| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: BOO/TDSS.o Befall - was kann ich tunWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
20.10.2014, 00:52
| #1 |
| |  BOO/TDSS.o Befall - was kann ich tun Liebe User, Mein Laptop (Win7) ist seit heute mit BOO/TDSS.o befallen. Avira hat die Malware zwar erkannt, kann sie aber nicht entfernen. Ich habe bereits mit Malewarebytes und Kaspary TDSSKill versucht, das Problem zu beseitigen. Es wurden jeweils infizierte Dateinen gefunden, das Entfernen mit den Programmen hat aber leider nicht geholfen. Was kann ich tun? Viele Grüße, Goldberry |
|
20.10.2014, 01:05
| #2 |
| Ruhe in Frieden † 2019     | BOO/TDSS.o Befall - was kann ich tun Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte poste mir die Logs vom TDSS-Killer, Malwarebytes und von Avira Schritt 2 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
20.10.2014, 01:21
| #3 |
| | BOO/TDSS.o Befall - was kann ich tun Hallo Sandra,
__________________erst einmal vielen Dank, dass du mir helfen möchtest. Wie kann ich Logfiles für Avira, Malwarebytes und TDSS-Killer erstellen? |
|
20.10.2014, 01:27
| #4 |
| Ruhe in Frieden † 2019 | BOO/TDSS.o Befall - was kann ich tun Hallo, du hast doch mit den entsprechenden Programmen / Tools gescannt  Für Malwarebytes:
TDSS speichert die Logs unter C:\TDSSKiller_version_datum_zeit_log.txt und bei Avira musst du mal unter den Ereignisprotokollen schauen und dir das Log anzeigen lassen und nun geh ich erstmal schlafen |
|
20.10.2014, 01:45
| #5 |
| | BOO/TDSS.o Befall - was kann ich tun Es gibt auf C:\ nur einen Ordner TDSSKiller_Quarantine, der Ordner mit Datum/Uhrzeit meiner beiden Suchläufe enthält, deren Inhalt sind .ini und .dta Dateien. Was sind davon die Logfiles? Unter Malwarebytes habe ich das von dir beschriebene Menü leider nicht gefunden, ich benutze Malwarebytes Anti-Rootkit BETA v1.07.0.1012. Unter Avira gibt es die Möglichkeit, Ereignisse zu exportieren. Ich habe das mal mit einigen der Fehlermeldungen gemacht, die ich von Avira erhalten habe. Falls das die falschen Daten sind oder ich noch mehr hier reinschreiben soll, sag Bescheid! Code:
ATTFilter 16.10.2014 18:44 [Echtzeit-Scanner] Malware in Bootsektor gefunden
Im Bootsektor von Laufwerk 'C:' wurde ein Virus oder
unerwünschtes Programm 'BOO/TDss.O' [virus] gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.10.2014 16:15 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Melanie\Downloads\NotepadPlusPlusPortable_6.5.4.paf-Downloader.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/ShareW.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.10.2014 16:57 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Melanie\Downloads\NotepadPlusPlusPortable_6.5.4.paf-Downloader.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/ShareW.Gen' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
20.10.2014, 11:14
| #6 |
| Ruhe in Frieden † 2019 | BOO/TDSS.o Befall - was kann ich tun Hallo, der TDSS hat aber nichts mit trovi zu tun, das ist lediglich Adware. MBAR erstellt eine Logfile in dem Ordner in dem du es installiert hast: ( mbar-log-<Jahr-Monat-Tag>.txt ) . Bitte poste diese hier. Schritt 1 Mache bitte erneut einen Scan mit dem TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Schritt 2 Bitte noch den FRST-Scan machen Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ --> BOO/TDSS.o Befall - was kann ich tun |
|
20.10.2014, 18:16
| #7 |
| | BOO/TDSS.o Befall - was kann ich tun Ok, danke für deine Geduld! mbar-Logfiles (ich hatte zwei Scans gemacht): Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.10.19.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
Melanie :: MELANIE-PC [administrator]
19.10.2014 16:02:48
mbar-log-2014-10-19 (16-02-48).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 331374
Time elapsed: 22 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 2
C:\ProgramData\374311380 (Rogue.Multiple) -> Delete on reboot. [6466df3680fc22149dfaefee15ed18e8]
C:\Users\Melanie\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Delete on reboot. [0fbb2beab8c4c17586fe589317ebde22]
Files Detected: 2
C:\Users\Melanie\AppData\Roaming\msnsvconfig.txt (Malware.Trace) -> Delete on reboot. [cdfdf61f3a421f177a9fbfc061a2d828]
C:\ProgramData\374311380\BIT36C.tmp (Rogue.Multiple) -> Delete on reboot. [6466df3680fc22149dfaefee15ed18e8]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
Database version: v2014.10.19.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17239
Melanie :: MELANIE-PC [administrator]
19.10.2014 16:43:00
mbar-log-2014-10-19 (16-43-00).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 330708
Time elapsed: 23 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 10:11:04.0368 0x1670 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
10:11:08.0428 0x1670 ============================================================
10:11:08.0428 0x1670 Current date / time: 2014/10/20 10:11:08.0428
10:11:08.0428 0x1670 SystemInfo:
10:11:08.0428 0x1670
10:11:08.0428 0x1670 OS Version: 6.1.7601 ServicePack: 1.0
10:11:08.0428 0x1670 Product type: Workstation
10:11:08.0428 0x1670 ComputerName: MELANIE-PC
10:11:08.0428 0x1670 UserName: Melanie
10:11:08.0428 0x1670 Windows directory: C:\Windows
10:11:08.0428 0x1670 System windows directory: C:\Windows
10:11:08.0428 0x1670 Running under WOW64
10:11:08.0428 0x1670 Processor architecture: Intel x64
10:11:08.0428 0x1670 Number of processors: 4
10:11:08.0428 0x1670 Page size: 0x1000
10:11:08.0428 0x1670 Boot type: Normal boot
10:11:08.0428 0x1670 ============================================================
10:11:09.0870 0x1670 KLMD registered as C:\Windows\system32\drivers\91928178.sys
10:11:10.0960 0x1670 System UUID: {90A4D009-4984-46AD-0777-CC9F1ABD7F0C}
10:11:12.0940 0x1670 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:11:12.0950 0x1670 ============================================================
10:11:12.0950 0x1670 \Device\Harddisk0\DR0:
10:11:12.0950 0x1670 MBR partitions:
10:11:12.0950 0x1670 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
10:11:12.0950 0x1670 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x38353000
10:11:12.0950 0x1670 ============================================================
10:11:12.0980 0x1670 C: <-> \Device\Harddisk0\DR0\Partition2
10:11:12.0980 0x1670 ============================================================
10:11:12.0980 0x1670 Initialize success
10:11:12.0980 0x1670 ============================================================
10:11:15.0120 0x1284 ============================================================
10:11:15.0120 0x1284 Scan started
10:11:15.0120 0x1284 Mode: Manual;
10:11:15.0120 0x1284 ============================================================
10:11:15.0120 0x1284 KSN ping started
10:11:15.0330 0x1284 KSN ping finished: true
10:11:16.0150 0x1284 ================ Scan system memory ========================
10:11:16.0150 0x1284 System memory - ok
10:11:16.0150 0x1284 ================ Scan services =============================
10:11:16.0930 0x1284 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:11:16.0970 0x1284 1394ohci - ok
10:11:17.0040 0x1284 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:11:17.0050 0x1284 ACPI - ok
10:11:17.0080 0x1284 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:11:17.0090 0x1284 AcpiPmi - ok
10:11:17.0290 0x1284 [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:11:17.0290 0x1284 AdobeARMservice - ok
10:11:17.0390 0x1284 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:17.0440 0x1284 adp94xx - ok
10:11:17.0480 0x1284 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:11:17.0500 0x1284 adpahci - ok
10:11:17.0510 0x1284 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:11:17.0520 0x1284 adpu320 - ok
10:11:17.0560 0x1284 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:11:17.0580 0x1284 AeLookupSvc - ok
10:11:17.0640 0x1284 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
10:11:17.0690 0x1284 AFD - ok
10:11:17.0730 0x1284 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
10:11:17.0730 0x1284 agp440 - ok
10:11:17.0760 0x1284 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
10:11:17.0770 0x1284 ALG - ok
10:11:17.0790 0x1284 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
10:11:17.0790 0x1284 aliide - ok
10:11:17.0820 0x1284 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
10:11:17.0830 0x1284 amdide - ok
10:11:17.0850 0x1284 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:11:17.0870 0x1284 AmdK8 - ok
10:11:17.0890 0x1284 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:11:17.0900 0x1284 AmdPPM - ok
10:11:17.0920 0x1284 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:11:17.0930 0x1284 amdsata - ok
10:11:17.0950 0x1284 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:17.0960 0x1284 amdsbs - ok
10:11:17.0980 0x1284 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:11:17.0980 0x1284 amdxata - ok
10:11:18.0240 0x1284 [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:11:18.0250 0x1284 AntiVirSchedulerService - ok
10:11:18.0350 0x1284 [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:11:18.0360 0x1284 AntiVirService - ok
10:11:18.0450 0x1284 [ D62CB48F2FA06D7A243928F2D09470D7, 650618F397C2C20C4C00B3BC2A3A1DABBFB20818B365CEDBA7D04353F97FE001 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
10:11:18.0550 0x1284 AntiVirWebService - ok
10:11:18.0600 0x1284 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
10:11:18.0610 0x1284 AppID - ok
10:11:18.0630 0x1284 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:11:18.0640 0x1284 AppIDSvc - ok
10:11:18.0690 0x1284 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
10:11:18.0710 0x1284 Appinfo - ok
10:11:18.0841 0x1284 [ 221564CC7BE37611FE15EACF443E1BF6, 381BDF17418C779D72332431BA174C2AD76CD9C7C1711FF5142EA9B05D5555E4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:11:18.0851 0x1284 Apple Mobile Device - ok
10:11:18.0891 0x1284 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
10:11:18.0901 0x1284 arc - ok
10:11:18.0931 0x1284 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:11:18.0931 0x1284 arcsas - ok
10:11:19.0131 0x1284 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:11:19.0341 0x1284 aspnet_state - ok
10:11:19.0371 0x1284 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:19.0381 0x1284 AsyncMac - ok
10:11:19.0411 0x1284 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
10:11:19.0421 0x1284 atapi - ok
10:11:19.0451 0x1284 [ CBE61B4494165F458BD87E37181EE934, E95654DCC0F977A3604B6BE435BEE109AC8F9F7494FD3A132F5FB477BBF7B105 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
10:11:19.0461 0x1284 AthBTPort - ok
10:11:19.0511 0x1284 [ 18771E700DB2B729AF506B946058DD4F, 992C2028E08B467B6269420F98DE4A9E271344EC7FC8B2CA785CE910F391CDAE ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
10:11:19.0521 0x1284 AtherosSvc - ok
10:11:19.0751 0x1284 [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr C:\Windows\system32\DRIVERS\athrx.sys
10:11:19.0801 0x1284 athr - ok
10:11:19.0911 0x1284 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:19.0931 0x1284 AudioEndpointBuilder - ok
10:11:19.0951 0x1284 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:11:19.0971 0x1284 AudioSrv - ok
10:11:20.0051 0x1284 [ 1B87A1F2FA5B91AC1A7D171B8D952441, 4CB21F6567021DAE6B2E35B9BA84D015580E2DDFEBEB1AA9637BD93F42883DD2 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
10:11:20.0071 0x1284 avgntflt - ok
10:11:20.0121 0x1284 [ AF61774060F277FE45CBD3A9A8E7D45A, 2F96DC9735BAF017603D72A258BF7A772BF8C4AFECB5AA0CAD8F8E3CCAA0F2B5 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
10:11:20.0131 0x1284 avipbb - ok
10:11:20.0261 0x1284 [ 485B85B3FF68FB7454984CB92A0532D9, 287F6C6ADF3D96C8AC1BD1FFAD82563DA72A26CF0DECDEA7E987A020EBE06552 ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
10:11:20.0281 0x1284 Avira.OE.ServiceHost - ok
10:11:20.0331 0x1284 [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
10:11:20.0331 0x1284 avkmgr - ok
10:11:20.0421 0x1284 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:11:20.0441 0x1284 AxInstSV - ok
10:11:20.0541 0x1284 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:11:20.0561 0x1284 b06bdrv - ok
10:11:20.0601 0x1284 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:20.0611 0x1284 b57nd60a - ok
10:11:20.0671 0x1284 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
10:11:20.0681 0x1284 BDESVC - ok
10:11:20.0691 0x1284 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
10:11:20.0701 0x1284 Beep - ok
10:11:20.0791 0x1284 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
10:11:20.0811 0x1284 BFE - ok
10:11:20.0881 0x1284 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
10:11:20.0921 0x1284 BITS - ok
10:11:20.0931 0x1284 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:20.0941 0x1284 blbdrive - ok
10:11:21.0031 0x1284 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:11:21.0051 0x1284 Bonjour Service - ok
10:11:21.0091 0x1284 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:11:21.0101 0x1284 bowser - ok
10:11:21.0101 0x1284 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:11:21.0111 0x1284 BrFiltLo - ok
10:11:21.0111 0x1284 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:11:21.0121 0x1284 BrFiltUp - ok
10:11:21.0171 0x1284 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
10:11:21.0181 0x1284 Browser - ok
10:11:21.0191 0x1284 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:11:21.0211 0x1284 Brserid - ok
10:11:21.0221 0x1284 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:21.0221 0x1284 BrSerWdm - ok
10:11:21.0231 0x1284 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:21.0231 0x1284 BrUsbMdm - ok
10:11:21.0231 0x1284 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:21.0241 0x1284 BrUsbSer - ok
10:11:21.0301 0x1284 [ FE70889A85C57A9268101B2DB0474509, 9E957390A52BE4E5642724FEC06A201682F93DD1C6F2C00A5F57351460CF5AE0 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
10:11:21.0361 0x1284 BTATH_A2DP - ok
10:11:21.0441 0x1284 [ A83A91D07D1FE6BBE7A9DB46CA00434B, 9EF851047189E13954C0F6A325E4843914C423C0D1EDAE21A34AB3A962BBD5AC ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
10:11:21.0451 0x1284 BTATH_BUS - ok
10:11:21.0551 0x1284 [ C864FF85EE16D61C2BDD5EF76824625F, 6D2FE57688D9E8B4277BF6DA9C219DEB367274364FBE17EFC353CEDB2D7EA35D ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
10:11:21.0571 0x1284 BTATH_HCRP - ok
10:11:21.0601 0x1284 [ 0DEA505EFB5D771826D177EF8B8A208F, FD8027DA791F04077490749AC5A08F73CCBA1731462579AA9008CD8DD82FBBBC ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
10:11:21.0611 0x1284 BTATH_LWFLT - ok
10:11:21.0641 0x1284 [ 724C8088C96EFE7A3E63FEC21D4681C0, 4F9B258BE0FEA634A0D93B3892F2F039A7CAD184C9A81DFC2B67B0D4B39C5035 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
10:11:21.0651 0x1284 BTATH_RCP - ok
10:11:21.0721 0x1284 [ DCE0798FD5BB4E452227EC58700956F5, 7A32824F7AFF47C907CE0F84994CEF15A38A60722533058C8AC014691DFE72F4 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
10:11:21.0771 0x1284 BtFilter - ok
10:11:21.0791 0x1284 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:11:21.0791 0x1284 BthEnum - ok
10:11:21.0811 0x1284 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:11:21.0821 0x1284 BTHMODEM - ok
10:11:21.0841 0x1284 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:11:21.0851 0x1284 BthPan - ok
10:11:21.0951 0x1284 [ 64C198198501F7560EE41D8D1EFA7952, 53CE5FDD1866FC8A0B91C7A620F7555D197488C4C8F3DEFD4398D8E3ED2AEBD0 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:11:21.0971 0x1284 BTHPORT - ok
10:11:22.0011 0x1284 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
10:11:22.0041 0x1284 bthserv - ok
10:11:22.0061 0x1284 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:11:22.0071 0x1284 BTHUSB - ok
10:11:22.0151 0x1284 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:11:22.0161 0x1284 cdfs - ok
10:11:22.0211 0x1284 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:11:22.0221 0x1284 cdrom - ok
10:11:22.0271 0x1284 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
10:11:22.0291 0x1284 CertPropSvc - ok
10:11:22.0321 0x1284 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:11:22.0321 0x1284 circlass - ok
10:11:22.0351 0x1284 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
10:11:22.0361 0x1284 CLFS - ok
10:11:22.0501 0x1284 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:22.0511 0x1284 clr_optimization_v2.0.50727_32 - ok
10:11:22.0681 0x1284 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:22.0691 0x1284 clr_optimization_v2.0.50727_64 - ok
10:11:22.0841 0x1284 [ 6D7C8A951AF6AD6835C029B3CB88D333, 66F3D79887B2449B4C6912D1A258D1A96056888F51A8AA24FEDF37942AD5BDBB ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:22.0961 0x1284 clr_optimization_v4.0.30319_32 - ok
10:11:22.0991 0x1284 [ 86329C35FF23CFEF0FB6C0023BA06BCE, D915CE7AD564F97A1C3B047D5248B7EF67ADDC59687FBC90F1776C21DAA0D3FD ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:23.0001 0x1284 clr_optimization_v4.0.30319_64 - ok
10:11:23.0031 0x1284 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:11:23.0041 0x1284 CmBatt - ok
10:11:23.0061 0x1284 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:11:23.0071 0x1284 cmdide - ok
10:11:23.0141 0x1284 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
10:11:23.0171 0x1284 CNG - ok
10:11:23.0321 0x1284 [ 99B1B888B793DE320C5479B3C953781F, 6A499F916132998FBDFA587823A11C2ED1D27DED10374F6A41BA5861A2FF969E ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
10:11:23.0371 0x1284 CnxtHdAudService - ok
10:11:23.0401 0x1284 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:11:23.0401 0x1284 Compbatt - ok
10:11:23.0461 0x1284 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:11:23.0461 0x1284 CompositeBus - ok
10:11:23.0481 0x1284 COMSysApp - ok
10:11:23.0491 0x1284 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:11:23.0501 0x1284 crcdisk - ok
10:11:23.0541 0x1284 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:11:23.0551 0x1284 CryptSvc - ok
10:11:23.0731 0x1284 [ 61A86809B62769643892BC0812B204AA, 92FAC8176BE88D63C1DB1FF127F1BACD7D735A36DA42ABDE448D34B8D66F2BB9 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:11:23.0771 0x1284 cvhsvc - ok
10:11:23.0771 0x1284 CxAudMsg - ok
10:11:23.0871 0x1284 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:11:23.0911 0x1284 DcomLaunch - ok
10:11:24.0021 0x1284 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
10:11:24.0041 0x1284 defragsvc - ok
10:11:24.0121 0x1284 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:11:24.0141 0x1284 DfsC - ok
10:11:24.0161 0x1284 DgiVecp - ok
10:11:24.0221 0x1284 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
10:11:24.0231 0x1284 Dhcp - ok
10:11:24.0251 0x1284 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
10:11:24.0261 0x1284 discache - ok
10:11:24.0301 0x1284 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:11:24.0311 0x1284 Disk - ok
10:11:24.0391 0x1284 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:11:24.0411 0x1284 Dnscache - ok
10:11:24.0511 0x1284 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
10:11:24.0541 0x1284 dot3svc - ok
10:11:24.0591 0x1284 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
10:11:24.0601 0x1284 DPS - ok
10:11:24.0651 0x1284 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:11:24.0651 0x1284 drmkaud - ok
10:11:24.0781 0x1284 [ 4AB2A58816CC6BE771F1D8C768B804C5, 8D4D33D68D13A7EB0114959DAE841411961C18C6EDF8E1559649903D20BD3D50 ] DsiWMIService C:\Program Files (x86)\Launch Manager\dsiwmis.exe
10:11:24.0791 0x1284 DsiWMIService - ok
10:11:24.0881 0x1284 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:11:24.0911 0x1284 DXGKrnl - ok
10:11:24.0951 0x1284 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
10:11:24.0981 0x1284 EapHost - ok
10:11:25.0411 0x1284 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:11:25.0571 0x1284 ebdrv - ok
10:11:25.0611 0x1284 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
10:11:25.0611 0x1284 EFS - ok
10:11:25.0661 0x1284 [ 03E6888DA1A85ACF14AC2A3C328A9E62, 120A7A10F6DAC991B91BFEC5430FD9F929E173AB513891B229F19A9BA4EC3998 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
10:11:25.0671 0x1284 EgisTec Ticket Service - ok
10:11:25.0801 0x1284 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:11:25.0851 0x1284 ehRecvr - ok
10:11:25.0931 0x1284 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
10:11:25.0941 0x1284 ehSched - ok
10:11:26.0061 0x1284 [ A05FC7ECA0966EBB70E4D17B855A853B, 16A0C8138A3BBD8BE2658261131F9777940CFB1431018A10710E5C1A88AB70EA ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
10:11:26.0061 0x1284 ElbyCDIO - ok
10:11:26.0161 0x1284 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:11:26.0191 0x1284 elxstor - ok
10:11:26.0311 0x1284 [ EB1C213A8550F066B2CCC29C9F41E2AE, D23E92EA5389F4FD1B3157FD611AC5301384DB21BAE5E935D507548CB2E49CDC ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
10:11:26.0341 0x1284 ePowerSvc - ok
10:11:26.0351 0x1284 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:11:26.0361 0x1284 ErrDev - ok
10:11:26.0401 0x1284 [ 9D8739A2A2173C9D27C499A3FC6EDA3F, DB25F566A071FE935996CF6C63E1CDFB85162A92E9D3D5695A56900D54C83C76 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
10:11:26.0431 0x1284 ETD - ok
10:11:26.0501 0x1284 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
10:11:26.0521 0x1284 EventSystem - ok
10:11:26.0691 0x1284 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
10:11:26.0711 0x1284 exfat - ok
10:11:26.0751 0x1284 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:11:26.0761 0x1284 fastfat - ok
10:11:26.0821 0x1284 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
10:11:26.0841 0x1284 Fax - ok
10:11:26.0851 0x1284 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:11:26.0861 0x1284 fdc - ok
10:11:26.0881 0x1284 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
10:11:26.0881 0x1284 fdPHost - ok
10:11:26.0891 0x1284 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
10:11:26.0901 0x1284 FDResPub - ok
10:11:26.0911 0x1284 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:11:26.0921 0x1284 FileInfo - ok
10:11:26.0951 0x1284 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:11:26.0951 0x1284 Filetrace - ok
10:11:27.0071 0x1284 [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:11:27.0131 0x1284 FLEXnet Licensing Service - ok
10:11:27.0141 0x1284 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:11:27.0141 0x1284 flpydisk - ok
10:11:27.0211 0x1284 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:11:27.0251 0x1284 FltMgr - ok
10:11:27.0391 0x1284 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
10:11:27.0461 0x1284 FontCache - ok
10:11:27.0531 0x1284 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:27.0551 0x1284 FontCache3.0.0.0 - ok
10:11:27.0571 0x1284 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:11:27.0591 0x1284 FsDepends - ok
10:11:27.0621 0x1284 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:11:27.0631 0x1284 Fs_Rec - ok
10:11:27.0701 0x1284 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:11:27.0721 0x1284 fvevol - ok
10:11:27.0771 0x1284 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:11:27.0781 0x1284 gagp30kx - ok
10:11:27.0841 0x1284 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:11:27.0851 0x1284 GEARAspiWDM - ok
10:11:27.0911 0x1284 globalUpdate - ok
10:11:27.0951 0x1284 globalUpdatem - ok
10:11:28.0031 0x1284 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
10:11:28.0061 0x1284 gpsvc - ok
10:11:28.0131 0x1284 [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
10:11:28.0131 0x1284 GREGService - ok
10:11:28.0251 0x1284 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:11:28.0261 0x1284 gupdate - ok
10:11:28.0281 0x1284 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:11:28.0281 0x1284 gupdatem - ok
10:11:28.0301 0x1284 [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:11:28.0311 0x1284 gusvc - ok
10:11:28.0341 0x1284 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:11:28.0351 0x1284 hcw85cir - ok
10:11:28.0401 0x1284 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:28.0421 0x1284 HdAudAddService - ok
10:11:28.0441 0x1284 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:11:28.0451 0x1284 HDAudBus - ok
10:11:28.0461 0x1284 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:11:28.0461 0x1284 HidBatt - ok
10:11:28.0481 0x1284 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:11:28.0481 0x1284 HidBth - ok
10:11:28.0501 0x1284 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:11:28.0511 0x1284 HidIr - ok
10:11:28.0561 0x1284 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
10:11:28.0571 0x1284 hidserv - ok
10:11:28.0621 0x1284 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:11:28.0631 0x1284 HidUsb - ok
10:11:28.0681 0x1284 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:11:28.0681 0x1284 hkmsvc - ok
10:11:28.0771 0x1284 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:28.0791 0x1284 HomeGroupListener - ok
10:11:28.0831 0x1284 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:28.0841 0x1284 HomeGroupProvider - ok
10:11:28.0871 0x1284 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:11:28.0881 0x1284 HpSAMD - ok
10:11:28.0971 0x1284 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:11:29.0001 0x1284 HTTP - ok
10:11:29.0061 0x1284 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:11:29.0071 0x1284 hwpolicy - ok
10:11:29.0161 0x1284 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
10:11:29.0171 0x1284 i8042prt - ok
10:11:29.0231 0x1284 [ D469B77687E12FE43E344806740B624D, DFDD486FD040813BF4E5DDB504CF9E0BFBF6D4E540DDDA4829F9B675ACF63E89 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:11:29.0241 0x1284 iaStor - ok
10:11:29.0321 0x1284 [ 983FC69644DDF0486C8DFEA262948D1A, 329EC95117C31E61F6D22D79CFF339D70A70522710E7DC0CED06EC95E6D4B34F ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:11:29.0321 0x1284 IAStorDataMgrSvc - ok
10:11:29.0421 0x1284 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:11:29.0441 0x1284 iaStorV - ok
10:11:29.0701 0x1284 [ E4693409D06785477A49FB34AFAE1B92, 3855CE03672D73084BBAC219F2B350CF22608A82828F82A9E842034F6A975F14 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
10:11:34.0042 0x1284 IconMan_R - ok
10:11:34.0232 0x1284 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:34.0292 0x1284 idsvc - ok
10:11:34.0362 0x1284 IEEtwCollectorService - ok
10:11:35.0392 0x1284 [ 38A74E208945A2C30C35C999AE184A79, FF01E2E7AF05A31A6ECFFA7FF04B2F300947A79F41BC0A9D6CE3F638B5C72ADA ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
10:11:35.0862 0x1284 igfx - ok
10:11:35.0922 0x1284 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:11:35.0922 0x1284 iirsp - ok
10:11:36.0042 0x1284 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
10:11:36.0072 0x1284 IKEEXT - ok
10:11:36.0242 0x1284 [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
10:11:36.0272 0x1284 IntcDAud - ok
10:11:36.0312 0x1284 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
10:11:36.0312 0x1284 intelide - ok
10:11:36.0352 0x1284 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:11:36.0352 0x1284 intelppm - ok
10:11:36.0392 0x1284 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:11:36.0412 0x1284 IPBusEnum - ok
10:11:36.0472 0x1284 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:36.0482 0x1284 IpFilterDriver - ok
10:11:36.0522 0x1284 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:11:36.0542 0x1284 iphlpsvc - ok
10:11:36.0602 0x1284 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:11:36.0622 0x1284 IPMIDRV - ok
10:11:36.0672 0x1284 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:11:36.0682 0x1284 IPNAT - ok
10:11:36.0982 0x1284 [ 842D1EDD0F2A6E0E6631BB96BAAA01DE, 9CDD0B99F2C5DAD573A9EA8D5AB2DBFD7A941454CBBA5BFE34E49F2D4EE96A90 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
10:11:37.0012 0x1284 iPod Service - ok
10:11:37.0032 0x1284 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:11:37.0032 0x1284 IRENUM - ok
10:11:37.0072 0x1284 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:11:37.0082 0x1284 isapnp - ok
10:11:37.0202 0x1284 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:11:37.0222 0x1284 iScsiPrt - ok
10:11:37.0452 0x1284 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
10:11:37.0462 0x1284 kbdclass - ok
10:11:37.0522 0x1284 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:11:37.0522 0x1284 kbdhid - ok
10:11:37.0542 0x1284 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
10:11:37.0542 0x1284 KeyIso - ok
10:11:37.0582 0x1284 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:11:37.0602 0x1284 KSecDD - ok
10:11:37.0662 0x1284 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:11:37.0672 0x1284 KSecPkg - ok
10:11:37.0702 0x1284 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:11:37.0702 0x1284 ksthunk - ok
10:11:37.0762 0x1284 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
10:11:37.0812 0x1284 KtmRm - ok
10:11:37.0852 0x1284 [ EBED8B3FF4A823C1A6EEBEED7B29353F, 0942200EEDEDA1FF4E634CDC5182D8EDC9BC9F66E89A5DAB8DF82C3FBB2F0D59 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
10:11:37.0862 0x1284 L1C - ok
10:11:37.0942 0x1284 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:11:37.0962 0x1284 LanmanServer - ok
10:11:38.0012 0x1284 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:38.0022 0x1284 LanmanWorkstation - ok
10:11:38.0092 0x1284 [ 6BCEE9C766815BFFF89DE7D81AF34CE1, E10B9EFAF5D1E6596CFC7E3C9D5C3904EC8E82B16133B59BBC636F5E4D0AEB7F ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
10:11:38.0122 0x1284 Live Updater Service - ok
10:11:38.0222 0x1284 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:11:38.0232 0x1284 lltdio - ok
10:11:38.0412 0x1284 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:11:38.0462 0x1284 lltdsvc - ok
10:11:38.0482 0x1284 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:11:38.0492 0x1284 lmhosts - ok
10:11:38.0582 0x1284 [ D75C4B4A8FE6D7FD74A7EECDBAEC729F, 9BB0A3BE7CCDF62CF0A67CB67019364965F6567BE29BA6D153B8E36F88058302 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:11:38.0602 0x1284 LMS - ok
10:11:38.0662 0x1284 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:11:38.0672 0x1284 LSI_FC - ok
10:11:38.0692 0x1284 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:11:38.0702 0x1284 LSI_SAS - ok
10:11:38.0742 0x1284 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:11:38.0752 0x1284 LSI_SAS2 - ok
10:11:38.0782 0x1284 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:11:38.0802 0x1284 LSI_SCSI - ok
10:11:38.0872 0x1284 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
10:11:38.0892 0x1284 luafv - ok
10:11:38.0962 0x1284 [ 1A243DAD23BB639D47F25AB9EC51FCAD, 596A9676F38730B520F36BDA964C555F31FD9CD1A45CD5280A534C6336E344AF ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys
10:11:38.0982 0x1284 mbamchameleon - ok
10:11:39.0022 0x1284 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:11:39.0052 0x1284 Mcx2Svc - ok
10:11:39.0072 0x1284 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:11:39.0072 0x1284 megasas - ok
10:11:39.0102 0x1284 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:11:39.0122 0x1284 MegaSR - ok
10:11:39.0172 0x1284 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:11:39.0202 0x1284 MEIx64 - ok
10:11:39.0242 0x1284 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
10:11:39.0252 0x1284 MMCSS - ok
10:11:39.0272 0x1284 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
10:11:39.0282 0x1284 Modem - ok
10:11:39.0312 0x1284 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:11:39.0312 0x1284 monitor - ok
10:11:39.0362 0x1284 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:11:39.0382 0x1284 mouclass - ok
10:11:39.0412 0x1284 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:11:39.0412 0x1284 mouhid - ok
10:11:39.0472 0x1284 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:11:39.0482 0x1284 mountmgr - ok
10:11:39.0572 0x1284 [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:11:39.0592 0x1284 MozillaMaintenance - ok
10:11:39.0682 0x1284 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
10:11:39.0702 0x1284 mpio - ok
10:11:39.0742 0x1284 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:11:39.0762 0x1284 mpsdrv - ok
10:11:39.0873 0x1284 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:11:39.0913 0x1284 MpsSvc - ok
10:11:39.0953 0x1284 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:11:39.0963 0x1284 MRxDAV - ok
10:11:40.0033 0x1284 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:40.0063 0x1284 mrxsmb - ok
10:11:40.0103 0x1284 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:40.0123 0x1284 mrxsmb10 - ok
10:11:40.0173 0x1284 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:40.0173 0x1284 mrxsmb20 - ok
10:11:40.0203 0x1284 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
10:11:40.0213 0x1284 msahci - ok
10:11:40.0293 0x1284 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:11:40.0303 0x1284 msdsm - ok
10:11:40.0323 0x1284 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
10:11:40.0333 0x1284 MSDTC - ok
10:11:40.0373 0x1284 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:11:40.0383 0x1284 Msfs - ok
10:11:40.0413 0x1284 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:11:40.0413 0x1284 mshidkmdf - ok
10:11:40.0423 0x1284 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:11:40.0433 0x1284 msisadrv - ok
10:11:40.0463 0x1284 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:11:40.0473 0x1284 MSiSCSI - ok
10:11:40.0483 0x1284 msiserver - ok
10:11:40.0513 0x1284 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:11:40.0513 0x1284 MSKSSRV - ok
10:11:40.0533 0x1284 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:40.0533 0x1284 MSPCLOCK - ok
10:11:40.0543 0x1284 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:11:40.0543 0x1284 MSPQM - ok
10:11:40.0603 0x1284 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:11:40.0643 0x1284 MsRPC - ok
10:11:40.0893 0x1284 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:11:40.0893 0x1284 mssmbios - ok
10:11:40.0923 0x1284 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:11:40.0923 0x1284 MSTEE - ok
10:11:40.0953 0x1284 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:11:40.0963 0x1284 MTConfig - ok
10:11:40.0993 0x1284 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
10:11:41.0003 0x1284 Mup - ok
10:11:41.0033 0x1284 [ 9B1EAC6FAF6F37305E822F5588DC8056, AE0DC044159BB03EE8A39AE0682C8F6A78D89AD5A6192E7006D75850ECD50E9D ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
10:11:41.0043 0x1284 mwlPSDFilter - ok
10:11:41.0073 0x1284 [ AD55C1524B296280ED9C6E0D730D35DA, 8E5F9652CFCB325E131CEB2E4871126EB6F940DF7894B2E7F8241F1EF69920ED ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
10:11:41.0083 0x1284 mwlPSDNServ - ok
10:11:41.0103 0x1284 [ 2B599E6EC8843637BDD62E7F8F3BA201, 51EE657FC6CA4F2BCC24573B27379231EF30920A559423A860A278C59F4B9F98 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
10:11:41.0113 0x1284 mwlPSDVDisk - ok
10:11:41.0233 0x1284 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
10:11:41.0253 0x1284 napagent - ok
10:11:41.0323 0x1284 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:11:41.0353 0x1284 NativeWifiP - ok
10:11:41.0433 0x1284 [ C38B8AE57F78915905064A9A24DC1586, 5A24A490AC5DB4FCC745182BDBAEA8836E8FBEC635609AE4CF51DAC3A30A8221 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:11:41.0483 0x1284 NDIS - ok
10:11:41.0493 0x1284 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:41.0503 0x1284 NdisCap - ok
10:11:41.0533 0x1284 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:41.0533 0x1284 NdisTapi - ok
10:11:41.0573 0x1284 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:41.0593 0x1284 Ndisuio - ok
10:11:41.0663 0x1284 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:41.0683 0x1284 NdisWan - ok
10:11:41.0733 0x1284 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:11:41.0743 0x1284 NDProxy - ok
10:11:41.0753 0x1284 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:11:41.0763 0x1284 NetBIOS - ok
10:11:41.0833 0x1284 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:11:41.0843 0x1284 NetBT - ok
10:11:41.0873 0x1284 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
10:11:41.0873 0x1284 Netlogon - ok
10:11:42.0013 0x1284 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
10:11:42.0023 0x1284 Netman - ok
10:11:42.0333 0x1284 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:42.0423 0x1284 NetMsmqActivator - ok
10:11:42.0453 0x1284 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:42.0463 0x1284 NetPipeActivator - ok
10:11:42.0493 0x1284 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
10:11:42.0513 0x1284 netprofm - ok
10:11:42.0523 0x1284 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:42.0533 0x1284 NetTcpActivator - ok
10:11:42.0533 0x1284 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:42.0533 0x1284 NetTcpPortSharing - ok
10:11:42.0623 0x1284 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:11:42.0643 0x1284 nfrd960 - ok
10:11:42.0693 0x1284 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:11:42.0753 0x1284 NlaSvc - ok
10:11:43.0243 0x1284 [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
10:11:43.0333 0x1284 NOBU - ok
10:11:43.0353 0x1284 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:11:43.0353 0x1284 Npfs - ok
10:11:43.0433 0x1284 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
10:11:43.0443 0x1284 nsi - ok
10:11:43.0463 0x1284 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:11:43.0463 0x1284 nsiproxy - ok
10:11:43.0783 0x1284 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:11:43.0883 0x1284 Ntfs - ok
10:11:44.0003 0x1284 [ 773EED20BBF50809437373C0285BFA5E, 09D2A16431527FF1075ED1B8B5C8783A82F8697D35F7F84E25166024EAA6F6D0 ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
10:11:44.0033 0x1284 NTI IScheduleSvc - ok
10:11:44.0053 0x1284 [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys
10:11:44.0053 0x1284 NTIDrvr - ok
10:11:44.0073 0x1284 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
10:11:44.0073 0x1284 Null - ok
10:11:44.0113 0x1284 [ 786DB821BFD57C0551DBBE4F75384A7D, F956D636F834F2BA5F019E187FDB9CC33940363C75A60E53CD81310A4DB6A6AB ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:11:44.0123 0x1284 nusb3hub - ok
10:11:44.0163 0x1284 [ DAA8005CAF745042BB427A1ED7433354, 3019002F174783B76D5D8AA47F7A465B7FEC7C14235B70E5C9277FE534839226 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:11:44.0183 0x1284 nusb3xhc - ok
10:11:44.0273 0x1284 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:11:44.0293 0x1284 nvraid - ok
10:11:44.0343 0x1284 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:11:44.0363 0x1284 nvstor - ok
10:11:44.0413 0x1284 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:11:44.0423 0x1284 nv_agp - ok
10:11:44.0453 0x1284 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:11:44.0463 0x1284 ohci1394 - ok
10:11:44.0563 0x1284 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:11:44.0593 0x1284 ose - ok
10:11:44.0983 0x1284 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:11:45.0153 0x1284 osppsvc - ok
10:11:45.0193 0x1284 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:11:45.0203 0x1284 p2pimsvc - ok
10:11:45.0233 0x1284 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
10:11:45.0263 0x1284 p2psvc - ok
10:11:45.0303 0x1284 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:11:45.0313 0x1284 Parport - ok
10:11:45.0353 0x1284 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:11:45.0373 0x1284 partmgr - ok
10:11:45.0403 0x1284 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
10:11:45.0423 0x1284 PcaSvc - ok
10:11:45.0463 0x1284 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
10:11:45.0473 0x1284 pci - ok
10:11:45.0513 0x1284 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
10:11:45.0513 0x1284 pciide - ok
10:11:45.0533 0x1284 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:11:45.0553 0x1284 pcmcia - ok
10:11:45.0563 0x1284 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
10:11:45.0573 0x1284 pcw - ok
10:11:45.0633 0x1284 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:11:45.0663 0x1284 PEAUTH - ok
10:11:45.0783 0x1284 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:11:45.0803 0x1284 PerfHost - ok
10:11:46.0003 0x1284 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
10:11:46.0053 0x1284 pla - ok
10:11:46.0103 0x1284 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:11:46.0133 0x1284 PlugPlay - ok
10:11:46.0163 0x1284 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:11:46.0173 0x1284 PNRPAutoReg - ok
10:11:46.0243 0x1284 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:11:46.0253 0x1284 PNRPsvc - ok
10:11:46.0333 0x1284 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:11:46.0373 0x1284 PolicyAgent - ok
10:11:46.0433 0x1284 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
10:11:46.0443 0x1284 Power - ok
10:11:46.0523 0x1284 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:11:46.0543 0x1284 PptpMiniport - ok
10:11:46.0583 0x1284 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:11:46.0603 0x1284 Processor - ok
10:11:46.0683 0x1284 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
10:11:46.0703 0x1284 ProfSvc - ok
10:11:46.0723 0x1284 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:46.0723 0x1284 ProtectedStorage - ok
10:11:46.0763 0x1284 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:11:46.0773 0x1284 Psched - ok
10:11:47.0143 0x1284 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:11:47.0203 0x1284 ql2300 - ok
10:11:47.0233 0x1284 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:11:47.0243 0x1284 ql40xx - ok
10:11:47.0293 0x1284 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
10:11:47.0323 0x1284 QWAVE - ok
10:11:47.0333 0x1284 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:11:47.0343 0x1284 QWAVEdrv - ok
10:11:47.0373 0x1284 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:11:47.0373 0x1284 RasAcd - ok
10:11:47.0403 0x1284 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:47.0423 0x1284 RasAgileVpn - ok
10:11:47.0463 0x1284 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
10:11:47.0493 0x1284 RasAuto - ok
10:11:47.0553 0x1284 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:47.0563 0x1284 Rasl2tp - ok
10:11:47.0643 0x1284 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
10:11:47.0663 0x1284 RasMan - ok
10:11:47.0683 0x1284 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:47.0683 0x1284 RasPppoe - ok
10:11:47.0703 0x1284 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:11:47.0723 0x1284 RasSstp - ok
10:11:47.0763 0x1284 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:11:47.0773 0x1284 rdbss - ok
10:11:47.0793 0x1284 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:47.0793 0x1284 rdpbus - ok
10:11:47.0824 0x1284 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:47.0824 0x1284 RDPCDD - ok
10:11:47.0864 0x1284 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:11:47.0874 0x1284 RDPENCDD - ok
10:11:47.0884 0x1284 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:11:47.0884 0x1284 RDPREFMP - ok
10:11:47.0994 0x1284 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:11:48.0024 0x1284 RDPWD - ok
10:11:48.0064 0x1284 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:11:48.0084 0x1284 rdyboost - ok
10:11:48.0104 0x1284 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:11:48.0114 0x1284 RemoteAccess - ok
10:11:48.0164 0x1284 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:11:48.0184 0x1284 RemoteRegistry - ok
10:11:48.0274 0x1284 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:11:48.0294 0x1284 RFCOMM - ok
10:11:48.0344 0x1284 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:11:48.0354 0x1284 RpcEptMapper - ok
10:11:48.0394 0x1284 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
10:11:48.0394 0x1284 RpcLocator - ok
10:11:48.0494 0x1284 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
10:11:48.0514 0x1284 RpcSs - ok
10:11:48.0604 0x1284 [ D5C3E1629A3F7F0857D27949252B94CE, E6DC44D9A1325D61CEE9E76AE442988ED6EB29DE322844CF8689A1F5184C1E05 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
10:11:48.0624 0x1284 RSPCIESTOR - ok
10:11:48.0644 0x1284 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:11:48.0664 0x1284 rspndr - ok
10:11:48.0854 0x1284 [ 7CB9F0FDD730F4A4ECF6CDE15EA12E8A, A6810A901620119E1809297A568DC903729471F4F4F813F1C60378E122D2358E ] RS_Service C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
10:11:48.0884 0x1284 RS_Service - ok
10:11:48.0894 0x1284 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
10:11:48.0894 0x1284 SamSs - ok
10:11:48.0924 0x1284 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:11:48.0934 0x1284 sbp2port - ok
10:11:48.0994 0x1284 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:11:49.0024 0x1284 SCardSvr - ok
10:11:49.0074 0x1284 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:11:49.0084 0x1284 scfilter - ok
10:11:49.0234 0x1284 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
10:11:49.0324 0x1284 Schedule - ok
10:11:49.0464 0x1284 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:11:49.0464 0x1284 SCPolicySvc - ok
10:11:49.0554 0x1284 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:11:49.0574 0x1284 sdbus - ok
10:11:49.0644 0x1284 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:11:49.0674 0x1284 SDRSVC - ok
10:11:49.0724 0x1284 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:11:49.0724 0x1284 secdrv - ok
10:11:49.0764 0x1284 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
10:11:49.0774 0x1284 seclogon - ok
10:11:49.0934 0x1284 [ A1C2595D94B501AA9DE90D64BAAD4AAE, 40071D1284C762C39E64022E728E5C80E7880DFC5FBAC0D32A947963F29A8908 ] Securepoint VPN C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
10:11:49.0974 0x1284 Securepoint VPN - ok
10:11:49.0994 0x1284 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
10:11:49.0994 0x1284 SENS - ok
10:11:50.0014 0x1284 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:11:50.0024 0x1284 SensrSvc - ok
10:11:50.0044 0x1284 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:11:50.0044 0x1284 Serenum - ok
10:11:50.0084 0x1284 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:11:50.0094 0x1284 Serial - ok
10:11:50.0134 0x1284 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:11:50.0144 0x1284 sermouse - ok
10:11:50.0214 0x1284 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
10:11:50.0224 0x1284 SessionEnv - ok
10:11:50.0244 0x1284 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:11:50.0244 0x1284 sffdisk - ok
10:11:50.0254 0x1284 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:11:50.0264 0x1284 sffp_mmc - ok
10:11:50.0294 0x1284 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:11:50.0294 0x1284 sffp_sd - ok
10:11:50.0344 0x1284 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:11:50.0344 0x1284 sfloppy - ok
10:11:50.0484 0x1284 [ D5183ED285D2795491DC15BDDCBEE5AD, 607D208C730485B445EC80EEE5529A8E2BEF44FE2C8558E71A7FB47B0C8C7B56 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
10:11:50.0504 0x1284 Sftfs - ok
10:11:50.0644 0x1284 [ BFDB58616FF5EA540A5F58301D50641E, AFBF163938237C7E2578690BE71001016AF7FF61CD84594E7D76CDCBBD1FF4BD ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:11:50.0674 0x1284 sftlist - ok
10:11:50.0694 0x1284 [ 00F118B68C50D2206DD51634F9142B83, 5C5913ED0E3551DD5FD881830A6F7DBAEB0E9FA3904EE3BB13D8F1DA346EBCE7 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:11:50.0704 0x1284 Sftplay - ok
10:11:50.0714 0x1284 [ 76A827DF5640BFE16A0CDBB4108ADECA, E7D333A251E0F0DA729DA3CBE6B0F1E5DE2EE585E8B87B5EC78E78E129CA1112 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:11:50.0724 0x1284 Sftredir - ok
10:11:50.0734 0x1284 [ 1B4C9701645086BAB8CAFFFCE30ED284, B95C995EEB573B5C3D00DBA9D439CACCF3D3C9593E568D2D0F44245E7B09E3F5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
10:11:50.0734 0x1284 Sftvol - ok
10:11:50.0804 0x1284 [ B94C3C4DCA2093243C76CA218EDE2A97, 4D376F825AEEFD8F1BCE48180471C75BDA655B2D8BE6E4205E327D14D797DBF2 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:11:50.0824 0x1284 sftvsa - ok
10:11:50.0854 0x1284 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:11:50.0884 0x1284 SharedAccess - ok
10:11:50.0934 0x1284 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:50.0944 0x1284 ShellHWDetection - ok
10:11:50.0984 0x1284 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:11:50.0994 0x1284 SiSRaid2 - ok
10:11:51.0014 0x1284 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:11:51.0034 0x1284 SiSRaid4 - ok
10:11:51.0074 0x1284 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:11:51.0094 0x1284 Smb - ok
10:11:51.0134 0x1284 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:11:51.0144 0x1284 SNMPTRAP - ok
10:11:51.0164 0x1284 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
10:11:51.0174 0x1284 spldr - ok
10:11:51.0274 0x1284 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
10:11:51.0294 0x1284 Spooler - ok
10:11:51.0604 0x1284 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
10:11:51.0704 0x1284 sppsvc - ok
10:11:51.0734 0x1284 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:11:51.0734 0x1284 sppuinotify - ok
10:11:51.0794 0x1284 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:11:51.0825 0x1284 srv - ok
10:11:51.0885 0x1284 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:11:51.0915 0x1284 srv2 - ok
10:11:51.0955 0x1284 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:11:51.0965 0x1284 srvnet - ok
10:11:51.0985 0x1284 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:11:51.0995 0x1284 SSDPSRV - ok
10:11:52.0065 0x1284 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
10:11:52.0065 0x1284 SSPORT - ok
10:11:52.0095 0x1284 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:11:52.0105 0x1284 SstpSvc - ok
10:11:52.0135 0x1284 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:11:52.0175 0x1284 stexstor - ok
10:11:52.0335 0x1284 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
10:11:52.0365 0x1284 stisvc - ok
10:11:52.0395 0x1284 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
10:11:52.0395 0x1284 swenum - ok
10:11:52.0465 0x1284 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
10:11:52.0495 0x1284 swprv - ok
10:11:52.0625 0x1284 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
10:11:52.0695 0x1284 SysMain - ok
10:11:52.0755 0x1284 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:52.0775 0x1284 TabletInputService - ok
10:11:52.0845 0x1284 [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
10:11:52.0855 0x1284 tap0901 - ok
10:11:52.0945 0x1284 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
10:11:52.0985 0x1284 TapiSrv - ok
10:11:53.0015 0x1284 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
10:11:53.0015 0x1284 TBS - ok
10:11:53.0155 0x1284 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:11:53.0235 0x1284 Tcpip - ok
10:11:53.0365 0x1284 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:11:53.0405 0x1284 TCPIP6 - ok
10:11:53.0465 0x1284 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:11:53.0475 0x1284 tcpipreg - ok
10:11:53.0515 0x1284 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:11:53.0525 0x1284 TDPIPE - ok
10:11:53.0575 0x1284 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:11:53.0585 0x1284 TDTCP - ok
10:11:53.0635 0x1284 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:11:53.0655 0x1284 tdx - ok
10:11:54.0125 0x1284 [ 4ACFC5853A3F0C6C2F54E537C23EE90F, 47D81F471A250696A1A0D19294FC553EB88D813612A8351C89F65D7BF99C8532 ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
10:11:54.0245 0x1284 TeamViewer9 - ok
10:11:54.0285 0x1284 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
10:11:54.0305 0x1284 TermDD - ok
10:11:54.0475 0x1284 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
10:11:54.0505 0x1284 TermService - ok
10:11:54.0535 0x1284 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
10:11:54.0545 0x1284 Themes - ok
10:11:54.0565 0x1284 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
10:11:54.0565 0x1284 THREADORDER - ok
10:11:54.0585 0x1284 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
10:11:54.0595 0x1284 TrkWks - ok
10:11:54.0695 0x1284 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:54.0715 0x1284 TrustedInstaller - ok
10:11:54.0755 0x1284 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:54.0765 0x1284 tssecsrv - ok
10:11:54.0815 0x1284 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:11:54.0825 0x1284 TsUsbFlt - ok
10:11:54.0915 0x1284 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:11:54.0945 0x1284 tunnel - ok
10:11:54.0985 0x1284 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:11:54.0985 0x1284 uagp35 - ok
10:11:55.0001 0x1284 [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
10:11:55.0001 0x1284 UBHelper - ok
10:11:55.0094 0x1284 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:11:55.0110 0x1284 udfs - ok
10:11:55.0141 0x1284 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:11:55.0141 0x1284 UI0Detect - ok
10:11:55.0172 0x1284 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:11:55.0188 0x1284 uliagpkx - ok
10:11:55.0235 0x1284 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\drivers\umbus.sys
10:11:55.0250 0x1284 umbus - ok
10:11:55.0250 0x1284 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:11:55.0266 0x1284 UmPass - ok
10:11:55.0500 0x1284 [ 758C2CE427C343F780A205E28555C98D, E3413BA433CD26DD61D3257B08B8354478A049A972EFAC53C303690BC71DD7E1 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:11:55.0594 0x1284 UNS - ok
10:11:55.0609 0x1284 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
10:11:55.0656 0x1284 upnphost - ok
10:11:55.0687 0x1284 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
10:11:55.0687 0x1284 USBAAPL64 - ok
10:11:55.0765 0x1284 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:55.0781 0x1284 usbccgp - ok
10:11:55.0828 0x1284 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:11:55.0843 0x1284 usbcir - ok
10:11:55.0937 0x1284 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:11:55.0952 0x1284 usbehci - ok
10:11:56.0015 0x1284 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:11:56.0062 0x1284 usbhub - ok
10:11:56.0108 0x1284 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:11:56.0108 0x1284 usbohci - ok
10:11:56.0155 0x1284 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:11:56.0171 0x1284 usbprint - ok
10:11:56.0202 0x1284 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:11:56.0202 0x1284 usbscan - ok
10:11:56.0218 0x1284 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:56.0233 0x1284 USBSTOR - ok
10:11:56.0249 0x1284 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:11:56.0249 0x1284 usbuhci - ok
10:11:56.0327 0x1284 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
10:11:56.0374 0x1284 usbvideo - ok
10:11:56.0389 0x1284 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
10:11:56.0405 0x1284 UxSms - ok
10:11:56.0420 0x1284 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
10:11:56.0420 0x1284 VaultSvc - ok
10:11:56.0467 0x1284 [ FD911873C0BB6945FA38C16E9A2B58F9, EF8C833321449A6E8B671890F2EBC82ABC276B890D274AADDB626D763EE98964 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
10:11:56.0467 0x1284 VClone - ok
10:11:56.0514 0x1284 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:11:56.0530 0x1284 vdrvroot - ok
10:11:56.0608 0x1284 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
10:11:56.0654 0x1284 vds - ok
10:11:56.0670 0x1284 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:56.0670 0x1284 vga - ok
10:11:56.0686 0x1284 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
10:11:56.0701 0x1284 VgaSave - ok
10:11:56.0748 0x1284 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:11:56.0764 0x1284 vhdmp - ok
10:11:56.0810 0x1284 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
10:11:56.0810 0x1284 viaide - ok
10:11:56.0888 0x1284 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:11:56.0904 0x1284 volmgr - ok
10:11:57.0013 0x1284 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:11:57.0060 0x1284 volmgrx - ok
10:11:57.0091 0x1284 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:11:57.0107 0x1284 volsnap - ok
10:11:57.0138 0x1284 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:11:57.0154 0x1284 vsmraid - ok
10:11:57.0247 0x1284 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
10:11:57.0310 0x1284 VSS - ok
10:11:57.0325 0x1284 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:11:57.0341 0x1284 vwifibus - ok
10:11:57.0356 0x1284 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:11:57.0356 0x1284 vwififlt - ok
10:11:57.0419 0x1284 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
10:11:57.0419 0x1284 vwifimp - ok
10:11:57.0466 0x1284 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
10:11:57.0466 0x1284 W32Time - ok
10:11:57.0497 0x1284 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:11:57.0497 0x1284 WacomPen - ok
10:11:57.0528 0x1284 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:11:57.0544 0x1284 WANARP - ok
10:11:57.0559 0x1284 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:11:57.0575 0x1284 Wanarpv6 - ok
10:11:57.0902 0x1284 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:11:57.0996 0x1284 WatAdminSvc - ok
10:11:58.0308 0x1284 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
10:11:58.0370 0x1284 wbengine - ok
10:11:58.0417 0x1284 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:11:58.0433 0x1284 WbioSrvc - ok
10:11:58.0526 0x1284 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:11:58.0558 0x1284 wcncsvc - ok
10:11:58.0573 0x1284 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:11:58.0589 0x1284 WcsPlugInService - ok
10:11:58.0604 0x1284 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:11:58.0604 0x1284 Wd - ok
10:11:58.0885 0x1284 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:11:58.0901 0x1284 Wdf01000 - ok
10:11:58.0932 0x1284 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:11:58.0948 0x1284 WdiServiceHost - ok
10:11:58.0948 0x1284 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:11:58.0948 0x1284 WdiSystemHost - ok
10:11:59.0026 0x1284 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
10:11:59.0057 0x1284 WebClient - ok
10:11:59.0072 0x1284 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:11:59.0088 0x1284 Wecsvc - ok
10:11:59.0104 0x1284 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:11:59.0119 0x1284 wercplsupport - ok
10:11:59.0135 0x1284 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
10:11:59.0150 0x1284 WerSvc - ok
10:11:59.0166 0x1284 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:11:59.0182 0x1284 WfpLwf - ok
10:11:59.0197 0x1284 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:11:59.0213 0x1284 WIMMount - ok
10:11:59.0228 0x1284 WinHttpAutoProxySvc - ok
10:11:59.0322 0x1284 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:11:59.0338 0x1284 Winmgmt - ok
10:11:59.0587 0x1284 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
10:11:59.0665 0x1284 WinRM - ok
10:11:59.0712 0x1284 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:11:59.0728 0x1284 WinUsb - ok
10:11:59.0790 0x1284 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:11:59.0837 0x1284 Wlansvc - ok
10:11:59.0931 0x1284 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:11:59.0931 0x1284 wlcrasvc - ok
10:12:00.0290 0x1284 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:12:00.0353 0x1284 wlidsvc - ok
10:12:00.0399 0x1284 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:12:00.0399 0x1284 WmiAcpi - ok
10:12:00.0477 0x1284 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:12:00.0509 0x1284 wmiApSrv - ok
10:12:00.0540 0x1284 WMPNetworkSvc - ok
10:12:00.0555 0x1284 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:12:00.0555 0x1284 WPCSvc - ok
10:12:00.0618 0x1284 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:12:00.0618 0x1284 WPDBusEnum - ok
10:12:00.0665 0x1284 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:12:00.0665 0x1284 ws2ifsl - ok
10:12:00.0665 0x1284 WSearch - ok
10:12:00.0836 0x1284 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
10:12:00.0946 0x1284 wuauserv - ok
10:12:01.0009 0x1284 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:12:01.0024 0x1284 WudfPf - ok
10:12:01.0087 0x1284 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:12:01.0102 0x1284 WUDFRd - ok
10:12:01.0134 0x1284 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:12:01.0149 0x1284 wudfsvc - ok
10:12:01.0321 0x1284 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
10:12:01.0336 0x1284 WwanSvc - ok
10:12:01.0368 0x1284 ================ Scan global ===============================
10:12:01.0414 0x1284 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
10:12:01.0492 0x1284 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:12:01.0524 0x1284 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
10:12:01.0555 0x1284 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:12:01.0680 0x1284 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
10:12:01.0711 0x1284 [ Global ] - ok
10:12:01.0711 0x1284 ================ Scan MBR ==================================
10:12:01.0711 0x1284 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:12:02.0210 0x1284 \Device\Harddisk0\DR0 - ok
10:12:02.0210 0x1284 ================ Scan VBR ==================================
10:12:02.0210 0x1284 [ 522248D0266E19F58606D38C24FAF589 ] \Device\Harddisk0\DR0\Partition1
10:12:02.0241 0x1284 \Device\Harddisk0\DR0\Partition1 - ok
10:12:02.0241 0x1284 [ 721CB7DCE1AC66A1121B32239AB6049A ] \Device\Harddisk0\DR0\Partition2
10:12:02.0288 0x1284 \Device\Harddisk0\DR0\Partition2 - ok
10:12:02.0288 0x1284 ================ Scan generic autorun ======================
10:12:02.0397 0x1284 [ D71350F2E720D840999931EA99552C13, 087AB070C923DCEDEB1EDDA90CBE437596A4D82DC28BEF2FDB627E160482AC55 ] C:\Windows\system32\igfxtray.exe
10:12:02.0397 0x1284 IgfxTray - ok
10:12:02.0413 0x1284 [ 773DF8DBF9CF67C58D589DA35C784399, 06078A7FC5597EC404147A7A51DE34D024BA35C20A8D5AFC7F0EB2C74032476D ] C:\Windows\system32\hkcmd.exe
10:12:02.0428 0x1284 HotKeysCmds - ok
10:12:02.0444 0x1284 [ 7A70CF6BDCCE4367206BD0BB01650E12, 732756F4FF7CF3E4C68D3845971737A4D346A36A366C151A289F25E098DE05C8 ] C:\Windows\system32\igfxpers.exe
10:12:02.0460 0x1284 Persistence - ok
10:12:02.0460 0x1284 ETDCtrl - ok
10:12:02.0584 0x1284 [ F690A5E4DA1085920B6D805B16831D14, B952189D7437161C44250D311F448B34A6942CA7046D3C8BAD1065D5A52565D6 ] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
10:12:02.0600 0x1284 AtherosBtStack - ok
10:12:02.0678 0x1284 [ 35C694778D4A9D1913978EC3AA722389, A0FDCA5BAABF9F7EF0A8C57823CCD46F98A526D1FF681CD8ACB69786030BACBB ] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
10:12:02.0694 0x1284 AthBtTray - ok
10:12:02.0943 0x1284 [ 38AEA10E23EF79A685BF922EC9437F3E, 7C72270F92EC3F68AC5E6BF66CFFB9C113D25126C34223651F8E751E425FE33D ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
10:12:03.0006 0x1284 Power Management - ok
10:12:03.0052 0x1284 [ 41D1214B86A06FD29423A797EBDA17E4, ABC79107DDD5890C54B844CD5C69747121083DA69A77C02068D2B9C349FB1614 ] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
10:12:03.0068 0x1284 IAStorIcon - ok
10:12:03.0177 0x1284 [ 75AD45ED633B866D90AEAA296C21F7E8, 6211E788258298EAE520A0A0510E66BCA0E280F4958B454919C270D0F53931D9 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
10:12:03.0177 0x1284 SuiteTray - ok
10:12:03.0271 0x1284 [ E7EA57B35951D093A9647D8D5CE3340D, 7F88A5F07CF05E43BFA40A72C74DDDAB480C493E302A2532C2FA2A28D2F3D2D5 ] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
10:12:03.0286 0x1284 EgisTecPMMUpdate - ok
10:12:03.0318 0x1284 [ DC1AA3868108B8FF57F6C8045FCD4603, 6D32849D6296ABD24B56628161075299A2E0A5FF2071F3C1FD08DD4876C020F0 ] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
10:12:03.0333 0x1284 EgisUpdate - ok
10:12:03.0598 0x1284 [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
10:12:03.0630 0x1284 Norton Online Backup - ok
10:12:03.0770 0x1284 [ BAB849FD16C2E395E12B3BBCCDA85998, 2A137222C769475FD7A35B552D703969CB00EECB48DA2ECDD0179AE535A9F391 ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
10:12:03.0770 0x1284 BackupManagerTray - ok
10:12:03.0895 0x1284 [ 51C8885B6A00904C0252704C9FB0F43A, BF2F58E6697DB10F3D6FB3859FADC2CE1D3CDD318E487E02FDC2BE171AF6CA29 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
10:12:03.0910 0x1284 NUSB3MON - ok
10:12:03.0988 0x1284 [ 2ADC102A6D92BFB1F092A1A165E24181, 08D8292916B5B1A24FC663924240675E540CEF7C14DF43ACFA021E9921FCC2A9 ] C:\Program Files (x86)\Launch Manager\LManager.exe
10:12:04.0035 0x1284 LManager - ok
10:12:04.0191 0x1284 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe
10:12:04.0207 0x1284 MDS_Menu - ok
10:12:04.0269 0x1284 [ 494D391D603680F5D3FF966E6859E254, AB2ABF0446D5CD79E0CA96F0359F53D9A143AD5A0E8FCBDE9D4D740EC3870789 ] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
10:12:04.0285 0x1284 ArcadeMovieService - ok
10:12:04.0410 0x1284 [ DBF9AE6C5C1DA2244061F95D61DD1723, 32E11EA50CC61FF9EEBE643B58B857BC60AAB473B6A9A9EC2F09A4D5AF0A516C ] C:\Windows\Samsung\PanelMgr\SSMMgr.exe
10:12:04.0425 0x1284 Samsung PanelMgr - ok
10:12:04.0519 0x1284 [ 2A21FE60A9BC5247BD8C57409A2B97F8, 6C9851684FB90AB6038A326F4B362C1948DF2173063CA198DCEAEA6BFAC636E0 ] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
10:12:04.0519 0x1284 VirtualCloneDrive - ok
10:12:04.0659 0x1284 [ 94A4D6915D4F572309DF6137E1846528, E46BDF83CAA6683AA655DBA3D2C8DC7AC06251E952466A20CFDA3A16B1840455 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
10:12:04.0659 0x1284 APSDaemon - ok
10:12:04.0800 0x1284 [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
10:12:04.0831 0x1284 Adobe ARM - ok
10:12:05.0034 0x1284 [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe
10:12:05.0049 0x1284 QuickTime Task - ok
10:12:05.0330 0x1284 [ DAA21DC0AA2E688370D356757892816D, 97EBF3B8A4B8544B6C1379A391AA4079F38EB4D507931249BC1427D961F58F8C ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
10:12:05.0346 0x1284 avgnt - ok
10:12:05.0486 0x1284 [ 79C28DDF889C26FDD6162F796FD49BC4, C1E2468B4F0F52BD707D16656F33CC438AF8E18A38BB6CFB64D11F23993F72F0 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
10:12:05.0502 0x1284 iTunesHelper - ok
10:12:05.0767 0x1284 [ B8A135B6A9B8C1DF6E0A777DA826AD7C, DE4167FF1598EA21D64251327057FF21B169DD251C33E287AA164A5CCB326BC3 ] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
10:12:05.0845 0x1284 Wondershare Helper Compact.exe - ok
10:12:06.0079 0x1284 [ 7632A6EA63FEEBC2798D3852CE754972, 291409858E75B7E84397EED3270E737958255E7F733A3B2FE7BD282A2604B247 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
10:12:06.0079 0x1284 Avira Systray - ok
10:12:06.0250 0x1284 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:12:06.0344 0x1284 Sidebar - ok
10:12:06.0391 0x1284 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:12:06.0406 0x1284 mctadmin - ok
10:12:06.0406 0x1284 IsMyWinLockerReboot - ok
10:12:06.0500 0x1284 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
10:12:06.0531 0x1284 Sidebar - ok
10:12:06.0531 0x1284 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
10:12:06.0531 0x1284 mctadmin - ok
10:12:06.0531 0x1284 IsMyWinLockerReboot - ok
10:12:06.0734 0x1284 [ EF1ECB9DF42AF6BF7514BB5EBC5C59EC, 2ACB07A2D1FC6679C2F6146678BB74CAF4812E1DB417828602E63212B76F651D ] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
10:12:06.0750 0x1284 Picasa Media Detector - ok
10:12:06.0999 0x1284 studNET-Autologin - ok
10:12:07.0467 0x1284 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe
10:12:07.0467 0x1284 Google Update - ok
10:12:07.0467 0x1284 Waiting for KSN requests completion. In queue: 15
10:12:08.0559 0x1284 Win FW state via NFP2: enabled
10:12:08.0856 0x1284 ============================================================
10:12:08.0856 0x1284 Scan finished
10:12:08.0856 0x1284 ============================================================
10:12:08.0856 0x0d6c Detected object count: 0
10:12:08.0856 0x0d6c Actual detected object count: 0
|
|
20.10.2014, 18:24
| #8 |
| | BOO/TDSS.o Befall - was kann ich tun Hier FRST: FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-10-2014
Ran by Melanie (administrator) on MELANIE-PC on 20-10-2014 10:17:41
Running from C:\Users\Melanie\Downloads
Loaded Profile: Melanie (Available profiles: Melanie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
() C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dropbox, Inc.) C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Users\Melanie\Downloads\tdsskiller.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-02] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-02] (Atheros Commnucations)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-10-28] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-03] (Wondershare)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-08-20] (Google Inc.)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [studNET-Autologin] => C:\Windows\SysWOW64\studnet\studnet.exe /auto
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [Google Update] => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-10-03] (Google Inc.)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\MountPoints2: {c1cd0502-f020-11e1-9a13-1c7508fe42fb} - E:\LaunchU3.exe -a
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=58&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=58&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho64.dll (home)
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TheHDvid-Codec V10 -> {11111111-1111-1111-1111-110611331115} -> C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-bho.dll (home)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 128.95.120.1 128.95.112.1
Tcpip\..\Interfaces\{7004B3CA-E164-4EAC-8FC6-74F9604EA488}: [NameServer] 139.18.25.3,139.18.1.2
FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 57737
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.1.5157423\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Melanie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Melanie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Melanie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Melanie\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\Extensions\trash [2014-10-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV="
CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Google Search) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (Google Sheets) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (Avira Browser Safety) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-06]
CHR Extension: (Skype Click to Call) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]
CHR Extension: (Gmail) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-02] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-19] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-10-19] (globalUpdate) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [40840 2014-02-14] () [File not signed]
S2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-05] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-10-19] (Malwarebytes Corporation)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-27] (Samsung Electronics)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-20 10:17 - 2014-10-20 10:18 - 00025458 _____ () C:\Users\Melanie\Downloads\FRST.txt
2014-10-20 10:17 - 2014-10-20 10:17 - 00000000 ____D () C:\FRST
2014-10-20 10:16 - 2014-10-20 10:16 - 02111488 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64.exe
2014-10-20 10:09 - 2014-10-20 10:10 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Melanie\Downloads\tdsskiller.exe
2014-10-19 17:36 - 2014-10-19 17:36 - 00000532 _____ () C:\Users\Melanie\Desktop\Ereignisse0.txt
2014-10-19 17:35 - 2014-10-19 17:35 - 00000668 _____ () C:\Users\Melanie\Desktop\Ereignisse3.txt
2014-10-19 17:35 - 2014-10-19 17:35 - 00000668 _____ () C:\Users\Melanie\Desktop\Ereignisse1.txt
2014-10-19 17:35 - 2014-10-19 17:35 - 00000624 _____ () C:\Users\Melanie\Documents\Ereignisse2.txt
2014-10-19 17:34 - 2014-10-19 17:34 - 00000712 _____ () C:\Users\Melanie\Desktop\Ereignisse.txt
2014-10-19 16:02 - 2014-10-19 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-19 16:02 - 2014-10-19 16:42 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 16:02 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 16:01 - 2014-10-19 16:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 16:00 - 2014-10-19 17:17 - 00000000 ____D () C:\Users\Melanie\Desktop\mbar
2014-10-19 15:59 - 2014-10-19 15:59 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Melanie\Downloads\mbar-1.07.0.1012.exe
2014-10-19 15:59 - 2014-10-19 15:59 - 01986072 _____ (SafeInstall, LLC) C:\Users\Melanie\Downloads\7zip_installer.exe
2014-10-19 15:40 - 2014-10-19 15:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-19 13:58 - 2014-10-19 13:58 - 00000000 ____D () C:\Users\Melanie\Documents\Optimizer Pro
2014-10-19 13:56 - 2014-10-19 16:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-19 13:56 - 2014-10-19 16:38 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-10-19 13:55 - 2014-10-20 10:05 - 00002444 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5_user.job
2014-10-19 13:55 - 2014-10-20 10:05 - 00002444 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5.job
2014-10-19 13:55 - 2014-10-19 13:55 - 00005474 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5
2014-10-19 13:54 - 2014-10-20 10:05 - 00005182 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11.job
2014-10-19 13:54 - 2014-10-20 10:05 - 00003458 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1.job
2014-10-19 13:54 - 2014-10-20 10:05 - 00002108 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2.job
2014-10-19 13:54 - 2014-10-20 10:05 - 00000896 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-19 13:54 - 2014-10-19 13:59 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-19 13:54 - 2014-10-19 13:55 - 00005138 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2
2014-10-19 13:54 - 2014-10-19 13:55 - 00000000 ____D () C:\Program Files (x86)\TheHDvid-Codec V10
2014-10-19 13:54 - 2014-10-19 13:54 - 00008212 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11
2014-10-19 13:54 - 2014-10-19 13:54 - 00006488 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1
2014-10-19 13:54 - 2014-10-19 13:54 - 00003898 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-10-19 13:54 - 2014-10-19 13:54 - 00003644 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-19 13:54 - 2014-10-19 13:54 - 00000000 ____D () C:\Users\Melanie\AppData\Local\globalUpdate
2014-10-19 13:54 - 2014-10-19 13:54 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-10-19 13:53 - 2014-10-19 13:53 - 00074656 _____ () C:\Users\Melanie\Downloads\FLVPlayer-Chrome.exe
2014-10-19 13:53 - 2014-10-19 13:53 - 00074656 _____ () C:\Users\Melanie\Downloads\FLVPlayer-Chrome (1).exe
2014-10-18 14:17 - 2014-10-18 14:17 - 06626832 _____ (TeamViewer GmbH) C:\Users\Melanie\Downloads\TeamViewer_Setup_de.exe
2014-10-18 14:17 - 2014-10-18 14:17 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-18 14:17 - 2014-10-18 14:17 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-18 14:17 - 2014-10-18 14:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-09 23:02 - 2014-10-09 23:02 - 00000000 ____D () C:\Users\Melanie\Documents\fox-ffv2
2014-10-09 23:01 - 2014-10-09 23:01 - 00000118 _____ () C:\Users\Melanie\mercurial.ini
2014-10-09 23:01 - 2013-10-18 18:04 - 00000236 _____ () C:\Users\Melanie\Documents\gitignore_global.txt
2014-10-09 23:01 - 2013-10-18 18:04 - 00000173 _____ () C:\Users\Melanie\Documents\hgignore_global.txt
2014-10-09 23:00 - 2014-10-09 23:00 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Atlassian
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\ProgramData\Caphyon
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Atlassian
2014-10-09 22:58 - 2014-10-09 23:03 - 00000000 ____D () C:\ProgramData\Atlassian
2014-10-09 22:48 - 2014-10-09 22:48 - 10266464 _____ (Atlassian) C:\Users\Melanie\Downloads\SourceTreeSetup_1.6.5.exe
2014-10-09 21:43 - 2014-10-18 14:28 - 00009166 ____H () C:\Users\Melanie\_viminfo
2014-10-06 21:39 - 2014-10-07 11:22 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Wolfram Research
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\ProgramData\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Program Files\Extras
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-10-06 21:28 - 2014-10-06 21:28 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-10-06 21:03 - 2014-10-06 21:22 - 2034844000 _____ (Wolfram Research, Inc. ) C:\Users\Melanie\Downloads\Mathematica_10.0.1_WIN.exe
2014-10-06 18:05 - 2014-10-06 18:05 - 00918952 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jxpiinstall(2).exe
2014-10-06 09:39 - 2014-10-13 12:03 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-05 09:33 - 2014-10-19 17:43 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA.job
2014-10-05 09:33 - 2014-10-19 09:43 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core.job
2014-10-05 09:33 - 2014-10-19 09:38 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA
2014-10-05 09:33 - 2014-10-19 09:38 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core
2014-10-04 09:16 - 2014-10-04 09:16 - 00000000 ____D () C:\Users\Melanie\.plugman
2014-10-03 21:36 - 2014-10-20 10:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 21:36 - 2014-10-19 17:41 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 21:36 - 2014-10-18 09:47 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-03 21:36 - 2014-10-03 21:36 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-03 21:36 - 2014-10-03 21:36 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-03 21:36 - 2014-10-03 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-03 21:35 - 2014-10-03 21:35 - 00895120 _____ (Google Inc.) C:\Users\Melanie\Downloads\ChromeSetup.exe
2014-10-03 11:24 - 2014-10-03 11:24 - 17824398 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140929(1).exe
2014-10-02 22:00 - 2014-10-02 22:00 - 00000000 __SHD () C:\Users\Melanie\AppData\Local\EmieUserList
2014-10-02 22:00 - 2014-10-02 22:00 - 00000000 __SHD () C:\Users\Melanie\AppData\Local\EmieSiteList
2014-10-02 21:49 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Melanie\Desktop\firstfox
2014-09-30 23:10 - 2014-09-30 23:10 - 00000000 ____D () C:\Users\Melanie\.ionic
2014-09-30 23:06 - 2014-09-30 23:06 - 00000000 ____D () C:\Users\Melanie\.cordova
2014-09-30 22:21 - 2014-09-30 22:24 - 00000000 ____D () C:\Users\Melanie\.ssh
2014-09-30 22:18 - 2014-10-15 22:45 - 00000469 _____ () C:\Users\Melanie\AppData\Roaming\.arcrc
2014-09-30 19:25 - 2014-09-30 19:25 - 00001389 _____ () C:\Users\Melanie\Desktop\Git Bash.lnk
2014-09-30 18:54 - 2014-09-30 18:54 - 17824398 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140929.exe
2014-09-30 18:45 - 2014-09-30 18:45 - 00000000 ____D () C:\Program Files\Arcanist
2014-09-30 18:42 - 2014-10-13 12:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-30 18:41 - 2014-09-30 18:41 - 07188616 _____ (Microsoft Corporation) C:\Users\Melanie\Downloads\vcredist_x64.exe
2014-09-30 18:26 - 2014-09-30 18:31 - 00000000 ____D () C:\Program Files\php
2014-09-30 18:25 - 2014-09-30 18:26 - 20894725 _____ () C:\Users\Melanie\Downloads\php-5.6.0-nts-Win32-VC11-x64.zip
2014-09-30 18:24 - 2014-09-30 18:25 - 19632729 _____ () C:\Users\Melanie\Downloads\php-5.6.0-Win32-VC11-x86.zip
2014-09-29 22:17 - 2014-09-29 22:17 - 00001352 _____ () C:\Users\Melanie\Desktop\eclipse_Android.lnk
2014-09-29 22:07 - 2014-09-29 22:07 - 00000000 ____D () C:\Users\Melanie\workspaceAndroid
2014-09-29 22:03 - 2014-09-29 22:03 - 00000000 ____D () C:\Program Files\Android
2014-09-29 21:55 - 2014-09-29 21:55 - 00000000 ____D () C:\Users\Melanie\Downloads\adt-bundle-windows-x86_64-20140702
2014-09-29 21:46 - 2014-09-29 21:46 - 00000000 ____D () C:\Program Files\apache
2014-09-29 21:44 - 2014-09-29 21:44 - 00000000 ____D () C:\Users\Melanie\Documents\apache-ant-1.9.4-bin-1
2014-09-29 14:11 - 2014-10-17 11:48 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\npm-cache
2014-09-29 14:10 - 2014-10-17 11:48 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\npm
2014-09-29 14:02 - 2014-09-29 14:03 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2014-09-29 14:02 - 2014-09-29 14:03 - 00000000 ____D () C:\Program Files\nodejs
2014-09-29 14:01 - 2014-09-29 14:02 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64(2).msi
2014-09-29 13:58 - 2014-09-29 13:58 - 00001317 _____ () C:\Users\Melanie\Desktop\Console.lnk
2014-09-29 13:46 - 2014-09-29 13:46 - 00000000 ____D () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_src
2014-09-29 13:46 - 2014-09-29 13:46 - 00000000 ____D () C:\Program Files\Console2
2014-09-29 13:45 - 2014-09-29 13:45 - 03699684 _____ () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_src.zip
2014-09-29 13:44 - 2014-09-29 13:44 - 01897882 _____ () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_64bit.zip
2014-09-29 13:11 - 2014-09-29 13:13 - 181484960 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jdk-8u20-windows-x64(1).exe
2014-09-29 11:51 - 2014-10-03 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2014-09-29 11:51 - 2014-10-03 11:32 - 00000000 ____D () C:\Program Files (x86)\Git
2014-09-29 11:50 - 2014-09-29 11:50 - 17806885 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140815.exe
2014-09-27 21:22 - 2014-09-27 21:23 - 00000000 ____D () C:\Users\Melanie\Documents\Banking
2014-09-25 08:32 - 2014-09-25 08:37 - 00003190 _____ () C:\Users\Melanie\Wahlergebnisse.html
2014-09-25 08:20 - 2014-09-25 08:28 - 00000936 _____ () C:\Users\Melanie\new 3.html
2014-09-25 08:12 - 2014-09-25 08:12 - 00000800 _____ () C:\Users\Melanie\new.html
2014-09-24 17:22 - 2014-09-24 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 12:33 - 2014-09-23 12:35 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64(1).msi
2014-09-23 11:41 - 2014-09-23 11:41 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64.msi
2014-09-23 11:01 - 2014-09-23 11:03 - 181484960 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jdk-8u20-windows-x64.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-20 10:13 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 10:13 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 10:10 - 2011-04-06 20:18 - 01781994 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 10:08 - 2013-09-11 04:14 - 00000000 ___RD () C:\Users\Melanie\Dropbox
2014-10-20 10:08 - 2013-08-02 13:03 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Dropbox
2014-10-20 10:08 - 2011-07-13 11:20 - 00000000 ____D () C:\ProgramData\clear.fi
2014-10-20 10:05 - 2011-04-06 20:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-20 10:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 10:04 - 2009-07-13 21:51 - 00145529 _____ () C:\Windows\setupact.log
2014-10-19 17:52 - 2014-09-01 04:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Securepoint SSL VPN
2014-10-19 16:38 - 2011-04-06 20:14 - 00324244 _____ () C:\Windows\PFRO.log
2014-10-19 16:25 - 2011-07-13 10:23 - 00000000 ____D () C:\Users\Melanie
2014-10-19 15:51 - 2011-04-07 06:08 - 00700126 _____ () C:\Windows\system32\perfh007.dat
2014-10-19 15:51 - 2011-04-07 06:08 - 00149976 _____ () C:\Windows\system32\perfc007.dat
2014-10-19 15:51 - 2009-07-13 22:13 - 01622196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 13:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-19 13:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-19 08:57 - 2011-07-13 10:23 - 00066104 _____ () C:\Users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-19 08:55 - 2009-07-13 21:45 - 00289408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 16:56 - 2011-08-06 12:12 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CrashDumps
2014-10-14 09:28 - 2013-10-21 00:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 09:28 - 2013-10-14 04:05 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 09:28 - 2013-10-14 04:05 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 12:03 - 2013-10-14 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-13 12:03 - 2013-10-14 04:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-10 18:54 - 2013-08-05 03:52 - 00000000 ____D () C:\Users\Melanie\Documents\MATLAB
2014-10-09 22:57 - 2012-03-14 12:34 - 01596476 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-09 14:39 - 2011-07-14 08:49 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Mozilla
2014-10-06 09:39 - 2011-11-28 12:40 - 00000000 ____D () C:\ProgramData\Avira
2014-10-05 19:20 - 2013-10-14 04:05 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-05 09:34 - 2011-07-15 10:43 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Google
2014-10-04 22:13 - 2011-07-15 10:43 - 00000000 ____D () C:\Program Files (x86)\Picasa2
2014-10-03 21:36 - 2011-07-15 10:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-03 14:09 - 2012-03-14 12:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\SoftGrid Client
2014-09-29 22:07 - 2013-04-15 07:15 - 00000000 ____D () C:\Users\Melanie\.eclipse
2014-09-29 13:33 - 2014-01-26 11:22 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-29 13:33 - 2011-10-22 07:39 - 00000000 ____D () C:\Program Files\Java
2014-09-29 13:19 - 2013-10-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-09-29 11:39 - 2014-07-22 11:42 - 00000000 ____D () C:\Users\Melanie\.android
2014-09-29 11:33 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-29 10:28 - 2011-11-03 15:04 - 00002201 _____ () C:\Windows\wininit.ini
2014-09-28 23:15 - 2009-07-13 22:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 20:33 - 2012-04-22 08:16 - 00000000 ____D () C:\Users\Melanie\workspace2
2014-09-25 07:47 - 2012-05-06 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 11:11 - 2014-01-25 03:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 11:08 - 2013-10-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
Some content of TEMP:
====================
C:\Users\Melanie\AppData\Local\Temp\AskSLib.dll
C:\Users\Melanie\AppData\Local\Temp\avgnt.exe
C:\Users\Melanie\AppData\Local\Temp\dl3darm2.dll
C:\Users\Melanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfppdr9.dll
C:\Users\Melanie\AppData\Local\Temp\i4jdel0.exe
C:\Users\Melanie\AppData\Local\Temp\MSNF05E.exe
C:\Users\Melanie\AppData\Local\Temp\optprosetup.exe
C:\Users\Melanie\AppData\Local\Temp\pyl1C08.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl2DC5.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl3226.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl46DF.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl4826.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl557E.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl5BE5.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl7493.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl8342.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl92BD.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl96F1.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl9B56.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylA727.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylAD6F.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylB115.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylB655.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylC6A8.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylD97C.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylE60A.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylEA9C.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Melanie\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\Melanie\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Melanie\AppData\Local\Temp\_is2F2C.exe
C:\Users\Melanie\AppData\Local\Temp\_is473.exe
C:\Users\Melanie\AppData\Local\Temp\_is6EF9.exe
C:\Users\Melanie\AppData\Local\Temp\_isB598.exe
C:\Users\Melanie\AppData\Local\Temp\_isE6C5.exe
C:\Users\Melanie\AppData\Local\Temp\_isE926.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 08:30
==================== End Of Log ============================
--- --- --- Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-10-2014
Ran by Melanie at 2014-10-20 10:19:10
Running from C:\Users\Melanie\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.85 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1324 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1324 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3004 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0120.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Acer USB Charge Manager (HKLM-x32\...\{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}) (Version: 1.00.3000 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3004 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.04) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2003385550.48.56.41291122 - Audible, Inc.)
Avira (HKLM-x32\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Backup Manager V3 (x32 Version: 3.0.0.85 - NTI Corporation) Hidden
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.61 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1229.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1229.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7209 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3008 - Acer Incorporated)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.1.55 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
ETDWare PS/2-X64 8.0.6.0_WHQL (HKLM\...\Elantech) (Version: 8.0.6.0 - ELAN Microelectronic Corp.)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Git version 1.9.4-preview20140929 (HKLM-x32\...\Git_is1) (Version: 1.9.4-preview20140929 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2287 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
Java SE Development Kit 7 Update 17 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170170}) (Version: 1.7.0.170 - Oracle)
Java SE Development Kit 8 Update 20 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180200}) (Version: 8.0.200.26 - Oracle Corporation)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.290 - Oracle)
Java(TM) SE Development Kit 7 Update 1 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170010}) (Version: 1.7.0.10 - Oracle)
Java-Editor 9.15f, 2010.11.27 (HKLM-x32\...\{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1) (Version: - Gerhard Röhner)
Jpgfdraw version 0.5.6b (HKLM-x32\...\{90F3B25B-35A2-4B97-9879-278E2388898D}}_is1) (Version: 0.5.6b - Nicola L. C. Talbot)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.4 - Acer Inc.)
LingoPad 2.6 (Build 360) (HKLM-x32\...\LingoPad_is1) (Version: 2.6 - Lingo4you)
MATLAB R2011a Student Version (HKLM-x32\...\MatlabR2011a) (Version: 7.12 - The MathWorks, Inc.)
MediaEspresso (x32 Version: 1.0.1210_33255 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
MiKTeX 2.9 (HKLM-x32\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MinGW-Get version 0.5-beta-20120426-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.5-beta-20120426-1 - MinGW)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.1.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.1.0 (x86 de)) (Version: 24.1.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Node.js (HKLM\...\{2FAE4331-AEA0-4A3D-B4B3-B1E78823BF1A}) (Version: 0.10.32 - Joyent, Inc. and other Node contributors)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.4 - Notepad++ Team)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8939 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8939 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Origin8 (x32 Version: 8.00.000 - OriginLab) Hidden
OriginPro 8G (HKLM-x32\...\{A912021A-FEDD-4DA3-8DB4-245EBDA84778}) (Version: 8.00.000 - OriginLabCorporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
R for Windows 3.0.1 (HKLM\...\R for Windows 3.0.1_is1) (Version: 3.0.1 - R Core Team)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.74 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.)
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version: - Samsung Electronics Co., Ltd.)
Scan Assistant (HKLM-x32\...\{BF6CF460-40C3-49BA-800A-4B934B6498B1}) (Version: 1.01.014 - Samsung Electronics Co., Ltd.)
Securepoint SSL VPN (HKLM-x32\...\{3A903356-AFF9-4CAF-BCEA-78B99427006E}) (Version: 1.0.3 - Securepoint GmbH)
SecureW2 EAP Suite 1.1.3 for Windows (HKLM-x32\...\SecureW2 EAP Suite) (Version: - )
SetIP (HKLM-x32\...\{C206015D-DAC5-407C-A54B-6D7776A0881C}) (Version: 1.00.000 - Samsung Electronics CO.,LTD)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.6.5) (Version: 1.6.5 - Atlassian)
SourceTree (x32 Version: 1.6.5 - Atlassian) Hidden
SSH Secure Shell (HKLM-x32\...\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}) (Version: - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TeXnicCenter Version 1.0 Stable RC1 (HKLM-x32\...\TeXnicCenter_is1) (Version: Version 1.0 Stable RC1 - TeXnicCenter.org)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Ubuntu (HKLM-x32\...\Wubi) (Version: 12.04-rev266 - Ubuntu)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Argazki Galeria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Wolfram Extras 10.0 (5157423) (HKLM\...\A-WIN-Extras 10.0.1 5157423_is1) (Version: 10.0.1 - Wolfram Research, Inc.)
Wolfram Mathematica 10 (M-WIN-L 10.0.1 5157734) (HKLM\...\M-WIN-L 10.0.1 5157734_is1) (Version: 10.0.1 - Wolfram Research, Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-928299268-3892372864-3771450075-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
17-10-2014 16:50:42 Geplanter Prüfpunkt
19-10-2014 23:24:51 Malwarebytes Anti-Rootkit Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0B42B3A7-63BC-4BFE-AE7A-8FAD37CA693F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {12AFAABA-CCC4-4C5A-8A8C-8382F18EFD8B} - System32\Tasks\At3 => Firefox.exe /help <==== ATTENTION
Task: {3F14F55B-8072-44ED-90C4-1ABF79D20D48} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-19] (globalUpdate) <==== ATTENTION
Task: {4251F5C0-8EFC-43E2-8D7C-33675B15868B} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5 => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-5.exe [2014-10-19] (home) <==== ATTENTION
Task: {42728674-E8BF-4D45-A207-39043D82A333} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {4771BF1F-D238-431E-9866-06627A51A402} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2010-12-29] (Acer Incorporated)
Task: {4A4B7594-105A-478A-9211-740AF3421EA1} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2010-12-29] (CyberLink)
Task: {4AF28F6E-6F6E-4AE7-9F97-600774AB3347} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2 => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-2.exe [2014-10-19] (home) <==== ATTENTION
Task: {4E661215-36D2-482E-95B6-93A5ED72D137} - System32\Tasks\{B2C8AD2D-0B54-4B65-A253-A2F7545FA3C3} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=5.3.0.120.259&LastError=12002
Task: {56CC8AA3-755B-449A-AB37-30E4D0C33485} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11 => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-11.exe <==== ATTENTION
Task: {633546AE-1258-41DE-80D9-494DB754635D} - System32\Tasks\At2 => Firefox.exe /help <==== ATTENTION
Task: {6B0A9943-504C-4B7B-970C-7A2DF21DE53D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {77FA6B28-B349-45D7-859D-65616427458B} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2010-12-29] (CyberLink Corp.)
Task: {91C4966C-B229-4FC0-BDDB-80F89C86B376} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5_user => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-5.exe [2014-10-19] (home) <==== ATTENTION
Task: {929A854D-43DB-4779-97CD-174C506475FD} - System32\Tasks\At4 => Firefox.exe /help <==== ATTENTION
Task: {9C5FF017-904F-48F0-B193-F0B69C304D96} - System32\Tasks\At1 => Firefox.exe /help <==== ATTENTION
Task: {A1EA72F8-39F4-46DC-87FA-90B6B421A9AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-03] (Google Inc.)
Task: {AB014C8F-5218-428B-96AB-75C7A8EBCEB2} - System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1 => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe [2014-10-19] (home) <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - System32\Tasks\Microsoft\Windows\Application Experience\AitAgent => aitagent.exe
Task: {BD3BCC5E-FF42-43F4-A560-5C46B0B18979} - System32\Tasks\{F3AB340F-1D0B-47F4-AAB7-EC8C6A0D53D8} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {C434A5D3-6BA7-4AE0-944F-6A415F183005} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-10-19] (globalUpdate) <==== ATTENTION
Task: {E3163C33-301D-4730-A266-5518C5ED3967} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => BthUdTask.exe
Task: {F9094924-98B8-439F-B604-2749C9995B30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1.job => C:\Program Files (x86)\TheHDvid-Codec V10\TheHDvid-Codec V10-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11.job => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-11.exe <==== ATTENTION
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2.job => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5.job => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5_user.job => C:\Program Files (x86)\TheHDvid-Codec V10\55051fd6-efb7-46b1-a551-6d3d7692967b-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Users\Melanie\AppData\Roaming\firefox.exe
Task: C:\Windows\Tasks\At2.job => C:\Users\Melanie\AppData\Roaming\firefox.exe
Task: C:\Windows\Tasks\At3.job => C:\Users\Melanie\AppData\Roaming\firefox.exe
Task: C:\Windows\Tasks\At4.job => C:\Users\Melanie\AppData\Roaming\firefox.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core.job => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA.job => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-04-13 17:41 - 2011-04-13 17:41 - 00034304 _____ () C:\Windows\System32\ssb3ml6.dll
2011-01-27 00:32 - 2011-01-27 00:32 - 00027648 _____ () C:\Windows\System32\ssb7mlm.dll
2014-02-14 05:18 - 2014-02-14 05:18 - 00040840 _____ () C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
2009-01-21 17:45 - 2009-01-21 17:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2014-09-29 11:51 - 2014-09-30 00:15 - 00737986 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2012-06-18 08:24 - 2012-06-18 08:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2011-03-09 05:08 - 2011-01-20 11:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-17 07:01 - 2010-10-28 03:14 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2011-10-17 07:01 - 2009-11-19 02:15 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-02-12 12:58 - 2014-02-12 12:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 12:58 - 2014-02-12 12:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-15 12:37 - 2011-02-15 12:37 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-02-15 12:36 - 2011-02-15 12:36 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-02-15 12:37 - 2011-02-15 12:37 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-10-20 10:06 - 2014-10-20 10:06 - 00043008 _____ () c:\users\melanie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfppdr9.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Melanie\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-17 07:19 - 2011-07-15 10:39 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2010-12-29 05:56 - 2010-12-29 05:56 - 00210312 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2014-09-07 04:15 - 2014-09-03 04:48 - 01497600 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2014-09-07 04:15 - 2014-05-19 08:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-09-24 17:22 - 2014-09-24 17:22 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-08-13 14:40 - 2014-08-13 14:40 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1e70f9aada009e40c4f131cfdbe52126\IsdiInterop.ni.dll
2011-03-09 05:44 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-10-14 03:57 - 2013-10-14 03:57 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\Users\Melanie\Downloads\Appointment_Confirmation.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\Fwd_master_applied_mathematics_apllication_requirements.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\IS_29_2013_Christliche_Spiritualität_-_Suchen_Entdecken_Erleben_vom_14_-17_06_2013_im_Kloster_Volkenroda.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\Termin_Staatskanzlei.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\Wolfgang_Wiechert_m_chte_StuSti_Kolleg_2013-15_f_r_Sie_freigeben.eml:OECustomProperty
AlternateDataStreams: C:\Users\Melanie\Downloads\Zusagebenachrichtigung_IS_06.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56198676.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71201959.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56198676.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71201959.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-928299268-3892372864-3771450075-500 - Administrator - Disabled)
Gast (S-1-5-21-928299268-3892372864-3771450075-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-928299268-3892372864-3771450075-1002 - Limited - Enabled)
Melanie (S-1-5-21-928299268-3892372864-3771450075-1000 - Administrator - Enabled) => C:\Users\Melanie
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2903069
Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2903069
Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/19/2014 02:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 96690
Error: (10/19/2014 02:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 96690
Error: (10/19/2014 02:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/19/2014 01:54:57 PM) (Source: MsiInstaller) (EventID: 11309) (User: Melanie-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.
Error: (10/19/2014 11:42:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/19/2014 11:40:28 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/19/2014 11:39:31 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
System errors:
=============
Error: (10/20/2014 10:05:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/20/2014 10:05:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxAudMsg" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/19/2014 08:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/19/2014 08:11:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxAudMsg" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/19/2014 04:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/19/2014 04:39:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxAudMsg" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/19/2014 04:28:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/19/2014 04:28:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CxAudMsg" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (10/19/2014 03:45:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IconMan_R" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/19/2014 03:45:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst IconMan_R erreicht.
Microsoft Office Sessions:
=========================
Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2903069
Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2903069
Error: (10/19/2014 03:35:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/19/2014 02:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 96690
Error: (10/19/2014 02:25:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 96690
Error: (10/19/2014 02:25:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/19/2014 01:54:57 PM) (Source: MsiInstaller) (EventID: 11309) (User: Melanie-PC)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt. System error 3. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (10/19/2014 11:42:02 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (10/19/2014 11:40:28 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityprocessorArchitecturex64c:\program files\R\r-3.0.1\Tcl\bin64\tk85.dllc:\program files\R\r-3.0.1\Tcl\bin64\tk85.dll9
Error: (10/19/2014 11:39:31 AM) (Source: SideBySide) (EventID: 75) (User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 45%
Total physical RAM: 3947.86 MB
Available physical RAM: 2170.97 MB
Total Pagefile: 7893.9 MB
Available Pagefile: 5848.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:449.66 GB) (Free:330.88 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A4D16EF9)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich sollte vielleicht noch erwähnen, dass TDSS-Killer beim ersten Suchlauf infizierte Dateien gefunden hat. Ich habe 'Cure' gewählt und den Computer neu gestartet, beim zweiten Suchlauf wurde nichts mehr gefunden. mbar hat dann nochmal vier infizierte Dateien beim ersten und keine weiteren beim zweiten Suchlauf gefunden. Inzwischen findet Avira BOO/TDSS.o nicht mehr, heißt das, er ist weg? Wie kann ich die trovi-Adware entfernen? Vielen, vielen Dank für deine Mühe! |
|
20.10.2014, 22:33
| #9 | |||
| Ruhe in Frieden † 2019 | BOO/TDSS.o Befall - was kann ich tun Hallo, Zitat:
Zitat:
Zitat:
Zuerst war es wichtig, dass wir der Bootsektoreninfektion nachgehen.Schritt 1 Bitte deinstalliere folgende Programme (falls vorhanden) : Java 7 Update 40 Java 7 Update 51 Java(TM) 6 Update 29 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 4 Starte noch einmal FRST.
|
|
21.10.2014, 02:13
| #10 |
| | BOO/TDSS.o Befall - was kann ich tun Hallo, Freut mich, dass der Boo/TDSs.o jetzt weg ist , vielen Dank!Zur trovi-Entfernung: Schritt 1: ist erledigt. Schritt 2: Wenn ich dem Link folge und die .exe herunterlade, kommt die Meldung, dass die version veraltet ist und es öffnet sich automatisch im Browser eine Downloadseite für die neuste Version (v4.001). Wenn ich diese downloade, kommt die Fehlermeldung "Systemressourcen nicht ausreichend", Avira meldet, dass ein als Virus eingestuftes Programm versucht, auf awdCleaner zu zugreifen. Was kann ich machen? |
|
21.10.2014, 17:35
| #12 |
| | BOO/TDSS.o Befall - was kann ich tun Hallo, ich habe beide Schritte ausgeführt, die trovi-Adware ist aber weder in Firefox noch Google-Chrome verschwunden. AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.001 - Bericht erstellt am 21/10/2014 um 09:16:56
# DB v2014-10-20.3
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Melanie - MELANIE-PC
# Gestartet von : C:\Users\Melanie\Downloads\adwcleaner_4.001(1).exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Melanie\Documents\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\TheHDvid-Codec V10
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Datei Gelöscht : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\searchplugins\trovi-search.xml
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir(1)_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir(1)_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-antivir_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_data-crow_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_data-crow_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dev-c_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_dev-c_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_oxygenoffice-professional_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_oxygenoffice-professional_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332215}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336615}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644334415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332215}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655335515}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666336615}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611331115}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TheHDvid-Codec V10
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\Browser Champion
Schlüssel Gelöscht : HKLM\SOFTWARE\TheHDvid-Codec V10
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v32.0.3 (x86 de)
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [17458 octets] - [21/10/2014 09:13:54]
AdwCleaner[S0].txt - [16105 octets] - [21/10/2014 09:16:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16166 octets] ##########
[/CODE] AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v4.001 - Bericht erstellt am 21/10/2014 um 09:27:37
# DB v2014-10-20.3
# Aktualisiert 20/10/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Melanie - MELANIE-PC
# Gestartet von : C:\Users\Melanie\Downloads\adwcleaner_4.001.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v32.0.3 (x86 de)
-\\ Google Chrome v38.0.2125.104
*************************
AdwCleaner[R0].txt - [17458 octets] - [21/10/2014 09:13:54]
AdwCleaner[R1].txt - [1455 octets] - [21/10/2014 09:25:20]
AdwCleaner[S0].txt - [16351 octets] - [21/10/2014 09:16:56]
AdwCleaner[S1].txt - [982 octets] - [21/10/2014 09:27:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1041 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2014
Ran by Melanie (administrator) on MELANIE-PC on 21-10-2014 09:21:51
Running from C:\Users\Melanie\Downloads
Loaded Profile: Melanie (Available profiles: Melanie)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
() C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Google Inc.) C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dropbox, Inc.) C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-03-02] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-02] (Atheros Commnucations)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-02-15] (NTI Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2010-12-09] (CyberLink Corp.)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-10-28] ()
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-03] (Wondershare)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [Picasa Media Detector] => C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe [443968 2008-08-20] (Google Inc.)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [studNET-Autologin] => C:\Windows\SysWOW64\studnet\studnet.exe /auto
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [Google Update] => C:\Users\Melanie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-10-03] (Google Inc.)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-20] (Avira)
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\MountPoints2: {c1cd0502-f020-11e1-9a13-1c7508fe42fb} - E:\LaunchU3.exe -a
HKU\S-1-5-21-928299268-3892372864-3771450075-1000\...\Winlogon: [Shell] Explorer.exe <==== ATTENTION
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [5395192 2014-10-20] (Avira)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Melanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\progra~1\mcafee\msk\mskapbho.dll No File
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File
Tcpip\Parameters: [DhcpNameServer] 128.95.120.1 128.95.112.1
Tcpip\..\Interfaces\{7004B3CA-E164-4EAC-8FC6-74F9604EA488}: [NameServer] 139.18.25.3,139.18.1.2
FireFox:
========
FF ProfilePath: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV=
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 57737
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa2,version=2.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa2.dll (Google, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Picasa2\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wolfram.com/Mathematica -> C:\Program Files (x86)\Common Files\Wolfram Research\Browser\10.0.1.5157423\npmathplugin.dll (Wolfram Research, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Melanie\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Melanie\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Melanie\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Melanie\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Melanie\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\ndixjp5k.default\Extensions\trash [2014-10-19]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-24]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV="
CHR Profile: C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-03]
CHR Extension: (Google Docs) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-03]
CHR Extension: (Google Drive) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-03]
CHR Extension: (YouTube) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-03]
CHR Extension: (Google Search) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-03]
CHR Extension: (Google Sheets) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-03]
CHR Extension: (Avira Browser Safety) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-06]
CHR Extension: (No Name) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-30]
CHR Extension: (Gmail) - C:\Users\Melanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-14] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-14] (Avira Operations GmbH & Co. KG)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [76448 2011-03-02] (Atheros Commnucations) [File not signed]
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-27] (Realsil Microelectronics Inc.) [File not signed]
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-02-15] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPOpenVPNService.exe [40840 2014-02-14] () [File not signed]
S2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-05] (Avira Operations GmbH & Co. KG)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [92888 2014-10-19] (Malwarebytes Corporation)
R2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-10-27] (Samsung Electronics)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 09:21 - 2014-10-21 09:21 - 00000000 ____D () C:\Users\Melanie\Downloads\FRST-OlderVersion
2014-10-21 09:19 - 2014-10-21 09:19 - 00016351 _____ () C:\Users\Melanie\Desktop\AdwCleaner[S0].txt
2014-10-21 09:12 - 2014-10-21 09:16 - 00000000 ____D () C:\AdwCleaner
2014-10-20 18:06 - 2014-10-20 18:06 - 00001207 _____ () C:\Users\Melanie\Desktop\Avira System Speedup.lnk
2014-10-20 18:06 - 2014-10-20 18:06 - 00000000 ____D () C:\Users\Melanie\AppData\Local\AviraSpeedup
2014-10-20 18:04 - 2014-10-20 18:06 - 00003320 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2014-10-20 18:04 - 2014-10-20 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-10-20 18:00 - 2014-10-20 18:01 - 01962496 _____ () C:\Users\Melanie\Downloads\adwcleaner_4.001(2).exe
2014-10-20 17:58 - 2014-10-20 17:58 - 01976320 _____ () C:\Users\Melanie\Downloads\AdwCleaner_4.000.exe
2014-10-20 17:55 - 2014-10-20 17:56 - 01962496 _____ () C:\Users\Melanie\Downloads\adwcleaner_4.001(1).exe
2014-10-20 17:50 - 2014-10-20 17:50 - 01962496 _____ () C:\Users\Melanie\Downloads\adwcleaner_4.001.exe
2014-10-20 10:19 - 2014-10-20 10:19 - 00042262 _____ () C:\Users\Melanie\Downloads\Addition.txt
2014-10-20 10:17 - 2014-10-21 09:22 - 00000000 ____D () C:\FRST
2014-10-20 10:17 - 2014-10-21 09:21 - 00022998 _____ () C:\Users\Melanie\Downloads\FRST.txt
2014-10-20 10:16 - 2014-10-21 09:21 - 02110976 _____ (Farbar) C:\Users\Melanie\Downloads\FRST64.exe
2014-10-20 10:09 - 2014-10-20 10:10 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Melanie\Downloads\tdsskiller.exe
2014-10-19 17:35 - 2014-10-19 17:35 - 00000624 _____ () C:\Users\Melanie\Documents\Ereignisse2.txt
2014-10-19 16:02 - 2014-10-19 18:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-19 16:02 - 2014-10-19 16:42 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 16:02 - 2014-10-19 16:02 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 16:01 - 2014-10-19 16:41 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-19 16:00 - 2014-10-19 17:17 - 00000000 ____D () C:\Users\Melanie\Desktop\mbar
2014-10-19 15:59 - 2014-10-19 15:59 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Melanie\Downloads\mbar-1.07.0.1012.exe
2014-10-19 15:59 - 2014-10-19 15:59 - 01986072 _____ (SafeInstall, LLC) C:\Users\Melanie\Downloads\7zip_installer.exe
2014-10-19 15:40 - 2014-10-19 15:52 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-19 13:56 - 2014-10-21 09:18 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-10-19 13:55 - 2014-10-21 09:18 - 00002444 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5_user.job
2014-10-19 13:55 - 2014-10-21 09:18 - 00002444 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5.job
2014-10-19 13:55 - 2014-10-19 13:55 - 00005474 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-5
2014-10-19 13:54 - 2014-10-21 09:18 - 00005182 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11.job
2014-10-19 13:54 - 2014-10-21 09:18 - 00003458 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1.job
2014-10-19 13:54 - 2014-10-21 09:18 - 00002108 _____ () C:\Windows\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2.job
2014-10-19 13:54 - 2014-10-21 09:18 - 00000896 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-10-19 13:54 - 2014-10-20 19:59 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-10-19 13:54 - 2014-10-19 13:55 - 00005138 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-2
2014-10-19 13:54 - 2014-10-19 13:54 - 00008212 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-11
2014-10-19 13:54 - 2014-10-19 13:54 - 00006488 _____ () C:\Windows\System32\Tasks\55051fd6-efb7-46b1-a551-6d3d7692967b-1
2014-10-19 13:54 - 2014-10-19 13:54 - 00003898 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2014-10-19 13:54 - 2014-10-19 13:54 - 00003644 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2014-10-19 13:53 - 2014-10-19 13:53 - 00074656 _____ () C:\Users\Melanie\Downloads\FLVPlayer-Chrome.exe
2014-10-19 13:53 - 2014-10-19 13:53 - 00074656 _____ () C:\Users\Melanie\Downloads\FLVPlayer-Chrome (1).exe
2014-10-18 14:17 - 2014-10-18 14:17 - 06626832 _____ (TeamViewer GmbH) C:\Users\Melanie\Downloads\TeamViewer_Setup_de.exe
2014-10-18 14:17 - 2014-10-18 14:17 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-18 14:17 - 2014-10-18 14:17 - 00001166 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-10-18 14:17 - 2014-10-18 14:17 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-10-09 23:02 - 2014-10-09 23:02 - 00000000 ____D () C:\Users\Melanie\Documents\fox-ffv2
2014-10-09 23:01 - 2014-10-09 23:01 - 00000118 _____ () C:\Users\Melanie\mercurial.ini
2014-10-09 23:01 - 2013-10-18 18:04 - 00000236 _____ () C:\Users\Melanie\Documents\gitignore_global.txt
2014-10-09 23:01 - 2013-10-18 18:04 - 00000173 _____ () C:\Users\Melanie\Documents\hgignore_global.txt
2014-10-09 23:00 - 2014-10-09 23:00 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Atlassian
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\ProgramData\Caphyon
2014-10-09 22:59 - 2014-10-09 22:59 - 00000000 ____D () C:\Program Files (x86)\Atlassian
2014-10-09 22:58 - 2014-10-09 23:03 - 00000000 ____D () C:\ProgramData\Atlassian
2014-10-09 22:48 - 2014-10-09 22:48 - 10266464 _____ (Atlassian) C:\Users\Melanie\Downloads\SourceTreeSetup_1.6.5.exe
2014-10-09 21:43 - 2014-10-18 14:28 - 00009166 ____H () C:\Users\Melanie\_viminfo
2014-10-06 21:39 - 2014-10-07 11:22 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Wolfram Research
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wolfram Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\ProgramData\Mathematica
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Program Files\Extras
2014-10-06 21:39 - 2014-10-06 21:39 - 00000000 ____D () C:\Program Files\Common Files\Wolfram Research
2014-10-06 21:28 - 2014-10-06 21:28 - 00000000 ____D () C:\Program Files\Wolfram Research
2014-10-06 21:03 - 2014-10-06 21:22 - 2034844000 _____ (Wolfram Research, Inc. ) C:\Users\Melanie\Downloads\Mathematica_10.0.1_WIN.exe
2014-10-06 18:05 - 2014-10-06 18:05 - 00918952 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jxpiinstall(2).exe
2014-10-06 09:39 - 2014-10-13 12:03 - 00001141 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-05 09:33 - 2014-10-20 23:43 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA.job
2014-10-05 09:33 - 2014-10-19 09:43 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core.job
2014-10-05 09:33 - 2014-10-19 09:38 - 00004102 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000UA
2014-10-05 09:33 - 2014-10-19 09:38 - 00003706 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-928299268-3892372864-3771450075-1000Core
2014-10-04 09:16 - 2014-10-04 09:16 - 00000000 ____D () C:\Users\Melanie\.plugman
2014-10-03 21:36 - 2014-10-21 09:18 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 21:36 - 2014-10-20 23:41 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 21:36 - 2014-10-18 09:47 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-03 21:36 - 2014-10-03 21:36 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-03 21:36 - 2014-10-03 21:36 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-03 21:36 - 2014-10-03 21:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-03 21:35 - 2014-10-03 21:35 - 00895120 _____ (Google Inc.) C:\Users\Melanie\Downloads\ChromeSetup.exe
2014-10-03 11:24 - 2014-10-03 11:24 - 17824398 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140929(1).exe
2014-10-02 22:00 - 2014-10-02 22:00 - 00000000 __SHD () C:\Users\Melanie\AppData\Local\EmieUserList
2014-10-02 22:00 - 2014-10-02 22:00 - 00000000 __SHD () C:\Users\Melanie\AppData\Local\EmieSiteList
2014-10-02 21:49 - 2014-10-18 13:18 - 00000000 ____D () C:\Users\Melanie\Desktop\firstfox
2014-09-30 23:10 - 2014-09-30 23:10 - 00000000 ____D () C:\Users\Melanie\.ionic
2014-09-30 23:06 - 2014-09-30 23:06 - 00000000 ____D () C:\Users\Melanie\.cordova
2014-09-30 22:21 - 2014-09-30 22:24 - 00000000 ____D () C:\Users\Melanie\.ssh
2014-09-30 22:18 - 2014-10-15 22:45 - 00000469 _____ () C:\Users\Melanie\AppData\Roaming\.arcrc
2014-09-30 19:25 - 2014-09-30 19:25 - 00001389 _____ () C:\Users\Melanie\Desktop\Git Bash.lnk
2014-09-30 18:54 - 2014-09-30 18:54 - 17824398 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140929.exe
2014-09-30 18:45 - 2014-09-30 18:45 - 00000000 ____D () C:\Program Files\Arcanist
2014-09-30 18:42 - 2014-10-13 12:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-30 18:41 - 2014-09-30 18:41 - 07188616 _____ (Microsoft Corporation) C:\Users\Melanie\Downloads\vcredist_x64.exe
2014-09-30 18:26 - 2014-09-30 18:31 - 00000000 ____D () C:\Program Files\php
2014-09-30 18:25 - 2014-09-30 18:26 - 20894725 _____ () C:\Users\Melanie\Downloads\php-5.6.0-nts-Win32-VC11-x64.zip
2014-09-30 18:24 - 2014-09-30 18:25 - 19632729 _____ () C:\Users\Melanie\Downloads\php-5.6.0-Win32-VC11-x86.zip
2014-09-29 22:17 - 2014-09-29 22:17 - 00001352 _____ () C:\Users\Melanie\Desktop\eclipse_Android.lnk
2014-09-29 22:07 - 2014-09-29 22:07 - 00000000 ____D () C:\Users\Melanie\workspaceAndroid
2014-09-29 22:03 - 2014-09-29 22:03 - 00000000 ____D () C:\Program Files\Android
2014-09-29 21:55 - 2014-09-29 21:55 - 00000000 ____D () C:\Users\Melanie\Downloads\adt-bundle-windows-x86_64-20140702
2014-09-29 21:46 - 2014-09-29 21:46 - 00000000 ____D () C:\Program Files\apache
2014-09-29 21:44 - 2014-09-29 21:44 - 00000000 ____D () C:\Users\Melanie\Documents\apache-ant-1.9.4-bin-1
2014-09-29 14:11 - 2014-10-17 11:48 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\npm-cache
2014-09-29 14:10 - 2014-10-17 11:48 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\npm
2014-09-29 14:02 - 2014-09-29 14:03 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2014-09-29 14:02 - 2014-09-29 14:03 - 00000000 ____D () C:\Program Files\nodejs
2014-09-29 14:01 - 2014-09-29 14:02 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64(2).msi
2014-09-29 13:58 - 2014-09-29 13:58 - 00001317 _____ () C:\Users\Melanie\Desktop\Console.lnk
2014-09-29 13:46 - 2014-09-29 13:46 - 00000000 ____D () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_src
2014-09-29 13:46 - 2014-09-29 13:46 - 00000000 ____D () C:\Program Files\Console2
2014-09-29 13:45 - 2014-09-29 13:45 - 03699684 _____ () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_src.zip
2014-09-29 13:44 - 2014-09-29 13:44 - 01897882 _____ () C:\Users\Melanie\Downloads\Console-2.00b148-Beta_64bit.zip
2014-09-29 13:11 - 2014-09-29 13:13 - 181484960 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jdk-8u20-windows-x64(1).exe
2014-09-29 11:51 - 2014-10-03 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2014-09-29 11:51 - 2014-10-03 11:32 - 00000000 ____D () C:\Program Files (x86)\Git
2014-09-29 11:50 - 2014-09-29 11:50 - 17806885 _____ (The Git Development Community ) C:\Users\Melanie\Downloads\Git-1.9.4-preview20140815.exe
2014-09-27 21:22 - 2014-09-27 21:23 - 00000000 ____D () C:\Users\Melanie\Documents\Banking
2014-09-25 08:32 - 2014-09-25 08:37 - 00003190 _____ () C:\Users\Melanie\Wahlergebnisse.html
2014-09-25 08:20 - 2014-09-25 08:28 - 00000936 _____ () C:\Users\Melanie\new 3.html
2014-09-25 08:12 - 2014-09-25 08:12 - 00000800 _____ () C:\Users\Melanie\new.html
2014-09-24 17:22 - 2014-09-24 17:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 12:33 - 2014-09-23 12:35 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64(1).msi
2014-09-23 11:41 - 2014-09-23 11:41 - 06184960 _____ () C:\Users\Melanie\Downloads\node-v0.10.32-x64.msi
2014-09-23 11:01 - 2014-09-23 11:03 - 181484960 _____ (Oracle Corporation) C:\Users\Melanie\Downloads\jdk-8u20-windows-x64.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-21 09:21 - 2013-09-11 04:14 - 00000000 ___RD () C:\Users\Melanie\Dropbox
2014-10-21 09:21 - 2013-08-02 13:03 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Dropbox
2014-10-21 09:20 - 2011-07-13 11:20 - 00000000 ____D () C:\ProgramData\clear.fi
2014-10-21 09:19 - 2011-04-06 20:46 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-10-21 09:18 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-21 09:17 - 2011-04-06 20:18 - 01798360 _____ () C:\Windows\WindowsUpdate.log
2014-10-21 09:17 - 2011-04-06 20:14 - 00324558 _____ () C:\Windows\PFRO.log
2014-10-21 09:17 - 2009-07-13 21:51 - 00145753 _____ () C:\Windows\setupact.log
2014-10-21 09:16 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-21 09:16 - 2009-07-13 21:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 18:04 - 2013-10-14 04:05 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-20 17:48 - 2011-07-15 10:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-19 17:52 - 2014-09-01 04:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Securepoint SSL VPN
2014-10-19 16:25 - 2011-07-13 10:23 - 00000000 ____D () C:\Users\Melanie
2014-10-19 15:51 - 2011-04-07 06:08 - 00700126 _____ () C:\Windows\system32\perfh007.dat
2014-10-19 15:51 - 2011-04-07 06:08 - 00149976 _____ () C:\Windows\system32\perfc007.dat
2014-10-19 15:51 - 2009-07-13 22:13 - 01622196 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-19 13:56 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-19 13:56 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-19 08:57 - 2011-07-13 10:23 - 00066104 _____ () C:\Users\Melanie\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-19 08:55 - 2009-07-13 21:45 - 00289408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-14 16:56 - 2011-08-06 12:12 - 00000000 ____D () C:\Users\Melanie\AppData\Local\CrashDumps
2014-10-14 09:28 - 2013-10-21 00:12 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 09:28 - 2013-10-14 04:05 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 09:28 - 2013-10-14 04:05 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-13 12:03 - 2013-10-14 04:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-10 18:54 - 2013-08-05 03:52 - 00000000 ____D () C:\Users\Melanie\Documents\MATLAB
2014-10-09 22:57 - 2012-03-14 12:34 - 01596476 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-09 14:39 - 2011-07-14 08:49 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\Mozilla
2014-10-06 09:39 - 2011-11-28 12:40 - 00000000 ____D () C:\ProgramData\Avira
2014-10-05 19:20 - 2013-10-14 04:05 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-05 09:34 - 2011-07-15 10:43 - 00000000 ____D () C:\Users\Melanie\AppData\Local\Google
2014-10-04 22:13 - 2011-07-15 10:43 - 00000000 ____D () C:\Program Files (x86)\Picasa2
2014-10-03 21:36 - 2011-07-15 10:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-03 14:09 - 2012-03-14 12:34 - 00000000 ____D () C:\Users\Melanie\AppData\Roaming\SoftGrid Client
2014-09-29 22:07 - 2013-04-15 07:15 - 00000000 ____D () C:\Users\Melanie\.eclipse
2014-09-29 13:33 - 2014-01-26 11:22 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-29 13:33 - 2014-01-26 11:22 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-29 13:33 - 2014-01-26 11:22 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-29 13:33 - 2014-01-26 11:22 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-29 13:33 - 2011-10-22 07:39 - 00000000 ____D () C:\Program Files\Java
2014-09-29 13:19 - 2013-10-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2014-09-29 11:39 - 2014-07-22 11:42 - 00000000 ____D () C:\Users\Melanie\.android
2014-09-29 11:33 - 2009-07-13 22:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-29 10:28 - 2011-11-03 15:04 - 00002201 _____ () C:\Windows\wininit.ini
2014-09-28 23:15 - 2009-07-13 22:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 20:33 - 2012-04-22 08:16 - 00000000 ____D () C:\Users\Melanie\workspace2
2014-09-25 07:47 - 2012-05-06 13:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-23 11:11 - 2014-01-25 03:59 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-23 11:08 - 2013-10-04 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
Some content of TEMP:
====================
C:\Users\Melanie\AppData\Local\Temp\AskSLib.dll
C:\Users\Melanie\AppData\Local\Temp\avgnt.exe
C:\Users\Melanie\AppData\Local\Temp\AviraSetup1701721.exe
C:\Users\Melanie\AppData\Local\Temp\dl3darm2.dll
C:\Users\Melanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaxpx7w.dll
C:\Users\Melanie\AppData\Local\Temp\i4jdel0.exe
C:\Users\Melanie\AppData\Local\Temp\MSNF05E.exe
C:\Users\Melanie\AppData\Local\Temp\optprosetup.exe
C:\Users\Melanie\AppData\Local\Temp\pyl1C08.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl2DC5.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl3226.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl46DF.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl4826.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl557E.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl5BE5.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl7493.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl8342.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl92BD.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl96F1.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pyl9B56.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylA727.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylAD6F.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylB115.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylB655.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylC6A8.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylD97C.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylE60A.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\pylEA9C.tmp.exe
C:\Users\Melanie\AppData\Local\Temp\Quarantine.exe
C:\Users\Melanie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Melanie\AppData\Local\Temp\sqlite3.dll
C:\Users\Melanie\AppData\Local\Temp\WZCPlugin_VISTA.exe
C:\Users\Melanie\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Melanie\AppData\Local\Temp\_is2F2C.exe
C:\Users\Melanie\AppData\Local\Temp\_is473.exe
C:\Users\Melanie\AppData\Local\Temp\_is6EF9.exe
C:\Users\Melanie\AppData\Local\Temp\_isB598.exe
C:\Users\Melanie\AppData\Local\Temp\_isE6C5.exe
C:\Users\Melanie\AppData\Local\Temp\_isE926.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 08:30
==================== End Of Log ============================
|
|
21.10.2014, 23:26
| #13 | |
| Ruhe in Frieden † 2019 | BOO/TDSS.o Befall - was kann ich tun Hallo, Zitat:
 Trovi machen wir jetzt. Was ist mit dem Port im Firefox, hast du den gesetzt?Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3331316&octid=EB_ORIGINAL_CTID&ISID=M588AD584-4A6E-40A5-96F3-1A599BC42A3F&SearchSource=55&CUI=&UM=6&UP=SP888B9F7B-62B1-4371-A1A1-A5FBEB7F20AD&SSPV=
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 In deinem Chrome Browser ist trovi als Startseite eingetragen Stelle nach dieser Anleitung deine Startseite neu ein. Schritt 3 Bitte noch Schritt 3 aus meinem vorherigen Post (Fix mit FRST) ausführen, fixlog posten. Schritt 4 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 5 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 6 Starte noch einmal FRST.
|
|
| Themen zu BOO/TDSS.o Befall - was kann ich tun |
| avira, befall, bereits, boo/tdss.o, datei, entferne, erkannt, gefunde, heute, infizierte, infizierte datei, kaspary, laptop, liebe, malewarebytes, malware, problem, programme, programmen, versuch, versucht, win, win7 |
Linear-Darstellung
