Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Stimmen ohne ein Programm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.01.2015, 16:34   #1
feuerstein98
 
Stimmen ohne ein Programm - Icon16

Stimmen ohne ein Programm



Guten Tag Helfer,

seid heute habe ich, wie ich denke einen Virus, auf meinem PC. Dieser Virus verursacht folgendes: Egal was ich mache nach einer Zeit kommen Stimmen. Es sind unterschiedliche Stimmen, doch meistens sagt mir eine, dass ein Fußballspieler von FC Bayern nach Augsburg gewechselt ist. Das ist nervig und auch ein wenig Angst einjagend. Ich habe schon einen Viren/Trojaner Scan durchgeführt und auch unter meinen installierten Programmen nach, für mich unbekannte Programme, Ausschau gehalten! Ohne Ergebnis.
Ich hoffe auf eine schnelle Antwort.

Mit freundlichen Grüßen

feuerstein98

Alt 08.01.2015, 16:57   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 08.01.2015, 17:17   #3
feuerstein98
 
Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 08-01-2015 18:10:07
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\System32\UAService.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\003\xmkysecqun32.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe                                                                                     
HKLM\...\RunOnce: [SpybotDeletingA3308] => command.com /c del "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\searchplugins\MyStart Search.xml"
HKLM\...\RunOnce: [SpybotDeletingC2411] => cmd.exe /c del "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\searchplugins\MyStart Search.xml"
HKLM\...\RunOnce: [SpybotSnD] => C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [5365592 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [NextLive] => C:\Windows\system32\rundll32.exe "C:\Users\User\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\RunOnce: [SpybotDeletingB5374] => command.com /c del "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\searchplugins\MyStart Search.xml"
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\RunOnce: [SpybotDeletingD3046] => cmd.exe /c del "C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\searchplugins\MyStart Search.xml"
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MountPoints2: {3dd44889-c219-11e3-bc97-20cf305600f3} - F:\INSTALL.EXE
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MountPoints2: {45ad721f-1750-11e0-96a3-806e6f6e6963} - E:\AutoRun.exe --autorun
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MountPoints2: {b6409402-2675-11e1-a53b-20cf305600f3} - I:\setup.exe -a
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MountPoints2: {c05275a1-2aed-11e0-b675-20cf305600f3} - J:\LaunchU3.exe -a
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX&q={searchTerms}
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX&q={searchTerms}
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
SearchScopes: HKU\S-1-5-21-2980554796-842610410-1348767362-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M8DAD3A07-A06E-4A7C-B35C-3530FF38B0D9&SearchSource=58&CUI=&UM=5&UP=SP06CE4A34-6E00-4844-8DB0-9EF93B51EF12&q={searchTerms}&SSPV=21513SPPB_sp_ie
SearchScopes: HKU\S-1-5-21-2980554796-842610410-1348767362-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393526229&from=amt&uid=HitachiXHDS721010CLA332_JP9921HD36RNLH36RNLHX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2980554796-842610410-1348767362-1000 -> {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2980554796-842610410-1348767362-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchoholic.info/?l=1&q={searchTerms}&pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
BHO: Browser Companion Helper -> {00cbb66b-1d3b-46d3-9577-323a336acb50} -> C:\Program Files\BrowserCompanion\jsloader.dll No File
BHO: I Want This -> {11111111-1111-1111-1111-110011221158} ->  No File
BHO: Web Assistant -> {336D0C35-8A85-403a-B9D2-65C292C39087} -> C:\Program Files\Web Assistant\Extension32.dll No File
BHO: YoutubeAdBlaocke -> {389dd29b-30aa-4b53-8a3e-c329090a42f6} -> C:\Program Files\YoutubeAdBlaocke\5r7NzWv1VvEY3G.dll ()
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Browser Companion Helper Verifier -> {963B125B-8B21-49A2-A3A8-E37092276531} -> C:\Program Files\BrowserCompanion\updatebhoWin32.dll No File
BHO: unisalesi -> {d41e1605-bcf5-4307-ba1e-44950ed12dea} -> C:\Program Files\unisalesi\gmaNXLGrhGdHWq.dll ()
BHO: Search-Results Toolbar -> {f34c9277-6577-4dff-b2d7-7d58092f272f} -> C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM - Search-Results Toolbar - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll No File
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml
FF Extension: YoutubeAdBlaocke - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\Extensions\zR1@OoqHXI.edu [2014-12-26]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [12x3q4@3244516.com] - C:\Program Files\Better-Surf\ff
FF HKLM\...\Firefox\Extensions: [ext@bettersurfplus.com] - C:\Program Files\BetterSurf\BetterSurfPlus\ff
FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\extensions\quick_start@gmail.com [2014-05-29]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [{58bd07eb-0ee0-4df0-8121-dc9b693373df}] - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [poheodfamflhhhdcmjfeggbgigeefaco] - C:\Program Files\Better-Surf\ch\Chrome.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 24c54e38; c:\Program Files\DeltaFix\DeltaFix.dll [3996160 2014-12-26] () [File not signed] <==== ATTENTION
S3 ArcService; D:\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SupraSavingsService; C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe [151040 2014-06-25] () [File not signed]
R2 UserAccess; C:\Windows\system32\UAService.exe [126976 2014-09-18] () [File not signed]
R2 Verifies and fixes application compatibility issues; C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2014-12-31] ()
R2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe [541696 2014-05-03] () [File not signed]
S4 Browser Manager; No ImagePath
S2 Update Surftastic; "C:\Program Files\Surftastic\updateSurftastic.exe" [X]
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 cusbohcn; C:\Users\User\AppData\Local\Temp\cusbohcn.sys [29696 2011-05-25] () [File not signed]
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [31744 2014-06-12] (NetFilterSDK.com) [File not signed]
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 18:10 - 2015-01-08 18:11 - 00020078 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-08 18:09 - 2015-01-08 18:10 - 00000000 ____D () C:\FRST
2015-01-08 18:09 - 2015-01-08 18:09 - 00000163 _____ () C:\Windows\wininit.ini
2015-01-08 18:07 - 2015-01-08 18:08 - 01115648 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-08 13:24 - 2015-01-08 13:24 - 00000000 ____D () C:\Program Files\EnjoYCoupuon
2015-01-08 13:24 - 2015-01-08 13:24 - 00000000 ____D () C:\Program Files\COOupExxtensiOnn
2015-01-08 13:20 - 2015-01-08 16:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Compatibility Verifier
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 13:12 - 2015-01-08 13:13 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-08 13:12 - 2015-01-08 13:13 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-06 17:22 - 2015-01-08 16:15 - 00000000 ____D () C:\ProgramData\EnjoYCoupuon
2015-01-06 17:22 - 2015-01-08 16:15 - 00000000 ____D () C:\ProgramData\COOupExxtensiOnn
2015-01-03 19:10 - 2015-01-03 19:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\java
2015-01-02 16:40 - 2015-01-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
2015-01-02 12:44 - 2015-01-02 12:44 - 00000000 ____D () C:\Program Files\EExstraSavings
2015-01-02 12:05 - 2015-01-08 13:24 - 00000000 ____D () C:\ProgramData\767fe2081601d347
2015-01-02 12:05 - 2015-01-02 14:23 - 00000000 ____D () C:\ProgramData\EExstraSavings
2014-12-29 22:18 - 2014-12-29 22:19 - 00026003 _____ () C:\Users\User\Documents\Bewerbung Reporter.odt
2014-12-29 18:22 - 2014-12-29 18:23 - 00014764 _____ () C:\Users\User\Documents\Bewerbung Mafia.odt
2014-12-28 13:24 - 2014-12-28 13:24 - 00000000 ____D () C:\Damian tabe ts3
2014-12-27 09:54 - 2014-12-27 09:54 - 00000044 _____ () C:\Users\User\Documents\TS-Verbindungen.txt
2014-12-26 17:57 - 2014-12-26 17:57 - 00000000 ____D () C:\Program Files\Help Save
2014-12-26 17:57 - 2014-12-26 17:57 - 00000000 ____D () C:\Program Files\DeltaFix
2014-12-26 17:56 - 2014-12-26 17:56 - 00000000 ____D () C:\ProgramData\8538791942874583879
2014-12-26 17:56 - 2014-12-26 17:56 - 00000000 ____D () C:\Program Files\YoutubeAdBlaocke
2014-12-26 17:56 - 2014-12-26 17:56 - 00000000 ____D () C:\Program Files\unisalesi
2014-12-26 17:56 - 2014-12-26 17:56 - 00000000 ____D () C:\Program Files\uNisales
2014-12-26 17:55 - 2014-12-26 17:55 - 00000000 ____D () C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc
2014-12-25 20:15 - 2014-12-25 20:15 - 00017656 _____ () C:\Users\User\Documents\Bewerbung Mechaniker.odt
2014-12-21 20:33 - 2015-01-08 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-20 16:03 - 2014-12-20 16:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\MW2 FoV Changer
2014-12-20 16:03 - 2012-02-06 00:37 - 00083456 _____ () C:\Users\User\Downloads\MW2 MP FoV Changer.exe
2014-12-18 14:25 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 20:14 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 17:14 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 17:14 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 17:14 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 17:14 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 17:14 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 17:14 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 17:14 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 17:14 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 17:14 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 17:14 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 17:14 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 17:14 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 17:14 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 17:14 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 17:14 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 17:14 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 17:14 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 17:14 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 17:14 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 17:14 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 17:14 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 17:14 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 17:14 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 17:14 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 17:14 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 17:14 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 17:14 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 17:14 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 17:14 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 17:14 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 17:13 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 17:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 17:12 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 17:11 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-08 17:59 - 2012-01-20 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-08 16:32 - 2011-11-12 19:51 - 00000000 ____D () C:\Program Files\Steam
2015-01-08 16:30 - 2011-01-03 16:46 - 01314067 _____ () C:\Windows\WindowsUpdate.log
2015-01-08 16:23 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-08 16:23 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 16:15 - 2013-12-28 19:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\newnext.me
2015-01-08 16:15 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-08 16:15 - 2009-07-14 05:39 - 00224970 _____ () C:\Windows\setupact.log
2015-01-08 16:12 - 2013-10-31 14:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-08 14:52 - 2014-03-22 20:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 14:47 - 2011-01-03 17:29 - 00000000 ____D () C:\Program Files\Java
2015-01-08 14:42 - 2014-03-22 20:32 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-07 08:32 - 2011-01-17 17:26 - 00640076 _____ () C:\Windows\PFRO.log
2015-01-06 14:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-06 11:24 - 2014-12-07 15:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2015-01-04 17:55 - 2011-01-04 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 22:03 - 2014-07-12 23:23 - 00000000 ____D () C:\Program Files\Google
2015-01-03 22:02 - 2012-06-01 13:11 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-01-03 13:33 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2015-01-02 14:27 - 2011-10-08 11:34 - 00000000 ____D () C:\ProgramData\Origin
2015-01-02 14:25 - 2012-04-20 17:15 - 00000000 ____D () C:\Program Files\Origin
2014-12-30 16:53 - 2012-01-04 08:18 - 00000000 ____D () C:\Users\User\Wichtig
2014-12-24 09:36 - 2011-01-03 16:57 - 01629412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 08:29 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 08:32 - 2014-09-07 06:28 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-18 19:28 - 2014-09-20 18:54 - 00000000 ___RD () C:\Program Files\Skype
2014-12-18 19:28 - 2012-01-20 16:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 14:21 - 2012-04-20 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-11 16:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 20:14 - 2011-01-16 11:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 20:12 - 2013-07-27 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 20:07 - 2011-01-03 17:37 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 17:23 - 2014-10-10 15:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2014-12-10 17:23 - 2012-10-20 09:42 - 00000000 ___RD () C:\Users\User\Desktop\videosmacher

Files to move or delete:
====================
C:\Users\User\KeiNett Launcher.exe


Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\5e987f32669f6fd907cb4e4db3112a4f.dll
C:\Users\User\AppData\Local\Temp\appinstal1.exe
C:\Users\User\AppData\Local\Temp\appinstaly.exe
C:\Users\User\AppData\Local\Temp\applinstall.exe
C:\Users\User\AppData\Local\Temp\AutoRun.exe
C:\Users\User\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\User\AppData\Local\Temp\BetterSurfPlusInstaller.exe
C:\Users\User\AppData\Local\Temp\Browser_Helper_Companion_DE.exe
C:\Users\User\AppData\Local\Temp\BRSVC_13902637_hlp.exe
C:\Users\User\AppData\Local\Temp\BuenoSearchTB.exe
C:\Users\User\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\User\AppData\Local\Temp\COMPUTERBILD App-Center-Installation.exe
C:\Users\User\AppData\Local\Temp\comver.dll
C:\Users\User\AppData\Local\Temp\dlLogic.exe
C:\Users\User\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\User\AppData\Local\Temp\drvinstal.exe
C:\Users\User\AppData\Local\Temp\EAD3DBB.exe
C:\Users\User\AppData\Local\Temp\EADA3BD.exe
C:\Users\User\AppData\Local\Temp\EADB71E.exe
C:\Users\User\AppData\Local\Temp\EADB808.exe
C:\Users\User\AppData\Local\Temp\EAInstall.dll
C:\Users\User\AppData\Local\Temp\EASOUNInstaller.exe
C:\Users\User\AppData\Local\Temp\eauninstall.exe
C:\Users\User\AppData\Local\Temp\EnableExtDll.dll
C:\Users\User\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\User\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\User\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\User\AppData\Local\Temp\FreeStudio.exe
C:\Users\User\AppData\Local\Temp\FreeVideoEditor.exe
C:\Users\User\AppData\Local\Temp\GL_F52A.EXE
C:\Users\User\AppData\Local\Temp\htmlayout.dll
C:\Users\User\AppData\Local\Temp\increBibar_install1003.exe
C:\Users\User\AppData\Local\Temp\installerdll1793855.dll
C:\Users\User\AppData\Local\Temp\installerdll1800828.dll
C:\Users\User\AppData\Local\Temp\installerdll187638.dll
C:\Users\User\AppData\Local\Temp\installerdll189432.dll
C:\Users\User\AppData\Local\Temp\installerdll197809.dll
C:\Users\User\AppData\Local\Temp\installerdll243408.dll
C:\Users\User\AppData\Local\Temp\installerdll251941.dll
C:\Users\User\AppData\Local\Temp\installerdll417708.dll
C:\Users\User\AppData\Local\Temp\installerdll419112.dll
C:\Users\User\AppData\Local\Temp\installerdll427239.dll
C:\Users\User\AppData\Local\Temp\installerdll6055303.dll
C:\Users\User\AppData\Local\Temp\installerdll6077174.dll
C:\Users\User\AppData\Local\Temp\installerdll658293.dll
C:\Users\User\AppData\Local\Temp\installhelper.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R1.0-b2377jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.2-R2.0-b2396jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.2-R1.0-3-g9532cb6-b2887jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.6.4-R2.0-b2918jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.2-R0.3-56-g3779cff-b3072jnks.dll
C:\Users\User\AppData\Local\Temp\jansi-32-git-Bukkit-1.7.2-R0.3-b3020jnks.dll
C:\Users\User\AppData\Local\Temp\jline_git-Bukkit-0_0_0-606-g6e629e6-b605jnks.dll
C:\Users\User\AppData\Local\Temp\jre-8u25-windows-au.exe
C:\Users\User\AppData\Local\Temp\Mobogenie-2.1.26.exe
C:\Users\User\AppData\Local\Temp\MotoHelper_2.0.24_Driver_4.7.1.exe
C:\Users\User\AppData\Local\Temp\NGM.exe
C:\Users\User\AppData\Local\Temp\NGMDll.dll
C:\Users\User\AppData\Local\Temp\NGMResource.dll
C:\Users\User\AppData\Local\Temp\nsc5D60.exe
C:\Users\User\AppData\Local\Temp\nscAEBA.exe
C:\Users\User\AppData\Local\Temp\nscFCBA.exe
C:\Users\User\AppData\Local\Temp\nseE557.exe
C:\Users\User\AppData\Local\Temp\nsh80DB.exe
C:\Users\User\AppData\Local\Temp\nsj8125.exe
C:\Users\User\AppData\Local\Temp\nslC555.exe
C:\Users\User\AppData\Local\Temp\nsm8455.exe
C:\Users\User\AppData\Local\Temp\nsmD4B5.exe
C:\Users\User\AppData\Local\Temp\nsnAEBB.exe
C:\Users\User\AppData\Local\Temp\nsnB090.exe
C:\Users\User\AppData\Local\Temp\nsp139B.exe
C:\Users\User\AppData\Local\Temp\nspB955.exe
C:\Users\User\AppData\Local\Temp\nsr607C.exe
C:\Users\User\AppData\Local\Temp\nsrB0EC.exe
C:\Users\User\AppData\Local\Temp\nss878A.exe
C:\Users\User\AppData\Local\Temp\nss89AD.exe
C:\Users\User\AppData\Local\Temp\nsu162B.exe
C:\Users\User\AppData\Local\Temp\nsuE2F6.exe
C:\Users\User\AppData\Local\Temp\nswCDB2.exe
C:\Users\User\AppData\Local\Temp\oi_{7F461661-DC40-46A6-8FB1-5C7BBD91BF71}.exe
C:\Users\User\AppData\Local\Temp\OriginLauncher187638.exe
C:\Users\User\AppData\Local\Temp\OriginLauncher417708.exe
C:\Users\User\AppData\Local\Temp\rootsupd.exe
C:\Users\User\AppData\Local\Temp\set-app.exe
C:\Users\User\AppData\Local\Temp\Setup.exe
C:\Users\User\AppData\Local\Temp\Setup1.exe
C:\Users\User\AppData\Local\Temp\Setup2.exe
C:\Users\User\AppData\Local\Temp\setup__3635.exe
C:\Users\User\AppData\Local\Temp\Shortcut_sweetimsetup.exe
C:\Users\User\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\User\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\User\AppData\Local\Temp\SkypeSetup.exe
C:\Users\User\AppData\Local\Temp\sonarinst.exe
C:\Users\User\AppData\Local\Temp\SpOrder.dll
C:\Users\User\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\User\AppData\Local\Temp\SQLite.dll
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\User\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\User\AppData\Local\Temp\The Battle for Middle-earth_uninst.exe
C:\Users\User\AppData\Local\Temp\tmp394A.exe
C:\Users\User\AppData\Local\Temp\tmp481B.exe
C:\Users\User\AppData\Local\Temp\tmp5372.exe
C:\Users\User\AppData\Local\Temp\tmp5640.exe
C:\Users\User\AppData\Local\Temp\tmp6E83.exe
C:\Users\User\AppData\Local\Temp\tmp7F74.exe
C:\Users\User\AppData\Local\Temp\tmp9FC9.exe
C:\Users\User\AppData\Local\Temp\tmpAADD.exe
C:\Users\User\AppData\Local\Temp\tmpAED9.exe
C:\Users\User\AppData\Local\Temp\tmpD21F.exe
C:\Users\User\AppData\Local\Temp\tmpE644.exe
C:\Users\User\AppData\Local\Temp\tmpE68B.exe
C:\Users\User\AppData\Local\Temp\tmpF58B.exe
C:\Users\User\AppData\Local\Temp\ubiF5F.tmp.exe
C:\Users\User\AppData\Local\Temp\ubiFA85.tmp.exe
C:\Users\User\AppData\Local\Temp\unicows.dll
C:\Users\User\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\User\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\User\AppData\Local\Temp\utt2CAF.tmp.exe
C:\Users\User\AppData\Local\Temp\vcredist_x64.exe
C:\Users\User\AppData\Local\Temp\vcredist_x86.exe
C:\Users\User\AppData\Local\Temp\VIS-2013-German.exe
C:\Users\User\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\User\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 13:57

==================== End Of Log ============================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by User at 2015-01-08 18:12:25
Running from C:\Users\User\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 4.2 (Enabled - Out of date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.47.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Alliance of Valiant Arms (HKLM\...\Steam App 102700) (Version:  - )
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Arma 3 (HKLM\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assassin's Creed IV Black Flag (HKLM\...\Uplay Install 273) (Version:  - Ubisoft)
ATI AVIVO Codecs (Version: 11.6.0.51125 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CDEE9257-8FEB-7BAF-B28F-C4737036D674}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
ATI Problem Report Wizard (Version: 3.0.804.0 - ATI Technologies) Hidden
Battlefield 3™ (HKLM\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
Blender (HKLM\...\Blender) (Version: 2.70 - Blender Foundation)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version:  - )
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Camtasia Studio 7 (HKLM\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
ccc-core-static (Version: 2010.1125.2148.39102 - Ihr Firmenname) Hidden
Combat Arms EU (HKLM\...\Combat Arms EU) (Version:  - )
Company of Heroes - FAKEMSI (Version: 2.0.0.0 - THQ Inc.) Hidden
Company of Heroes (HKLM\...\Company of Heroes) (Version: 2.0.0.1 - THQ Inc.)
COMPUTERBILD Vorteil-Center (HKLM\...\{B7E68A6D-1C9B-4F18-B021-949115021714}) (Version: 1.1.23 - J3S)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CSS FULL DZ [Oct 15 2007] v18.1 (HKLM\...\CSS FULL DZ [Oct 15 2007]) (Version: v18.1 - GrCs2Ek~)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Der Herr der Ringe® - Die Eroberung™ (HKLM\...\{628C3D50-F524-4C49-A958-672CE7953756}) (Version: 1.0.0.1 - Electronic Arts)
Die Schlacht um Mittelerde™ II (HKLM\...\{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}) (Version:  - )
EA SPORTS online 2008 (HKLM\...\82A44D22-9452-49FB-00FB-CEC7DCAF7E23) (Version:  - )
ESET NOD32 Antivirus (HKLM\...\{17DBC9A6-D723-45E7-8D4C-7C00478B06AB}) (Version: 4.2.64.12 - ESET, spol. s r.o.)
FIFA 08 (HKLM\...\{0A2A5039-B37F-489D-B1DC-A5258DF9E697}) (Version: 1.0.1.1 - Electronic Arts)
FIFA 12 (HKLM\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 12 DEMO (HKLM\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
FIFA 13 (HKLM\...\{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}) (Version: 1.7.0.0 - Electronic Arts)
FIFA 14 (HKLM\...\{AA7A2800-1E75-4240-855B-03AFF8E5171E}) (Version: 1.0.0.7 - Electronic Arts)
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM\...\Fraps) (Version:  - )
GameSpy Arcade (HKLM\...\GameSpy Arcade) (Version:  - )
Gothic 1 (HKLM\...\Gothic 1_is1) (Version:  - piranha bytes / Pluto 13 GmbH)
Gothic 3 - Götterdämmerung (HKLM\...\{4538055F-EBC6-4E67-9365-F55B1DEFE9DE}) (Version: 1.0.0 - JoWooD)
Gothic 3 Enhanced Edition (HKLM\...\{C28A686B-D439-4B83-B023-7402E982F69D}_is1) (Version:  - Nordic Games GmbH)
Gothic II (HKLM\...\Gothic II) (Version:  - JoWooD Productions Software AG)
Help Save (HKLM\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version:  - )
IncludePragma (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}) (Version:  - BallerChart) <==== ATTENTION
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
LoiLo Game Recorder (HKLM\...\{89E4163C-BD19-45A9-BCEB-980741786799}_is1) (Version: 1.1.0.0 - LoiLo inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0407-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MK LOL (HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\MK LOL) (Version:  - )
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.3.5 (HKLM\...\MTA:SA 1.3) (Version: v1.3.5 - Multi Theft Auto)
MTA:SA v1.4.0 (HKLM\...\MTA:SA 1.4) (Version: v1.4.0 - Multi Theft Auto)
Need for Speed™ Most Wanted (HKLM\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Nero 9 Essentials (HKLM\...\{c7d5c462-67fb-4dbf-bbed-5d3a6782ab53}) (Version:  - Nero AG)
Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 11.61 (HKLM\...\Opera 11.61.1250) (Version: 11.61.1250 - Opera Software ASA)
Origin (HKLM\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
Pflanzen gegen Zombies™ (HKLM\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Pokémon Trading Card Game Online (HKLM\...\{496D7B7E-EBDC-4E2B-B021-4FF03B188B69}) (Version: 1.0.0 - The Pokémon Company International)
Prince of Persia T2T (HKLM\...\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}) (Version:  - )
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme (HKLM\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
unisalesi (HKLM\...\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Uplay (HKLM\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.0.51125.2159 - ATI Technologies Inc.) Hidden
YoutubeAdBlaocke (HKLM\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> C:\Program Files\7-Zip\7-zip.dll (Igor Pavlov)
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb.dll ()
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\User\AppData\Local\Temp\4289785d3F8\temp\Download.exe ()
CustomCLSID: HKU\S-1-5-21-2980554796-842610410-1348767362-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

==================== Restore Points  =========================

06-01-2015 21:54:39 Windows Update
07-01-2015 12:40:25 Windows Update
07-01-2015 23:45:35 Windows Update
08-01-2015 13:13:06 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 13:18:20 Windows Update
08-01-2015 13:20:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 13:30:05 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 13:31:53 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
08-01-2015 16:50:30 Removed Java 8 Update 25

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2011-01-03 17:32 - 00428463 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {15B5DF3F-4AFE-4472-B571-45896165BF35} - System32\Tasks\{8809A844-0BD9-45AC-A222-EC9108A254D6} => pcalua.exe -a C:\Users\User\Downloads\vcredist_x86.exe -d C:\Users\User\Downloads
Task: {3549C950-29F9-46B9-A936-3A458947605E} - System32\Tasks\{F5EDFF58-A2BC-474B-AC45-0E5F420215B4} => pcalua.exe -a E:\GameData\Setup.exe -d E:\GameData
Task: {475E2569-8439-4132-B16B-0E44BF32D308} - System32\Tasks\{838FC016-6ACC-4D83-B395-F7493C30349F} => pcalua.exe -a "C:\Program Files\FreePDF_XP\fpsetup.exe" -c /r
Task: {8731A314-35C5-4C9A-A99E-5AA06433A6AB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {87EB7DF7-6D18-4D17-A603-60C19D81D0D8} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2980554796-842610410-1348767362-1000
Task: {880C4242-24EC-4920-BD4A-E3C79724E728} - System32\Tasks\{C3F92471-0511-49E0-B693-2A386AEB2999} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2011-05-29] ()
Task: {9231CDF8-2D54-4ED5-951C-996F2DA5FF5F} - System32\Tasks\{8F5D5210-C65D-4549-805A-6DE25EE1229B} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2011-05-29] ()
Task: {929BA8E8-38E7-4D33-BA7D-C2064ED92D48} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {BFFC4BD8-2106-4769-B998-C0A704442B42} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {E5B978C0-C939-440E-A0D8-20BBD9149FE6} - System32\Tasks\RunAsStdUser Task => C:\Users\User\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {E7B89EAC-0E88-4443-BF15-92AA2629C65B} - System32\Tasks\{6DC09059-B610-42C9-967D-A0B334A4A10A} => C:\Program Files\LucasArts\SWKotOR\launcher.exe [2011-05-29] ()
Task: {EA4C32F7-7BD2-4843-B405-4EA062A78E40} - System32\Tasks\Escolade => C:\Users\User\AppData\Roaming\iPumper\Updater.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (whitelisted) =============

2011-01-03 17:23 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-12-26 17:57 - 2014-12-26 17:57 - 03996160 _____ () c:\Program Files\DeltaFix\DeltaFix.dll
2014-09-18 15:09 - 2014-09-18 15:09 - 00126976 _____ () C:\Windows\system32\UAService.exe
2015-01-08 13:20 - 2014-12-31 16:27 - 00087208 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2014-05-03 20:06 - 2014-05-03 20:06 - 00541696 _____ () C:\Program Files\003\xmkysecqun32.exe
2015-01-08 13:20 - 2015-01-08 06:36 - 51251880 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-08 13:20 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-08 13:20 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-08 13:20 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-08 13:20 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\User\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
2014-12-21 20:33 - 2014-12-21 20:33 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData:NT2
AlternateDataStreams: C:\Users\All Users:NT2
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT2
AlternateDataStreams: C:\ProgramData\Application Data:NT2
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT2
AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\User\Anwendungsdaten:NT2
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT
AlternateDataStreams: C:\Users\User\AppData\Roaming:NT2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupfolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk => C:\Windows\pss\Xfire.lnk.Startup
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MKLOL => "C:\Program Files\MKJogo\MKLOL\Bin\MKIM.exe" -auto
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\User\Downloads\uTorrent_3.4.1.30768.exe"  /MINIMIZED

========================= Accounts: ==========================

Administrator (S-1-5-21-2980554796-842610410-1348767362-500 - Administrator - Disabled)
Gast (S-1-5-21-2980554796-842610410-1348767362-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2980554796-842610410-1348767362-1003 - Limited - Enabled)
Schule (S-1-5-21-2980554796-842610410-1348767362-1001 - Limited - Enabled)
User (S-1-5-21-2980554796-842610410-1348767362-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2015 06:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x1408
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/08/2015 06:12:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x744
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/08/2015 06:11:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0xe60
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/08/2015 06:09:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x19f4
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/08/2015 06:07:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x110c
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/08/2015 06:05:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0x1bb4
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/08/2015 06:05:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0xf44
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/08/2015 06:04:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Name des fehlerhaften Moduls: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54ae6b1a
Ausnahmecode: 0x80000003
Fehleroffset: 0x0022ecc0
ID des fehlerhaften Prozesses: 0xdbc
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3

Error: (01/08/2015 04:50:31 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {89c534de-5653-4c8c-8cce-752ec6cef904}

Error: (01/08/2015 01:31:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "ConvertStringSidToSid(S-1-5-21-2980554796-842610410-1348767362-1001.bak)" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070539, Die Struktur der Sicherheitskennung ist unzulässig.
.


Vorgang:
   OnIdentify-Ereignis
   Generatordaten werden gesammelt

Kontext:
   Ausführungskontext: Shadow Copy Optimization Writer
   Generatorklassen-ID: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Generatorname: Shadow Copy Optimization Writer
   Generatorinstanz-ID: {86f1a035-7224-4079-8109-6dbfe413b0d2}


System errors:
=============
Error: (01/08/2015 04:16:36 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/08/2015 04:15:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
netfilter2

Error: (01/08/2015 04:15:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/08/2015 01:21:29 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/08/2015 01:20:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Compatibility Verify" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (01/08/2015 01:20:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
netfilter2

Error: (01/08/2015 01:20:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update Surftastic" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (01/08/2015 01:18:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Sicherheitsupdate für Windows 7 (KB2871997)

Error: (01/08/2015 01:18:30 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x800b0100 fehlgeschlagen: Update für Windows 7 (KB2952664)

Error: (01/08/2015 01:08:46 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1125) (User: User-PC)
Description: Die Gruppenrichtlinie konnte aufgrund eines internen Systemfehlers nicht verarbeitet werden. Eine spezifische Fehlermeldung hierzu finden Sie im Betriebsprotokoll der Gruppenrichtlinie. Es wird versucht, die Gruppenrichtlinie beim nächsten Aktualisierungszyklus erneut zu verarbeiten.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 65%
Total physical RAM: 3582.05 MB
Available physical RAM: 1242.07 MB
Total Pagefile: 7162.39 MB
Available Pagefile: 4034.3 MB
Total Virtual: 3071.88 MB
Available Virtual: 2927.36 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:298.73 GB) (Free:72.11 GB) NTFS
Drive d: (System) (Fixed) (Total:632.68 GB) (Free:488.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 16712F0F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=632.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---
__________________

Alt 08.01.2015, 19:02   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    IncludePragma

    Update Manager for SweetPacks 1.1 (HKLM\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION

    YoutubeAdBlaocke


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.01.2015, 21:11   #5
feuerstein98
 
Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Code:
ATTFilter
20:33:12.0851 0x1808  TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
20:36:22.0338 0x1808  ============================================================
20:36:22.0338 0x1808  Current date / time: 2015/01/08 20:36:22.0338
20:36:22.0338 0x1808  SystemInfo:
20:36:22.0338 0x1808  
20:36:22.0338 0x1808  OS Version: 6.1.7601 ServicePack: 1.0
20:36:22.0338 0x1808  Product type: Workstation
20:36:22.0338 0x1808  ComputerName: USER-PC
20:36:22.0338 0x1808  UserName: User
20:36:22.0338 0x1808  Windows directory: C:\Windows
20:36:22.0338 0x1808  System windows directory: C:\Windows
20:36:22.0338 0x1808  Processor architecture: Intel x86
20:36:22.0338 0x1808  Number of processors: 4
20:36:22.0338 0x1808  Page size: 0x1000
20:36:22.0338 0x1808  Boot type: Normal boot
20:36:22.0338 0x1808  ============================================================
20:36:24.0571 0x1808  KLMD registered as C:\Windows\system32\drivers\32480813.sys
20:36:24.0956 0x1808  System UUID: {E3418A68-6E9D-7E64-3C01-3C0ECCEDD568}
20:36:25.0810 0x1808  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:36:25.0835 0x1808  ============================================================
20:36:25.0835 0x1808  \Device\Harddisk0\DR0:
20:36:25.0835 0x1808  MBR partitions:
20:36:25.0835 0x1808  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:36:25.0835 0x1808  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x25576000
20:36:25.0835 0x1808  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x255A8800, BlocksNum 0x4F15D000
20:36:25.0835 0x1808  ============================================================
20:36:25.0867 0x1808  C: <-> \Device\Harddisk0\DR0\Partition2
20:36:25.0896 0x1808  D: <-> \Device\Harddisk0\DR0\Partition3
20:36:25.0971 0x1808  ============================================================
20:36:25.0971 0x1808  Initialize success
20:36:25.0971 0x1808  ============================================================
20:36:37.0004 0x1934  ============================================================
20:36:37.0004 0x1934  Scan started
20:36:37.0004 0x1934  Mode: Manual; 
20:36:37.0004 0x1934  ============================================================
20:36:37.0004 0x1934  KSN ping started
20:36:50.0696 0x1934  KSN ping finished: true
20:36:51.0612 0x1934  ================ Scan system memory ========================
20:36:51.0612 0x1934  System memory - ok
20:36:51.0612 0x1934  ================ Scan services =============================
20:36:51.0732 0x1934  [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:36:51.0749 0x1934  1394ohci - ok
20:36:51.0781 0x1934  [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:36:51.0787 0x1934  ACPI - ok
20:36:51.0808 0x1934  [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:36:51.0836 0x1934  AcpiPmi - ok
20:36:51.0913 0x1934  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:36:51.0915 0x1934  AdobeARMservice - ok
20:36:51.0958 0x1934  [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:36:52.0001 0x1934  adp94xx - ok
20:36:52.0024 0x1934  [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:36:52.0044 0x1934  adpahci - ok
20:36:52.0056 0x1934  [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:36:52.0073 0x1934  adpu320 - ok
20:36:52.0090 0x1934  [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:36:52.0092 0x1934  AeLookupSvc - ok
20:36:52.0124 0x1934  [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD             C:\Windows\system32\drivers\afd.sys
20:36:52.0132 0x1934  AFD - ok
20:36:52.0156 0x1934  [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440          C:\Windows\system32\drivers\agp440.sys
20:36:52.0170 0x1934  agp440 - ok
20:36:52.0180 0x1934  [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
20:36:52.0194 0x1934  aic78xx - ok
20:36:52.0217 0x1934  [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG             C:\Windows\System32\alg.exe
20:36:52.0232 0x1934  ALG - ok
20:36:52.0255 0x1934  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:36:52.0256 0x1934  aliide - ok
20:36:52.0289 0x1934  [ 0DB03D8F29420B2B6716436A28E79C68, 15F495AAC3FC5E369BA0DA9916C9A8854E42906311C077395C6306D18ADC71C4 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:36:52.0293 0x1934  AMD External Events Utility - ok
20:36:52.0301 0x1934  [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:36:52.0315 0x1934  amdagp - ok
20:36:52.0339 0x1934  [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:36:52.0377 0x1934  amdide - ok
20:36:52.0428 0x1934  [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:36:52.0438 0x1934  AmdK8 - ok
20:36:52.0674 0x1934  [ 8FD111119BE6924B1B8C3976FAC1B535, DC4DF8A7C4AD0C3DECF53370791C42AB0F5144039BB793BDC133F6AE32A9AAFE ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:36:52.0858 0x1934  amdkmdag - ok
20:36:52.0886 0x1934  [ C9B705FF53B15DD71F6A4D4F45396EDD, C72E0B4B4A32C9D8BF665D61EC7D1EA13CDC46262BF459EEFC653F3F56C4D954 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:36:52.0919 0x1934  amdkmdap - ok
20:36:52.0947 0x1934  [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:36:52.0949 0x1934  AmdPPM - ok
20:36:52.0966 0x1934  [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:36:52.0981 0x1934  amdsata - ok
20:36:52.0994 0x1934  [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:36:52.0998 0x1934  amdsbs - ok
20:36:53.0017 0x1934  [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:36:53.0018 0x1934  amdxata - ok
20:36:53.0055 0x1934  [ E499E422412EF37576092A52648DB2B4, 95E9C11258CAF37060242BA4E1170CEDECF3376CF0A9A1E61D46706D7C7F36F8 ] AppID           C:\Windows\system32\drivers\appid.sys
20:36:53.0058 0x1934  AppID - ok
20:36:53.0082 0x1934  [ 89B6FA43B68A373B304DFB8F6776B255, 36ABD9AB89CBC7991DE9B04051B26014982953697862BC46EF8AE4ACC2404128 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:36:53.0089 0x1934  AppIDSvc - ok
20:36:53.0112 0x1934  [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo         C:\Windows\System32\appinfo.dll
20:36:53.0114 0x1934  Appinfo - ok
20:36:53.0152 0x1934  [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:36:53.0158 0x1934  AppMgmt - ok
20:36:53.0173 0x1934  [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:36:53.0187 0x1934  arc - ok
20:36:53.0199 0x1934  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:36:53.0202 0x1934  arcsas - ok
20:36:53.0266 0x1934  [ 321696309BEBC2CEC04206F3989AF1F4, BE975589FDEC866099D32A82B5A6CF128885320583D6C1D3C55842A01A5E731C ] ArcService      D:\Arc\ArcService.exe
20:36:53.0271 0x1934  ArcService - ok
20:36:53.0360 0x1934  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:36:53.0364 0x1934  aspnet_state - ok
20:36:53.0378 0x1934  [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:53.0379 0x1934  AsyncMac - ok
20:36:53.0403 0x1934  [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:36:53.0404 0x1934  atapi - ok
20:36:53.0432 0x1934  [ 95B1E9804CA10D096C0383F7C6684950, 22891AE96904B94D61465E011C655FD75F3AA71CAB871716E8341168D852DEA9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
20:36:53.0435 0x1934  AtiHDAudioService - ok
20:36:53.0478 0x1934  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:36:53.0489 0x1934  AudioEndpointBuilder - ok
20:36:53.0502 0x1934  [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:36:53.0510 0x1934  Audiosrv - ok
20:36:53.0537 0x1934  [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:36:53.0540 0x1934  AxInstSV - ok
20:36:53.0581 0x1934  [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
20:36:53.0609 0x1934  b06bdrv - ok
20:36:53.0640 0x1934  [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
20:36:53.0667 0x1934  b57nd60x - ok
20:36:53.0687 0x1934  [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC          C:\Windows\System32\bdesvc.dll
20:36:53.0689 0x1934  BDESVC - ok
20:36:53.0707 0x1934  [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:36:53.0708 0x1934  Beep - ok
20:36:53.0752 0x1934  [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE             C:\Windows\System32\bfe.dll
20:36:53.0763 0x1934  BFE - ok
20:36:53.0782 0x1934  [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS            C:\Windows\System32\qmgr.dll
20:36:53.0796 0x1934  BITS - ok
20:36:53.0809 0x1934  [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:36:53.0823 0x1934  blbdrive - ok
20:36:53.0842 0x1934  [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:36:53.0867 0x1934  bowser - ok
20:36:53.0888 0x1934  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:36:53.0891 0x1934  BrFiltLo - ok
20:36:53.0901 0x1934  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:36:53.0902 0x1934  BrFiltUp - ok
20:36:53.0924 0x1934  [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser         C:\Windows\System32\browser.dll
20:36:53.0927 0x1934  Browser - ok
20:36:53.0978 0x1934  [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:36:53.0985 0x1934  Brserid - ok
20:36:53.0997 0x1934  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:36:54.0001 0x1934  BrSerWdm - ok
20:36:54.0011 0x1934  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:36:54.0012 0x1934  BrUsbMdm - ok
20:36:54.0019 0x1934  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:36:54.0021 0x1934  BrUsbSer - ok
20:36:54.0024 0x1934  BTCFilterService - ok
20:36:54.0032 0x1934  [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:36:54.0046 0x1934  BTHMODEM - ok
20:36:54.0073 0x1934  [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv         C:\Windows\system32\bthserv.dll
20:36:54.0077 0x1934  bthserv - ok
20:36:54.0092 0x1934  [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:36:54.0106 0x1934  cdfs - ok
20:36:54.0143 0x1934  [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:36:54.0167 0x1934  cdrom - ok
20:36:54.0188 0x1934  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:36:54.0208 0x1934  CertPropSvc - ok
20:36:54.0236 0x1934  [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:36:54.0253 0x1934  circlass - ok
20:36:54.0284 0x1934  [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS            C:\Windows\system32\CLFS.sys
20:36:54.0293 0x1934  CLFS - ok
20:36:54.0353 0x1934  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:54.0367 0x1934  clr_optimization_v2.0.50727_32 - ok
20:36:54.0441 0x1934  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:54.0447 0x1934  clr_optimization_v4.0.30319_32 - ok
20:36:54.0455 0x1934  [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:36:54.0456 0x1934  CmBatt - ok
20:36:54.0477 0x1934  [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:36:54.0490 0x1934  cmdide - ok
20:36:54.0522 0x1934  [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG             C:\Windows\system32\Drivers\cng.sys
20:36:54.0531 0x1934  CNG - ok
20:36:54.0553 0x1934  [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:36:54.0554 0x1934  Compbatt - ok
20:36:54.0572 0x1934  [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:36:54.0573 0x1934  CompositeBus - ok
20:36:54.0583 0x1934  COMSysApp - ok
20:36:54.0599 0x1934  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:36:54.0600 0x1934  crcdisk - ok
20:36:54.0631 0x1934  [ 623E143F2DF17C0106A9988F5D7DC878, 9DA30262FF22FA9F1DB247CB3B4A2892D79730EF0ECC9589D399D24B4F58E565 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:36:54.0635 0x1934  CryptSvc - ok
20:36:54.0667 0x1934  [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC             C:\Windows\system32\drivers\csc.sys
20:36:54.0687 0x1934  CSC - ok
20:36:54.0715 0x1934  [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService      C:\Windows\System32\cscsvc.dll
20:36:54.0727 0x1934  CscService - ok
20:36:54.0842 0x1934  [ 22FABDC07B4DE09773A92D49201C9F94, 741C958671872CFB8EC50DBF8C4DDB13FBDAE9330F39471752D2F6E3E3441C21 ] cusbohcn        C:\Users\User\AppData\Local\Temp\cusbohcn.sys
20:36:54.0845 0x1934  cusbohcn - ok
20:36:54.0886 0x1934  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:36:54.0895 0x1934  DcomLaunch - ok
20:36:54.0915 0x1934  [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc       C:\Windows\System32\defragsvc.dll
20:36:54.0923 0x1934  defragsvc - ok
20:36:54.0940 0x1934  [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:36:54.0943 0x1934  DfsC - ok
20:36:54.0970 0x1934  [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:36:54.0976 0x1934  Dhcp - ok
20:36:54.0995 0x1934  [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache        C:\Windows\system32\drivers\discache.sys
20:36:54.0996 0x1934  discache - ok
20:36:55.0021 0x1934  [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:36:55.0023 0x1934  Disk - ok
20:36:55.0047 0x1934  [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:36:55.0051 0x1934  Dnscache - ok
20:36:55.0087 0x1934  [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:36:55.0094 0x1934  dot3svc - ok
20:36:55.0141 0x1934  [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS             C:\Windows\system32\dps.dll
20:36:55.0145 0x1934  DPS - ok
20:36:55.0172 0x1934  [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:36:55.0173 0x1934  drmkaud - ok
20:36:55.0217 0x1934  [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:36:55.0311 0x1934  DXGKrnl - ok
20:36:55.0343 0x1934  EagleNT - ok
20:36:55.0380 0x1934  EagleXNt - ok
20:36:55.0415 0x1934  [ 73CE42907CF42BFB91BCD27FE7C7A7AF, 21292302D3542558C1FE0FAB4C539A896E357DD61FB3066D600BF971A783B1E6 ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
20:36:55.0422 0x1934  eamonm - ok
20:36:55.0451 0x1934  [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost         C:\Windows\System32\eapsvc.dll
20:36:55.0454 0x1934  EapHost - ok
20:36:55.0556 0x1934  [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
20:36:55.0624 0x1934  ebdrv - ok
20:36:55.0645 0x1934  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS             C:\Windows\System32\lsass.exe
20:36:55.0649 0x1934  EFS - ok
20:36:55.0672 0x1934  [ 7D300A43A7BD8769E0F901BF9E1AE367, F016DBCD2271B28C36240B392987FB80595CDCB82439AA5477A4350A497549E6 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
20:36:55.0675 0x1934  ehdrv - ok
20:36:55.0729 0x1934  [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:36:55.0755 0x1934  ehRecvr - ok
20:36:55.0784 0x1934  [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched         C:\Windows\ehome\ehsched.exe
20:36:55.0800 0x1934  ehSched - ok
20:36:55.0845 0x1934  [ D83323D7CD5D1CC46B42DA9E59409890, 50E354A4D54D3A78631866A70223F0D04B4862AD3510B0EFDCC968E8523EB0F5 ] EhttpSrv        C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
20:36:55.0848 0x1934  EhttpSrv - ok
20:36:55.0880 0x1934  [ EFA198F8983D064A81052851F7BB80C2, 09EF9F0572092CF4839CC0DE54078DF9D37D06BBF0D46B1B5B4A94C1650344F4 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
20:36:55.0901 0x1934  ekrn - ok
20:36:55.0951 0x1934  [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:36:55.0961 0x1934  elxstor - ok
20:36:55.0973 0x1934  [ 96F9030CA15A8D2E8D44E53C1F0E842D, A216B7033EE63920C803D4DD5281D4B4FD42A3693386FC6934676994464F21CC ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
20:36:55.0976 0x1934  epfwwfpr - ok
20:36:55.0999 0x1934  [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:36:56.0011 0x1934  ErrDev - ok
20:36:56.0046 0x1934  [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem     C:\Windows\system32\es.dll
20:36:56.0053 0x1934  EventSystem - ok
20:36:56.0071 0x1934  [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:36:56.0075 0x1934  exfat - ok
20:36:56.0144 0x1934  FairplayKD - ok
20:36:56.0157 0x1934  [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:36:56.0161 0x1934  fastfat - ok
20:36:56.0200 0x1934  [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax             C:\Windows\system32\fxssvc.exe
20:36:56.0212 0x1934  Fax - ok
20:36:56.0230 0x1934  [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:36:56.0252 0x1934  fdc - ok
20:36:56.0269 0x1934  [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost         C:\Windows\system32\fdPHost.dll
20:36:56.0271 0x1934  fdPHost - ok
20:36:56.0279 0x1934  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:36:56.0282 0x1934  FDResPub - ok
20:36:56.0291 0x1934  [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:36:56.0305 0x1934  FileInfo - ok
20:36:56.0311 0x1934  [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:36:56.0312 0x1934  Filetrace - ok
20:36:56.0320 0x1934  [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:56.0332 0x1934  flpydisk - ok
20:36:56.0349 0x1934  [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:36:56.0367 0x1934  FltMgr - ok
20:36:56.0418 0x1934  [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache       C:\Windows\system32\FntCache.dll
20:36:56.0441 0x1934  FontCache - ok
20:36:56.0480 0x1934  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:36:56.0484 0x1934  FontCache3.0.0.0 - ok
20:36:56.0491 0x1934  [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:36:56.0526 0x1934  FsDepends - ok
20:36:56.0565 0x1934  [ 2ED0BABD4CD98ED820FD0D0BCBE96721, A5B955F77BBD299DEF0F25047EF5C6E63AD3D25E4E783D974AA8BB64878D97D7 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:36:56.0569 0x1934  fssfltr - ok
20:36:56.0689 0x1934  [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:36:56.0725 0x1934  fsssvc - ok
20:36:56.0752 0x1934  [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:36:56.0764 0x1934  Fs_Rec - ok
20:36:56.0805 0x1934  [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:36:56.0810 0x1934  fvevol - ok
20:36:56.0839 0x1934  [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:36:56.0853 0x1934  gagp30kx - ok
20:36:56.0883 0x1934  [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:36:56.0897 0x1934  gpsvc - ok
20:36:56.0930 0x1934  [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
20:36:56.0931 0x1934  hamachi - ok
20:36:56.0938 0x1934  [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:36:56.0940 0x1934  hcw85cir - ok
20:36:56.0982 0x1934  [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:36:56.0989 0x1934  HdAudAddService - ok
20:36:57.0008 0x1934  [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:36:57.0011 0x1934  HDAudBus - ok
20:36:57.0030 0x1934  [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:36:57.0032 0x1934  HidBatt - ok
20:36:57.0051 0x1934  [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:36:57.0054 0x1934  HidBth - ok
20:36:57.0066 0x1934  [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:36:57.0079 0x1934  HidIr - ok
20:36:57.0097 0x1934  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv         C:\Windows\system32\hidserv.dll
20:36:57.0100 0x1934  hidserv - ok
20:36:57.0130 0x1934  [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:36:57.0131 0x1934  HidUsb - ok
20:36:57.0150 0x1934  [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:36:57.0154 0x1934  hkmsvc - ok
20:36:57.0177 0x1934  [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:36:57.0185 0x1934  HomeGroupListener - ok
20:36:57.0207 0x1934  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:36:57.0214 0x1934  HomeGroupProvider - ok
20:36:57.0236 0x1934  [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:36:57.0238 0x1934  HpSAMD - ok
20:36:57.0282 0x1934  [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:36:57.0295 0x1934  HTTP - ok
20:36:57.0316 0x1934  [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:36:57.0317 0x1934  hwpolicy - ok
20:36:57.0336 0x1934  [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:36:57.0339 0x1934  i8042prt - ok
20:36:57.0367 0x1934  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:36:57.0375 0x1934  iaStorV - ok
20:36:57.0478 0x1934  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:36:57.0482 0x1934  IDriverT - ok
20:36:58.0063 0x1934  [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:36:58.0086 0x1934  idsvc - ok
20:36:58.0108 0x1934  IEEtwCollectorService - ok
20:36:58.0131 0x1934  [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:36:58.0133 0x1934  iirsp - ok
20:36:58.0172 0x1934  [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:36:58.0188 0x1934  IKEEXT - ok
20:36:58.0211 0x1934  [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:36:58.0224 0x1934  intelide - ok
20:36:58.0242 0x1934  [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:36:58.0255 0x1934  intelppm - ok
20:36:58.0274 0x1934  [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:36:58.0277 0x1934  IPBusEnum - ok
20:36:58.0287 0x1934  [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:58.0311 0x1934  IpFilterDriver - ok
20:36:58.0349 0x1934  [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:36:58.0361 0x1934  iphlpsvc - ok
20:36:58.0382 0x1934  [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:36:58.0418 0x1934  IPMIDRV - ok
20:36:58.0437 0x1934  [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:36:58.0461 0x1934  IPNAT - ok
20:36:58.0480 0x1934  [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:36:58.0492 0x1934  IRENUM - ok
20:36:58.0510 0x1934  [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:36:58.0533 0x1934  isapnp - ok
20:36:58.0564 0x1934  [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:36:58.0582 0x1934  iScsiPrt - ok
20:36:58.0616 0x1934  [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:36:58.0630 0x1934  kbdclass - ok
20:36:58.0646 0x1934  [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:36:58.0672 0x1934  kbdhid - ok
20:36:58.0695 0x1934  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso          C:\Windows\system32\lsass.exe
20:36:58.0696 0x1934  KeyIso - ok
20:36:58.0722 0x1934  [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:36:58.0726 0x1934  KSecDD - ok
20:36:58.0756 0x1934  [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:36:58.0761 0x1934  KSecPkg - ok
20:36:58.0788 0x1934  [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:36:58.0798 0x1934  KtmRm - ok
20:36:58.0810 0x1934  [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:36:58.0816 0x1934  LanmanServer - ok
20:36:58.0831 0x1934  [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:36:58.0835 0x1934  LanmanWorkstation - ok
20:36:58.0862 0x1934  [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:36:58.0871 0x1934  lltdio - ok
20:36:58.0882 0x1934  [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:36:58.0888 0x1934  lltdsvc - ok
20:36:58.0899 0x1934  [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:36:58.0901 0x1934  lmhosts - ok
20:36:58.0924 0x1934  [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:36:58.0951 0x1934  LSI_FC - ok
20:36:58.0955 0x1934  [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:36:58.0970 0x1934  LSI_SAS - ok
20:36:58.0986 0x1934  [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:36:59.0011 0x1934  LSI_SAS2 - ok
20:36:59.0026 0x1934  [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:36:59.0045 0x1934  LSI_SCSI - ok
20:36:59.0055 0x1934  [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:36:59.0058 0x1934  luafv - ok
20:36:59.0079 0x1934  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:36:59.0083 0x1934  Mcx2Svc - ok
20:36:59.0096 0x1934  [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:36:59.0144 0x1934  megasas - ok
20:36:59.0161 0x1934  [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:36:59.0167 0x1934  MegaSR - ok
20:36:59.0233 0x1934  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
20:36:59.0237 0x1934  Microsoft Office Groove Audit Service - ok
20:36:59.0259 0x1934  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS           C:\Windows\system32\mmcss.dll
20:36:59.0262 0x1934  MMCSS - ok
20:36:59.0273 0x1934  [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem           C:\Windows\system32\drivers\modem.sys
20:36:59.0287 0x1934  Modem - ok
20:36:59.0311 0x1934  [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:36:59.0313 0x1934  monitor - ok
20:36:59.0330 0x1934  motccgp - ok
20:36:59.0333 0x1934  motccgpfl - ok
20:36:59.0367 0x1934  motmodem - ok
20:36:59.0369 0x1934  MotoSwitchService - ok
20:36:59.0380 0x1934  Motousbnet - ok
20:36:59.0394 0x1934  motusbdevice - ok
20:36:59.0414 0x1934  [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:36:59.0427 0x1934  mouclass - ok
20:36:59.0457 0x1934  [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:36:59.0470 0x1934  mouhid - ok
20:36:59.0499 0x1934  [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:36:59.0513 0x1934  mountmgr - ok
20:36:59.0538 0x1934  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:36:59.0564 0x1934  mpio - ok
20:36:59.0596 0x1934  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:36:59.0610 0x1934  mpsdrv - ok
20:36:59.0648 0x1934  [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:36:59.0661 0x1934  MpsSvc - ok
20:36:59.0682 0x1934  [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:36:59.0697 0x1934  MRxDAV - ok
20:36:59.0715 0x1934  [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:59.0718 0x1934  mrxsmb - ok
20:36:59.0731 0x1934  [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:59.0736 0x1934  mrxsmb10 - ok
20:36:59.0747 0x1934  [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:59.0750 0x1934  mrxsmb20 - ok
20:36:59.0770 0x1934  [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:36:59.0783 0x1934  msahci - ok
20:36:59.0800 0x1934  [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:36:59.0816 0x1934  msdsm - ok
20:36:59.0826 0x1934  [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC           C:\Windows\System32\msdtc.exe
20:36:59.0832 0x1934  MSDTC - ok
20:36:59.0860 0x1934  [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:36:59.0887 0x1934  Msfs - ok
20:36:59.0900 0x1934  [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:36:59.0911 0x1934  mshidkmdf - ok
20:36:59.0931 0x1934  [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:36:59.0932 0x1934  msisadrv - ok
20:36:59.0957 0x1934  [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:36:59.0962 0x1934  MSiSCSI - ok
20:36:59.0965 0x1934  msiserver - ok
20:36:59.0981 0x1934  [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:36:59.0990 0x1934  MSKSSRV - ok
20:36:59.0993 0x1934  [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:37:00.0004 0x1934  MSPCLOCK - ok
20:37:00.0013 0x1934  [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:37:00.0015 0x1934  MSPQM - ok
20:37:00.0028 0x1934  [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:37:00.0035 0x1934  MsRPC - ok
20:37:00.0042 0x1934  [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:37:00.0043 0x1934  mssmbios - ok
20:37:00.0046 0x1934  [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:37:00.0056 0x1934  MSTEE - ok
20:37:00.0069 0x1934  [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:37:00.0096 0x1934  MTConfig - ok
20:37:00.0133 0x1934  [ D48659BB24C48345D926ECB45C1EBDF5, EDEDE58316827530C25F8085F62AD48EA6D44B0F8AC1917B940F53B02CF72EA6 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:37:00.0145 0x1934  MTsensor - ok
20:37:00.0164 0x1934  [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:37:00.0167 0x1934  Mup - ok
20:37:00.0207 0x1934  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent        C:\Windows\system32\qagentRT.dll
20:37:00.0215 0x1934  napagent - ok
20:37:00.0239 0x1934  [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:37:00.0258 0x1934  NativeWifiP - ok
20:37:00.0293 0x1934  [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:37:00.0309 0x1934  NDIS - ok
20:37:00.0318 0x1934  [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:37:00.0331 0x1934  NdisCap - ok
20:37:00.0348 0x1934  [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:37:00.0350 0x1934  NdisTapi - ok
20:37:00.0367 0x1934  [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:37:00.0380 0x1934  Ndisuio - ok
20:37:00.0400 0x1934  [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:37:00.0415 0x1934  NdisWan - ok
20:37:00.0436 0x1934  [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:37:00.0438 0x1934  NDProxy - ok
20:37:00.0512 0x1934  [ 7D2633295EB6FF2B938185874884059D, B3A4E52ABCB2E2720D8ADB0B68C222D4AB98E838D40B6A731D15EB1D6C9DEA15 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
20:37:00.0536 0x1934  Nero BackItUp Scheduler 4.0 - ok
20:37:00.0580 0x1934  [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:37:00.0602 0x1934  NetBIOS - ok
20:37:00.0667 0x1934  [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:37:00.0692 0x1934  NetBT - ok
20:37:00.0817 0x1934  [ 1886A12A5610EF95C2958A2A35DCAB4C, 537A1890635921DD0181C66BDB76C0F55007A24B078B0726D6A87DC873F6315E ] netfilter       C:\Windows\system32\drivers\netfilter.sys
20:37:00.0831 0x1934  netfilter - ok
20:37:00.0834 0x1934  netfilter2 - ok
20:37:00.0845 0x1934  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon        C:\Windows\system32\lsass.exe
20:37:00.0846 0x1934  Netlogon - ok
20:37:00.0867 0x1934  [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman          C:\Windows\System32\netman.dll
20:37:00.0875 0x1934  Netman - ok
20:37:00.0922 0x1934  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:37:00.0936 0x1934  NetMsmqActivator - ok
20:37:00.0955 0x1934  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:37:00.0958 0x1934  NetPipeActivator - ok
20:37:00.0974 0x1934  [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm        C:\Windows\System32\netprofm.dll
20:37:00.0983 0x1934  netprofm - ok
20:37:00.0997 0x1934  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:37:01.0000 0x1934  NetTcpActivator - ok
20:37:01.0005 0x1934  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:37:01.0008 0x1934  NetTcpPortSharing - ok
20:37:01.0027 0x1934  [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:37:01.0029 0x1934  nfrd960 - ok
20:37:01.0051 0x1934  [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:37:01.0057 0x1934  NlaSvc - ok
20:37:01.0070 0x1934  [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:37:01.0083 0x1934  Npfs - ok
20:37:01.0101 0x1934  [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi             C:\Windows\system32\nsisvc.dll
20:37:01.0104 0x1934  nsi - ok
20:37:01.0116 0x1934  [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:37:01.0129 0x1934  nsiproxy - ok
20:37:01.0185 0x1934  [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:37:01.0212 0x1934  Ntfs - ok
20:37:01.0219 0x1934  [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null            C:\Windows\system32\drivers\Null.sys
20:37:01.0232 0x1934  Null - ok
20:37:01.0499 0x1934  [ B0881DDA5A8160422561FFAB7F0008B1, 0D89792394CF44119CCBE9B1E8C0F5563ED41141C17C6B2D32B1D1C458BAC359 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:37:01.0723 0x1934  nvlddmkm - ok
20:37:01.0751 0x1934  [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:37:01.0767 0x1934  nvraid - ok
20:37:01.0777 0x1934  [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:37:01.0804 0x1934  nvstor - ok
20:37:01.0827 0x1934  [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:37:01.0842 0x1934  nv_agp - ok
20:37:01.0894 0x1934  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:37:01.0904 0x1934  odserv - ok
20:37:01.0914 0x1934  [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:37:01.0917 0x1934  ohci1394 - ok
20:37:02.0032 0x1934  [ EF8DA126239D08B7B4734256417AE702, 4BBA0577C20E851F5B30D0D0F19382AB32AF57EFF7AA5B394E0FF6358A7AB287 ] Origin Client Service C:\Program Files\Origin\OriginClientService.exe
20:37:02.0077 0x1934  Origin Client Service - ok
20:37:02.0142 0x1934  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:37:02.0160 0x1934  ose - ok
20:37:02.0185 0x1934  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:37:02.0194 0x1934  p2pimsvc - ok
20:37:02.0219 0x1934  [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:37:02.0231 0x1934  p2psvc - ok
20:37:02.0249 0x1934  [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:37:02.0264 0x1934  Parport - ok
20:37:02.0287 0x1934  [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:37:02.0310 0x1934  partmgr - ok
20:37:02.0319 0x1934  [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
20:37:02.0331 0x1934  Parvdm - ok
20:37:02.0352 0x1934  [ 3A55D53687F16D9EF5BF307BBFEFCD9C, F1BB1B43442B151686500768C43A4D20CAA47427E78386953A42DDB42D9DDF0C ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:37:02.0359 0x1934  PcaSvc - ok
20:37:02.0372 0x1934  [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci             C:\Windows\system32\drivers\pci.sys
20:37:02.0375 0x1934  pci - ok
20:37:02.0391 0x1934  [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:37:02.0392 0x1934  pciide - ok
20:37:02.0413 0x1934  [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:37:02.0432 0x1934  pcmcia - ok
20:37:02.0440 0x1934  [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:37:02.0454 0x1934  pcw - ok
20:37:02.0487 0x1934  [ 344D1FA0438A967F1A2BAA42C86D6E19, E9CB31CBD9075B84BA771CF82A4C3AB5BF57ADEA3E76ABE8FE36FEACFD681D89 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:37:02.0503 0x1934  PEAUTH - ok
20:37:02.0545 0x1934  [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:37:02.0570 0x1934  PeerDistSvc - ok
20:37:02.0631 0x1934  [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla             C:\Windows\system32\pla.dll
20:37:02.0668 0x1934  pla - ok
20:37:02.0695 0x1934  [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:37:02.0705 0x1934  PlugPlay - ok
20:37:02.0726 0x1934  [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:37:02.0730 0x1934  PNRPAutoReg - ok
20:37:02.0743 0x1934  [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:37:02.0749 0x1934  PNRPsvc - ok
20:37:02.0770 0x1934  [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:37:02.0787 0x1934  PolicyAgent - ok
20:37:02.0821 0x1934  [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power           C:\Windows\system32\umpo.dll
20:37:02.0827 0x1934  Power - ok
20:37:02.0854 0x1934  [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:37:02.0856 0x1934  PptpMiniport - ok
20:37:02.0868 0x1934  [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:37:02.0881 0x1934  Processor - ok
20:37:02.0899 0x1934  [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:37:02.0904 0x1934  ProfSvc - ok
20:37:02.0911 0x1934  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:37:02.0913 0x1934  ProtectedStorage - ok
20:37:02.0933 0x1934  [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:37:02.0948 0x1934  Psched - ok
20:37:02.0996 0x1934  [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:37:03.0041 0x1934  ql2300 - ok
20:37:03.0060 0x1934  [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:37:03.0076 0x1934  ql40xx - ok
20:37:03.0107 0x1934  [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE           C:\Windows\system32\qwave.dll
20:37:03.0115 0x1934  QWAVE - ok
20:37:03.0128 0x1934  [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:37:03.0145 0x1934  QWAVEdrv - ok
20:37:03.0158 0x1934  [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:37:03.0170 0x1934  RasAcd - ok
20:37:03.0191 0x1934  [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:37:03.0193 0x1934  RasAgileVpn - ok
20:37:03.0198 0x1934  [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto         C:\Windows\System32\rasauto.dll
20:37:03.0203 0x1934  RasAuto - ok
20:37:03.0227 0x1934  [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:37:03.0229 0x1934  Rasl2tp - ok
20:37:03.0254 0x1934  [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan          C:\Windows\System32\rasmans.dll
20:37:03.0263 0x1934  RasMan - ok
20:37:03.0276 0x1934  [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:37:03.0278 0x1934  RasPppoe - ok
20:37:03.0291 0x1934  [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:37:03.0306 0x1934  RasSstp - ok
20:37:03.0334 0x1934  [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:37:03.0340 0x1934  rdbss - ok
20:37:03.0352 0x1934  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:37:03.0365 0x1934  rdpbus - ok
20:37:03.0378 0x1934  [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:37:03.0405 0x1934  RDPCDD - ok
20:37:03.0424 0x1934  [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:37:03.0427 0x1934  RDPDR - ok
20:37:03.0447 0x1934  [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:37:03.0448 0x1934  RDPENCDD - ok
20:37:03.0452 0x1934  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:37:03.0453 0x1934  RDPREFMP - ok
20:37:03.0477 0x1934  [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:37:03.0495 0x1934  RDPWD - ok
20:37:03.0530 0x1934  [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:37:03.0535 0x1934  rdyboost - ok
20:37:03.0561 0x1934  [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:37:03.0565 0x1934  RemoteAccess - ok
20:37:03.0585 0x1934  [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:37:03.0591 0x1934  RemoteRegistry - ok
20:37:03.0599 0x1934  [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:37:03.0603 0x1934  RpcEptMapper - ok
20:37:03.0609 0x1934  [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator      C:\Windows\system32\locator.exe
20:37:03.0611 0x1934  RpcLocator - ok
20:37:03.0637 0x1934  [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs           C:\Windows\system32\rpcss.dll
20:37:03.0645 0x1934  RpcSs - ok
20:37:03.0667 0x1934  [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:37:03.0669 0x1934  rspndr - ok
20:37:03.0698 0x1934  [ D5EDE44CA85899E0478208C8413C1C31, 341BACF35E24745134167CB5D03E24E9B61B083D06086DFDAC20F9F9F4603751 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
20:37:03.0705 0x1934  RTL8167 - ok
20:37:03.0723 0x1934  [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:37:03.0736 0x1934  s3cap - ok
20:37:03.0746 0x1934  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs           C:\Windows\system32\lsass.exe
20:37:03.0747 0x1934  SamSs - ok
20:37:03.0767 0x1934  [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:37:03.0781 0x1934  sbp2port - ok
20:37:03.0838 0x1934  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
20:37:03.0867 0x1934  SBSDWSCService - ok
20:37:03.0885 0x1934  [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:37:03.0891 0x1934  SCardSvr - ok
20:37:03.0903 0x1934  [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:37:03.0906 0x1934  scfilter - ok
20:37:03.0952 0x1934  [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule        C:\Windows\system32\schedsvc.dll
20:37:03.0971 0x1934  Schedule - ok
20:37:03.0988 0x1934  [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:37:03.0990 0x1934  SCPolicySvc - ok
20:37:04.0004 0x1934  [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:37:04.0010 0x1934  SDRSVC - ok
20:37:04.0040 0x1934  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:37:04.0053 0x1934  secdrv - ok
20:37:04.0066 0x1934  [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon        C:\Windows\system32\seclogon.dll
20:37:04.0069 0x1934  seclogon - ok
20:37:04.0076 0x1934  [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS            C:\Windows\System32\sens.dll
20:37:04.0080 0x1934  SENS - ok
20:37:04.0106 0x1934  [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:37:04.0110 0x1934  SensrSvc - ok
20:37:04.0119 0x1934  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:37:04.0132 0x1934  Serenum - ok
20:37:04.0143 0x1934  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:37:04.0146 0x1934  Serial - ok
20:37:04.0169 0x1934  [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:37:04.0182 0x1934  sermouse - ok
20:37:04.0207 0x1934  [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:37:04.0211 0x1934  SessionEnv - ok
20:37:04.0219 0x1934  [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:37:04.0231 0x1934  sffdisk - ok
20:37:04.0234 0x1934  [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:37:04.0247 0x1934  sffp_mmc - ok
20:37:04.0258 0x1934  [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:37:04.0259 0x1934  sffp_sd - ok
20:37:04.0282 0x1934  [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:37:04.0295 0x1934  sfloppy - ok
20:37:04.0334 0x1934  [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:37:04.0344 0x1934  SharedAccess - ok
20:37:04.0364 0x1934  [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:37:04.0373 0x1934  ShellHWDetection - ok
20:37:04.0392 0x1934  [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:37:04.0406 0x1934  sisagp - ok
20:37:04.0418 0x1934  [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:37:04.0442 0x1934  SiSRaid2 - ok
20:37:04.0455 0x1934  [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:37:04.0490 0x1934  SiSRaid4 - ok
20:37:04.0550 0x1934  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
20:37:04.0571 0x1934  SkypeUpdate - ok
20:37:04.0591 0x1934  [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:37:04.0605 0x1934  Smb - ok
20:37:04.0632 0x1934  [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:37:04.0637 0x1934  SNMPTRAP - ok
20:37:04.0659 0x1934  [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:37:04.0661 0x1934  spldr - ok
20:37:04.0685 0x1934  [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler         C:\Windows\System32\spoolsv.exe
20:37:04.0696 0x1934  Spooler - ok
20:37:04.0794 0x1934  [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc          C:\Windows\system32\sppsvc.exe
20:37:04.0869 0x1934  sppsvc - ok
20:37:04.0895 0x1934  [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:37:04.0899 0x1934  sppuinotify - ok
20:37:04.0923 0x1934  [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:37:04.0944 0x1934  srv - ok
20:37:04.0959 0x1934  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:37:04.0978 0x1934  srv2 - ok
20:37:04.0992 0x1934  [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:37:05.0017 0x1934  srvnet - ok
20:37:05.0034 0x1934  [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:37:05.0041 0x1934  SSDPSRV - ok
20:37:05.0054 0x1934  [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:37:05.0059 0x1934  SstpSvc - ok
20:37:05.0100 0x1934  [ 3F0164FBC0BD1ADBD02DF9759181451A, 8BDAA0373BD16B38407F93FE5C697481D4D88C72B1931D6A7B9F80C0276242B9 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
20:37:05.0124 0x1934  ss_bbus - ok
20:37:05.0146 0x1934  [ B89D62206034E5FE573C80A24DD55675, 26D12E2A7CB538DDEEA7B764242E9EAE25E0A46293AE3608E6B7DD71AECBA901 ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:37:05.0158 0x1934  ss_bmdfl - ok
20:37:05.0176 0x1934  [ 1ED0FCEA586FE2A416EE15196E5631DD, AF1EBAD7D580BF85ACD6C6287892DE4E7A679852887B9E866A032B1DDCF26183 ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:37:05.0179 0x1934  ss_bmdm - ok
20:37:05.0235 0x1934  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
20:37:05.0255 0x1934  Steam Client Service - ok
20:37:05.0277 0x1934  [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:37:05.0290 0x1934  stexstor - ok
20:37:05.0318 0x1934  [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc          C:\Windows\System32\wiaservc.dll
20:37:05.0331 0x1934  StiSvc - ok
20:37:05.0365 0x1934  [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:37:05.0367 0x1934  storflt - ok
20:37:05.0378 0x1934  [ 0BF669F0A910BEDA4A32258D363AF2A5, 83EEBACDE4F69A2866B69CAA633F5C8B3CB01D88CEDB01B6EA5988E0A25CEE47 ] StorSvc         C:\Windows\system32\storsvc.dll
20:37:05.0382 0x1934  StorSvc - ok
20:37:05.0392 0x1934  [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:37:05.0405 0x1934  storvsc - ok
20:37:05.0473 0x1934  [ 681DBDB073C53A0DE831BCB8E2EF0348, 259D18045E5D7E7B36D2273FC43B03D492C8FF9BB52DFF09A63AD82EC1C8AC08 ] SupraSavingsService C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
20:37:05.0479 0x1934  SupraSavingsService - ok
20:37:05.0495 0x1934  [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:37:05.0497 0x1934  swenum - ok
20:37:05.0523 0x1934  [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv           C:\Windows\System32\swprv.dll
20:37:05.0533 0x1934  swprv - ok
20:37:05.0577 0x1934  [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain         C:\Windows\system32\sysmain.dll
20:37:05.0604 0x1934  SysMain - ok
20:37:05.0631 0x1934  [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:37:05.0637 0x1934  TabletInputService - ok
20:37:05.0669 0x1934  [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:37:05.0676 0x1934  TapiSrv - ok
20:37:05.0684 0x1934  [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS             C:\Windows\System32\tbssvc.dll
20:37:05.0689 0x1934  TBS - ok
20:37:05.0741 0x1934  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:37:05.0783 0x1934  Tcpip - ok
20:37:05.0874 0x1934  [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:37:05.0896 0x1934  TCPIP6 - ok
20:37:05.0926 0x1934  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:37:05.0949 0x1934  tcpipreg - ok
20:37:05.0973 0x1934  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:37:05.0986 0x1934  TDPIPE - ok
20:37:06.0010 0x1934  [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:37:06.0011 0x1934  TDTCP - ok
20:37:06.0027 0x1934  [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:37:06.0030 0x1934  tdx - ok
20:37:06.0053 0x1934  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:37:06.0055 0x1934  TermDD - ok
20:37:06.0091 0x1934  [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService     C:\Windows\System32\termsrv.dll
20:37:06.0105 0x1934  TermService - ok
20:37:06.0124 0x1934  [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes          C:\Windows\system32\themeservice.dll
20:37:06.0127 0x1934  Themes - ok
20:37:06.0135 0x1934  [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:37:06.0137 0x1934  THREADORDER - ok
20:37:06.0146 0x1934  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks          C:\Windows\System32\trkwks.dll
20:37:06.0149 0x1934  TrkWks - ok
20:37:06.0195 0x1934  [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:37:06.0214 0x1934  TrustedInstaller - ok
20:37:06.0240 0x1934  [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:37:06.0274 0x1934  tssecsrv - ok
20:37:06.0312 0x1934  [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:37:06.0314 0x1934  TsUsbFlt - ok
20:37:06.0347 0x1934  [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:37:06.0361 0x1934  tunnel - ok
20:37:06.0380 0x1934  [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:37:06.0394 0x1934  uagp35 - ok
20:37:06.0407 0x1934  [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:37:06.0435 0x1934  udfs - ok
20:37:06.0449 0x1934  [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:37:06.0454 0x1934  UI0Detect - ok
20:37:06.0478 0x1934  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:37:06.0492 0x1934  uliagpkx - ok
20:37:06.0521 0x1934  [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:37:06.0535 0x1934  umbus - ok
20:37:06.0554 0x1934  [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:37:06.0583 0x1934  UmPass - ok
20:37:06.0614 0x1934  [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService    C:\Windows\System32\umrdp.dll
20:37:06.0620 0x1934  UmRdpService - ok
20:37:06.0652 0x1934  Update Surftastic - ok
20:37:06.0662 0x1934  [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost        C:\Windows\System32\upnphost.dll
20:37:06.0672 0x1934  upnphost - ok
20:37:06.0690 0x1934  [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:37:06.0730 0x1934  usbccgp - ok
20:37:06.0752 0x1934  [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:37:06.0767 0x1934  usbcir - ok
20:37:06.0776 0x1934  [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:37:06.0778 0x1934  usbehci - ok
20:37:06.0801 0x1934  [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:37:06.0807 0x1934  usbhub - ok
20:37:06.0818 0x1934  [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:37:06.0819 0x1934  usbohci - ok
20:37:06.0841 0x1934  [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:37:06.0853 0x1934  usbprint - ok
20:37:06.0881 0x1934  [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:37:06.0884 0x1934  USBSTOR - ok
20:37:06.0923 0x1934  [ F9288B919EA3065AD65F33D971604696, 6482BC7BAD595173A825667157C54CD9A553CE3F4C2BD8EAA0B20FC5429675C2 ] USBTINSP        C:\Windows\system32\DRIVERS\tinspusb.sys
20:37:06.0928 0x1934  USBTINSP - ok
20:37:06.0952 0x1934  [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:37:06.0964 0x1934  usbuhci - ok
20:37:07.0005 0x1934  [ AE24F1A4C2D92ED8132254AAD3B8486E, EFEDCF3DABD493FB838FB77372EBA090183EC9F310F5322F213AC707F89097EB ] UserAccess      C:\Windows\system32\UAService.exe
20:37:07.0010 0x1934  UserAccess - ok
20:37:07.0030 0x1934  [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms           C:\Windows\System32\uxsms.dll
20:37:07.0032 0x1934  UxSms - ok
20:37:07.0054 0x1934  [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc        C:\Windows\system32\lsass.exe
20:37:07.0055 0x1934  VaultSvc - ok
20:37:07.0071 0x1934  [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:37:07.0085 0x1934  vdrvroot - ok
20:37:07.0113 0x1934  [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds             C:\Windows\System32\vds.exe
20:37:07.0125 0x1934  vds - ok
20:37:07.0225 0x1934  [ BEDDB6B3304B67C142B776BDCB1922CB, 3BEF18E03093F7888E66004280EB1CA567B5D7C7EDEE01507B8A4FD7AA4ECB90 ] Verifies and fixes application compatibility issues C:\Users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
20:37:07.0227 0x1934  Verifies and fixes application compatibility issues - ok
20:37:07.0252 0x1934  [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:37:07.0254 0x1934  vga - ok
20:37:07.0265 0x1934  [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:37:07.0266 0x1934  VgaSave - ok
20:37:07.0287 0x1934  [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:37:07.0304 0x1934  vhdmp - ok
20:37:07.0325 0x1934  [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:37:07.0339 0x1934  viaagp - ok
20:37:07.0349 0x1934  [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
20:37:07.0351 0x1934  ViaC7 - ok
20:37:07.0369 0x1934  [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:37:07.0381 0x1934  viaide - ok
20:37:07.0395 0x1934  [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:37:07.0400 0x1934  vmbus - ok
20:37:07.0414 0x1934  [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:37:07.0417 0x1934  VMBusHID - ok
20:37:07.0430 0x1934  [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:37:07.0454 0x1934  volmgr - ok
20:37:07.0481 0x1934  [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:37:07.0489 0x1934  volmgrx - ok
20:37:07.0516 0x1934  [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:37:07.0522 0x1934  volsnap - ok
20:37:07.0539 0x1934  [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:37:07.0543 0x1934  vsmraid - ok
20:37:07.0592 0x1934  [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS             C:\Windows\system32\vssvc.exe
20:37:07.0611 0x1934  VSS - ok
20:37:07.0625 0x1934  vtany - ok
20:37:07.0633 0x1934  [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:37:07.0646 0x1934  vwifibus - ok
20:37:07.0671 0x1934  [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time         C:\Windows\system32\w32time.dll
20:37:07.0679 0x1934  W32Time - ok
20:37:07.0693 0x1934  [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:37:07.0706 0x1934  WacomPen - ok
20:37:07.0735 0x1934  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:37:07.0749 0x1934  WANARP - ok
20:37:07.0752 0x1934  [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:37:07.0754 0x1934  Wanarpv6 - ok
20:37:07.0800 0x1934  [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine        C:\Windows\system32\wbengine.exe
20:37:07.0831 0x1934  wbengine - ok
20:37:07.0855 0x1934  [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:37:07.0860 0x1934  WbioSrvc - ok
20:37:07.0888 0x1934  [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:37:07.0906 0x1934  wcncsvc - ok
20:37:07.0930 0x1934  [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:37:07.0934 0x1934  WcsPlugInService - ok
20:37:07.0951 0x1934  [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:37:07.0965 0x1934  Wd - ok
20:37:07.0999 0x1934  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:37:08.0025 0x1934  Wdf01000 - ok
20:37:08.0036 0x1934  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:37:08.0042 0x1934  WdiServiceHost - ok
20:37:08.0046 0x1934  [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:37:08.0049 0x1934  WdiSystemHost - ok
20:37:08.0050 0x1934  Web Assistant Updater - ok
20:37:08.0078 0x1934  [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient       C:\Windows\System32\webclnt.dll
20:37:08.0086 0x1934  WebClient - ok
20:37:08.0103 0x1934  [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:37:08.0110 0x1934  Wecsvc - ok
20:37:08.0118 0x1934  [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:37:08.0123 0x1934  wercplsupport - ok
20:37:08.0146 0x1934  [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc          C:\Windows\System32\WerSvc.dll
20:37:08.0149 0x1934  WerSvc - ok
20:37:08.0180 0x1934  [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:37:08.0192 0x1934  WfpLwf - ok
20:37:08.0202 0x1934  [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:37:08.0204 0x1934  WIMMount - ok
20:37:08.0254 0x1934  [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:37:08.0272 0x1934  WinDefend - ok
20:37:08.0282 0x1934  WinHttpAutoProxySvc - ok
20:37:08.0318 0x1934  [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:37:08.0325 0x1934  Winmgmt - ok
20:37:08.0373 0x1934  [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:37:08.0401 0x1934  WinRM - ok
20:37:08.0431 0x1934  [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:37:08.0434 0x1934  WinUsb - ok
20:37:08.0473 0x1934  [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:37:08.0496 0x1934  Wlansvc - ok
20:37:08.0599 0x1934  [ 5E7C103F8475C4289847D15E129C20F7, C6325D3557545FA1DA26B0B1EA9A1C95AED1FA84A93BE29A771DAD9ECB00768B ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:37:08.0640 0x1934  wlidsvc - ok
20:37:08.0661 0x1934  [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:37:08.0674 0x1934  WmiAcpi - ok
20:37:08.0697 0x1934  [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:37:08.0703 0x1934  wmiApSrv - ok
20:37:08.0769 0x1934  [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:37:08.0797 0x1934  WMPNetworkSvc - ok
20:37:08.0813 0x1934  [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:37:08.0817 0x1934  WPCSvc - ok
20:37:08.0839 0x1934  [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:37:08.0844 0x1934  WPDBusEnum - ok
20:37:08.0865 0x1934  [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:37:08.0866 0x1934  ws2ifsl - ok
20:37:08.0880 0x1934  [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc          C:\Windows\System32\wscsvc.dll
20:37:08.0885 0x1934  wscsvc - ok
20:37:08.0907 0x1934  [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
20:37:08.0909 0x1934  WSDPrintDevice - ok
20:37:08.0911 0x1934  WSearch - ok
20:37:08.0985 0x1934  [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv        C:\Windows\system32\wuaueng.dll
20:37:09.0029 0x1934  wuauserv - ok
20:37:09.0064 0x1934  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:37:09.0068 0x1934  WudfPf - ok
20:37:09.0087 0x1934  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:37:09.0093 0x1934  WUDFRd - ok
20:37:09.0110 0x1934  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:37:09.0127 0x1934  wudfsvc - ok
20:37:09.0155 0x1934  [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:37:09.0163 0x1934  WwanSvc - ok
20:37:09.0175 0x1934  XDva391 - ok
20:37:09.0179 0x1934  xhunter1 - ok
20:37:09.0217 0x1934  xmkysecqun32 - ok
20:37:09.0270 0x1934  [ CE0C846127D6ABB1E2A22E59682B2527, 9FDDECDC964A2E0AD306C68E1CF6B8B77388BBD0EC7642B61EE03273381777F7 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
20:37:09.0294 0x1934  xnacc - ok
20:37:09.0331 0x1934  [ C26C68BCBAC1F33F890C226769759209, 15FCBDF391C68D440A61512CF236C328A540DBC155D252FB7E97E14D0E99AA40 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
20:37:09.0334 0x1934  xusb21 - ok
20:37:09.0342 0x1934  ================ Scan global ===============================
20:37:09.0359 0x1934  [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
20:37:09.0386 0x1934  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:37:09.0397 0x1934  [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
20:37:09.0420 0x1934  [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:37:09.0440 0x1934  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
20:37:09.0450 0x1934  [ Global ] - ok
20:37:09.0450 0x1934  ================ Scan MBR ==================================
20:37:09.0461 0x1934  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:37:09.0681 0x1934  \Device\Harddisk0\DR0 - ok
20:37:09.0682 0x1934  ================ Scan VBR ==================================
20:37:09.0683 0x1934  [ B40575C3E0E99C9D1276778DC1697C39 ] \Device\Harddisk0\DR0\Partition1
20:37:09.0727 0x1934  \Device\Harddisk0\DR0\Partition1 - ok
20:37:09.0730 0x1934  [ 6B41565FA7130F735273064136C97BCD ] \Device\Harddisk0\DR0\Partition2
20:37:09.0771 0x1934  \Device\Harddisk0\DR0\Partition2 - ok
20:37:09.0773 0x1934  [ E05E4871B16B364AE182C68193047A2D ] \Device\Harddisk0\DR0\Partition3
20:37:09.0789 0x1934  \Device\Harddisk0\DR0\Partition3 - ok
20:37:09.0790 0x1934  ================ Scan generic autorun ======================
20:37:09.0856 0x1934  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:37:09.0880 0x1934  Adobe ARM - ok
20:37:09.0882 0x1934  Adobe Reader Speed Launcher - ok
20:37:09.0923 0x1934  mobilegeni daemon - ok
20:37:09.0925 0x1934  SpybotDeletingA3308 - ok
20:37:09.0927 0x1934  SpybotDeletingC2411 - ok
20:37:10.0079 0x1934  [ 0477C2F9171599CA5BC3307FDFBA8D89, B4F2980E0BA4C1E1B303B443A2C45F4A9090C0D745809F84AFB1879B70ABF195 ] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
20:37:10.0197 0x1934  SpybotSnD - ok
20:37:10.0260 0x1934  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:37:10.0288 0x1934  Sidebar - ok
20:37:10.0308 0x1934  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:37:10.0313 0x1934  mctadmin - ok
20:37:10.0341 0x1934  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:37:10.0361 0x1934  Sidebar - ok
20:37:10.0366 0x1934  [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:37:10.0369 0x1934  mctadmin - ok
20:37:10.0369 0x1934  Overwolf - ok
20:37:10.0394 0x1934  [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
20:37:10.0398 0x1934  NextLive - ok
20:37:10.0426 0x1934  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
20:37:10.0446 0x1934  Sidebar - ok
20:37:10.0474 0x1934  Skype - ok
20:37:10.0486 0x1934  Akamai NetSession Interface - ok
20:37:10.0487 0x1934  SpybotDeletingB5374 - ok
20:37:10.0489 0x1934  SpybotDeletingD3046 - ok
20:37:10.0489 0x1934  Waiting for KSN requests completion. In queue: 346
20:37:11.0489 0x1934  Waiting for KSN requests completion. In queue: 35
20:37:12.0489 0x1934  Waiting for KSN requests completion. In queue: 35
20:37:13.0666 0x1934  AV detected via SS2: ESET NOD32 Antivirus 4.2, C:\Program Files\ESET\ESET NOD32 Antivirus\ecmd.exe ( 4.2.64.12 ), 0x41010 ( enabled : outofdate )
20:37:13.0754 0x1934  Win FW state via NFP2: enabled
20:37:16.0403 0x1934  ============================================================
20:37:16.0403 0x1934  Scan finished
20:37:16.0403 0x1934  ============================================================
20:37:16.0408 0x1bc4  Detected object count: 0
20:37:16.0408 0x1bc4  Actual detected object count: 0
20:38:12.0998 0x06b4  Deinitialize success


Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.08.14

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
User :: USER-PC [administrator]

08.01.2015 21:11:23
mbar-log-2015-01-08 (21-11-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | MBR | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: Drivers | Physical Sectors
Objects scanned: 366155
Time elapsed: 57 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Alt 08.01.2015, 22:03   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Bitte die Logs einzeln in Codetags posten



Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> Stimmen ohne ein Programm

Alt 09.01.2015, 12:15   #7
feuerstein98
 
Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Erst einmal danke für deine starke Hilfe und Unterstützung bisher! Ohne dich hätte ich es nie zu diesem Punkt gebracht.
Combofix Logfile:
Code:
ATTFilter
ComboFix 15-01-08.01 - User 09.01.2015  12:58:36.1.4 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3582.2460 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\Neuer Ordner\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files\BrowserCompanion
c:\program files\BrowserCompanion\logo.ico
c:\program files\BrowserCompanion\terms.lnk.url
c:\program files\Common Files\Config\uninstinethnfd.exe
c:\program files\Common Files\Config\ver.xml
c:\program files\MediaBuzzV1
c:\program files\MediaPlayerV1
c:\program files\MediaViewerV1
c:\program files\MediaViewV1
c:\program files\MediaWatchV1
c:\program files\RichMediaViewV1
c:\program files\TrustMediaViewerV1
c:\program files\unisalesi
c:\program files\unisalesi\gmaNXLGrhGdHWq.dat
c:\program files\unisalesi\gmaNXLGrhGdHWq.dll
c:\program files\unisalesi\gmaNXLGrhGdHWq.tlb
c:\program files\WebexpEnhancedV1
c:\programdata\8538791942874583879
c:\programdata\8538791942874583879\cd5b15e575e1c3d0e3eceae9ee88d9ad.ini
c:\programdata\ntuser.pol
c:\users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Surftastic_iels
c:\users\User\AppData\Local\Temp\4289785d3F8\temp\DoWNload.exe
c:\users\User\AppData\Roaming\.#
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\bootstrap.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\content\bg.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\install.rdf
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\WebSearch.xml
c:\users\User\AppData\Roaming\systweak\ssd\SSDPTstub.exe
c:\users\User\KeiNett Launcher.exe
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\IsUn0407.exe
c:\windows\jestertb.dll
c:\windows\system32\installd.exe
c:\windows\system32\logs
c:\windows\system32\logs\latest.log
c:\windows\system32\roboot.exe
c:\windows\system32\server.log
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-12-09 bis 2015-01-09  ))))))))))))))))))))))))))))))
.
.
2015-01-08 19:43 . 2015-01-09 11:37	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-08 19:43 . 2015-01-08 20:10	119000	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-08 19:41 . 2015-01-08 20:10	79576	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-01-08 19:22 . 2015-01-08 19:22	--------	d-----w-	c:\program files\VS Revo Group
2015-01-08 17:09 . 2015-01-08 17:14	--------	d-----w-	C:\FRST
2014-12-28 12:24 . 2014-12-28 12:24	--------	d-----w-	C:\Damian tabe ts3
2014-12-26 16:57 . 2015-01-08 20:01	--------	d-----w-	c:\program files\Help Save
2014-12-26 16:56 . 2015-01-08 20:01	--------	d-----w-	c:\program files\uNisales
2014-12-26 16:55 . 2014-12-26 16:55	--------	d-----w-	c:\programdata\nccncfbieclkohpknecjlhkfidfnkkbc
2014-12-20 15:03 . 2014-12-20 15:03	--------	d-----w-	c:\users\User\AppData\Roaming\MW2 FoV Changer
2014-12-18 13:25 . 2014-12-13 03:33	115712	----a-w-	c:\windows\system32\ieUnatt.exe
2014-12-10 19:14 . 2014-10-18 01:33	3209728	----a-w-	c:\windows\system32\mf.dll
2014-12-10 16:13 . 2014-11-22 02:15	10948096	----a-w-	c:\program files\Internet Explorer\F12Resources.dll
2014-12-10 16:13 . 2014-11-27 01:10	815280	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2014-12-10 16:12 . 2014-11-08 02:45	2048	----a-w-	c:\windows\system32\tzres.dll
2014-12-10 16:12 . 2014-10-03 01:45	1177088	----a-w-	c:\windows\system32\WsmSvc.dll
2014-12-10 16:12 . 2014-10-03 01:45	248832	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 16:12 . 2014-10-03 01:45	214016	----a-w-	c:\windows\system32\WsmWmiPl.dll
2014-12-10 16:12 . 2014-10-03 01:45	145920	----a-w-	c:\windows\system32\WsmAuto.dll
2014-12-10 16:12 . 2014-10-03 01:44	198656	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 16:11 . 2014-10-30 01:45	155136	----a-w-	c:\windows\system32\charmap.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-06 03:36 . 2011-01-03 16:11	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-12-02 11:01 . 2015-01-09 11:43	9054624	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1441639-436B-41B7-ADC8-F9E109056169}\mpengine.dll
2014-11-18 13:56 . 2014-11-18 13:56	1202848	----a-w-	c:\windows\system32\FM20.DLL
2014-11-11 02:44 . 2014-11-19 14:51	186880	----a-w-	c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 14:51	550912	----a-w-	c:\windows\system32\kerberos.dll
2014-10-29 18:55 . 2012-10-18 08:22	348928	----a-w-	c:\windows\system32\PnkBstrB.xtr
2014-10-29 18:55 . 2014-07-10 17:39	280904	----a-w-	c:\windows\system32\PnkBstrB.ex0
2014-10-26 19:34 . 2014-07-10 17:39	76152	----a-w-	c:\windows\system32\PnkBstrA.exe
2014-10-25 20:29 . 2012-10-18 08:20	138056	----a-w-	c:\users\User\AppData\Roaming\PnkBstrK.sys
2014-10-25 01:32 . 2014-11-13 15:24	67584	----a-w-	c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-13 15:25	571904	----a-w-	c:\windows\system32\oleaut32.dll
2014-10-14 01:56 . 2014-11-13 15:24	136632	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50 . 2014-11-13 15:24	523776	----a-w-	c:\windows\system32\termsrv.dll
2014-10-14 01:50 . 2014-11-13 15:25	2363904	----a-w-	c:\windows\system32\msi.dll
2014-10-14 01:50 . 2014-11-13 15:24	1059840	----a-w-	c:\windows\system32\lsasrv.dll
2014-10-14 01:47 . 2014-11-13 15:24	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-10-14 01:46 . 2014-11-13 15:24	681984	----a-w-	c:\windows\system32\adtschema.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\User\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30872168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2010-08-12 13:16	2215064	----a-w-	c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 16:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MKLOL]
2014-08-09 10:04	1076424	----a-w-	c:\program files\MKJogo\MKLOL\Bin\MKIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-09-12 14:07	4272640	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-11-25 20:40	336384	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-11-18 20:23	1940160	----a-w-	c:\program files\Steam\Steam.exe
.
R1 netfilter2;netfilter2;c:\windows\system32\drivers\netfilter2.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R2 Update Surftastic;Update Surftastic;c:\program files\Surftastic\updateSurftastic.exe [x]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
R3 ArcService;Arc Service;d:\arc\ArcService.exe [2014-10-21 88400]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 cusbohcn;cusbohcn;c:\users\User\AppData\Local\Temp\cusbohcn.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files\Origin\OriginClientService.exe [2014-12-18 1903472]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [2010-03-29 122752]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
R4 Browser Manager;Browser Manager; [x]
R4 SupraSavingsService;SupraSavingsService;c:\program files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe [2014-06-25 151040]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 netfilter;netfilter;c:\windows\system32\drivers\netfilter.sys [2014-06-12 31744]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [2014-12-31 87208]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
mStart Page = hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{d41e1605-bcf5-4307-ba1e-44950ed12dea} - c:\program files\unisalesi\gmaNXLGrhGdHWq.dll
Toolbar-10 - (no file)
HKCU-Run-Overwolf - c:\program files\Overwolf\Overwolf.exe
HKCU-Run-Akamai NetSession Interface - c:\users\User\AppData\Local\Akamai\netsession_win.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-Akamai NetSession Interface - c:\users\User\AppData\Local\Akamai\netsession_win.exe
MSConfigStartUp-FreePDF Assistant - c:\program files\FreePDF_XP\fpassist.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSConfigStartUp-uTorrent - c:\users\User\Downloads\uTorrent_3.4.1.30768.exe
AddRemove-Battlelog Web Plugins - c:\program files\Battlelog Web Plugins\uninstall.exe
AddRemove-Opera 11.61.1250 - c:\program files\Opera\Opera.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2980554796-842610410-1348767362-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:68,dc,ae,28,a1,33,1b,10,08,ec,b1,9e,15,9c,88,67,4b,fa,fe,17,f5,3b,d5,
   79,8b,e4,c9,7f,1d,8d,6f,c0,de,b1,e2,31,1d,57,1f,49,4c,b5,69,93,0c,f6,e8,00,\
"??"=hex:5e,42,1a,74,74,40,a4,8c,4c,97,40,15,d3,d2,5e,94
.
[HKEY_USERS\S-1-5-21-2980554796-842610410-1348767362-1000\Software\SecuROM\License information*]
"datasecu"=hex:c9,ef,e3,8e,d8,c5,49,c5,0a,39,a8,da,60,ad,1a,76,46,d7,7c,84,f4,
   84,43,6d,58,5c,51,18,00,7a,24,28,41,90,4b,85,19,f2,9c,3d,b4,6a,93,55,0e,4e,\
"rkeysecu"=hex:56,c0,be,43,a4,65,68,bb,1c,9d,1a,d9,69,ff,5e,0d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\UAService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
c:\users\User\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-01-09  13:12:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-01-09 12:12
.
Vor Suchlauf: 16 Verzeichnis(se), 75.809.132.544 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 82.674.044.928 Bytes frei
.
- - End Of File - - 09A0C93D7ABF62CF1D4AE93AB950CD9F
         
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/CODE]

LG
feuerstein98

Alt 09.01.2015, 13:07   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.01.2015, 21:08   #9
feuerstein98
 
Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Guten Abend,

wissen sie wie viele Dateien MBAM etwa bei mir überprüfen muss?

Danke im vorraus!

feuerstein98

Guten Abend,

danke für die bisherige Hilfe es scheint ja ein relativ "gemeiner" Virus zu sein
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 09.01.2015 14:59:53, SYSTEM, USER-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 09.01.2015 14:59:53, SYSTEM, USER-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.1.7.1, 
Update, 09.01.2015 15:00:04, SYSTEM, USER-PC, Manual, Malware Database, 2014.11.20.6, 2015.1.9.9, 
Update, 09.01.2015 20:07:15, SYSTEM, USER-PC, Manual, Malware Database, 2015.1.9.9, 2015.1.9.15, 

(end)
         
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v4.107 - Bericht erstellt am 09/01/2015 um 21:53:40
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Downloads\AdwCleaner_4.107.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : Browser Manager
Dienst Gelöscht : netfilter
[#] Dienst Gelöscht : SupraSavingsService
[#] Dienst Gelöscht : Update Surftastic
[#] Dienst Gelöscht : Web Assistant Updater
Dienst Gelöscht : UserAccess

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\COOupExxtensiOnn
Ordner Gelöscht : C:\ProgramData\EExstraSavings
Ordner Gelöscht : C:\ProgramData\EnjoYCoupuon
Ordner Gelöscht : C:\ProgramData\767fe2081601d347
Ordner Gelöscht : C:\Program Files\~Web Assistant
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Mobogenie
Ordner Gelöscht : C:\Program Files\Uncompressor
Ordner Gelöscht : C:\Program Files\VideoPlayerV3
Ordner Gelöscht : C:\Program Files\COOupExxtensiOnn
Ordner Gelöscht : C:\Program Files\EExstraSavings
Ordner Gelöscht : C:\Program Files\EnjoYCoupuon
Ordner Gelöscht : C:\Users\User\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User\AppData\Local\genienext
Ordner Gelöscht : C:\Users\User\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\User\AppData\Local\Oxy
Ordner Gelöscht : C:\Users\User\AppData\Local\Tuguu_SL
Ordner Gelöscht : C:\Users\User\AppData\Roaming\awesomehp
Ordner Gelöscht : C:\Users\User\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\User\AppData\Roaming\iPumper
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Oxy
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Ordner Gelöscht : C:\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Windows\system32\UAService.exe
Datei Gelöscht : C:\Users\User\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\invalidprefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\eniehqts.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Escolade
Task Gelöscht : RunAsStdUser Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\oxy.exe
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P80bf2c33_81ea_4938_9423_c59cac4428c8_.P80bf2c33_81ea_4938_9423_c59cac4428c8_
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\P80bf2c33_81ea_4938_9423_c59cac4428c8_.P80bf2c33_81ea_4938_9423_c59cac4428c8_.9
Schlüssel Gelöscht : HKCU\Software\eedc8ce73fe942
Schlüssel Gelöscht : HKLM\SOFTWARE\eedc8ce73fe942
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{155d6a90-0320-4506-bc9b-5cb6b07e4767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2bc0afe5-beb5-4ed1-aab2-0fa4072e1c8a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80bf2c33-81ea-4938-9423-c59cac4428c8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{155d6a90-0320-4506-bc9b-5cb6b07e4767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2bc0afe5-beb5-4ed1-aab2-0fa4072e1c8a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{80bf2c33-81ea-4938-9423-c59cac4428c8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Blabbers       
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Escolade
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\BetterSurf
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DF3E224-05CD-4113-AA7A-86F2F6607B46}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0.5 (x86 de)

[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15665");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e82ec35300000000000020cf305600f3&q=");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=115935&tt=4712_8&babsrc=NT_ss&mntrId=e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.817:16:14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.id", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16124");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=E82E20CF305600F3&affID=128491&tsp=5167");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=E82E20CF305600F3&affID=128491&tsp=5167");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.77:36:51");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.enabledAddons", "battlefieldheroespatcher%40ea.com:5.0.145.0,bbrs_002%40blabbers.com:1.0.5,%7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0,%7B94cd2cc3-083f-49ba-a218-4cda4b482[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.admin", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.afterInstallRpt", "sent");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.cntry", "DE");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.dfltLng", "EN");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.dfltlng", "EN");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.dfltsrch", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.did", "10665");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.envrmnt", "production");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.excTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.hdrMd5", "B3978502530535E76433E6652C252958");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.hmpg", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.hrdid", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.id", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.instlday", "15573");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.instlref", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.isdcmntcmplt", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.keywordurl", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.149:21:11");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.newtab", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.newtaburl", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.ppd", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.productid", "26");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.prtnrid", "Incredibar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.sg", "{smplGrp}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.smplgrp", "none");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.srch", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.srchprvdr", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.tlbrid", "base");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyLGgmLPq&loc=IB_TB&i=26&search=");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.upn2", "6OyLGgmLPq");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.upn2n", "92261967783937024");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar.vrsnts", "1.5.11.149:21:11");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.did", "10665");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.id", "e82ec35300000000000020cf305600f3");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.instlDay", "15573");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.newTab", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.ppd", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.productid", "26");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyLGgmLPq&loc=IB_TB&i=26&search=");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyLGgmLPq");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261967783937024");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.149:21:11");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1401121374895");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cargo", "3.1010000");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.newtab.created", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.newtab.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxps://www.google.de/");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.apps.)?facebook\\.com.*");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.apps.)?facebook\\.com.*");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{5187A98F-0910-45F1-9A6D-52F104FB99EF}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?st=6&barid={5187A98F-0910-45F1-9A6D-52F104FB99EF}");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E+x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E,x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E-x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E.:2z527", "2423");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E.:2z527.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E.x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E/x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:", "6E6C71716E736D737070");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E06CG5EL8:.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K", "247E2D2F226A74727777747973797676242F4B49474F42357D5D5C3D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E06CG5EL;8I:K.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E0x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E1x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E2x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJ=>=FM\"LL.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJ=BFJ?B#MM.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJC<=FBJ#MM.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJC<=FBJ#NCF.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJHBEGE<HJQFOB)SS.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJI5E K@C.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJI7GAK@#MM.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E31;CJI>K3?A#MM.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E3x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E4x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E5x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E6x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E7x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E8x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E9x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E:x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E;x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E<x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E=x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E>x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E?x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7E@x305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EAx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EBE3G=;D9N9=D.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EBx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7ECx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7EDx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B+7Etx305.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3G>D", "673B3C706C7373417A7674787320477A794E2521237B252A285557265524275A592C6061");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3G>D.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3G@6:5;", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3G@6:5;.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3GFA7EF", "2B2E2C3D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-0?3GFA7EF.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A23282E2E3132333435363B466068576C5E6857705A6C60606B6668563F73796F697861");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B-3=3ECCJA=F>.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;KRIE@PDAWM", "6A696B7273747576");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B/>01=9A6K6<IM;KRIE@PDAWM.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B3=>@44I48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B3=>@44I48?.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B5BA==9CJAG", "6A6C706F3E4173727A4277764747487C774C227B50");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B5BA==9CJAG.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;ANR@P", "6E6C71716E736D73707073767A");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B6B11G4C56B>F;P;ANR@P.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B90E@.3C;7B=?OFB>>RHIQS", "393F352F3E");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B90E@.3C;7B=?OFB>>RHIQS.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B9643G3/9E", "6A");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B9643G3/9E.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE", "2B2E2C3D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B;45>:BI9I7IE.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B<:222H64<", "393F352F3E");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B<:222H64<.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ", "6D70706E7674737975712A7973727A78757E21");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B<:222H64<L8DAJ.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:", "4443");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B=+03EH8H8J?:.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B?+E2A52D8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B?+E2A52D8.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H", "6D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9B?B0D:8AJ62<H.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9BA@0<0BI6A7GN:6@L?", "6C");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263./9BA@0<0BI6A7GN:6@L?.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.PG_ENABLE", "74727565");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.PG_ENABLE.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED", "46414C5345");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_JUST_INSTALLED.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_STATUS", "454E41424C4544");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_STATUS.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_USER_ID", "6369645F3237323230313431393336333432353038343437");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.SF_USER_ID.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263._key_cl_active", "62636164343139612D383661322D346230342D623138322D346264346662646433313465");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263._key_cl_active.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_experience_000", "3136");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_experience_000.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_firstuse0100", "31");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_firstuse0100.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_user_id_000", "43423334323233323038313035355F313339353531363633393537375F46697265666F78");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cb_user_id_000.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cbfirsttime", "5468752046656220323720323031342031393A33363A343020474D542B30313030");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.cbfirsttime.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime", "31343031353138333638383631");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appStateReportTime.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active", "6F6E");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appState_Clarity_Active.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appsConfig.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled", "6E756C6C");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_appsDefaultEnabled.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_calledSetupService", "31");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_calledSetupService.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_currentVersion", "312E31332E302E3137");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_currentVersion.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_first_time", "31");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_first_time.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid", "7B64363363353934622D336233652D346633632D383563312D6433346238656131303565367D");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_lastInstallationSessionGuid.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime", "31343031353138333730313734");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_lastLoginTime.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_localization.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_mamEnabled", "66616C7365");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_mamEnabled.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_settings1.13.0.17.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget", "66616C7365");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_showWelcomeGadget.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_stamp", "313130325F30");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_stamp.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_userBornDate", "3230313430323237");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_userBornDate.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_userId", "63316435636164392D323730352D346436352D393066662D363361373937356337353339");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_userId.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted", "");
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.mam_gk_user_approval_interacted.storedInFile", false);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.url_history0001", "687474703A2F2F7777772E796F75747562652E636F6D2F6D795F766964656F733A3A3A636C69636B68616E646C65723A3A3A313339333532363631353538342C2C2C687474703A2F2F7777[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("valueApps.ct3316263.url_history0001.storedInFile", true);
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&[...]
[eniehqts.default\prefs.js] - Zeile gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavi[...]
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("extensions.6JoIqk92sE66uwJa.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("extensions.fjY68ivUGaraMdaP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start@gmail.com.install-event-fired", true);
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("extensions.tqykr9FdjdPAugyw.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.index[...]
[fihm4efv.default-1405187378199\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.searchoholic.info/?pid=20978&r=2014/12/26&hid=16423760231563581869&lg=EN&cc=DE&unqvl=72&l=1&q=");

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [45516 octets] - [09/01/2015 21:48:54]
AdwCleaner[S0].txt - [48191 octets] - [09/01/2015 21:53:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [48252 octets] ##########
         
--- --- ---


JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by User on 09.01.2015 at 22:03:23,72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update surftastic



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\fihm4efv.default-1405187378199\prefs.js

user_pref("extensions.ahKEe6Qu5bsJjdfm.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnale
user_pref("extensions.ahKEe6Qu5bsJjdfm.url", "hxxp://toolkitcoupon.us/sync2/?q=hfZ9ofV9CShEAen0rTa4qHYMg708BNmGWj8wmihGheDUojw9rjsGqTw7qjgHqGhIC7n0rjnFrTs7rjg8qHkHtNhVCT94tMVK
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\fihm4efv.default-1405187378199\minidumps [56 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.01.2015 at 22:04:36,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 09-01-2015 22:10:17
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2980554796-842610410-1348767362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199
FF Homepage: hxxp://www.google.com/
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-maps.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; D:\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 cusbohcn; \??\C:\Users\User\AppData\Local\Temp\cusbohcn.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 22:04 - 2015-01-09 22:04 - 00001504 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-09 22:03 - 2015-01-09 22:03 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 22:02 - 2015-01-09 22:02 - 01707939 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-01-09 21:48 - 2015-01-09 21:56 - 00000000 ____D () C:\AdwCleaner
2015-01-09 21:43 - 2015-01-09 21:44 - 02191360 _____ () C:\Users\User\Downloads\AdwCleaner_4.107.exe
2015-01-09 21:43 - 2015-01-09 21:43 - 00000464 _____ () C:\Users\User\Desktop\mbam.txt
2015-01-09 20:07 - 2015-01-09 20:08 - 06619054 _____ () C:\Users\User\Downloads\FTB_Launcher.exe
2015-01-09 14:59 - 2015-01-09 14:59 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-09 14:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 14:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 14:56 - 2015-01-09 14:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 13:12 - 2015-01-09 13:12 - 00017941 _____ () C:\ComboFix.txt
2015-01-09 12:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-09 12:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-09 12:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-09 12:52 - 2015-01-09 12:52 - 05609736 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-09 12:52 - 2015-01-09 12:52 - 00001134 _____ () C:\Users\User\Desktop\ComboFix.exe - Verknüpfung.lnk
2015-01-09 12:51 - 2015-01-09 13:12 - 00000000 ____D () C:\Qoobox
2015-01-09 12:50 - 2015-01-09 13:11 - 00000000 ____D () C:\Windows\erdnt
2015-01-08 20:43 - 2015-01-09 20:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 20:43 - 2015-01-09 12:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Users\User\Downloads\mbar
2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-08 20:41 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 20:40 - 2015-01-08 20:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.08.2.1001.exe
2015-01-08 20:32 - 2015-01-08 20:33 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-01-08 20:22 - 2015-01-08 20:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-08 20:22 - 2015-01-08 20:22 - 00001228 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-08 20:22 - 2015-01-08 20:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-08 18:12 - 2015-01-08 18:14 - 00032623 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-08 18:10 - 2015-01-09 22:10 - 00010382 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-08 18:10 - 2015-01-08 18:14 - 00039244 _____ () C:\Users\User\Downloads\FRST1.txt
2015-01-08 18:09 - 2015-01-09 22:10 - 00000000 ____D () C:\FRST
2015-01-08 18:07 - 2015-01-08 18:08 - 01115648 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-03 19:10 - 2015-01-03 19:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\java
2015-01-02 16:40 - 2015-01-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
2014-12-29 22:18 - 2014-12-29 22:19 - 00026003 _____ () C:\Users\User\Documents\Bewerbung Reporter.odt
2014-12-29 18:22 - 2014-12-29 18:23 - 00014764 _____ () C:\Users\User\Documents\Bewerbung Mafia.odt
2014-12-28 13:24 - 2014-12-28 13:24 - 00000000 ____D () C:\Damian tabe ts3
2014-12-27 09:54 - 2014-12-27 09:54 - 00000044 _____ () C:\Users\User\Documents\TS-Verbindungen.txt
2014-12-26 17:57 - 2015-01-08 21:01 - 00000000 ____D () C:\Program Files\Help Save
2014-12-26 17:56 - 2015-01-08 21:01 - 00000000 ____D () C:\Program Files\uNisales
2014-12-26 17:55 - 2014-12-26 17:55 - 00000000 ____D () C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc
2014-12-25 20:15 - 2014-12-25 20:15 - 00017656 _____ () C:\Users\User\Documents\Bewerbung Mechaniker.odt
2014-12-21 20:33 - 2015-01-08 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-20 16:03 - 2014-12-20 16:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\MW2 FoV Changer
2014-12-20 16:03 - 2012-02-06 00:37 - 00083456 _____ () C:\Users\User\Downloads\MW2 MP FoV Changer.exe
2014-12-18 14:25 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 20:14 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 17:14 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 17:14 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 17:14 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 17:14 - 2014-11-22 03:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 17:14 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 17:14 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 17:14 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 17:14 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 17:14 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 17:14 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 17:14 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 17:14 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 17:14 - 2014-11-22 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 17:14 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 17:14 - 2014-11-22 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 17:14 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 17:14 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 17:14 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 17:14 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 17:14 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 17:14 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 17:14 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 17:14 - 2014-11-22 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 17:14 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 17:14 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 17:14 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 17:14 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 17:14 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 17:14 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 17:14 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 17:13 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 17:12 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 17:12 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 17:12 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 17:11 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 22:08 - 2011-01-03 16:46 - 01581406 _____ () C:\Windows\WindowsUpdate.log
2015-01-09 22:06 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 22:06 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 22:00 - 2012-01-20 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-09 21:59 - 2011-01-17 17:26 - 00781446 _____ () C:\Windows\PFRO.log
2015-01-09 21:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 21:59 - 2009-07-14 05:39 - 00225306 _____ () C:\Windows\setupact.log
2015-01-09 21:43 - 2014-07-09 09:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDM2
2015-01-09 21:43 - 2014-06-26 20:27 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2015-01-09 21:07 - 2013-10-31 14:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-09 14:59 - 2011-01-03 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 13:21 - 2011-11-12 19:51 - 00000000 ____D () C:\Program Files\Steam
2015-01-09 13:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-09 13:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-09 13:07 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-09 13:06 - 2009-07-14 03:03 - 64749568 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-08 21:03 - 2013-04-01 17:43 - 00000000 ____D () C:\Windows\de
2015-01-08 14:52 - 2014-03-22 20:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 14:47 - 2011-01-03 17:29 - 00000000 ____D () C:\Program Files\Java
2015-01-08 14:42 - 2014-03-22 20:32 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-06 14:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-06 11:24 - 2014-12-07 15:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2015-01-06 04:36 - 2011-01-03 17:11 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 17:55 - 2011-01-04 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 22:03 - 2014-07-12 23:23 - 00000000 ____D () C:\Program Files\Google
2015-01-03 22:02 - 2012-06-01 13:11 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-01-03 13:33 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2015-01-02 14:27 - 2011-10-08 11:34 - 00000000 ____D () C:\ProgramData\Origin
2015-01-02 14:25 - 2012-04-20 17:15 - 00000000 ____D () C:\Program Files\Origin
2014-12-30 16:53 - 2012-01-04 08:18 - 00000000 ____D () C:\Users\User\Wichtig
2014-12-24 09:36 - 2011-01-03 16:57 - 01629412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 08:29 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 08:32 - 2014-09-07 06:28 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-18 19:28 - 2014-09-20 18:54 - 00000000 ___RD () C:\Program Files\Skype
2014-12-18 19:28 - 2012-01-20 16:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 14:21 - 2012-04-20 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-11 16:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-12-10 20:14 - 2011-01-16 11:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 20:12 - 2013-07-27 22:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 20:07 - 2011-01-03 17:37 - 109818608 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 17:23 - 2014-10-10 15:14 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
2014-12-10 17:23 - 2012-10-20 09:42 - 00000000 ___RD () C:\Users\User\Desktop\videosmacher

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 13:57

==================== End Of Log ============================
         
--- --- ---

Noch ein mal vielen Dank für Ihre Unterstützung!

LG

feuerstein98

Alt 10.01.2015, 10:37   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 20:06   #11
feuerstein98
 
Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Guten Abend,

hier die log Dateien!
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f465e6891e407c48982cc3a16d45dc1b
# engine=21902
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-10 07:47:41
# local_time=2015-01-10 08:47:41 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 119035 172550452 0 0
# compatibility_mode_1='ESET NOD32 Antivirus 4'
# compatibility_mode=8199 16776701 100 98 44415098 139300419 0 0
# scanned=347291
# found=32
# cleaned=0
# scan_time=6728
# nod_component=V3 Build:0x30000000
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mobogenie\Mobogenie.exe.vir"
sh=76F71A78A0325BEFD06204724AA7FD51ECF43E43 ft=1 fh=01bb8aae11353a5c vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\Extension32.dll.vir"
sh=9D4A2823B99C8697FCFC018C361CCF7F12E9D20D ft=1 fh=1ad9441b34024e95 vn="Variante von Win32/Toolbar.BitCocktail.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\InstallerHelper.dll.vir"
sh=5AEF02F89BCD7622CBC7BEC8B8CEBAD49E0981B7 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\source.crx.vir"
sh=96E394DBE6F1B057E61940E3D175F676048C9555 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\Firefox\chrome\content\main.js.vir"
sh=C2695F17B6B10822041D008A658712AAEF9AE95D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\Firefox\chrome\content\resources\localscript.js.vir"
sh=C2695F17B6B10822041D008A658712AAEF9AE95D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\~Web Assistant\resources\localscript.js.vir"
sh=94A5F9D5C2E4C65F86CA528A47DA43BD4A71635E ft=0 fh=0000000000000000 vn="Win32/BrowserCompanion.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\witmain.js.vir"
sh=77806ACCEF68FE5DA6553029E91B6477383F3817 ft=1 fh=3bc8aafdf30d2c08 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromeToolBar.dll.vir"
sh=3CE5D37693ADF0AD2E08A7FD2CFA7CFE973D5E2E ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl\1.1_0\BetterSrf.js.vir"
sh=800E7EB37E5EC14049A010F7886513367DD10CD6 ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Chromium\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco\1.1_0\BetterSrf.js.vir"
sh=D6CFE89E51D1CF5C0043E538BC26C4477CE3EF3E ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.2.0.zip.vir"
sh=95826B332BD1AC0543C2BA4DB637D082A994B1E5 ft=1 fh=f3159d8e366dd55a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe.vir"
sh=749E0C6D85971204E397EAE65ED10A9A4AEF40AB ft=1 fh=ef830199de104882 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir"
sh=1FD24BAE5755536F5B1CDF3F46A6C75BFD137933 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll.vir"
sh=93AD648467F47DC2708810D169F26F4A814778C5 ft=1 fh=e589ccabe231da4b vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\User\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir"
sh=EE47D9346BA1502824B280D41334E5BEBE9DF53E ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc\Ba.js"
sh=BFF9450ED225C31548426C98EBCF6055BA7A2BB9 ft=1 fh=c71c00118b379316 vn="Variante von Win32/Adware.MultiPlug.EG Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files\unisalesi\gmaNXLGrhGdHWq.dll.vir"
sh=1F0051B15E12D765FDF58966A8ED5921BF819FDD ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\zR1@OoqHXI.edu\content\bg.js.vir"
sh=9E77E1D2FD7B77B0FD8A71A70C35DD5A16836CF3 ft=1 fh=b241df9fafd25e77 vn="Win32/Systweak.G evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\User\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=2AE7F9C69096C7DC958F6207B64A6BF0C405DEAB ft=1 fh=250d94639159b4a8 vn="Variante von Win32/Amonetize.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\installd.exe.vir"
sh=5E41AB693AF0FEB0F33E013CF7FAA7CA91AABDE3 ft=1 fh=b9176d4f2bb0ec62 vn="Variante von Win32/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\System32\roboot.exe.vir"
sh=EE47D9346BA1502824B280D41334E5BEBE9DF53E ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\All Users\nccncfbieclkohpknecjlhkfidfnkkbc\Ba.js"
sh=E89829A1C681698B9C12CA97521113172ECA0EAA ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.DU Anwendung" ac=I fn="C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\prefs.js.BAK"
sh=11664A975E7C31E25DA3F1CAF7A3FD08433B97E0 ft=1 fh=e6f7bc67c0af21c3 vn="Variante von Win32/InstallCore.T evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User\Programme\counter strike\ADLSoft_UnCompressor_v2.exe"
sh=3FCDDDFFA523FD30995BD7F1EE90AD1DAFF05C22 ft=1 fh=eb68e71596000e50 vn="Win32/SweetIM.J evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe"
sh=6B97D6844255D47302665BE4EB504893477EFA9C ft=1 fh=edd6a7ebcaa5d0c2 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe"
sh=432BD2A275783208671CD1DD289C39B98DBCB270 ft=1 fh=3c9d1dccdf052d27 vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\PersgSetup[1].exe"
sh=8EEC2F3EC9E824FC4D7E561C8C22B1A5C4546640 ft=1 fh=89f68a07f7f8a43c vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\update[1]"
sh=694A6C4A6C09151E896340FBD6597A3DF837CBAF ft=1 fh=439deba0b906930a vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\WSSetup[1].exe"
sh=6D970EEB9659EC51AD4AA0566E1C817B6078C6EE ft=1 fh=6997e40d6b6b5d8a vn="Variante von Win32/Toolbar.Perion.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21BGD4B0\WSSetup[1].exe"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
ESET NOD32 Antivirus 4.2   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
ESET NOD32 Antivirus 4.2   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Adobe Reader XI  
 Mozilla Firefox (34.0.5) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Und ich habe seid letztem mal nichts mehr "gehört". Ich glaub duch ihre hilfe hab ich den Trojaner entfernt. DAAANNNKKKKEEE

LG
feuerstein98

Alt 10.01.2015, 21:56   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Das frische FRST log fehlt noch
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.01.2015, 22:26   #13
feuerstein98
 
Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Oopps hab 2 mal das gleich anstatt den log! Tut mir leid.


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by User (administrator) on USER-PC on 10-01-2015 21:05:00
Running from C:\Users\User\Downloads
Loaded Profile: User (Available profiles: User)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win32.exe
(Electronic Arts) C:\Program Files\Origin\Origin.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Users\User\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30872168 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2980554796-842610410-1348767362-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2980554796-842610410-1348767362-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> D:\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199
FF Homepage: hxxp://www.google.com/
FF Plugin: @esn/esnlaunch,version=2.3.0 -> C:\Program Files\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @perfectworld.com/npArcPlayNowPlugin -> D:\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2980554796-842610410-1348767362-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\searchplugins\google-maps.xml
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011-01-03]
FF HKU\S-1-5-21-2980554796-842610410-1348767362-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcService; D:\Arc\ArcService.exe [88400 2014-10-21] (Perfect World Entertainment Inc)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-01-10] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [122752 2010-03-29] (Texas Instruments)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\Users\User\AppData\Local\Temp\catchme.sys [X]
S3 cusbohcn; \??\C:\Users\User\AppData\Local\Temp\cusbohcn.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
S3 XDva391; \??\C:\Windows\system32\XDva391.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 20:58 - 2015-01-10 20:58 - 00852505 _____ () C:\Users\User\Desktop\SecurityCheck.exe
2015-01-10 20:56 - 2015-01-10 20:56 - 00008571 _____ () C:\Users\User\Desktop\sicher.txt
2015-01-10 20:43 - 2015-01-10 20:45 - 00348928 _____ () C:\Windows\system32\PnkBstrB.exe
2015-01-10 20:43 - 2015-01-10 20:45 - 00280904 _____ () C:\Windows\system32\PnkBstrB.ex0
2015-01-10 20:43 - 2015-01-10 20:45 - 00139944 _____ () C:\Windows\system32\Drivers\PnkBstrK.sys
2015-01-10 20:42 - 2015-01-10 20:42 - 01534736 _____ () C:\Users\User\Downloads\battlelog-web-plugins_2.6.2_154.exe
2015-01-10 18:40 - 2015-01-10 18:40 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_deu.exe
2015-01-09 22:04 - 2015-01-09 22:04 - 00001504 _____ () C:\Users\User\Desktop\JRT.txt
2015-01-09 22:03 - 2015-01-09 22:03 - 00000000 ____D () C:\Windows\ERUNT
2015-01-09 22:02 - 2015-01-09 22:02 - 01707939 _____ (Thisisu) C:\Users\User\Desktop\JRT.exe
2015-01-09 21:48 - 2015-01-09 21:56 - 00000000 ____D () C:\AdwCleaner
2015-01-09 21:43 - 2015-01-09 21:44 - 02191360 _____ () C:\Users\User\Downloads\AdwCleaner_4.107.exe
2015-01-09 21:43 - 2015-01-09 21:43 - 00000464 _____ () C:\Users\User\Desktop\mbam.txt
2015-01-09 20:07 - 2015-01-09 20:08 - 06619054 _____ () C:\Users\User\Downloads\FTB_Launcher.exe
2015-01-09 14:59 - 2015-01-09 14:59 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-01-09 14:59 - 2015-01-09 14:59 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-01-09 14:59 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-09 14:59 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-09 14:56 - 2015-01-09 14:57 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-09 13:12 - 2015-01-09 13:12 - 00017941 _____ () C:\ComboFix.txt
2015-01-09 12:56 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-09 12:56 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-09 12:56 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-09 12:56 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-09 12:52 - 2015-01-09 12:52 - 05609736 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-01-09 12:52 - 2015-01-09 12:52 - 00001134 _____ () C:\Users\User\Desktop\ComboFix.exe - Verknüpfung.lnk
2015-01-09 12:51 - 2015-01-09 13:12 - 00000000 ____D () C:\Qoobox
2015-01-09 12:50 - 2015-01-09 13:11 - 00000000 ____D () C:\Windows\erdnt
2015-01-08 20:43 - 2015-01-09 20:07 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-08 20:43 - 2015-01-09 12:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Users\User\Downloads\mbar
2015-01-08 20:41 - 2015-01-08 20:41 - 00000000 ____D () C:\Users\User\Desktop\mbar
2015-01-08 20:41 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-08 20:40 - 2015-01-08 20:41 - 16448208 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.08.2.1001.exe
2015-01-08 20:32 - 2015-01-08 20:33 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe
2015-01-08 20:22 - 2015-01-08 20:22 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\User\Downloads\revosetup95.exe
2015-01-08 20:22 - 2015-01-08 20:22 - 00001228 _____ () C:\Users\User\Desktop\Revo Uninstaller.lnk
2015-01-08 20:22 - 2015-01-08 20:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-08 18:12 - 2015-01-08 18:14 - 00032623 _____ () C:\Users\User\Downloads\Addition.txt
2015-01-08 18:10 - 2015-01-10 21:05 - 00010922 _____ () C:\Users\User\Downloads\FRST.txt
2015-01-08 18:10 - 2015-01-09 22:10 - 00026186 _____ () C:\Users\User\Downloads\FRST2.txt
2015-01-08 18:10 - 2015-01-08 18:14 - 00039244 _____ () C:\Users\User\Downloads\FRST1.txt
2015-01-08 18:09 - 2015-01-10 21:05 - 00000000 ____D () C:\FRST
2015-01-08 18:07 - 2015-01-08 18:08 - 01115648 _____ (Farbar) C:\Users\User\Downloads\FRST.exe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-08 13:14 - 2015-01-08 13:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-03 19:10 - 2015-01-03 19:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\java
2015-01-02 16:40 - 2015-01-02 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sanny Builder 3
2014-12-29 22:18 - 2014-12-29 22:19 - 00026003 _____ () C:\Users\User\Documents\Bewerbung Reporter.odt
2014-12-29 18:22 - 2014-12-29 18:23 - 00014764 _____ () C:\Users\User\Documents\Bewerbung Mafia.odt
2014-12-28 13:24 - 2014-12-28 13:24 - 00000000 ____D () C:\Damian tabe ts3
2014-12-27 09:54 - 2014-12-27 09:54 - 00000044 _____ () C:\Users\User\Documents\TS-Verbindungen.txt
2014-12-26 17:57 - 2015-01-08 21:01 - 00000000 ____D () C:\Program Files\Help Save
2014-12-26 17:56 - 2015-01-08 21:01 - 00000000 ____D () C:\Program Files\uNisales
2014-12-26 17:55 - 2014-12-26 17:55 - 00000000 ____D () C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc
2014-12-25 20:15 - 2014-12-25 20:15 - 00017656 _____ () C:\Users\User\Documents\Bewerbung Mechaniker.odt
2014-12-21 20:33 - 2015-01-08 14:47 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-20 16:03 - 2014-12-20 16:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\MW2 FoV Changer
2014-12-20 16:03 - 2012-02-06 00:37 - 00083456 _____ () C:\Users\User\Downloads\MW2 MP FoV Changer.exe
2014-12-18 14:25 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-10 20:57 - 2011-01-03 17:26 - 00000000 ____D () C:\Program Files\ESET
2015-01-10 20:53 - 2012-01-20 16:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\Skype
2015-01-10 20:45 - 2014-07-10 18:39 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-01-10 20:45 - 2012-10-18 09:22 - 00348928 _____ () C:\Windows\system32\PnkBstrB.xtr
2015-01-10 20:42 - 2013-07-26 07:14 - 00000000 ____D () C:\Program Files\Battlelog Web Plugins
2015-01-10 20:35 - 2011-10-08 11:34 - 00000000 ____D () C:\ProgramData\Origin
2015-01-10 20:33 - 2012-04-20 17:15 - 00000000 ____D () C:\Program Files\Origin
2015-01-10 19:32 - 2013-10-31 14:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\TS3Client
2015-01-10 18:41 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-10 18:41 - 2009-07-14 05:34 - 00015984 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-10 18:38 - 2011-01-03 16:46 - 01692052 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 18:34 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 18:34 - 2009-07-14 05:39 - 00225418 _____ () C:\Windows\setupact.log
2015-01-10 08:38 - 2011-11-12 19:51 - 00000000 ____D () C:\Program Files\Steam
2015-01-10 08:21 - 2011-01-17 17:26 - 00781796 _____ () C:\Windows\PFRO.log
2015-01-09 21:43 - 2014-07-09 09:50 - 00000000 ____D () C:\Users\User\AppData\Roaming\IDM2
2015-01-09 21:43 - 2014-06-26 20:27 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2015-01-09 14:59 - 2011-01-03 17:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-09 13:12 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-09 13:12 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-09 13:07 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-09 13:06 - 2009-07-14 03:03 - 64749568 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 04980736 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-01-09 13:06 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-01-08 21:03 - 2013-04-01 17:43 - 00000000 ____D () C:\Windows\de
2015-01-08 14:52 - 2014-03-22 20:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-08 14:47 - 2011-01-03 17:29 - 00000000 ____D () C:\Program Files\Java
2015-01-08 14:42 - 2014-03-22 20:32 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-08 14:42 - 2011-01-04 11:22 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-06 14:05 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-01-06 11:24 - 2014-12-07 15:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\.minecraft
2015-01-06 04:36 - 2011-01-03 17:11 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 17:55 - 2011-01-04 14:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 22:03 - 2014-07-12 23:23 - 00000000 ____D () C:\Program Files\Google
2015-01-03 22:02 - 2012-06-01 13:11 - 00000000 ____D () C:\Users\User\AppData\Local\Google
2015-01-03 13:33 - 2013-04-01 17:36 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
2014-12-30 16:53 - 2012-01-04 08:18 - 00000000 ____D () C:\Users\User\Wichtig
2014-12-24 09:36 - 2011-01-03 16:57 - 01629412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 08:29 - 2009-07-14 05:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-21 08:32 - 2014-09-07 06:28 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-18 19:28 - 2014-09-20 18:54 - 00000000 ___RD () C:\Program Files\Skype
2014-12-18 19:28 - 2012-01-20 16:38 - 00000000 ____D () C:\ProgramData\Skype
2014-12-18 14:21 - 2012-04-20 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-11 16:02 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-06 13:57

==================== End Of Log ============================
         
--- --- ---

Alt 11.01.2015, 07:22   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\prefs.js.BAK

C:\Users\User\Programme\counter strike\ADLSoft_UnCompressor_v2.exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\PersgSetup[1].exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\update[1]

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\WSSetup[1].exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21BGD4B0\WSSetup[1].exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.01.2015, 09:14   #15
feuerstein98
 
Stimmen ohne ein Programm - Standard

Stimmen ohne ein Programm



Guten Tag,

danke für Ihre ganze Mühe und alles was sie drum rum noch zu erledigen hatten! Ohne sie hätte ich wahrscheinlich meinen kompletten Computer formatieren müssen! Vielen Dank für alles.
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-01-2015
Ran by User at 2015-01-11 09:57:28 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc

C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\prefs.js.BAK

C:\Users\User\Programme\counter strike\ADLSoft_UnCompressor_v2.exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\PersgSetup[1].exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\update[1]

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\WSSetup[1].exe

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21BGD4B0\WSSetup[1].exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR dev: Chrome dev build detected! <======= ATTENTION
Emptytemp:
*****************

"C:\ProgramData\nccncfbieclkohpknecjlhkfidfnkkbc" => File/Directory not found.
"C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\fihm4efv.default-1405187378199\prefs.js.BAK" => File/Directory not found.
"C:\Users\User\Programme\counter strike\ADLSoft_UnCompressor_v2.exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SkywalkerSetup[1].exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WSSetup[1].exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\PersgSetup[1].exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\update[1]" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\02OEFMHO\WSSetup[1].exe" => File/Directory not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\21BGD4B0\WSSetup[1].exe" => File/Directory not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2980554796-842610410-1348767362-1001\User" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found. 
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
EmptyTemp: => Removed 21.8 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 09:57:33 ====
         
Sie können nun meinen Threat löschen!
Vielen Dank nochmal.

LG
feuerstein98

Antwort

Themen zu Stimmen ohne ein Programm
angst, bayern, bekannte, durchgeführt, folge, folgendes, guten, helfer, heute, hoffe, installier, installierte, komische stimmen, nervig, program, programm, programme, programmen, scan, schnelle, stimmen, trojaner, unbekannte, unterschiedliche, verursacht, virus, wenig



Ähnliche Themen: Stimmen ohne ein Programm


  1. PC öffnet ohne festes Muster irgendwelche Programme zb. Taschenrechner, Email Programm, Browser etc.
    Log-Analyse und Auswertung - 26.10.2015 (11)
  2. Werbung und Anime Audio im Hintergrund ohne ein Programm geöffnet zu haben
    Plagegeister aller Art und deren Bekämpfung - 31.07.2015 (1)
  3. firefox: Stimmen (Werbung) im Hintergrund
    Log-Analyse und Auswertung - 26.01.2015 (10)
  4. Musikgeräusche und Newsflah im Hintergrund , ohne das ein Programm läuft
    Log-Analyse und Auswertung - 22.01.2015 (19)
  5. Windows 7: Audiowerbung wird abgespielt ohne das ein Programm geöffnet ist
    Log-Analyse und Auswertung - 25.09.2014 (13)
  6. Windows 7: Plötzliche Geräusche von Werbung im Hintergrund ohne zugehöriges Programm in der Taskleiste
    Log-Analyse und Auswertung - 02.04.2014 (3)
  7. BKA Trojaner entfernt, nun höre ich Stimmen!
    Plagegeister aller Art und deren Bekämpfung - 05.09.2012 (5)
  8. Stimmen im Hintergrund und Sicherheitscenter deaktiviert ...
    Log-Analyse und Auswertung - 28.03.2012 (1)
  9. Suche als Zwischenlösung Freeware-AV-Programm ohne Zeitlimits
    Antiviren-, Firewall- und andere Schutzprogramme - 02.08.2011 (1)
  10. Win 7 Repair Viren Programm Sata ports, nun Festplatte leer ohne system
    Alles rund um Windows - 31.07.2011 (13)
  11. Doppel AW: Win 7 Repair Viren Programm Sata ports, nun Festplatte leer ohne system
    Mülltonne - 28.07.2011 (0)
  12. Trojaner/Viren löschen, OHNE Programm
    Plagegeister aller Art und deren Bekämpfung - 07.04.2011 (1)
  13. Stimmen im Hintergrund+Deaktivierung des Sicherheitscenters etc.
    Log-Analyse und Auswertung - 06.01.2010 (7)
  14. Englische Stimmen bzw. Musik im Hintergrund?
    Plagegeister aller Art und deren Bekämpfung - 04.01.2009 (3)
  15. Windows sounds spielen sich alleine und ohne programm ab
    Plagegeister aller Art und deren Bekämpfung - 29.10.2008 (8)
  16. Höre Stimmen im Hintergrund!
    Plagegeister aller Art und deren Bekämpfung - 01.12.2007 (4)

Zum Thema Stimmen ohne ein Programm - Guten Tag Helfer, seid heute habe ich, wie ich denke einen Virus, auf meinem PC. Dieser Virus verursacht folgendes: Egal was ich mache nach einer Zeit kommen Stimmen. Es sind - Stimmen ohne ein Programm...
Archiv
Du betrachtest: Stimmen ohne ein Programm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.