusvc - ok
23:58:29.0912 0x1294  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:58:29.0947 0x1294  hcw85cir - ok
23:58:30.0001 0x1294  [ 6410F6F415B2A5A9037224C41DA8BF12, 5B8452BC49FDA2215281D27B22FA9BE46B0460F51C4DC70E58B687CFB541F3A5 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:58:30.0040 0x1294  HdAudAddService - ok
23:58:30.0092 0x1294  [ 0A49913402747A0B67DE940FB42CBDBB, 61A45DBDCEB4A2D5C3C28F6BC8C5ADC51D0240A7553DF44BCC4355FC06F72B83 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:58:30.0137 0x1294  HDAudBus - ok
23:58:30.0181 0x1294  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:58:30.0191 0x1294  HECIx64 - ok
23:58:30.0202 0x1294  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:58:30.0239 0x1294  HidBatt - ok
23:58:30.0283 0x1294  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:58:30.0329 0x1294  HidBth - ok
23:58:30.0353 0x1294  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:58:30.0382 0x1294  HidIr - ok
23:58:30.0416 0x1294  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:58:30.0464 0x1294  hidserv - ok
23:58:30.0517 0x1294  [ F44381F466CFCEE8E850DE6BBFA43FE2, C3AEE7C3BD989E2437A00F389B0F59DB14B86A0CBCCD521FC5BD208475DCFC95 ] hidshim         C:\Windows\system32\DRIVERS\hidshim.sys
23:58:30.0542 0x1294  hidshim - ok
23:58:30.0584 0x1294  [ B3BF6B5B50006DEF50B66306D99FCF6F, D39A1DEBE7C464922919826D15199ED25E263BF58633593DD412D78F98921417 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:58:30.0625 0x1294  HidUsb - ok
23:58:30.0672 0x1294  [ EFA58EDE58DD74388FFD04CB32681518, 76D81F9BC1A4D85A779B79DEC23B79F1568AA236CD49247414093CDC1FCC150F ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:58:30.0736 0x1294  hkmsvc - ok
23:58:30.0746 0x1294  [ 046B2673767CA626E2CFB7FDF735E9E8, 9C932DCC5DE9B1919AB38C01D76AD7BBAF491DE6D158662407974748BC0B4C6C ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:58:30.0784 0x1294  HomeGroupListener - ok
23:58:30.0807 0x1294  [ 06A7422224D9865A5613710A089987DF, EF604B4B6918D3FDC8E90ED9004E6E7340E0F399C214C65CCE3A7C8C576FA1C0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:58:30.0839 0x1294  HomeGroupProvider - ok
23:58:30.0869 0x1294  [ 0886D440058F203EBA0E1825E4355914, BC49C4CEFE324A08C864A4BF4FEA9A70151FAB7CC30BDC28344F3FFD2F500070 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:58:30.0878 0x1294  HpSAMD - ok
23:58:30.0964 0x1294  [ CEE049CAC4EFA7F4E1E4AD014414A5D4, 433AE2D845850F1D7A48275BBD87B3F0E7DD48F2282C727C4B777ECD92CC331D ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:58:31.0028 0x1294  HTTP - ok
23:58:31.0047 0x1294  [ F17766A19145F111856378DF337A5D79, FC1633FB865A5324EBCBE5F97D297B899FABBDD965D862C2EFC743CD36F47E62 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:58:31.0053 0x1294  hwpolicy - ok
23:58:31.0118 0x1294  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:58:31.0144 0x1294  i8042prt - ok
23:58:31.0215 0x1294  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:58:31.0232 0x1294  iaStor - ok
23:58:31.0297 0x1294  [ 31A0E93CDF29007D6C6FFFB632F375ED, CA464928E9868B9A09C324DBBC8DA41A01C5C486B43578FC695250D523DE555B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:58:31.0306 0x1294  IAStorDataMgrSvc - ok
23:58:31.0358 0x1294  [ D83EFB6FD45DF9D55E9A1AFC63640D50, 0494F8F7CB3ED11FD8D0B838CB71271AF7A3CBFCB7F2CB043A9392B5106A3C7B ] iaStorV         C:\Windows\system32\DRIVERS\iaStorV.sys
23:58:31.0390 0x1294  iaStorV - ok
23:58:31.0573 0x1294  [ 2F2BE70D3E02B6FA877921AB9516D43C, E04255EE4BD95FC1539EB1EB9F702B039F65993D31A4531DA487274543EF5226 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:58:31.0670 0x1294  idsvc - ok
23:58:31.0988 0x1294  [ 64C7429D0BD8C65AE9FD366D01C37C10, 75BC1207CD8305EFCA90CDD660C164CA9E37D206D45758C7648C6A6380F3E861 ] IGBASVC         C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
23:58:32.0147 0x1294  IGBASVC - ok
23:58:32.0184 0x1294  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:58:32.0192 0x1294  iirsp - ok
23:58:32.0238 0x1294  [ C5B4683680DF085B57BC53E5EF34861F, 9C06517DFCB3ED7BB1166F7EB6CCC8713E6B68283C75420C0EDC182094AA1B8F ] IKEEXT          C:\Windows\System32\ikeext.dll
23:58:32.0300 0x1294  IKEEXT - ok
23:58:32.0415 0x1294  [ A73CC9BD3A7236E686BE6667F0106C16, B9ABE8EE63867CBD9E439A3D4603D1F7D9ED3206768B28509D812DCBD046B64D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:58:32.0471 0x1294  IntcAzAudAddService - ok
23:58:32.0513 0x1294  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:58:32.0520 0x1294  intelide - ok
23:58:32.0550 0x1294  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:58:32.0571 0x1294  intelppm - ok
23:58:32.0612 0x1294  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:58:32.0656 0x1294  IPBusEnum - ok
23:58:32.0678 0x1294  [ 722DD294DF62483CECAAE6E094B4D695, 41ABB42EF969EA8A84B546908EBBDC2411D964DE101CE6DD3D7ECF109085E0C0 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:58:32.0707 0x1294  IpFilterDriver - ok
23:58:32.0749 0x1294  [ F8E058D17363EC580E4B7232778B6CB5, 02352919F349C57930A0B032FBDC45327FB473D310DE7AC721F4694FDE7D21FB ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:58:32.0807 0x1294  iphlpsvc - ok
23:58:32.0831 0x1294  [ E2B4A4494DB7CB9B89B55CA268C337C5, C59BC4AA03D10647641EC7533F78BC7E2EA6FC48B8B2CF1A49B5148EF40A90FB ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:58:32.0844 0x1294  IPMIDRV - ok
23:58:32.0863 0x1294  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:58:32.0911 0x1294  IPNAT - ok
23:58:32.0937 0x1294  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:58:32.0950 0x1294  IRENUM - ok
23:58:32.0976 0x1294  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:58:32.0984 0x1294  isapnp - ok
23:58:33.0015 0x1294  [ FA4D2557DE56D45B0A346F93564BE6E1, 2827EC3582FF59FFD55BBD4A4F0DDFFEAD4F2537FA043B3A69904FE920B1619C ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:58:33.0028 0x1294  iScsiPrt - ok
23:58:33.0051 0x1294  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:58:33.0059 0x1294  kbdclass - ok
23:58:33.0089 0x1294  [ 6DEF98F8541E1B5DCEB2C822A11F7323, F6EE4A7A6A7A1F243D32CA9241CA4816C92EB7BF2AADDD09234968C2CAAE6C0D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:58:33.0115 0x1294  kbdhid - ok
23:58:33.0130 0x1294  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso          C:\Windows\system32\lsass.exe
23:58:33.0140 0x1294  KeyIso - ok
23:58:33.0177 0x1294  [ E8B6FCC9C83535C67F835D407620BD27, 74B63F3BFB756FF0B0AD6A6C1535C0A1A0630295ECCBC078B00F2449718B0870 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:58:33.0186 0x1294  KSecDD - ok
23:58:33.0207 0x1294  [ BBE1BF6D9B661C354D4857D5FADB943B, D2F6E52CCD0DF07B3D92669B941CEB9A59E16D3518226F11028A70DBDEFABBCF ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:58:33.0217 0x1294  KSecPkg - ok
23:58:33.0233 0x1294  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:58:33.0295 0x1294  ksthunk - ok
23:58:33.0343 0x1294  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:58:33.0389 0x1294  KtmRm - ok
23:58:33.0421 0x1294  [ 6E0698CEA0901FD1A2B9CE0859E2D8FE, A9A2335948037ADE09EEEE17FEC37A55B8336715F52EFD49DEC4726A8C5169C5 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
23:58:33.0427 0x1294  L1C - ok
23:58:33.0468 0x1294  [ C926920B8978DE6ACFE9E15C709E9B57, 33B8002ABC30372B1CA8B6EC046757794CD7C9DA3CA4715B515B6894DC7E45CA ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:58:33.0531 0x1294  LanmanServer - ok
23:58:33.0559 0x1294  [ 27026EAC8818E8A6C00A1CAD2F11D29A, A12858CCB3B2419D66C667A46B106DA7A7BA97FFFA9634BFAE95DDF193C430D5 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:58:33.0609 0x1294  LanmanWorkstation - ok
23:58:33.0652 0x1294  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:58:33.0692 0x1294  lltdio - ok
23:58:33.0717 0x1294  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:58:33.0752 0x1294  lltdsvc - ok
23:58:33.0797 0x1294  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:58:33.0841 0x1294  lmhosts - ok
23:58:33.0922 0x1294  [ A1C148801B4AF64847AEB9F3AD9594EF, FF6ED89EA47DF74C33CD8BFAC48FAED1B979348ABA6B6D94EE07CBD21810F37B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:58:33.0963 0x1294  LMS - detected UnsignedFile.Multi.Generic ( 1 )
23:58:36.0784 0x1294  LMS ( UnsignedFile.Multi.Generic ) - warning
23:58:36.0784 0x1294  Force sending object to P2P due to detect: LMS
23:58:39.0536 0x1294  Object send P2P result: true
23:58:42.0280 0x1294  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:58:42.0305 0x1294  LSI_FC - ok
23:58:42.0315 0x1294  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:58:42.0325 0x1294  LSI_SAS - ok
23:58:42.0337 0x1294  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:58:42.0346 0x1294  LSI_SAS2 - ok
23:58:42.0366 0x1294  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:58:42.0375 0x1294  LSI_SCSI - ok
23:58:42.0447 0x1294  [ 9D48F75C237F972E8CDEA3F5BCFF74D5, A06397226496180F3CDB5D3981B8D7D008DBCA616C95115F275BF71A7430DA75 ] Ltn_stk7070P    C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
23:58:42.0494 0x1294  Ltn_stk7070P - ok
23:58:42.0535 0x1294  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:58:42.0595 0x1294  luafv - ok
23:58:42.0635 0x1294  [ F84C8F1000BC11E3B7B23CBD3BAFF111, BB4C4FFE3F6C9E5C16C06F6F666F177B94E1CF878397BCC0BDAF6EB3341AAED8 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:58:42.0671 0x1294  Mcx2Svc - ok
23:58:42.0687 0x1294  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:58:42.0707 0x1294  megasas - ok
23:58:42.0740 0x1294  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:58:42.0754 0x1294  MegaSR - ok
23:58:42.0787 0x1294  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:58:42.0832 0x1294  MMCSS - ok
23:58:42.0861 0x1294  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:58:42.0927 0x1294  Modem - ok
23:58:42.0949 0x1294  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:58:42.0971 0x1294  monitor - ok
23:58:42.0995 0x1294  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:58:43.0002 0x1294  mouclass - ok
23:58:43.0018 0x1294  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:58:43.0030 0x1294  mouhid - ok
23:58:43.0071 0x1294  [ 791AF66C4D0E7C90A3646066386FB571, BF67643099494AEADDDC85E4D97AFF1017806A1DF554F9BE6C864FFECC9EAF42 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:58:43.0093 0x1294  mountmgr - ok
23:58:43.0196 0x1294  [ 26EA1DAD601EE3ACAC301D66F07BA219, C9594BB15D53D4AC2156CCCD2DB65B2C20620F1F60DA85F48D1586FC10028096 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:58:43.0217 0x1294  MozillaMaintenance - ok
23:58:43.0237 0x1294  [ 609D1D87649ECC19796F4D76D4C15CEA, 5369F4C83FBAE9C4CFB9ACD36F07479E3F3FD784D79B82AE8D95B818B9F9CE00 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:58:43.0247 0x1294  mpio - ok
23:58:43.0276 0x1294  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:58:43.0305 0x1294  mpsdrv - ok
23:58:43.0417 0x1294  [ AECAB449567D1846DAD63ECE49E893E3, 7A67A16A3E04574B7CAD097632ABA9B361BBEFDD6B36B7B8E3A1996EC529C2DC ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:58:43.0478 0x1294  MpsSvc - ok
23:58:43.0609 0x1294  [ 30524261BB51D96D6FCBAC20C810183C, 19598A9CD0EAAE4ACBF1069E721AB2853452F33FCFB3B5113F023A88A90BF42D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:58:43.0649 0x1294  MRxDAV - ok
23:58:43.0673 0x1294  [ AB5892797C4114640BA333949568DE8C, 9F9880DB64286D8250A9AF15FADD85E885B504F531B39A5B0605D66F7BFBE200 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:58:43.0718 0x1294  mrxsmb - ok
23:58:43.0763 0x1294  [ 81A38F7AEEB265634B05AE5F3F29FBC4, 29A4DEA060A1C98F620DF4395844D00B98BC71822614DA2F8D1B726792261711 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:58:43.0806 0x1294  mrxsmb10 - ok
23:58:43.0824 0x1294  [ 6B2D5FEF385828B6E485C1C90AFB8195, A960CC0351F200FA56FAC0534C0F9D7F79AAC9CF18A4390CDCA7EA4EE22ED6B6 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:58:43.0855 0x1294  mrxsmb20 - ok
23:58:43.0876 0x1294  [ 5C37497276E3B3A5488B23A326A754B7, 9982FCDAFB963868EB93A4DEF811A3167488EB5246BAC3F4AE960506FDF63967 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:58:43.0883 0x1294  msahci - ok
23:58:43.0919 0x1294  [ 8D27B597229AED79430FB9DB3BCBFBD0, 3D58E08B47E8AE419D405BF263929DFA6F2F5F0C2D79FD8D6F2CED6452F6F248 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
23:58:43.0929 0x1294  msdsm - ok
23:58:43.0947 0x1294  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:58:43.0962 0x1294  MSDTC - ok
23:58:43.0980 0x1294  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:58:44.0007 0x1294  Msfs - ok
23:58:44.0030 0x1294  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:58:44.0066 0x1294  mshidkmdf - ok
23:58:44.0081 0x1294  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:58:44.0087 0x1294  msisadrv - ok
23:58:44.0131 0x1294  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:58:44.0179 0x1294  MSiSCSI - ok
23:58:44.0182 0x1294  msiserver - ok
23:58:44.0214 0x1294  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:58:44.0242 0x1294  MSKSSRV - ok
23:58:44.0261 0x1294  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:58:44.0300 0x1294  MSPCLOCK - ok
23:58:44.0313 0x1294  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:58:44.0352 0x1294  MSPQM - ok
23:58:44.0375 0x1294  [ 89CB141AA8616D8C6A4610FA26C60964, 76E72F6A0348EDC58A8E6F88C7F024B8B077670400BD5A833811DAFCF9F517CC ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:58:44.0391 0x1294  MsRPC - ok
23:58:44.0407 0x1294  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:58:44.0415 0x1294  mssmbios - ok
23:58:44.0453 0x1294  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:58:44.0493 0x1294  MSTEE - ok
23:58:44.0502 0x1294  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:58:44.0546 0x1294  MTConfig - ok
23:58:44.0581 0x1294  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:58:44.0601 0x1294  Mup - ok
23:58:44.0653 0x1294  [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:58:44.0663 0x1294  mwlPSDFilter - ok
23:58:44.0675 0x1294  [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:58:44.0684 0x1294  mwlPSDNServ - ok
23:58:44.0820 0x1294  [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:58:44.0833 0x1294  mwlPSDVDisk - ok
23:58:44.0957 0x1294  [ 22A4905C958BEB68D78385B633C1351B, FFF03DB9F0A7DCFFF221FA1EAEBF9EA04732F4D0562EA02412D178B887773574 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
23:58:44.0984 0x1294  MWLService - ok
23:58:45.0037 0x1294  [ 4987E079A4530FA737A128BE54B63B12, 27E51CC7D4D90DC4397575491DE7EFE15808709F097E2828E46AA73C771A47A4 ] napagent        C:\Windows\system32\qagentRT.dll
23:58:45.0080 0x1294  napagent - ok
23:58:45.0128 0x1294  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:58:45.0168 0x1294  NativeWifiP - ok
23:58:45.0223 0x1294  [ CAD515DBD07D082BB317D9928CE8962C, 7AFA6D6154AC68F9FCC37B7B3324F7A170AE91035805026445F24F6EB4FB7F2E ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:58:45.0253 0x1294  NDIS - ok
23:58:45.0285 0x1294  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:58:45.0313 0x1294  NdisCap - ok
23:58:45.0336 0x1294  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:58:45.0381 0x1294  NdisTapi - ok
23:58:45.0394 0x1294  [ F105BA1E22BF1F2EE8F005D4305E4BEC, 723DA09E13D0F50634D9F114590B837D16F7B36AA0DA2AB8F8C2D9991624EA8F ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:58:45.0440 0x1294  Ndisuio - ok
23:58:45.0465 0x1294  [ 557DFAB9CA1FCB036AC77564C010DAD3, 8A21B342AFE5B498FB62EDDC81A3ADA9570677B7A382666090E0ABB1F85FEF29 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:58:45.0516 0x1294  NdisWan - ok
23:58:45.0550 0x1294  [ 659B74FB74B86228D6338D643CD3E3CF, 83D741B7A2A204A661A80C226212749F514800060D05E217FA6DC14D62F38F80 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:58:45.0579 0x1294  NDProxy - ok
23:58:45.0622 0x1294  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:58:45.0687 0x1294  NetBIOS - ok
23:58:45.0824 0x1294  [ 9162B273A44AB9DCE5B44362731D062A, 5A1BA6DBFEBB2618DC9D4CC55FA071C170A5D22FFB24CE62DD5B3210D8B45F39 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:58:45.0884 0x1294  NetBT - ok
23:58:45.0903 0x1294  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon        C:\Windows\system32\lsass.exe
23:58:45.0913 0x1294  Netlogon - ok
23:58:45.0963 0x1294  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:58:46.0013 0x1294  Netman - ok
23:58:46.0041 0x1294  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:58:46.0088 0x1294  netprofm - ok
23:58:46.0115 0x1294  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:58:46.0123 0x1294  NetTcpPortSharing - ok
23:58:46.0162 0x1294  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:58:46.0170 0x1294  nfrd960 - ok
23:58:46.0206 0x1294  [ D9A0CE66046D6EFA0C61BAA885CBA0A8, 06C3331C7F3EE0E0B95E8302CB80315E965587C4D6231785B8ACF3FAE4731FAF ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:58:46.0259 0x1294  NlaSvc - ok
23:58:46.0280 0x1294  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:58:46.0307 0x1294  Npfs - ok
23:58:46.0323 0x1294  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:58:46.0362 0x1294  nsi - ok
23:58:46.0378 0x1294  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:58:46.0407 0x1294  nsiproxy - ok
23:58:46.0698 0x1294  [ 356698A13C4630D5B31C37378D469196, BF5704AADE5C3DA370501747F12ED6E9C3349E342CCF89005AAE132B570BB42B ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:58:46.0780 0x1294  Ntfs - ok
23:58:46.0922 0x1294  [ 5B3CE960C62DBE864BE9A0BD043A3E30, 8474C68B0A8F94945C3278C682143F289245FC31C28DBB4609E993F90F7AD309 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
23:58:46.0951 0x1294  NTI IScheduleSvc - detected UnsignedFile.Multi.Generic ( 1 )
23:58:49.0695 0x1294  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - warning
23:58:52.0477 0x1294  [ 15221DD637D9D0FFC60848EBBF1DF538, 72E20DAAC3BF7CA9303DB515A7C93C629D7EEDA04C9A7CE91AFBCBB574F257D4 ] NTIBackupSvc    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
23:58:52.0492 0x1294  NTIBackupSvc - ok
23:58:52.0526 0x1294  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
23:58:52.0536 0x1294  NTIDrvr - ok
23:58:52.0577 0x1294  [ B5071E15D4C3F5EF5018AFF7E85A85E5, FF3ACAEDD127CC4BB0A6FD2D34B5E4D98478A86122BE31DB84702A12567288E0 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
23:58:52.0627 0x1294  NTISchedulerSvc - ok
23:58:52.0644 0x1294  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:58:52.0691 0x1294  Null - ok
23:58:52.0713 0x1294  [ 4F990BD111CF94891104193F8787788F, 9EC023E1A4F19F83E95B128522E191C2FA1709150971FFB5727C16B2086B0B9C ] nuvotoncir      C:\Windows\system32\DRIVERS\nuvotoncir.sys
23:58:52.0742 0x1294  nuvotoncir - ok
23:58:52.0764 0x1294  [ 05416052F584E7488DCE7F6BCE4E75A1, 27CF3B28AE0550C89C6B90557C83B7EBDD6FC121569EB6E8DF70B3D4D1115970 ] nuvotonhidcir   C:\Windows\system32\DRIVERS\nuvotonhidcir.sys
23:58:52.0793 0x1294  nuvotonhidcir - ok
23:58:52.0812 0x1294  [ B4922563019CCAA82D52584D4A82DF8F, 138809D008BED8F53146840162C3B75DD7D653569D08F5F1ECF4780E38758341 ] nuvotonir       C:\Windows\system32\DRIVERS\nuvotonir.sys
23:58:52.0875 0x1294  nuvotonir - ok
23:58:52.0917 0x1294  [ 3E38712941E9BB4DDBEE00AFFE3FED3D, 03F27CC0EF0A86D0B2DAAB6F72838CB2AB57FE5D40074828D5B7F118CD5CBEE7 ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
23:58:52.0935 0x1294  nvraid - ok
23:58:52.0962 0x1294  [ 477DC4D6DEB99BE37084C9AC6D013DA1, E58C4D621CAAB1C68FB4A056576F48BC87913A5EBF0B511EFFB8F38C7D3E516E ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
23:58:52.0973 0x1294  nvstor - ok
23:58:53.0001 0x1294  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:58:53.0012 0x1294  nv_agp - ok
23:58:53.0071 0x1294  [ D955D5DE998DB2476BF0892BE3A96C26, 3828FC1D4A4F9CD685E6D938B92370A602B84A3ACE2C9A674B3B59E633B0AE07 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
23:58:53.0123 0x1294  O2FLASH - ok
23:58:53.0141 0x1294  [ 706EDBE5011BCE06F183632D6332E698, 7725865458491667563F94E7D326DF372C7AB4095ACBBD5900E0F6502233594D ] O2MDGRDR        C:\Windows\system32\DRIVERS\o2mdgx64.sys
23:58:53.0151 0x1294  O2MDGRDR - ok
23:58:53.0194 0x1294  [ 58DEB12100D55F01FF14B46709BDF8FF, 919F89780222DB55FCBED838E4DCF2948527AA0A95F4AF808771D4C4F1F22087 ] O2SDGRDR        C:\Windows\system32\DRIVERS\o2sdgx64.sys
23:58:53.0202 0x1294  O2SDGRDR - ok
23:58:53.0230 0x1294  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:58:53.0250 0x1294  ohci1394 - ok
23:58:53.0334 0x1294  [ 7A56CF3E3F12E8AF599963B16F50FB6A, 882C82BAE96D263138D4C0D6C425458B770B7B9C8E9C1D28AC918BF6BE94A5C2 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:58:53.0352 0x1294  ose - ok
23:58:53.0386 0x1294  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:58:53.0440 0x1294  p2pimsvc - ok
23:58:53.0488 0x1294  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:58:53.0518 0x1294  p2psvc - ok
23:58:53.0546 0x1294  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:58:53.0557 0x1294  Parport - ok
23:58:53.0572 0x1294  [ 7DAA117143316C4A1537E074A5A9EAF0, D4F31F67BE09B6904C1B9702DC042BC0DAB628055B956C79FF760A9027679E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:58:53.0580 0x1294  partmgr - ok
23:58:53.0595 0x1294  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:58:53.0621 0x1294  PcaSvc - ok
23:58:53.0645 0x1294  [ F36F6504009F2FB0DFD1B17A116AD74B, 33A4C217F7DC5E5B7E1B6CF335327C8FE6CC5D6D048D420252965574CAD83918 ] pci             C:\Windows\system32\DRIVERS\pci.sys
23:58:53.0655 0x1294  pci - ok
23:58:53.0690 0x1294  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:58:53.0707 0x1294  pciide - ok
23:58:53.0765 0x1294  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:58:53.0797 0x1294  pcmcia - ok
23:58:53.0820 0x1294  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:58:53.0828 0x1294  pcw - ok
23:58:53.0897 0x1294  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:58:53.0944 0x1294  PEAUTH - ok
23:58:54.0016 0x1294  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:58:54.0061 0x1294  PerfHost - ok
23:58:54.0177 0x1294  [ 557E9A86F65F0DE18C9B6751DFE9D3F1, 630EE5A80335929517A22D130C75CBCE882B92978372A6F36C30B9D353C7BB07 ] pla             C:\Windows\system32\pla.dll
23:58:54.0256 0x1294  pla - ok
23:58:54.0310 0x1294  [ 23157D583244400E1D7FBAEE2E4B31B7, 4E8D93F746C727CE1A89B53FEFFCFB080AC3CC8F3CF2F8613E692E989794C52F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:58:54.0365 0x1294  PlugPlay - ok
23:58:54.0407 0x1294  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:58:54.0441 0x1294  PNRPAutoReg - ok
23:58:54.0473 0x1294  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:58:54.0501 0x1294  PNRPsvc - ok
23:58:54.0550 0x1294  [ 166EB40D1F5B47E615DE3D0FFFE5F243, E32BCCA0D25CD631C221986EBE9F6C54BF2F12DE1672D69CCC4E22AD07D0525A ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:58:54.0610 0x1294  PolicyAgent - ok
23:58:54.0628 0x1294  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:58:54.0658 0x1294  Power - ok
23:58:54.0696 0x1294  [ 27CC19E81BA5E3403C48302127BDA717, C580FC552DDF9C163FC325B38B05C06FFD696495E4C01514BCD6346CFE4F0B40 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:58:54.0725 0x1294  PptpMiniport - ok
23:58:54.0745 0x1294  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:58:54.0782 0x1294  Processor - ok
23:58:54.0823 0x1294  [ F381975E1F4346DE875CB07339CE8D3A, 867BFC2E9A08E026289794019B8DE651A8604D06DD6A9BF166C29AFC24B6D26E ] ProfSvc         C:\Windows\system32\profsvc.dll
23:58:54.0889 0x1294  ProfSvc - ok
23:58:54.0904 0x1294  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:58:54.0914 0x1294  ProtectedStorage - ok
23:58:54.0939 0x1294  [ EE992183BD8EAEFD9973F352E587A299, 6B28930FAA0A54FAADDAF2231553D7F5D45C7227454C6D49A86DFC9EF6BC9043 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:58:54.0970 0x1294  Psched - ok
23:58:55.0054 0x1294  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:58:55.0101 0x1294  ql2300 - ok
23:58:55.0138 0x1294  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:58:55.0148 0x1294  ql40xx - ok
23:58:55.0181 0x1294  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:58:55.0219 0x1294  QWAVE - ok
23:58:55.0236 0x1294  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:58:55.0249 0x1294  QWAVEdrv - ok
23:58:55.0260 0x1294  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:58:55.0303 0x1294  RasAcd - ok
23:58:55.0332 0x1294  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:58:55.0361 0x1294  RasAgileVpn - ok
23:58:55.0406 0x1294  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:58:55.0480 0x1294  RasAuto - ok
23:58:55.0507 0x1294  [ 87A6E852A22991580D6D39ADC4790463, 0F757C6E5B57DFC239CE1BEC88EF16C07E7F1A40D629A9A6DF3CB6B88FB9E642 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:58:55.0557 0x1294  Rasl2tp - ok
23:58:55.0622 0x1294  [ 47394ED3D16D053F5906EFE5AB51CC83, FE5D1249788DB6D85C55769251B0AED738D3BBA04DF57124E03397D3C0599286 ] RasMan          C:\Windows\System32\rasmans.dll
23:58:55.0682 0x1294  RasMan - ok
23:58:55.0707 0x1294  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:58:55.0745 0x1294  RasPppoe - ok
23:58:55.0765 0x1294  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:58:55.0809 0x1294  RasSstp - ok
23:58:55.0843 0x1294  [ 3BAC8142102C15D59A87757C1D41DCE5, C0C2C6887EA5A439E69221196348382ACE3E1942C9C6E0A970E153890F71724C ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:58:55.0890 0x1294  rdbss - ok
23:58:55.0906 0x1294  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:58:55.0918 0x1294  rdpbus - ok
23:58:55.0947 0x1294  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:58:55.0974 0x1294  RDPCDD - ok
23:58:55.0988 0x1294  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:58:56.0024 0x1294  RDPENCDD - ok
23:58:56.0044 0x1294  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:58:56.0084 0x1294  RDPREFMP - ok
23:58:56.0108 0x1294  [ 8A3E6BEA1C53EA6177FE2B6EBA2C80D7, 02179089E0816AD544F370A8A3557498D09981F60CC94E497DC4A5A2BBBE1E48 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:58:56.0150 0x1294  RDPWD - ok
23:58:56.0181 0x1294  [ 634B9A2181D98F15941236886164EC8B, 15C55F05FD3CD751F619F18E2ADF91552AE82146501CD031402277F496A5B7D8 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:58:56.0194 0x1294  rdyboost - ok
23:58:56.0225 0x1294  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:58:56.0273 0x1294  RemoteAccess - ok
23:58:56.0312 0x1294  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:58:56.0358 0x1294  RemoteRegistry - ok
23:58:56.0399 0x1294  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:58:56.0423 0x1294  RFCOMM - ok
23:58:56.0473 0x1294  [ F12A68ED55053940CADD59CA5E3468DD, 75331E6DA4E30717085E7D8131989241EBC492DC3EE455546F91DA9DFFFD2BFC ] RichVideo       C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
23:58:56.0510 0x1294  RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
23:58:59.0159 0x1294  Detect skipped due to KSN trusted
23:58:59.0159 0x1294  RichVideo - ok
23:58:59.0199 0x1294  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:58:59.0266 0x1294  RpcEptMapper - ok
23:58:59.0291 0x1294  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:58:59.0301 0x1294  RpcLocator - ok
23:58:59.0325 0x1294  [ 7266972E86890E2B30C0C322E906B027, BFA30E85F5BD3AA933913BD7C6D2B5993DB7AFB0C98349B61A6BEF0BDC8A3680 ] RpcSs           C:\Windows\system32\rpcss.dll
23:58:59.0364 0x1294  RpcSs - ok
23:58:59.0399 0x1294  [ 6195EC84C82E7844B5B17803ADDB1CA3, 175DF60973C50B1F1FA84B7DBB694D2B18CD41DA8A29479E388ED76D2C9AAE19 ] RrNetCapFilterDriver C:\Windows\system32\DRIVERS\RrNetCapFilterDriver.sys
23:58:59.0403 0x1294  RrNetCapFilterDriver - ok
23:58:59.0440 0x1294  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:58:59.0501 0x1294  rspndr - ok
23:58:59.0584 0x1294  [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A, A6810A901620119E1809297A568DC903729471F4F4F813F1C60378E122D2358E ] RS_Service      C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
23:58:59.0601 0x1294  RS_Service - ok
23:58:59.0616 0x1294  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs           C:\Windows\system32\lsass.exe
23:58:59.0626 0x1294  SamSs - ok
23:58:59.0659 0x1294  [ E3BBB89983DAF5622C1D50CF49F28227, 49370DC142D577D657BF5755AA9B8625C35D3DDAF1F9466B4888507FB8E6FF07 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:58:59.0683 0x1294  sbp2port - ok
23:58:59.0735 0x1294  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:58:59.0812 0x1294  SCardSvr - ok
23:58:59.0825 0x1294  [ C94DA20C7E3BA1DCA269BC8460D98387, E1A5629728A79233B62BA87B4354BC3A332A853CC36A60E77B34923F4BCA8A61 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:58:59.0882 0x1294  scfilter - ok
23:58:59.0929 0x1294  [ EC56B171F85C7E855E7B0588AC503EEA, EDBC0E52DF00D73356F4B886D6CA2397B571A9D2245FEDC347A6D52A5467EA5D ] Schedule        C:\Windows\system32\schedsvc.dll
23:58:59.0986 0x1294  Schedule - ok
23:59:00.0010 0x1294  [ 312E2F82AF11E79906898AC3E3D58A1F, F6CB7D8B204B94F749D5DBEFD552150AAB16A34D629F87F73823A7504465F106 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:59:00.0044 0x1294  SCPolicySvc - ok
23:59:00.0087 0x1294  [ 54E47AD086782D3AE9417C155CDCEB9B, 5143DC43B89F9143A56505FA20841AF15E7785A87F88195B08B3E09B87472A07 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:59:00.0110 0x1294  sdbus - ok
23:59:00.0139 0x1294  [ 765A27C3279CE11D14CB9E4F5869FCA5, B6C2EFFBA938828FEF7FE992A4C88B3154D053763C38762DCE13252FE9571FA1 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:59:00.0171 0x1294  SDRSVC - ok
23:59:00.0202 0x1294  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:59:00.0230 0x1294  secdrv - ok
23:59:00.0242 0x1294  [ 463B386EBC70F98DA5DFF85F7E654346, 8E27B18B04AF587719D1DAE75A042DB998E06CAE112BD68626EF046036D2DCDC ] seclogon        C:\Windows\system32\seclogon.dll
23:59:00.0281 0x1294  seclogon - ok
23:59:00.0323 0x1294  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:59:00.0364 0x1294  SENS - ok
23:59:00.0380 0x1294  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:59:00.0389 0x1294  SensrSvc - ok
23:59:00.0416 0x1294  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:59:00.0425 0x1294  Serenum - ok
23:59:00.0461 0x1294  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:59:00.0487 0x1294  Serial - ok
23:59:00.0511 0x1294  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:59:00.0541 0x1294  sermouse - ok
23:59:00.0591 0x1294  [ C3BC61CE47FF6F4E88AB8A3B429A36AF, 6CA53AD0CB7215BAE3467EC1FD490E3A18504BD6CD4F0FABF9BD37516AB9DFE0 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:59:00.0647 0x1294  SessionEnv - ok
23:59:00.0675 0x1294  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:59:00.0707 0x1294  sffdisk - ok
23:59:00.0724 0x1294  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:59:00.0746 0x1294  sffp_mmc - ok
23:59:00.0766 0x1294  [ 5588B8C6193EB1522490C122EB94DFFA, 53AE3597D3305F2839130A2F3567F1690564B922035503EB418B9DE1586AEA43 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:59:00.0778 0x1294  sffp_sd - ok
23:59:00.0806 0x1294  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:59:00.0824 0x1294  sfloppy - ok
23:59:00.0878 0x1294  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:59:00.0915 0x1294  SharedAccess - ok
23:59:00.0967 0x1294  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF, 1C1D17301A4D37DBF906955CCABD2A3FDA47AFB24CBA978CF851123762249848 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:59:01.0005 0x1294  ShellHWDetection - ok
23:59:01.0041 0x1294  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:59:01.0049 0x1294  SiSRaid2 - ok
23:59:01.0062 0x1294  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:59:01.0071 0x1294  SiSRaid4 - ok
23:59:01.0081 0x1294  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:59:01.0111 0x1294  Smb - ok
23:59:01.0137 0x1294  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:59:01.0174 0x1294  SNMPTRAP - ok
23:59:01.0210 0x1294  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:59:01.0217 0x1294  spldr - ok
23:59:01.0248 0x1294  [ 89E8550C5862999FCF482EA562B0E98E, 11BC94FD879DCD22E80DB8FA73CEBD0F072917C546AD9C8B92CCFBF4E0B83056 ] Spooler         C:\Windows\System32\spoolsv.exe
23:59:01.0275 0x1294  Spooler - ok
23:59:01.0539 0x1294  [ 913D843498553A1BC8F8DBAD6358E49F, F8B931FDABF669D642CBDCD2FF31E07F8A5E2D5F72E11D4A8FF219CCFB5825E9 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:59:01.0731 0x1294  sppsvc - ok
23:59:01.0747 0x1294  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:59:01.0775 0x1294  sppuinotify - ok
23:59:01.0818 0x1294  [ 37C3ABC2338010E110D2A6A3930F3149, EBEBC6677B914A18B02C185374A31A98FA65D81A14A21B6865EB8D4A31D3D3D9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:59:01.0857 0x1294  srv - ok
23:59:01.0885 0x1294  [ F773D2ED090B7BAA1C1A034F3CA476C8, C8DD8BE37CFEA0DB1B7FC94946381B60553848002E6170E0BEC3FEE40295DF1F ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:59:01.0923 0x1294  srv2 - ok
23:59:01.0941 0x1294  [ CCE32BB223E9FF55D241099A858FA889, A284636D165D783CCC21B825CD382D55718544FE2061551718583DC1426C854F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:59:01.0953 0x1294  srvnet - ok
23:59:02.0001 0x1294  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:59:02.0060 0x1294  SSDPSRV - ok
23:59:02.0074 0x1294  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:59:02.0105 0x1294  SstpSvc - ok
23:59:02.0115 0x1294  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:59:02.0122 0x1294  stexstor - ok
23:59:02.0155 0x1294  [ 52D0E33B681BD0F33FDC08812FEE4F7D, BBEBC0773402F6697D2F14F63E5E4FDC2180466E7FDBD306E408535B10160249 ] stisvc          C:\Windows\System32\wiaservc.dll
23:59:02.0185 0x1294  stisvc - ok
23:59:02.0218 0x1294  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:59:02.0224 0x1294  swenum - ok
23:59:02.0258 0x1294  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:59:02.0302 0x1294  swprv - ok
23:59:02.0349 0x1294  [ 9504FAC3BB8A14861BB2D6C741AAF9C8, 785353BA0CEF45E141221419555591956064FE0D2F5E250BA67F107F1FE5354F ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:59:02.0362 0x1294  SynTP - ok
23:59:02.0463 0x1294  [ 3C1284516A62078FB68F768DE4F1A7BE, 67ECD462335EF88773E4BAEAB230A68EC92A25F8CD8F115873F669205AE6A1A9 ] SysMain         C:\Windows\system32\sysmain.dll
23:59:02.0556 0x1294  SysMain - ok
23:59:02.0582 0x1294  [ 238935C3CF2854886DC7CBB2A0E2CC66, BBF7A70BF218A544CC1A6FB81F75EAD29D418794162936BE197D6D61FE0DB1C4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:59:02.0613 0x1294  TabletInputService - ok
23:59:02.0641 0x1294  [ 884264AC597B690C5707C89723BB8E7B, 9BF209A4128019421F7EC4AFF71103C5F411DB6CFB32AAC1633E789AD7A30708 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:59:02.0701 0x1294  TapiSrv - ok
23:59:02.0747 0x1294  [ 048CFE7569D6ADCAB9349BB1A566A79E, E248D2A66881FDFF9505896F383EFFEF2FD5AFC15D8992E653F5C31F1F80DAF3 ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
23:59:02.0761 0x1294  tbhsd - ok
23:59:02.0788 0x1294  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:59:02.0843 0x1294  TBS - ok
23:59:02.0975 0x1294  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:59:03.0033 0x1294  Tcpip - ok
23:59:03.0154 0x1294  [ 912107716BAB424C7870E8E6AF5E07E1, BE6B1C9468B882347A908A753DC7185C3371A78E81DEE5BEC3DD6E2B81FD4FB9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:59:03.0211 0x1294  TCPIP6 - ok
23:59:03.0233 0x1294  [ 76D078AF6F587B162D50210F761EB9ED, 3813171036B4036306CADC29F877ADAE44B241DDF65B3699C352B7CDA9EC68C9 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:59:03.0262 0x1294  tcpipreg - ok
23:59:03.0298 0x1294  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:59:03.0371 0x1294  TDPIPE - ok
23:59:03.0390 0x1294  [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:59:03.0416 0x1294  TDTCP - ok
23:59:03.0443 0x1294  [ 079125C4B17B01FCAEEBCE0BCB290C0F, B2DF1F2317EF5DCF0A89327332E9F2770ED604005B3138C095FF01AA63B91437 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:59:03.0486 0x1294  tdx - ok
23:59:03.0509 0x1294  [ C448651339196C0E869A355171875522, C12441CF21D7D47804952B968689D78E3BA0323A90C4C811B54A6B2E6260BAD4 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:59:03.0516 0x1294  TermDD - ok
23:59:03.0584 0x1294  [ 0F05EC2887BFE197AD82A13287D2F404, 78C8A8FE9B1101430CA79875DA34413C35B6D7A5EE1932E454C50731335437A6 ] TermService     C:\Windows\System32\termsrv.dll
23:59:03.0640 0x1294  TermService - ok
23:59:03.0662 0x1294  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:59:03.0701 0x1294  Themes - ok
23:59:03.0706 0x1294  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:59:03.0733 0x1294  THREADORDER - ok
23:59:03.0771 0x1294  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:59:03.0820 0x1294  TrkWks - ok
23:59:03.0892 0x1294  [ 840F7FB849F5887A49BA18C13B2DA920, A59C40A090E03C0136A865FC54508BA938E7B467C8198BC009FE263E6C275781 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:59:03.0937 0x1294  TrustedInstaller - ok
23:59:03.0965 0x1294  [ 61B96C26131E37B24E93327A0BD1FB95, 7C551B6FD0447258BC3FDED72D8D41A0E8B731562170C264295592D45F85D9FF ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:04.0018 0x1294  tssecsrv - ok
23:59:04.0050 0x1294  [ 3836171A2CDF3AF8EF10856DB9835A70, 74CD0A21B4E5B47E8D762CC28282CA8D512D424EC591D90099B9F8D034AA2FC2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:59:04.0094 0x1294  tunnel - ok
23:59:04.0111 0x1294  [ 825E7A1F48FB8BCFBA27C178AAB4E275, 94F039917B52BEFFFE383E14A6169AE81B6E79C30BA7DD017A9CFE15708A1605 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
23:59:04.0117 0x1294  TurboB - ok
23:59:04.0237 0x1294  [ B206BE1174D5964D49A56BB6C4E0524A, 9D7DA11220B69E2EDEA9E55EC0E4CB554DD7F638ABF49B76353CE5A5C75965B8 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:59:04.0260 0x1294  TurboBoost - ok
23:59:04.0280 0x1294  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:59:04.0293 0x1294  uagp35 - ok
23:59:04.0321 0x1294  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:59:04.0328 0x1294  UBHelper - ok
23:59:04.0358 0x1294  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB, DBAEA010F11A5EFD961B1841308EA3F220A9FFB01F364BA9B8F72200DA2BBCD8 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:59:04.0413 0x1294  udfs - ok
23:59:04.0440 0x1294  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:59:04.0450 0x1294  UI0Detect - ok
23:59:04.0484 0x1294  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:59:04.0503 0x1294  uliagpkx - ok
23:59:04.0524 0x1294  [ EAB6C35E62B1B0DB0D1B48B671D3A117, E65034BF757AE4D21F69D7A91A7990E326A29A0CE9F871FD704B5E6CCC821FF0 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:59:04.0550 0x1294  umbus - ok
23:59:04.0563 0x1294  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:59:04.0573 0x1294  UmPass - ok
23:59:04.0841 0x1294  [ 41118D920B2B268C0ADC36421248CDCF, 4F99C4913DCFE02B0783FD97F02558E4DD4D7C98553D95A8E26FAAA0C0D67616 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:59:04.0973 0x1294  UNS - detected UnsignedFile.Multi.Generic ( 1 )
23:59:07.0720 0x1294  Detect skipped due to KSN trusted
23:59:07.0720 0x1294  UNS - ok
23:59:07.0814 0x1294  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:59:07.0841 0x1294  Updater Service - ok
23:59:07.0871 0x1294  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:59:07.0908 0x1294  upnphost - ok
23:59:07.0939 0x1294  [ B26AFB54A534D634523C4FB66765B026, A219C9AE32D040BEA4DD69C2C826B1C52BACE26BEBFEE799BD56DFD442C5E0D8 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:59:07.0950 0x1294  usbccgp - ok
23:59:07.0965 0x1294  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:59:07.0991 0x1294  usbcir - ok
23:59:08.0014 0x1294  [ 2EA4AFF7BE7EB4632E3AA8595B0803B5, CBECE7CEC0EFA4B283C63E9B6A270D595F5F3D006306DA5E5121BBFDCAB16376 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:59:08.0049 0x1294  usbehci - ok
23:59:08.0102 0x1294  [ 4C9042B8DF86C1E8E6240C218B99B39B, D286633311C047B9C4FB1AA89D7B02B9F943FDDCE473255DC8E14DD07CC9B292 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:59:08.0142 0x1294  usbhub - ok
23:59:08.0156 0x1294  [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:59:08.0168 0x1294  usbohci - ok
23:59:08.0179 0x1294  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:59:08.0218 0x1294  usbprint - ok
23:59:08.0253 0x1294  [ 080D3820DA6C046BE82FC8B45A893E83, EF4829A2D5B8D47AA7E06093EC85244042ED1CCFF43CC80DC44EF018B434197A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:59:08.0286 0x1294  USBSTOR - ok
23:59:08.0322 0x1294  [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:59:08.0340 0x1294  usbuhci - ok
23:59:08.0374 0x1294  [ D501E12614B00A3252073101D6A1A74B, DFA3A83978125B3CE45C71DD9069E8A7938366D0F4B4B2401CDD07251253FA8C ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:59:08.0396 0x1294  usbvideo - ok
23:59:08.0420 0x1294  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:59:08.0449 0x1294  UxSms - ok
23:59:08.0483 0x1294  [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc        C:\Windows\system32\lsass.exe
23:59:08.0494 0x1294  VaultSvc - ok
23:59:08.0531 0x1294  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:59:08.0539 0x1294  vdrvroot - ok
23:59:08.0601 0x1294  [ 44D73E0BBC1D3C8981304BA15135C2F2, 2849387BBCFB0189AF5604D2F7A631BD5D6BBB2CA73AF6E870069AF382A74DED ] vds             C:\Windows\System32\vds.exe
23:59:08.0629 0x1294  vds - ok
23:59:08.0661 0x1294  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:08.0674 0x1294  vga - ok
23:59:08.0687 0x1294  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:59:08.0729 0x1294  VgaSave - ok
23:59:08.0747 0x1294  [ C82E748660F62A242B2DFAC1442F22A4, 24AD6CAA918C5AB6F461D88825885C8637C224001AAD7A80BDC240368CDB0B7E ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
23:59:08.0759 0x1294  vhdmp - ok
23:59:08.0788 0x1294  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:59:08.0795 0x1294  viaide - ok
23:59:08.0830 0x1294  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3, 91F2B935E1E88C5542650F7D679A75D0562F4A5812179D1EC146D4B6351361E2 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:59:08.0839 0x1294  volmgr - ok
23:59:08.0860 0x1294  [ 99B0CBB569CA79ACAED8C91461D765FB, 5BE394A39A941DE2AA1212E66B7068F90D423FA816238657CB9B2DA8BBE69B9B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:59:08.0877 0x1294  volmgrx - ok
23:59:08.0894 0x1294  [ 58F82EED8CA24B461441F9C3E4F0BF5C, 40B8C9C9D1BEDD1507138273A3C000C753C8765E1873F2170DE63555A042928C ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
23:59:08.0908 0x1294  volsnap - ok
23:59:08.0934 0x1294  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:59:08.0945 0x1294  vsmraid - ok
23:59:09.0036 0x1294  [ 787898BF9FB6D7BD87A36E2D95C899BA, A6C0C7402B1A198E7B3D6D7D283FCB5815AC429DA68FC9B54C67707F3233CCB5 ] VSS             C:\Windows\system32\vssvc.exe
23:59:09.0109 0x1294  VSS - ok
23:59:09.0131 0x1294  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:59:09.0142 0x1294  vwifibus - ok
23:59:09.0172 0x1294  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:59:09.0187 0x1294  vwififlt - ok
23:59:09.0238 0x1294  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:59:09.0278 0x1294  W32Time - ok
23:59:09.0301 0x1294  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:59:09.0327 0x1294  WacomPen - ok
23:59:09.0358 0x1294  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:59:09.0390 0x1294  WANARP - ok
23:59:09.0395 0x1294  [ 47CA49400643EFFD3F1C9A27E1D69324, 7EFD3405282264F7987172B226882FCDD223F771959B9CEBEBF9ECEA317D85B0 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:59:09.0426 0x1294  Wanarpv6 - ok
23:59:09.0516 0x1294  [ 5AB1BB85BD8B5089CC5D64200DEDAE68, 28777D4F3CD07C8E3465B6DA0FCA994E0B93071A3A0D4D1D64C1DF633DD1C64F ] wbengine        C:\Windows\system32\wbengine.exe
23:59:09.0595 0x1294  wbengine - ok
23:59:09.0621 0x1294  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:59:09.0641 0x1294  WbioSrvc - ok
23:59:09.0678 0x1294  [ 8321C2CA3B62B61B293CDA3451984468, 856A079C2CCC75D633EA23E410D7F3ECDF368EAAAFF634CB82DDA545FD3A2F9C ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:59:09.0703 0x1294  wcncsvc - ok
23:59:09.0716 0x1294  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:59:09.0739 0x1294  WcsPlugInService - ok
23:59:09.0766 0x1294  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:59:09.0774 0x1294  Wd - ok
23:59:09.0804 0x1294  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:59:09.0830 0x1294  Wdf01000 - ok
23:59:09.0866 0x1294  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:59:09.0893 0x1294  WdiServiceHost - ok
23:59:09.0898 0x1294  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:59:09.0915 0x1294  WdiSystemHost - ok
23:59:09.0937 0x1294  [ 8A438CBB8C032A0C798B0C642FFBE572, 3200B9B6A7B87C1C47295FA416C99DE1FBB2DBBA3DA78D5CC88C26DCC4189D45 ] WebClient       C:\Windows\System32\webclnt.dll
23:59:09.0968 0x1294  WebClient - ok
23:59:09.0993 0x1294  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:59:10.0048 0x1294  Wecsvc - ok
23:59:10.0084 0x1294  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:59:10.0139 0x1294  wercplsupport - ok
23:59:10.0177 0x1294  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:59:10.0208 0x1294  WerSvc - ok
23:59:10.0225 0x1294  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:59:10.0254 0x1294  WfpLwf - ok
23:59:10.0288 0x1294  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:59:10.0297 0x1294  WIMMount - ok
23:59:10.0327 0x1294  WinDefend - ok
23:59:10.0330 0x1294  WinHttpAutoProxySvc - ok
23:59:10.0432 0x1294  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:59:10.0494 0x1294  Winmgmt - ok
23:59:10.0634 0x1294  [ 41FBB751936B387F9179E7F03A74FE29, 7A73D887BEC19DFC485ED42B4E6ABEBF824555139B81EA30731A00773E707464 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:59:10.0779 0x1294  WinRM - ok
23:59:10.0850 0x1294  [ 817EAFF5D38674EDD7713B9DFB8E9791, F6E0BFC503BA7395F92989C11B454D1F1E58E29302BA203801449A2C5236E84D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:59:10.0879 0x1294  WinUsb - ok
23:59:10.0948 0x1294  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:59:11.0014 0x1294  Wlansvc - ok
23:59:11.0044 0x1294  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:59:11.0055 0x1294  WmiAcpi - ok
23:59:11.0108 0x1294  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:59:11.0166 0x1294  wmiApSrv - ok
23:59:11.0197 0x1294  WMPNetworkSvc - ok
23:59:11.0232 0x1294  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:59:11.0259 0x1294  WPCSvc - ok
23:59:11.0278 0x1294  [ 2E57DDF2880A7E52E76F41C7E96D327B, D24E19B6091C197D77D71BC044CE2E5A57BE0A2F00D1BB0732E380A398230E63 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:59:11.0311 0x1294  WPDBusEnum - ok
23:59:11.0342 0x1294  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:59:11.0407 0x1294  ws2ifsl - ok
23:59:11.0439 0x1294  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:59:11.0483 0x1294  wscsvc - ok
23:59:11.0487 0x1294  WSearch - ok
23:59:11.0599 0x1294  [ 38340204A2D0228F1E87740FC5E554A7, 57181ED34E73DD17B590803C770A086C57754F229C6F587637B8FBB5D6519603 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:59:11.0724 0x1294  wuauserv - ok
23:59:11.0740 0x1294  [ 7CADC74271DD6461C452C271B30BD378, D58C2094C36FC665C03A6A269EED80DC71F330C3DCF40A27A3C8F56AB7A96861 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:59:11.0769 0x1294  WudfPf - ok
23:59:11.0820 0x1294  [ 3B197AF0FFF08AA66B6B2241CA538D64, BC94E5EFF38B9C6A37717B2A6CA56679781A4872A0C4298056E074033571BE79 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:59:11.0861 0x1294  WUDFRd - ok
23:59:11.0879 0x1294  [ B551D6637AA0E132C18AC6E504F7B79B, FA6495533A14E01ABB0F6689AB7503B1B439D3ADA7457DFCB7D81714A9817327 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:59:11.0926 0x1294  wudfsvc - ok
23:59:11.0953 0x1294  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:59:11.0985 0x1294  WwanSvc - ok
23:59:12.0137 0x1294  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
23:59:12.0157 0x1294  YahooAUService - ok
23:59:12.0234 0x1294  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {6E090BD5-4EF5-4bf0-A968-74049E88E935} C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl
23:59:12.0252 0x1294  {6E090BD5-4EF5-4bf0-A968-74049E88E935} - ok
23:59:12.0269 0x1294  ================ Scan global ===============================
23:59:12.0290 0x1294  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:59:12.0322 0x1294  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:59:12.0335 0x1294  [ 457B44AB6D502E55F64A867D4F35C76C, 95FEC45E28DF394E778DA37719F7D579920531AD568E1C290B7F42CB03BEAA2C ] C:\Windows\system32\winsrv.dll
23:59:12.0364 0x1294  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:59:12.0420 0x1294  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:59:12.0437 0x1294  [ Global ] - ok
23:59:12.0437 0x1294  ================ Scan MBR ==================================
23:59:12.0447 0x1294  [ 9C51D3FD2697BD2AE931BE1D6F1E6FFA ] \Device\Harddisk0\DR0
23:59:13.0412 0x1294  \Device\Harddisk0\DR0 - ok
23:59:17.0028 0x1294  [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk1\DR1
23:59:19.0295 0x1294  \Device\Harddisk1\DR1 - ok
23:59:19.0296 0x1294  ================ Scan VBR ==================================
23:59:19.0314 0x1294  [ DA4397ECDD569974AF0683AC4E7BD9BA ] \Device\Harddisk0\DR0\Partition1
23:59:19.0317 0x1294  \Device\Harddisk0\DR0\Partition1 - ok
23:59:19.0336 0x1294  [ EB557E0D0C7DA240C4AA977C40911798 ] \Device\Harddisk0\DR0\Partition2
23:59:19.0339 0x1294  \Device\Harddisk0\DR0\Partition2 - ok
23:59:19.0361 0x1294  [ 62FB8373B21EBAD5CD44E8D288850904 ] \Device\Harddisk0\DR0\Partition3
23:59:19.0364 0x1294  \Device\Harddisk0\DR0\Partition3 - ok
23:59:19.0369 0x1294  [ 16DE74CF0D60C0C2694C52F0562DE42C ] \Device\Harddisk1\DR1\Partition1
23:59:19.0374 0x1294  \Device\Harddisk1\DR1\Partition1 - ok
23:59:19.0375 0x1294  ================ Scan generic autorun ======================
23:59:19.0507 0x1294  [ 89F7B7CCC82D7E6FF9832FE3D24988C4, 430958B7694D2F86F4DAEF57329582669F79435B0B4D5D10CB3FF9D1B4251F44 ] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
23:59:19.0522 0x1294  mwlDaemon - ok
23:59:20.0375 0x1294  [ BF98B82615C6737A75F71A8827EE91BC, 52A04A2F961E326F27174EDB51C730207E6612D9308649E6129AECDEE9BC784A ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:59:20.0752 0x1294  RtHDVCpl - ok
23:59:20.0761 0x1294  SynTPEnh - ok
23:59:20.0792 0x1294  [ 17C5E2A94AA1B42D499A5396D67E0B61, 744BB5165E2390A5D6616C8E55A5A2EC8289539F7BA0153AFE954C729E2FE7C6 ] C:\Windows\PLFSetI.exe
23:59:20.0802 0x1294  PLFSetI - ok
23:59:20.0864 0x1294  [ 3F317440210CA5238F493F9FF5103C2D, 81BC0B75072FE6E93863114B0B1E6710F37425813C315A963D26B9E8652F73AA ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
23:59:20.0890 0x1294  Acer ePower Management - ok
23:59:20.0973 0x1294  [ 25107F58D1B8F60D67D1EE95798C0DE8, C3B5205E8818576EBF33E3B9FD8664A498714B823D9128FC1CA0A64F81499263 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
23:59:20.0990 0x1294  IAStorIcon - ok
23:59:21.0060 0x1294  [ 522EEC6D2CAF10ADF7D9B6868A5BDEA9, 15198AF557E2630492106CA6306C03E1A103FF9E9669B70E601957AC7D490C87 ] C:\Program Files (x86)\Launch Manager\LManager.exe
23:59:21.0096 0x1294  LManager - ok
23:59:21.0159 0x1294  [ E439643E61B6CE7F47CC03E6A4590E26, E0C3DD41BD12CAF2AA04E930A30D3C4DF9974AC8769C58A45B744C28F6EF469D ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
23:59:21.0179 0x1294  SuiteTray - ok
23:59:21.0236 0x1294  [ 6C695B04E2E29459CDC2E5C0970B883B, CE0CFE5369B9931FF387A2F64B9F7F8E6583CE50789FB703228AC68950F32EA9 ] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
23:59:21.0255 0x1294  EgisUpdate - ok
23:59:21.0275 0x1294  [ 27964C4676D0F4B34DB7332AFA2B1474, E3A7ED7642A3902C19E96717E9C14267C9A578637338674A2654A018D3D7F65D ] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
23:59:21.0289 0x1294  EgisTecPMMUpdate - ok
23:59:21.0334 0x1294  [ 452FA961163EF4AEE4815796A13AB2CF, 14DC422082F96F5C21C41A5E5F6E8445547CC4B02B18F0A86A34669CA2CE18A7 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
23:59:21.0339 0x1294  Adobe Reader Speed Launcher - ok
23:59:21.0410 0x1294  [ F3B61618292A576E00B81707B6D30B40, 9D10BE8F18508B45661C6A6E8283769334A4F18B78A3BF721D416F640D4B58B2 ] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
23:59:21.0436 0x1294  BackupManagerTray - detected UnsignedFile.Multi.Generic ( 1 )
23:59:24.0183 0x1294  Detect skipped due to KSN trusted
23:59:24.0183 0x1294  BackupManagerTray - ok
23:59:24.0239 0x1294  [ 4EC4260D778FB923BA1AB697AFF6C0E3, 72372369153F675C26F938C5106BFD8704FC518348BC95961214B76DECB68689 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:59:24.0272 0x1294  StartCCC - detected UnsignedFile.Multi.Generic ( 1 )
23:59:27.0019 0x1294  Detect skipped due to KSN trusted
23:59:27.0019 0x1294  StartCCC - ok
23:59:27.0520 0x1294  [ F9173CD9F23F5695C848E8A294876523, FB82CB18873007D9D81C4F370BBBD75B78DA802CCCF03E7C6C61F74FB8182119 ] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
23:59:27.0679 0x1294  VitaKeyPdtWzd - ok
23:59:27.0766 0x1294  [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe
23:59:27.0776 0x1294  MDS_Menu - ok
23:59:27.0796 0x1294  [ 29996B367DFC23E3253AF77E40D085F5, 063F89CB8C4099956EFED71D8B2989222C7631C678B406D20BC1F382D8DFF193 ] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
23:59:27.0805 0x1294  ArcadeMovieService - ok
23:59:27.0912 0x1294  [ 1F3FF6C062B311FE410EC89F6BFAC213, E7DCD366568321BDE5B801680B5D0DE30548C36CE58E326DA6C74537DCCAA49B ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:59:27.0919 0x1294  APSDaemon - ok
23:59:28.0235 0x1294  [ 3B35A7465B26C6AFD7F43518A9F25BBA, 4F2FA1D432AD40A6F19C08D77393CB0A6270AA29AED3891A3BE79B184BFFFA12 ] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe
23:59:28.0396 0x1294  Babylon Client - ok
23:59:28.0399 0x1294  AnyProtect Scanner - ok
23:59:28.0401 0x1294  AnyProtect Tray - ok
23:59:28.0545 0x1294  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:59:28.0610 0x1294  Sidebar - ok
23:59:28.0632 0x1294  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:59:28.0648 0x1294  mctadmin - ok
23:59:28.0679 0x1294  [ EA6EADF6314E43783BA8EEE79F93F73C, 1A4BC2D8DFBDC37AF85C73DEE76A6EE901EBA188D43856BD2FFA96B79A126F73 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:59:28.0717 0x1294  Sidebar - ok
23:59:28.0723 0x1294  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:59:28.0736 0x1294  mctadmin - ok
23:59:28.0935 0x1294  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
23:59:28.0953 0x1294  Google Update - ok
23:59:29.0380 0x1294  [ C0D12E6C85FC6DD7FF1DBB04F2DC933B, 06D3C060ABC986EE4DED0991AEAFD88367E7922D1364F23948FE98923445BCFD ] C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe
23:59:29.0603 0x1294  Messenger (Yahoo!) - ok
23:59:29.0631 0x1294  EA Core - ok
23:59:29.0631 0x1294  AudialsNotifier - ok
23:59:29.0703 0x1294  [ 8E65F53D6A36F5E790D09952D7F523CF, F380859EF6FDD67FDDC199AFEF8364DD54360569C639F4AEBD65FBBE46143623 ] C:\Windows\system32\crypring.exe
23:59:29.0722 0x1294  Acti-1-0 - detected UnsignedFile.Multi.Generic ( 1 )
23:59:32.0405 0x1294  Acti-1-0 ( UnsignedFile.Multi.Generic ) - warning
23:59:35.0122 0x1294  Win FW state via NFP2: enabled
23:59:37.0810 0x1294  ============================================================
23:59:37.0810 0x1294  Scan finished
23:59:37.0810 0x1294  ============================================================
23:59:37.0829 0x10c8  Detected object count: 3
23:59:37.0829 0x10c8  Actual detected object count: 3
00:00:09.0965 0x10c8  LMS ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:09.0965 0x10c8  LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:00:09.0966 0x10c8  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:09.0966 0x10c8  NTI IScheduleSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:00:09.0969 0x10c8  Acti-1-0 ( UnsignedFile.Multi.Generic ) - skipped by user
00:00:09.0969 0x10c8  Acti-1-0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Alt 12.08.2014, 17:52   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Soweit eh ich mal nix, wenn das aber wirklich nur Phishing war muss auf dem Rechner gar keine Malware sein.

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.08.2014, 22:50   #5
Asmoteus
 
Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Hallo,

Du siehst in mir gerade einen der ratlosesten Anwender vor Dir. Beim Versuch AVIRA für Combofix zu deaktivieren, hab ich es nicht (mehr) gefunden. Ist weg? Also hier ist zumindest der Screenshot von dem Scan nach dem Phishing-Vorfall als angehängte Datei.

Wie auch immer, hier die TXT von Combofix:

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 14-08-12.01 - Gursky 12.08.2014  23:24:38.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.8124.6365 [GMT 2:00]
ausgeführt von:: c:\users\Gursky\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Acer Bio Protection\PwdFilterV64.dll
c:\users\Gursky\AppData\Local\nsnFB9F.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-12 bis 2014-08-12  ))))))))))))))))))))))))))))))
.
.
2014-08-12 21:29 . 2014-08-12 21:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-08-10 17:35 . 2014-08-10 17:36	--------	d-----w-	C:\FRST
2014-07-14 20:26 . 2014-07-14 20:26	299008	----a-w-	c:\windows\system32\crypring.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 16:51 . 2012-07-30 04:19	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 16:51 . 2011-05-20 04:48	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-11 15:31 . 2014-06-11 15:31	47240	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2014-06-11 15:31 . 2014-06-11 15:31	24744	----a-w-	c:\windows\system32\drivers\RrNetCapFilterDriver.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{DCC39ACE-709B-44EA-B062-5F6BE2774644}]
2012-08-23 19:03	214448	----a-w-	c:\users\Gursky\AppData\Roaming\MyEmoticons\myemoticons-1.3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:03	120176	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-02-01 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2009-12-25 201512]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2009-12-25 401192]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"VitaKeyPdtWzd"="c:\program files (x86)\Acer Bio Protection\PdtWzd.exe" [2010-03-08 3577712]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe" [2010-03-01 124136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"Babylon Client"="c:\program files (x86)\Babylon\Babylon-Pro\Babylon.exe" [2012-07-02 3462296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-4-28 704032]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-26 1125152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotoncir.sys [x]
R3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotonir.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 RrNetCapFilterDriver;RadioRip Filter Driver;c:\windows\system32\DRIVERS\RrNetCapFilterDriver.sys;c:\windows\SYSNATIVE\DRIVERS\RrNetCapFilterDriver.sys [x]
S2 {6E090BD5-4EF5-4bf0-A968-74049E88E935};Power Control [2011/03/02 18:35];c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl;c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys;c:\windows\SYSNATIVE\Drivers\FPSensor.sys [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IGBASVC;EgisTec Service;c:\program files (x86)\Acer Bio Protection\BASVC.exe;c:\program files (x86)\Acer Bio Protection\BASVC.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys;c:\windows\SYSNATIVE\DRIVERS\hidshim.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Ltn_stk7070P;PCTV LITEON based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys;c:\windows\SYSNATIVE\DRIVERS\Ltn_stk7070P.sys [x]
S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotonhidcir.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2mdgx64.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys;c:\windows\SYSNATIVE\DRIVERS\o2sdgx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 16:51]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25 13:07]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25 13:07]
.
2014-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job
- c:\users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-08 21:13]
.
2014-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job
- c:\users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-08 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-02-01 18:06	137584	----a-w-	c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-02-01 349552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-19 10134560]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ff_ab_IS0&query=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-AudialsNotifier - c:\program files (x86)\Audials\Audials 11\AudialsNotifier.exe
Wow6432Node-HKCU-Run-Acti-1-0 - c:\windows\system32\crypring.exe
Wow6432Node-HKLM-Run-AnyProtect Scanner - c:\program files (x86)\AnyProtectEx\AnyProtect.exe
Wow6432Node-HKLM-Run-AnyProtect Tray - c:\program files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{6E090BD5-4EF5-4bf0-A968-74049E88E935}]
"ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Acer Bio Protection\CompPtcVUI.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files (x86)\Babylon\Babylon-Pro\TC\BabylonTC.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-12  23:38:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-12 21:38
.
Vor Suchlauf: 16 Verzeichnis(se), 197.761.417.216 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 199.880.712.192 Bytes frei
.
- - End Of File - - E2C7CE7076F7A88815B8D76B8DED4011
         
--- --- ---
Bin auf den nächsten Schritt gespannt...

Angehängte Grafiken
Dateityp: png Virenscanner.png (20,7 KB, 316x aufgerufen)

Alt 13.08.2014, 19:31   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?

Alt 16.08.2014, 22:30   #7
Asmoteus
 
Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Hallo mal wieder,

hier die 3 gewünschten Dateien:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.08.2014
Suchlauf-Zeit: 19:36:07
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.16.06
Rootkit Datenbank: v2014.08.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Gursky

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 306991
Verstrichene Zeit: 7 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 23
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DCC39ACE-709B-44EA-B062-5F6BE2774644}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7970495D-2F98-45F4-B093-87E76C7B8B60}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C5896EEA-056A-402F-8991-587AB2B8FD9C}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7970495D-2F98-45F4-B093-87E76C7B8B60}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C5896EEA-056A-402F-8991-587AB2B8FD9C}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E6CAE78A-607F-4A09-BD7E-0826A32B975B}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DCC39ACE-709B-44EA-B062-5F6BE2774644}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{DCC39ACE-709B-44EA-B062-5F6BE2774644}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{DCC39ACE-709B-44EA-B062-5F6BE2774644}, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [2026d4f386f53303f55371ff62a09a66], 
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [2026d4f386f53303f55371ff62a09a66], 
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [2026d4f386f53303f55371ff62a09a66], 
PUP.Optional.OutBrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [2026d4f386f53303f55371ff62a09a66], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [21257552cfac41f5f192363551b1aa56], 
PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MyEmoticons, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dhkplhfnhceodhffomolpfigojocbpcb, In Quarantäne, [de680eb94d2eb2847168d76ca75d3fc1], 
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\oopofgccipckckifenoicncegojimpmf, In Quarantäne, [91b5982f710aca6c1bed9c6d8c7725db], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [cd79c2057b00dd59952906e150b2fd03], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [61e53d8aceadae8836f3d33a59aa50b0], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [9da95176b9c2d660a8979e854cb8ab55], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [94b233948af10e28fd481ede8a78926e], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [ea5c775039424ee8893419cefb07de22], 

Registrierungswerte: 2
PUP.Optional.MyEmoticons.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|myemoticons@myemoticons.com, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3, In Quarantäne, [5bebe3e4f48711253ecbc742956edc24]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-864001013-3320382990-1238080026-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0O1J1G2R, In Quarantäne, [9da95176b9c2d660a8979e854cb8ab55]

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 9
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons, Löschen bei Neustart, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3, Löschen bei Neustart, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\content, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf, Löschen bei Neustart, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb, Löschen bei Neustart, [1d29d4f32a5161d5487e3488ac566d93], 
PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], 
PUP.Optional.SystemSpeedup, C:\Users\Gursky\AppData\Roaming\Systweak\ssd, In Quarantäne, [e363705794e7d26414ee874a23df53ad], 
PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], 

Dateien: 37
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons-1.3.dll, In Quarantäne, [a5a1eed9a3d887afae01006ffd05fd03], 
Spyware.Zbot.VXGen, C:\Windows\System32\crypring.exe, In Quarantäne, [cd797f48f5868caa968f185d57aa5aa6], 
PUP.Optional.Bundlore, C:\Users\Gursky\Downloads\setup.exe, In Quarantäne, [0a3c6b5c334861d5940de52bdb26dc24], 
PUP.Optional.Trovi.A, C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\trovi-search.xml, In Quarantäne, [47ff8a3dfd7ece68bb66b44127db16ea], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com.xpi, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\config.ini, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons.ico, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\MyEmoticons.url, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\oopofgccipckckifenoicncegojimpmf.crx, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\uninst.exe, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\chrome.manifest, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\icon.png, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\install.rdf, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.3\content\myemoticons.jar, In Quarantäne, [21257e49e695102608fe69a05ca707f9], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\128.png, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\16.png, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\48.png, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\background.js, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\fbme.js, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\fbme.png, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\manifest.json, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.MyEmoticons.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\oopofgccipckckifenoicncegojimpmf\1.7.0_0\popup.html, In Quarantäne, [92b47057b9c23105010603b8c63cbf41], 
PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\babylon48.png, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], 
PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromePI.dll, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], 
PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\bg.html, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], 
PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\bg.js, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], 
PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\cs.js, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], 
PUP.Optional.Babylon.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\manifest.json, In Quarantäne, [1d29d4f32a5161d5487e3488ac566d93], 
PUP.Optional.SystemSpeedup, C:\Users\Gursky\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [e363705794e7d26414ee874a23df53ad], 
PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], 
PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], 
PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], 
PUP.Optional.Updater.A, C:\Users\Gursky\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [c77f3f888ceffd39aa54498c89794db3], 
PUP.Optional.Trovi.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (      "startup_urls": [ "hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=55&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&SSPV=" ],), Ersetzt,[0a3ccbfc7a01cc6aa10ac43f40c59e62]
PUP.Optional.Trovi.A, C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: (   "homepage": "hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=55&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&SSPV=",), Ersetzt,[2422a126fd7e0a2ccfdd0bf87e87dd23]
PUP.Optional.Trovi, C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaultenginename", "Trovi search");), Ersetzt,[7bcbe2e5abd07fb7a7730cf7bc490cf4]
PUP.Optional.Trovi, C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "Trovi search");), Ersetzt,[c0868f38ee8d49ed9b8062a1e81d2ad6]

Physische Sektoren: 0
(No malicious items detected)


(end)
         

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.306 - Bericht erstellt am 16/08/2014 um 22:50:11
# Aktualisiert 15/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Gursky - THUNDERBIRD
# Gestartet von : C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\ProgramData\Partner
[!] Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon
[!] Ordner Gelöscht : C:\Program Files (x86)\Babylon
[!] Ordner Gelöscht : C:\Program Files\Babylon
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Local\Babylon
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\Babylon
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\DigitalSites
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\goforfiles
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\InetStat
[!] Ordner Gelöscht : C:\Users\Gursky\AppData\Roaming\Systweak
Datei Gelöscht : C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\adapter@babylontc.com.xpi
Datei Gelöscht : C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\ocr@babylon.com.xpi
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Gursky\AppData\Roaming\aps.uninstall.scan.results

***** [ Tasks ] *****

Task Gelöscht : Digital Sites
Task Gelöscht : GoforFilesUpdate

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bdc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bgl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.bof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonIEPI.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonTC.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyDict
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Babylon.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Babylon Client]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir[1]_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_safari_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_safari_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF390AA1-1E65-4825-B8E7-BE6B47BD56B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C2E529C-A82C-4AC6-8807-0B51F7AD7BB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1489C85-4F6F-48C4-AC9E-18B63AF4703E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\GoforFiles
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Babylon

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,ocr%40babylon.com:1.1,%7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.1,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0");

-\\ Google Chrome v

[ Datei : C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=58&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&q={searchTerms}&SSPV=
Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9B0867AC-6BA7-457E-ABBE-0310F019FC47&SearchSource=58&CUI=&UM=6&UP=SP0F2FBA7F-3215-47E4-A2C0-143889912008&q={searchTerms}&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : dhkplhfnhceodhffomolpfigojocbpcb
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [12427 octets] - [16/08/2014 22:48:29]
AdwCleaner[S0].txt - [11853 octets] - [16/08/2014 22:50:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11914 octets] ##########
         
--- --- ---

[/CODE]


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gursky on 16.08.2014 at 22:55:10,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-864001013-3320382990-1238080026-1000\Software\babylon



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"



~~~ FireFox

Emptied folder: C:\Users\Gursky\AppData\Roaming\mozilla\firefox\profiles\clzgy7ze.default\minidumps [240 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2014 at 23:02:16,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


und zu Ende noch die FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Gursky (administrator) on THUNDERBIRD on 16-08-2014 23:34:12
Running from C:\Users\Gursky\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107688 2010-04-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3577712 2010-03-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default
FF SearchEngineOrder.1: Amazon 
FF Homepage: hxxp://www.yahoo.com
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Greasemonkey - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-16]
FF Extension: No Name - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\extensions\adapter@babylontc.com.xpi []
FF Extension: No Name - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\extensions\ocr@babylon.com.xpi []

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3456880 2010-03-08] (Egis Technology Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-09-01] (Windows (R) Win 7 DDK provider)
R3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [625152 2009-05-23] (LiteOn)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-09-01] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-06-11] (Audials AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-02-25] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 23:33 - 2014-08-16 23:33 - 00000000 ____D () C:\Users\Gursky\Desktop\FRST-OlderVersion
2014-08-16 23:02 - 2014-08-16 23:02 - 00001019 _____ () C:\Users\Gursky\Desktop\JRT.txt
2014-08-16 22:55 - 2014-08-16 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:53 - 2014-08-16 22:53 - 01016261 _____ (Thisisu) C:\Users\Gursky\Desktop\JRT.exe
2014-08-16 22:52 - 2014-08-16 22:52 - 00012043 _____ () C:\Users\Gursky\Desktop\AdwCleaner[S0].txt
2014-08-16 22:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-16 22:47 - 2014-08-16 22:50 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:47 - 2014-08-16 22:47 - 01361203 _____ () C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
2014-08-16 19:49 - 2014-08-16 19:49 - 00014067 _____ () C:\Users\Gursky\Desktop\mbam.txt
2014-08-16 19:34 - 2014-08-16 19:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 19:32 - 2014-08-16 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gursky\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-16 19:32 - 2014-08-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-16 19:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 19:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 19:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 23:38 - 2014-08-12 23:38 - 00018909 _____ () C:\ComboFix.txt
2014-08-12 23:22 - 2014-08-12 23:38 - 00000000 ____D () C:\Qoobox
2014-08-12 23:22 - 2014-08-12 23:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 23:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-12 23:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-12 23:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-12 23:11 - 2014-08-12 23:11 - 05569662 ____R (Swearware) C:\Users\Gursky\Desktop\ComboFix.exe
2014-08-11 23:56 - 2014-08-11 23:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gursky\Desktop\tdsskiller.exe
2014-08-10 19:36 - 2014-08-10 19:36 - 00034901 _____ () C:\Users\Gursky\Desktop\Addition.txt
2014-08-10 19:35 - 2014-08-16 23:34 - 00018652 _____ () C:\Users\Gursky\Desktop\FRST.txt
2014-08-10 19:35 - 2014-08-16 23:34 - 00000000 ____D () C:\FRST
2014-08-10 19:34 - 2014-08-16 23:33 - 02101760 _____ (Farbar) C:\Users\Gursky\Desktop\FRST64.exe
2014-08-08 18:57 - 2014-08-08 18:28 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 23:34 - 2014-08-10 19:35 - 00018652 _____ () C:\Users\Gursky\Desktop\FRST.txt
2014-08-16 23:34 - 2014-08-10 19:35 - 00000000 ____D () C:\FRST
2014-08-16 23:33 - 2014-08-16 23:33 - 00000000 ____D () C:\Users\Gursky\Desktop\FRST-OlderVersion
2014-08-16 23:33 - 2014-08-10 19:34 - 02101760 _____ (Farbar) C:\Users\Gursky\Desktop\FRST64.exe
2014-08-16 23:02 - 2014-08-16 23:02 - 00001019 _____ () C:\Users\Gursky\Desktop\JRT.txt
2014-08-16 23:01 - 2011-04-25 15:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 22:58 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 22:58 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 22:55 - 2014-08-16 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:54 - 2011-05-08 11:10 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job
2014-08-16 22:54 - 2011-03-02 19:05 - 01275593 _____ () C:\Windows\WindowsUpdate.log
2014-08-16 22:53 - 2014-08-16 22:53 - 01016261 _____ (Thisisu) C:\Users\Gursky\Desktop\JRT.exe
2014-08-16 22:52 - 2014-08-16 22:52 - 00012043 _____ () C:\Users\Gursky\Desktop\AdwCleaner[S0].txt
2014-08-16 22:51 - 2011-04-25 15:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 22:51 - 2011-03-02 19:02 - 00038098 _____ () C:\Windows\PFRO.log
2014-08-16 22:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-16 22:51 - 2009-07-14 06:51 - 00198977 _____ () C:\Windows\setupact.log
2014-08-16 22:50 - 2014-08-16 22:47 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:47 - 2014-08-16 22:47 - 01361203 _____ () C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
2014-08-16 22:46 - 2012-07-30 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 22:14 - 2009-07-14 06:45 - 00379576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 19:49 - 2014-08-16 19:49 - 00014067 _____ () C:\Users\Gursky\Desktop\mbam.txt
2014-08-16 19:47 - 2014-08-16 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 19:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-08-16 19:32 - 2014-08-16 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gursky\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-16 19:32 - 2014-08-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 23:38 - 2014-08-12 23:38 - 00018909 _____ () C:\ComboFix.txt
2014-08-12 23:38 - 2014-08-12 23:22 - 00000000 ____D () C:\Qoobox
2014-08-12 23:37 - 2014-08-12 23:22 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 23:33 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-12 23:32 - 2009-07-14 04:34 - 51642368 _____ () C:\Windows\system32\config\software.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 18087936 _____ () C:\Windows\system32\config\system.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-12 23:28 - 2011-03-02 19:14 - 00000000 ____D () C:\Program Files (x86)\Acer Bio Protection
2014-08-12 23:11 - 2014-08-12 23:11 - 05569662 ____R (Swearware) C:\Users\Gursky\Desktop\ComboFix.exe
2014-08-11 23:56 - 2014-08-11 23:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gursky\Desktop\tdsskiller.exe
2014-08-10 19:36 - 2014-08-10 19:36 - 00034901 _____ () C:\Users\Gursky\Desktop\Addition.txt
2014-08-09 14:54 - 2011-05-08 11:10 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job
2014-08-08 18:32 - 2011-03-03 03:56 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-08-08 18:32 - 2011-03-03 03:56 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-08-08 18:32 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 18:28 - 2014-08-08 18:57 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp
2014-07-18 07:57 - 2011-05-08 11:10 - 00002368 _____ () C:\Users\Gursky\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\Gursky\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 07:24

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Gursky at 2014-08-16 23:34:50
Running from C:\Users\Gursky\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7501 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.1.7501 - CyberLink Corp.) Hidden
Acer Arcade Instant On (x32 Version: 3.0.34.2 - Acer) Hidden
Acer Arcade Movie (x32 Version: 9.0.6302 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.5.76 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.12.1 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{AFBE654A-4597-89DB-EF5F-7CC7D0475691}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden
bwin Poker (HKLM-x32\...\bwin Poker_is1) (Version:  - bwin)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Fingerprint Solution (x32 Version: 6.1.76.0 - Egis Technology Inc.) Hidden
Fragen-Lern-CD 4.0 international (HKLM-x32\...\de.3m5.wendel.flcd.FLCDint.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.0.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.0 international (x32 Version: 4.0.0 - Wendel-Verlag GmbH) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDrug (HKCU\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Nuvoton CIR Device Drivers (HKLM-x32\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation)
O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.)
O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5FAD2AAE-C6DD-4CC8-B325-BFCBB3D32249}) (Version: 2.0.37.D - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D - O2Micro International LTD.) Hidden
ODF Add-In für Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PartyPoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.2 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

17-07-2014 05:45:28 Geplanter Prüfpunkt
24-07-2014 16:42:59 Geplanter Prüfpunkt
31-07-2014 20:48:02 Geplanter Prüfpunkt
08-08-2014 05:31:36 Geplanter Prüfpunkt
12-08-2014 21:22:53 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-12 23:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2EE742A3-8553-4CA4-B801-A2AA9223536C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {4A411131-3DF8-49B1-A988-368994F073E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {6ACF023F-5D47-48BF-9ADF-07809EE1BC99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8148C350-814E-4103-821B-EE64A1172966} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {977CEC33-8DB2-4BC1-A130-52B8784FA3F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {F20D94DC-D65C-46D0-9AE0-2346C1D5A7CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-02 19:32 - 2010-02-03 10:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2011-03-02 19:18 - 2010-01-13 11:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-03-26 12:46 - 2010-03-26 12:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-01-07 15:42 - 2010-01-07 15:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-02 19:07 - 2011-03-02 19:07 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-28 14:13 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-05-24 20:06 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-04-28 13:28 - 2010-04-28 13:28 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a52290f344ad5c5e513d71251549f5c2\IsdiInterop.ni.dll
2010-04-28 13:28 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-12 23:28:42.147
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-12 23:28:42.141
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-18 20:35:55.006
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 11:05:09.507
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 09:47:40.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 08:01:48.995
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 07:58:25.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-22 16:23:15.468
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-11 07:06:38.654
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-10 22:08:13.151
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 17%
Total physical RAM: 8124.5 MB
Available physical RAM: 6676.43 MB
Total Pagefile: 16247.14 MB
Available Pagefile: 14586.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:288.8 GB) (Free:185.69 GB) NTFS
Drive d: (DATA) (Fixed) (Total:288.14 GB) (Free:288.04 GB) NTFS
Drive e: (DATA) (Fixed) (Total:596.17 GB) (Free:593.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 3E9DEFF9)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=3.5 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=576.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 0F4BC564)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Geändert von Asmoteus (16.08.2014 um 22:37 Uhr)

Alt 17.08.2014, 14:49   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.08.2014, 21:39   #9
Asmoteus
 
Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Hallo mal wieder. Hier die Scans:

Code:
ATTFilter
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=9073c4f4f0eb7c4d9af8cf84284377e8
# engine=19715
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-18 05:55:17
# local_time=2014-08-18 07:55:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 109267125 160014367 0 0
# scanned=182837
# found=9
# cleaned=0
# scan_time=2985
sh=A947908B61C9D628542EC1D1FEA13BC2CE2B7C06 ft=1 fh=961bdd4314208540 vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll.vir"
sh=9901EA4F6868736CBE4161354556E16BCD6E3C6D ft=1 fh=bfb40f213a91a73c vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll.vir"
sh=6936E876CC0DBE1ACABFE76901C5FC97E03A0704 ft=1 fh=c71c001103c9a087 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Babylon\Babylon-Pro\Utils\BExternal.dll.vir"
sh=81447912A34F2B17146525275592838967D4FFF7 ft=1 fh=e9acee4b46b6c119 vn="Variante von Win32/RiskWare.Astori.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gursky\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=1C5244967D8907B676C6CBCEEE6BD9F90F10CC6B ft=1 fh=51b3b1bbaa02ab32 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Gursky\Desktop\PhotoScape_V3.6.2.exe"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[2].0"
sh=E32AA2E78D2C8F0E9316080E71A714BEFE851E6C ft=1 fh=374915f71a49693e vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\ApnIC[2].0"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.87  
 Windows 7  x64 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (30.0) 
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Gursky (administrator) on THUNDERBIRD on 18-08-2014 22:44:36
Running from C:\Users\Gursky\Desktop
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-19] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2107688 2010-04-14] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1300560 2010-03-03] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3577712 2010-03-08] (Egis Technology Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-03-02] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-02] (Apple Inc.)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKU\S-1-5-21-864001013-3320382990-1238080026-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [5252408 2010-06-01] (Yahoo! Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8943g&r=27360311m606l04e3z185t4541l31s
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {09038620-190C-402B-A92F-18864E6AB22F} URL = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {40064957-18EB-412d-9146-3F57E8D92EEC} URL = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
SearchScopes: HKCU - {5A817CF6-92D5-4DE5-AC38-82DF8A73EF28} URL = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_de
SearchScopes: HKCU - {6B1D1FB7-7233-4F7C-802C-21A1DDB12754} URL = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
SearchScopes: HKCU - {8D27B32E-89EE-460e-82D2-5FC354078EAD} URL = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
SearchScopes: HKCU - {DCE59F23-A446-45a5-9459-E68FDC0DE38D} URL = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default
FF SearchEngineOrder.1: Amazon 
FF Homepage: hxxp://www.yahoo.com
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7ee1452b17f74e80b1d0850a9b7e4626_30_46_20140201_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\searchplugins\amazon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Greasemonkey - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-16]
FF Extension: No Name - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\extensions\adapter@babylontc.com.xpi []
FF Extension: No Name - C:\Users\Gursky\AppData\Roaming\Mozilla\Firefox\Profiles\clzgy7ze.default\extensions\ocr@babylon.com.xpi []

Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: trovi.search
CHR DefaultNewTabURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gursky\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Gursky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3456880 2010-03-08] (Egis Technology Inc.)
R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] () [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 hidshim; C:\Windows\system32\DRIVERS\hidshim.sys [6656 2009-09-01] (Windows (R) Win 7 DDK provider)
R3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [625152 2009-05-23] (LiteOn)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
R3 nuvotonhidcir; C:\Windows\system32\DRIVERS\nuvotonhidcir.sys [26624 2009-09-01] (Nuvoton Technology Corporation)
S3 nuvotonir; C:\Windows\system32\DRIVERS\nuvotonir.sys [68096 2009-08-31] (Nuvoton Technology Corporation)
R3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [50976 2010-01-11] (O2Micro )
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-06-11] (Audials AG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {6E090BD5-4EF5-4bf0-A968-74049E88E935}; C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\000.fcl [146928 2010-02-25] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 18:58 - 2014-08-18 18:58 - 02347384 _____ (ESET) C:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe
2014-08-16 23:33 - 2014-08-16 23:33 - 00000000 ____D () C:\Users\Gursky\Desktop\FRST-OlderVersion
2014-08-16 23:02 - 2014-08-16 23:02 - 00001019 _____ () C:\Users\Gursky\Desktop\JRT.txt
2014-08-16 22:55 - 2014-08-16 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:53 - 2014-08-16 22:53 - 01016261 _____ (Thisisu) C:\Users\Gursky\Desktop\JRT.exe
2014-08-16 22:52 - 2014-08-16 22:52 - 00012043 _____ () C:\Users\Gursky\Desktop\AdwCleaner[S0].txt
2014-08-16 22:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-16 22:47 - 2014-08-16 22:50 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:47 - 2014-08-16 22:47 - 01361203 _____ () C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
2014-08-16 19:49 - 2014-08-16 19:49 - 00014067 _____ () C:\Users\Gursky\Desktop\mbam.txt
2014-08-16 19:34 - 2014-08-16 19:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 19:32 - 2014-08-16 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gursky\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-16 19:32 - 2014-08-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-16 19:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-16 19:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-16 19:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 23:38 - 2014-08-12 23:38 - 00018909 _____ () C:\ComboFix.txt
2014-08-12 23:22 - 2014-08-12 23:38 - 00000000 ____D () C:\Qoobox
2014-08-12 23:22 - 2014-08-12 23:37 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 23:22 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-12 23:22 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-12 23:22 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-12 23:22 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-12 23:11 - 2014-08-12 23:11 - 05569662 ____R (Swearware) C:\Users\Gursky\Desktop\ComboFix.exe
2014-08-11 23:56 - 2014-08-11 23:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gursky\Desktop\tdsskiller.exe
2014-08-10 19:36 - 2014-08-16 23:35 - 00023881 _____ () C:\Users\Gursky\Desktop\Addition.txt
2014-08-10 19:35 - 2014-08-18 22:44 - 00018778 _____ () C:\Users\Gursky\Desktop\FRST.txt
2014-08-10 19:35 - 2014-08-18 22:44 - 00000000 ____D () C:\FRST
2014-08-10 19:34 - 2014-08-16 23:33 - 02101760 _____ (Farbar) C:\Users\Gursky\Desktop\FRST64.exe
2014-08-08 18:57 - 2014-08-08 18:28 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-18 22:44 - 2014-08-10 19:35 - 00018778 _____ () C:\Users\Gursky\Desktop\FRST.txt
2014-08-18 22:44 - 2014-08-10 19:35 - 00000000 ____D () C:\FRST
2014-08-18 22:01 - 2011-04-25 15:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 21:54 - 2011-05-08 11:10 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job
2014-08-18 21:46 - 2012-07-30 06:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 19:55 - 2011-05-08 11:10 - 00002368 _____ () C:\Users\Gursky\Desktop\Google Chrome.lnk
2014-08-18 19:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 19:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 18:58 - 2014-08-18 18:58 - 02347384 _____ (ESET) C:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe
2014-08-18 18:57 - 2011-03-02 19:05 - 01279569 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 18:54 - 2011-04-25 15:08 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 18:54 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 18:54 - 2009-07-14 06:51 - 00199033 _____ () C:\Windows\setupact.log
2014-08-18 18:54 - 2009-07-14 06:45 - 00379576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-16 23:35 - 2014-08-10 19:36 - 00023881 _____ () C:\Users\Gursky\Desktop\Addition.txt
2014-08-16 23:33 - 2014-08-16 23:33 - 00000000 ____D () C:\Users\Gursky\Desktop\FRST-OlderVersion
2014-08-16 23:33 - 2014-08-10 19:34 - 02101760 _____ (Farbar) C:\Users\Gursky\Desktop\FRST64.exe
2014-08-16 23:02 - 2014-08-16 23:02 - 00001019 _____ () C:\Users\Gursky\Desktop\JRT.txt
2014-08-16 22:55 - 2014-08-16 22:55 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 22:53 - 2014-08-16 22:53 - 01016261 _____ (Thisisu) C:\Users\Gursky\Desktop\JRT.exe
2014-08-16 22:52 - 2014-08-16 22:52 - 00012043 _____ () C:\Users\Gursky\Desktop\AdwCleaner[S0].txt
2014-08-16 22:51 - 2011-03-02 19:02 - 00038098 _____ () C:\Windows\PFRO.log
2014-08-16 22:50 - 2014-08-16 22:47 - 00000000 ____D () C:\AdwCleaner
2014-08-16 22:47 - 2014-08-16 22:47 - 01361203 _____ () C:\Users\Gursky\Desktop\adwcleaner_3.306.exe
2014-08-16 19:49 - 2014-08-16 19:49 - 00014067 _____ () C:\Users\Gursky\Desktop\mbam.txt
2014-08-16 19:47 - 2014-08-16 19:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 19:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Vss
2014-08-16 19:32 - 2014-08-16 19:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Gursky\Desktop\mbam-setup-2.0.2.1012.exe
2014-08-16 19:32 - 2014-08-16 19:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-16 19:32 - 2014-08-16 19:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 23:38 - 2014-08-12 23:38 - 00018909 _____ () C:\ComboFix.txt
2014-08-12 23:38 - 2014-08-12 23:22 - 00000000 ____D () C:\Qoobox
2014-08-12 23:37 - 2014-08-12 23:22 - 00000000 ____D () C:\Windows\erdnt
2014-08-12 23:33 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-08-12 23:32 - 2009-07-14 04:34 - 51642368 _____ () C:\Windows\system32\config\software.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 18087936 _____ () C:\Windows\system32\config\system.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-08-12 23:32 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-08-12 23:28 - 2011-03-02 19:14 - 00000000 ____D () C:\Program Files (x86)\Acer Bio Protection
2014-08-12 23:11 - 2014-08-12 23:11 - 05569662 ____R (Swearware) C:\Users\Gursky\Desktop\ComboFix.exe
2014-08-11 23:56 - 2014-08-11 23:56 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Gursky\Desktop\tdsskiller.exe
2014-08-09 14:54 - 2011-05-08 11:10 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job
2014-08-08 18:32 - 2011-03-03 03:56 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2014-08-08 18:32 - 2011-03-03 03:56 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2014-08-08 18:32 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-08 18:28 - 2014-08-08 18:57 - 13987991 ____N () C:\Users\Gursky\Desktop\VID_20140808_182839.3gp

Some content of TEMP:
====================
C:\Users\Gursky\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-18 20:20

==================== End Of Log ============================
         
--- --- ---

--- --- ---


FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Gursky at 2014-08-18 22:45:10
Running from C:\Users\Gursky\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.1.7501 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.1.7501 - CyberLink Corp.) Hidden
Acer Arcade Instant On (x32 Version: 3.0.34.2 - Acer) Hidden
Acer Arcade Movie (x32 Version: 9.0.6302 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.60 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.5.76 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.12.1 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0309.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{343666E2-A059-48AC-AD67-230BF74E2DB2}) (Version: 2.1.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.24 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{AFBE654A-4597-89DB-EF5F-7CC7D0475691}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Audials (HKLM-x32\...\{DA6EBFC9-8869-4B61-8D38-2668A395C5B0}) (Version: 11.0.54400.0 - Audials AG)
Backup Manager Advance (x32 Version: 2.0.1.60 - NewTech Infosystems) Hidden
bwin Poker (HKLM-x32\...\bwin Poker_is1) (Version:  - bwin)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version:  - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0302.2233.40412 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help English (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help French (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help German (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0302.2232.40412 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0302.2233.40412 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0302.2233.40412 - ATI) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.9.4 - Fomanu AG)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.38.151 - Electronic Arts)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Fingerprint Solution (x32 Version: 6.1.76.0 - Egis Technology Inc.) Hidden
Fragen-Lern-CD 4.0 international (HKLM-x32\...\de.3m5.wendel.flcd.FLCDint.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1) (Version: 4.0.0 - Wendel-Verlag GmbH)
Fragen-Lern-CD 4.0 international (x32 Version: 4.0.0 - Wendel-Verlag GmbH) Hidden
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version:  - Oberon Media)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.7 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MediaDrug (HKCU\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B9) (Version: 1.5 - MediaDrug)
MediaShow Espresso (x32 Version: 5.5.1403_23691 - CyberLink Corp.) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden
Nuvoton CIR Device Drivers (HKLM-x32\...\{FBC79D04-051E-4367-8051-1DB0C893FBE0}) (Version: 8.60.2002 - Nuvoton Technology Corporation)
O2Micro 1394 OHCI Compliant Host Controller Driver (HKLM-x32\...\InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}) (Version: 1.0.00 - O2Micro International LTD.)
O2Micro 1394 OHCI Compliant Host Controller Driver (Version: 1.0.00 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{5FAD2AAE-C6DD-4CC8-B325-BFCBB3D32249}) (Version: 2.0.37.D - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.37.D - O2Micro International LTD.) Hidden
ODF Add-In für Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
PartyPoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6072 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}) (Version: 5.34.52.7 - Apple Inc.)
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{09959E11-AD5D-408E-96AF-E3346954D6B8}) (Version: 1.0.0 - Microsoft)
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) (HKLM-x32\...\{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}) (Version: 1.0.0 - Microsoft)
Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version:  - Oberon Media)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.12.2 - Synaptics Incorporated)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.4300 - Broadcom Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-864001013-3320382990-1238080026-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Gursky\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

17-07-2014 05:45:28 Geplanter Prüfpunkt
24-07-2014 16:42:59 Geplanter Prüfpunkt
31-07-2014 20:48:02 Geplanter Prüfpunkt
08-08-2014 05:31:36 Geplanter Prüfpunkt
12-08-2014 21:22:53 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-12 23:33 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2EE742A3-8553-4CA4-B801-A2AA9223536C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: {4A411131-3DF8-49B1-A988-368994F073E8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {6ACF023F-5D47-48BF-9ADF-07809EE1BC99} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {8148C350-814E-4103-821B-EE64A1172966} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {977CEC33-8DB2-4BC1-A130-52B8784FA3F9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-25] (Google Inc.)
Task: {F20D94DC-D65C-46D0-9AE0-2346C1D5A7CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000Core.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-864001013-3320382990-1238080026-1000UA.job => C:\Users\Gursky\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-03-02 19:32 - 2010-02-03 10:37 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2010-03-26 12:46 - 2010-03-26 12:46 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-03-02 19:18 - 2010-01-13 11:47 - 00206208 _____ () C:\Windows\PLFSetI.exe
2010-01-07 15:42 - 2010-01-07 15:42 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-02 19:07 - 2011-03-02 19:07 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-03-09 02:18 - 2010-03-09 02:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-03-09 02:13 - 2010-03-09 02:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2010-04-28 14:13 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-05-24 20:06 - 2010-06-01 10:17 - 00929792 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2010-04-28 13:28 - 2010-04-28 13:28 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\a52290f344ad5c5e513d71251549f5c2\IsdiInterop.ni.dll
2010-04-28 13:28 - 2010-03-04 05:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2014 10:37:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (08/18/2014 08:20:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (08/18/2014 07:00:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (08/18/2014 07:00:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Error: (08/18/2014 06:58:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/18/2014 10:37:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/18/2014 08:20:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (08/18/2014 07:00:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe

Error: (08/18/2014 07:00:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe

Error: (08/18/2014 06:58:13 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifestC:\Users\Gursky\Desktop\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-08-12 23:28:42.147
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-12 23:28:42.141
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2013-02-18 20:35:55.006
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 11:05:09.507
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 09:47:40.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 08:01:48.995
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-08-05 07:58:25.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-22 16:23:15.468
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-11 07:06:38.654
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-07-10 22:08:13.151
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 25%
Total physical RAM: 8124.5 MB
Available physical RAM: 6065.04 MB
Total Pagefile: 16247.14 MB
Available Pagefile: 14226.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:288.8 GB) (Free:184.96 GB) NTFS
Drive d: (DATA) (Fixed) (Total:288.14 GB) (Free:288.04 GB) NTFS
Drive e: (DATA) (Fixed) (Total:596.17 GB) (Free:593.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 3E9DEFF9)
Partition 1: (Not Active) - (Size=15.6 GB) - (Type=27)
Partition 2: (Not Active) - (Size=3.5 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=576.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 596.2 GB) (Disk ID: 0F4BC564)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---

Ob es noch Probleme gibt? Keine Ahnung... zumindest sehe ich noch das hier, also tippe ich mal... "Ja" (McAffee ist auf diesem rechner nicht installiert...):
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

Geändert von Asmoteus (18.08.2014 um 21:49 Uhr)

Alt 19.08.2014, 20:31   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Das ist nur ein Rest in der Registry.

Java updaten, unbedingt Windows updaten, da fehlt ein ganzes Servicepack!!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.08.2014, 22:14   #11
Asmoteus
 
Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Hallo mal wieder,

hier die Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Gursky at 2014-08-19 23:13:02 Run:1
Running from C:\Users\Gursky\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
*****************

HKLM => Group Policy Restriction on software restored successfully.

==== End of Fixlog ====
         
Ich möchte mich recht herzlich für die Untertützung bedanken. Ich habe keine Fragen mehr und bin gerade dabei fleißig überall Updates einzuspielen. Eine kleine Spende für das Trojaner-Board wird dann auch bei Euch eingehen.
Vielen Dank

Geändert von Asmoteus (19.08.2014 um 22:43 Uhr)

Alt 20.08.2014, 11:02   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Standard

Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?
anyprotect, branding, flash player, iexplore.exe, launch, pup.optional.babylon.a, pup.optional.bundlore, pup.optional.installcore.a, pup.optional.myemoticons.a, pup.optional.outbrowse, pup.optional.searchprotect.a, pup.optional.softonic.a, pup.optional.systemspeedup, pup.optional.trovi, pup.optional.trovi.a, pup.optional.updater.a, realtek, security, services.exe, spyware.zbot.vxgen, svchost.exe, temp, vcredist, win32/bundled.toolbar.ask, win32/bundled.toolbar.google.d, win32/riskware.astori.a, win32/toolbar.babylon.f, win32/toolbar.babylon.p, windows



Ähnliche Themen: Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?


  1. Secure Banking - Online Banking auf der sicheren Seite!
    Archiv - 29.08.2016 (471)
  2. Trojaner im Online banking
    Lob, Kritik und Wünsche - 02.12.2014 (0)
  3. Sicherheitskontrolle beim Kreissparkasse online banking Virus? Zugang gesperrt
    Log-Analyse und Auswertung - 20.09.2013 (19)
  4. Online-Banking-Trojaner!
    Log-Analyse und Auswertung - 22.06.2013 (17)
  5. Online-Banking: Trojaner
    Log-Analyse und Auswertung - 02.05.2013 (1)
  6. Sparkassen Online Banking Virus
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (19)
  7. Online-Banking-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (14)
  8. Trojaner im Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (21)
  9. Raiffeisen Online Banking Virus/Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (3)
  10. Müll aus Secure Banking - Online Banking auf der sicheren Seite!
    Mülltonne - 04.10.2012 (0)
  11. Online-Banking Trojaner ?
    Log-Analyse und Auswertung - 02.03.2012 (20)
  12. Online-Banking Trojaner
    Log-Analyse und Auswertung - 23.12.2011 (3)
  13. TAN / Online-Banking Trojaner!
    Log-Analyse und Auswertung - 29.11.2011 (35)
  14. Online Banking - TAN Abfrage beim Banking - Trojaner?
    Log-Analyse und Auswertung - 12.08.2011 (3)
  15. 20 tan abfrage bei volksbank online banking - virus
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (3)
  16. Online-Banking Trojaner
    Log-Analyse und Auswertung - 05.12.2010 (5)
  17. 40 Tan-Trojaner bei DKB Online-Banking
    Plagegeister aller Art und deren Bekämpfung - 23.09.2010 (28)

Zum Thema Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? - Hallo, vor einiger Zeit wurde meine Frau bei Nutzung ihres Laptop Opfer eines Virus oder Trojaners, der beim Öffnen des Internetbanking eine Fake-Abfrage über das Banking geschoben hat und leider - Online Banking umgeleitet - Virus/Trojaner zugeschlagen ?...
Archiv
Du betrachtest: Online Banking umgeleitet - Virus/Trojaner zugeschlagen ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.