Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7, Adware eingefangen (Digisaver etc.)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 02.03.2015, 09:02   #1
Fanou
 
Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Guten Morgen,

Meine Frau hat sich beim DL einiges eingefangen, seither ist das surfen sehr unerfreulich (ständige Pop-ups, Banner, Werbetabs).

Ich würde mich über fachkundige Unterstützung sehr freuen. Vielen Dank.

Hier die Logs.:

DEFOGGER

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:55 on 02/03/2015 (Sonja)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Sonja (administrator) on PC on 02-03-2015 08:04:44
Running from C:\Users\Sonja\Desktop
Loaded Profiles: UpdatusUser & Sonja (Available profiles: UpdatusUser & Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
() C:\Program Files (x86)\Lidl_Fotos\dd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(PC Utilities Software Limited) C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [ZoneAlarm Installer] => "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r config /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w
HKLM-x32\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-608024502-4260226369-3383888787-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Device Detection] => C:\Program Files (x86)\Lidl_Fotos\dd.exe [860528 2014-11-26] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\MountPoints2: {4de48eaf-5099-11e4-b39d-dc0ea126daf4} - E:\LaunchU3.exe -a
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\MountPoints2: {922ab83d-3cc3-11e1-9100-806e6f6e6963} - D:\start.exe
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Die Prinzen Millionar.mp3.lnk
ShortcutTarget: Die Prinzen Millionar.mp3.lnk -> C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen Millionar.mp3.exe ()
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\die prinzen kssen verboten.lnk
ShortcutTarget: die prinzen kssen verboten.lnk -> C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe ()
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
ShortcutTarget: OptimizerProInstaller.lnk -> C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe (PC Utilities Software Limited)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.look-for-it.info/?l=1&q={searchTerms}&pid=21773&r=2015/02/18&hid=9910709190815872974&lg=EN&cc=DE&unqvl=82
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_cmi_15_08&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCtByC0D0A0FyEyDyB0CyBtN0D0Tzu0StCtCyEyEtN1L2XzutAtFyBtFyBtFtCtDtN1L1Czut CyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEzytBzyzytAtC0EtG0EyDyE0FtGzytB0F0BtGtDyE0C0BtGyE0AtCyByByEtAyE0BtDtCzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtB0A0CzyyCz zyEtG0B0ByBtBtGyE0DyD0CtGzzyCyB0FtGtCzyyEyC0AzyyBtByEtDtA0E2Q&cr=1557713063&ir=
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {36622CCB-325B-421B-BB6C-17C608131E27} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {D1B3EBCF-ABF1-4CB2-B438-75B5E741640D} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=fun&utm_campaign=install_ie&utm_content=ds&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&ts=1424282613&type=default&q={searchTerms}
BHO: DealuExpress -> {1e4361b4-a697-4478-a3da-21a5c48d2af8} -> C:\Program Files (x86)\DealuExpress\lKKpUnz2d5pRII.x64.dll ()
BHO: CouPExtenssiion -> {6c513787-fbff-4851-99af-e19f3ea0d41e} -> C:\Program Files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.x64.dll ()
BHO-x32: DealuExpress -> {1e4361b4-a697-4478-a3da-21a5c48d2af8} -> C:\Program Files (x86)\DealuExpress\lKKpUnz2d5pRII.dll ()
BHO-x32: CouPExtenssiion -> {6c513787-fbff-4851-99af-e19f3ea0d41e} -> C:\Program Files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.dll ()
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine)
Winsock: Catalog9 02 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine)
Winsock: Catalog9 03 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine)
Winsock: Catalog9 04 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine)
Winsock: Catalog9 15 C:\Windows\SysWOW64\abengine.dll [318608] (Abengine)
Winsock: Catalog9-x64 01 C:\Windows\system32\abengine64.dll [363992] (Abengine)
Winsock: Catalog9-x64 02 C:\Windows\system32\abengine64.dll [363992] (Abengine)
Winsock: Catalog9-x64 03 C:\Windows\system32\abengine64.dll [363992] (Abengine)
Winsock: Catalog9-x64 04 C:\Windows\system32\abengine64.dll [363992] (Abengine)
Winsock: Catalog9-x64 15 C:\Windows\system32\abengine64.dll [363992] (Abengine)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.look-for-it.info/?pid=21773&r=2015/02/18&hid=9910709190815872974&lg=EN&cc=DE&unqvl=82&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: mystartsearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-608024502-4260226369-3383888787-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-maps.xml
FF Extension: DiGiSSaverr - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\jA8B8ktNN@lj.org [2015-02-18]
FF Extension: SavveNewaAppz - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\v@Nk.net [2015-02-18]
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Secure Downloader) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol [2015-02-18]
CHR Extension: (FinduBesutDeaal) - C:\ProgramData\kfdklpogcdiepbhfmgklkebjdcnhoojl\ []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 bujixodo; C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp [132096 2015-02-18] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 dibudyzy; C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs [X]
S2 e47f97f2; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemPower\SystemPower.dll",serv
S2 HPSLPSVC; C:\Users\Sonja\AppData\Local\Temp\7zS1AA1\hpslpsvc64.dll [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2012-10-09] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
U3 ugldapow; \??\C:\Users\Sonja\AppData\Local\Temp\ugldapow.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 08:01 - 2015-03-02 08:04 - 00036665 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-03-02 07:59 - 2015-03-02 08:04 - 00025662 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-03-02 07:58 - 2015-03-02 08:04 - 00000000 ____D () C:\FRST
2015-03-02 07:54 - 2015-03-02 07:55 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log
2015-03-02 07:54 - 2015-03-02 07:54 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2015-03-02 07:49 - 2015-03-02 07:49 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe
2015-03-02 07:46 - 2015-03-02 07:46 - 02092544 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe
2015-03-02 07:39 - 2015-03-02 07:39 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe
2015-02-25 21:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 08:01 - 2015-02-20 08:01 - 00840312 _____ (App Web ) C:\Users\Sonja\Downloads\adobe_flash_setup.exe
2015-02-18 22:13 - 2015-02-18 22:13 - 00000002 _____ () C:\END
2015-02-18 22:13 - 2015-02-06 02:05 - 00318608 _____ (Abengine) C:\Windows\SysWOW64\abengine.dll
2015-02-18 22:12 - 2015-02-06 02:05 - 00363992 _____ (Abengine) C:\Windows\system32\abengine64.dll
2015-02-18 20:38 - 2015-02-18 20:38 - 00000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2015-02-18 20:37 - 2015-02-27 09:22 - 00000000 ____D () C:\ProgramData\e49f0d02000023f9
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\ProgramData\kfdklpogcdiepbhfmgklkebjdcnhoojl
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\Secure Downloader
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\SavveNewaAppz
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\FinduBesutDeaal
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\DiGiSSaverr
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\DealuExpress
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\CouPExtenssiion
2015-02-18 20:06 - 2015-02-18 20:06 - 00003140 _____ () C:\Windows\System32\Tasks\{8F3DEAAE-1ECC-4362-B02C-A4F771F9C2C7}
2015-02-18 19:41 - 2015-02-18 19:41 - 00613057 _____ (CMI Limited) C:\Users\Sonja\AppData\Local\nsk1212.tmp
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Roaming\AnyProtectEx
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieUserList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieSiteList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieBrowserModeList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2015-02-18 19:39 - 2015-02-18 19:39 - 00000000 ____D () C:\Users\Sonja\Documents\Optimizer Pro
2015-02-18 19:38 - 2015-02-18 21:32 - 00000000 ____D () C:\Users\Sonja\AppData\Local\SmartWeb
2015-02-18 19:33 - 2015-02-18 19:49 - 00000000 ____D () C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}
2015-02-18 19:31 - 2015-02-18 19:31 - 00000000 ____D () C:\shoplog
2015-02-18 19:25 - 2015-02-18 19:25 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4
2015-02-18 19:24 - 2015-02-18 19:24 - 00000000 ____D () C:\Program Files (x86)\predm
2015-02-18 19:10 - 2015-02-18 19:29 - 00000000 ____D () C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}
2015-02-18 19:01 - 2015-02-18 19:01 - 00003088 _____ () C:\Windows\System32\Tasks\zufap3002
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\Program Files (x86)\download Manager
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\Program Files (x86)\clean2PC
2015-02-18 18:59 - 2015-03-02 07:28 - 00001336 _____ () C:\Windows\Tasks\IVFLS.job
2015-02-18 18:59 - 2015-03-02 06:38 - 00001330 _____ () C:\Windows\Tasks\SX.job
2015-02-18 18:59 - 2015-02-18 21:32 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-18 18:59 - 2015-02-18 18:59 - 00004350 _____ () C:\Windows\System32\Tasks\IVFLS
2015-02-18 18:59 - 2015-02-18 18:59 - 00004344 _____ () C:\Windows\System32\Tasks\SX
2015-02-18 18:59 - 2015-02-18 18:59 - 00000000 ____D () C:\Users\Sonja\AppData\Local\globalUpdate
2015-02-18 18:56 - 2015-02-18 18:56 - 00000000 ____D () C:\Program Files (x86)\UNiDeals i
2015-02-18 18:56 - 2015-02-18 18:56 - 00000000 ____D () C:\Program Files (x86)\Chrome Notepad
2015-02-18 18:55 - 2015-02-18 20:23 - 00000000 ____D () C:\ProgramData\14550590384833052901
2015-02-18 18:55 - 2015-02-18 19:29 - 00000000 ____D () C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}
2015-02-18 18:55 - 2015-02-18 18:55 - 00000000 ____D () C:\Program Files (x86)\UniDeealusi
2015-02-18 18:54 - 2015-02-18 18:54 - 00000000 ____D () C:\ProgramData\{2048d42c-81cc-fdba-2048-8d42c81c50b2}
2015-02-18 18:22 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-18 18:22 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 19:32 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 19:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:43 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:42 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:42 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 19:42 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 19:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 19:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 19:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:42 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 19:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 19:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 19:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 19:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:42 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:41 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:41 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:41 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:41 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:41 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:41 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:41 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:41 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:41 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:41 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:41 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:41 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:41 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:40 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:40 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:40 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:40 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 07:54 - 2012-06-20 20:21 - 00000000 ____D () C:\Users\Sonja
2015-03-02 07:49 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 07:49 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 07:44 - 2012-01-12 03:20 - 01677378 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 07:35 - 2014-11-27 18:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 07:35 - 2014-09-10 20:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 07:29 - 2013-11-30 08:49 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-03-01 18:35 - 2014-09-10 20:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-01 09:41 - 2013-02-01 09:32 - 00000000 ____D () C:\NotenBox 7
2015-02-28 15:30 - 2013-03-10 08:25 - 00000000 ___RD () C:\Users\Sonja\Dropbox
2015-02-28 15:26 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox
2015-02-28 15:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-28 15:23 - 2009-07-14 05:51 - 00139465 _____ () C:\Windows\setupact.log
2015-02-26 18:40 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-20 18:36 - 2012-01-12 12:12 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2015-02-20 18:36 - 2012-01-12 12:12 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2015-02-20 18:36 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 07:51 - 2010-11-21 04:47 - 00454632 _____ () C:\Windows\PFRO.log
2015-02-19 22:07 - 2014-09-03 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-18 22:10 - 2011-10-14 04:42 - 00000000 ____D () C:\Windows\ca
2015-02-18 20:11 - 2012-06-20 20:39 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:39 - 00001039 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:24 - 00001425 _____ () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-18 19:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-18 19:38 - 2012-10-15 08:21 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe
2015-02-18 19:11 - 2012-07-10 19:37 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc
2015-02-15 20:32 - 2012-10-09 10:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype
2015-02-13 19:33 - 2014-01-10 18:25 - 00001768 _____ () C:\Windows\wininit.ini
2015-02-13 19:33 - 2013-03-10 08:25 - 00001015 _____ () C:\Users\Sonja\Desktop\Dropbox.lnk
2015-02-13 19:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 21:25 - 2009-07-14 05:45 - 00312256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:19 - 2013-11-23 21:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 20:18 - 2013-11-23 21:17 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 20:18 - 2013-08-14 08:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:12 - 2012-07-03 18:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 18:30 - 2014-09-10 20:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 18:30 - 2014-09-10 20:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 18:35 - 2014-11-27 18:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:35 - 2014-11-27 18:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 18:35 - 2014-11-27 18:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-03 18:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-03 10:29 - 2012-07-03 19:31 - 00000000 ____D () C:\Users\Sonja\Documents\Schule

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Sonja\AppData\Roaming\IVFLS
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Sonja\AppData\Roaming\SX
2015-02-18 20:38 - 2015-02-18 20:38 - 0000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2015-02-18 19:41 - 2015-02-18 19:41 - 0613057 _____ (CMI Limited) C:\Users\Sonja\AppData\Local\nsk1212.tmp
2013-04-02 09:54 - 2013-04-02 09:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-12 03:47 - 2012-01-12 03:49 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-08-03 21:19 - 2012-08-03 21:20 - 0000317 _____ () C:\ProgramData\hpzinstall.log
2014-06-09 18:47 - 2014-06-09 18:50 - 0000032 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\0502B502-151A-7CB0-2E62-422D93C0AAE8.exe
C:\Users\Sonja\AppData\Local\Temp\37B0.exe
C:\Users\Sonja\AppData\Local\Temp\6D18.exe
C:\Users\Sonja\AppData\Local\Temp\C08.exe
C:\Users\Sonja\AppData\Local\Temp\Checkupdate.exe
C:\Users\Sonja\AppData\Local\Temp\die prinzen deutschland__10924_i1469660184_il683626.exe
C:\Users\Sonja\AppData\Local\Temp\DivXSetup.exe
C:\Users\Sonja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgk75zr.dll
C:\Users\Sonja\AppData\Local\Temp\F782B5A2-71B2-89A6-14AD-F38D7E753104.dll
C:\Users\Sonja\AppData\Local\Temp\F782B5A2-71B2-89A6-14AD-F38D7E753104.exe
C:\Users\Sonja\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Sonja\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Sonja\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Sonja\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Sonja\AppData\Local\Temp\optprosetup.exe
C:\Users\Sonja\AppData\Local\Temp\setup.exe
C:\Users\Sonja\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sonja\AppData\Local\Temp\SpOrder.dll
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Sonja\AppData\Local\Temp\System.Data.SQLitedce95dfc-47ca-4223-9f86-8a98ca3de56d.dll
C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Sonja\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-11 16:28

==================== End Of Log ============================


ADDITION

aAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Sonja at 2015-03-02 08:05:14
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.1904 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.0.1904 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3008 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3504 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3504 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0913.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2002402558.48.56.35851634 - Audible, Inc.)
AWIN NotenBox 7 (HKLM-x32\...\NotenBox7_is1) (Version: 7 - AWIN Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 14.8.2.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.4.1 - Broadcom Corporation)
Chrome Notepad (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
File Type Assistant (HKLM-x32\...\Trusted Software Assistant_is1) (Version: - Trusted Software) <==== ATTENTION
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.16432 - HP)
HP Photosmart 5520 series - Grundlegende Software für das Gerät (HKLM\...\{4F396B08-301D-4E53-A372-95A7E93ABD04}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Hilfe (HKLM-x32\...\{640A03B3-4E6B-4440-A350-E6A8D6348F12}) (Version: 27.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.7 - Acer Inc.)
Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version: - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5128.5002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9002 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.9002 - NTI Corporation) Hidden
NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Secunia PSI (3.0.0.9015) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9015 - Secunia)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.6.0 - Synaptics Incorporated)
TrueType-Font Klee 1.0 (HKLM-x32\...\{17350614-D988-4250-A77A-445361799829}_is1) (Version: 1.0 - Schroedel)
UNiDeals i (HKLM-x32\...\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}) (Version: - ) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-608024502-4260226369-3383888787-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

03-02-2015 10:01:13 Windows Update
06-02-2015 18:37:31 Windows Update
09-02-2015 20:25:21 Windows Update
11-02-2015 20:09:23 Windows Update
13-02-2015 08:31:29 Windows Update
16-02-2015 19:31:24 Windows Update
18-02-2015 19:42:15 Windows Update
22-02-2015 08:20:52 Windows Update
25-02-2015 20:30:45 Windows Update
25-02-2015 21:05:24 Windows Update
01-03-2015 09:56:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {195A5721-6A23-4CE0-8113-9878DD75A4A0} - System32\Tasks\{407D971C-04EC-456A-BCC4-881D1C970198} => pcalua.exe -a C:\Users\Sonja\Downloads\epson325180eu.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5742E6FE-5CC1-4C0F-9402-56BB2A58E5C2} - System32\Tasks\IVFLS => C:\Users\Sonja\AppData\Roaming\IVFLS.exe <==== ATTENTION
Task: {58CEF53C-7FCA-41D0-8E2C-021BE8885ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {63E62CCB-BADF-4BC6-AB5A-4708FCEBF699} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {6451398E-B85E-4FDC-BB8D-1EB1C4EEA9E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.)
Task: {980ADF53-B406-4D41-8CB5-2603E7881D2A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A34191F8-4E11-4817-98A5-91CBC33333A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10] (Google Inc.)
Task: {A91987FC-C65E-498E-BB84-210A453E2942} - System32\Tasks\zufap3002 => C:\PROGRA~2\TabNav\zufap3002.exe
Task: {C2BA7755-19CB-4322-B7CA-266626AB8E6D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {CDCFD08D-4211-4E9D-AEF4-CAEB4101F5BA} - System32\Tasks\{636BF6D6-54F3-4F1D-BA55-DA06D9D27D78} => pcalua.exe -a "C:\Users\Sonja\Local Settings\Application Data\Bundled software uninstaller\biclient.exe" -c /initurl hxxp://bi.bisrv.com/:affid:/:sid:/:uid:? /affid uninstall /id uninstall /name "Bundled software uninstaller"
Task: {D391597B-F761-43B1-93DF-15F76CD3BDAA} - System32\Tasks\{8F3DEAAE-1ECC-4362-B02C-A4F771F9C2C7} => pcalua.exe -a C:\Users\Sonja\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=fun
Task: {D8ECF086-9117-499E-8648-7B59F207D22C} - System32\Tasks\SX => C:\Users\Sonja\AppData\Roaming\SX.exe <==== ATTENTION
Task: {DC71D38E-FD1D-4064-913E-BED58D441B56} - System32\Tasks\{1FB4DF18-0C49-4EEB-A899-7B7C7E8EE1C7} => pcalua.exe -a C:\Users\Sonja\Downloads\epson325180eu(1).exe -d C:\Users\Sonja\Downloads
Task: {EAB27FFA-A3EE-4BAF-B6D5-616B2D83C1A9} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2014-12-05] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\IVFLS.job => C:\Users\Sonja\AppData\Roaming\IVFLS.exe <==== ATTENTION
Task: C:\Windows\Tasks\SX.job => C:\Users\Sonja\AppData\Roaming\SX.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2012-01-12 03:27 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-18 19:25 - 2015-02-18 19:25 - 00132096 _____ () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp
2015-02-18 19:25 - 2015-02-18 19:25 - 00223744 _____ () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs
2011-10-14 04:57 - 2011-06-10 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-12-03 13:42 - 2014-11-26 15:14 - 00860528 _____ () C:\Program Files (x86)\Lidl_Fotos\dd.exe
2014-09-27 19:43 - 2014-09-06 01:54 - 06281536 _____ () C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-01-10 06:26 - 2014-01-10 06:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-04-24 02:29 - 2011-04-24 02:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2014-01-10 06:28 - 2014-01-10 06:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 02:29 - 2011-04-24 02:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-10-16 20:20 - 2014-10-16 20:20 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c152a64e30c5b94894d75ac86aa7aad2\IsdiInterop.ni.dll
2011-10-14 04:15 - 2011-04-30 08:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-01-26 18:37 - 2015-01-26 18:38 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-05 18:35 - 2015-02-05 18:35 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-608024502-4260226369-3383888787-500 - Administrator - Disabled)
Gast (S-1-5-21-608024502-4260226369-3383888787-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-608024502-4260226369-3383888787-1003 - Limited - Enabled)
Sonja (S-1-5-21-608024502-4260226369-3383888787-1001 - Administrator - Enabled) => C:\Users\Sonja
UpdatusUser (S-1-5-21-608024502-4260226369-3383888787-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2015 03:25:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 06:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 09:19:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 08:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2015 06:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:55:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:54:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 06:38:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/28/2015 03:35:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (02/28/2015 03:34:49 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (02/28/2015 03:31:18 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.

Error: (02/28/2015 03:27:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet:
%%126

Error: (02/28/2015 03:25:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv06

Error: (02/28/2015 03:24:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "McAfee SiteAdvisor Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (02/28/2015 03:24:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SystemPower erreicht.

Error: (02/27/2015 06:59:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureCommand" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (02/27/2015 06:59:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (02/27/2015 06:56:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde nicht richtig gestartet.


Microsoft Office Sessions:
=========================
Error: (02/28/2015 03:25:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 06:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 09:19:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/27/2015 08:56:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2015 06:42:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:55:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:54:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:43:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 08:43:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/25/2015 06:38:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2015-02-28 15:22:43.983
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-28 15:22:43.890
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-27 18:47:12.253
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-27 18:47:12.160
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-27 09:17:07.191
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-27 09:17:07.097
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-27 08:54:04.612
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-27 08:54:04.534
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-26 18:40:05.426
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-02-26 18:40:05.364
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\acedrv06.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 50%
Total physical RAM: 3947.86 MB
Available physical RAM: 1947.72 MB
Total Pagefile: 7893.91 MB
Available Pagefile: 5556.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:279.99 GB) (Free:45.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 554FC5C8)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

==================== End Of Log ============================


GMER


GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-02 08:49:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.01.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\ugldapow.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2856] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 00000000774c0880 14 bytes {JMP QWORD [RIP+0x0]}
.text C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe[3016] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 0000000100778f20
.text C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe[2824] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 0000000102048f20
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3124] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 00000001035f8f20
.text C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe[3264] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 0000000100928f20
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5872] C:\Windows\syswow64\kernel32.dll!SetFileCompletionNotificationModes 00000000773eb2fe 5 bytes JMP 0000000100c78f20
.text C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe[5880] C:\Windows\system32\kernel32.dll!SetFileCompletionNotificationModes 00000000774c0880 14 bytes {JMP QWORD [RIP+0x0]}

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\services.exe [832:4736] 0000000000a8ef60
Thread C:\Windows\system32\services.exe [832:4204] 0000000000a8ef60
Thread C:\Windows\system32\services.exe [832:4856] 0000000000a8ef60
Thread C:\Windows\system32\services.exe [832:4860] 0000000000a8ef60
Thread C:\Windows\system32\svchost.exe [344:460] 000000000025ef60
Thread C:\Windows\system32\svchost.exe [344:504] 000000000025ef60
Thread C:\Windows\system32\svchost.exe [344:496] 000000000025ef60
Thread C:\Windows\system32\svchost.exe [344:508] 000000000025ef60
Thread c:\Program Files\Microsoft Security Client\MsMpEng.exe [568:5376] 000000000c3fef60
Thread c:\Program Files\Microsoft Security Client\MsMpEng.exe [568:3064] 000000000c3fef60
Thread c:\Program Files\Microsoft Security Client\MsMpEng.exe [568:5300] 000000000c3fef60
Thread c:\Program Files\Microsoft Security Client\MsMpEng.exe [568:2788] 000000000c3fef60
Thread C:\Windows\system32\svchost.exe [904:1408] 000000000101ef60
Thread C:\Windows\system32\svchost.exe [904:1412] 000000000101ef60
Thread C:\Windows\system32\svchost.exe [904:1416] 000000000101ef60
Thread C:\Windows\system32\svchost.exe [904:1420] 000000000101ef60
Thread C:\Windows\System32\spoolsv.exe [1436:1824] 0000000001d0ef60
Thread C:\Windows\System32\spoolsv.exe [1436:1828] 0000000001d0ef60
Thread C:\Windows\System32\spoolsv.exe [1436:1832] 0000000001d0ef60
Thread C:\Windows\System32\spoolsv.exe [1436:1836] 0000000001d0ef60
Thread C:\Windows\system32\svchost.exe [1488:1680] 000000000127ef60
Thread C:\Windows\system32\svchost.exe [1488:1684] 000000000127ef60
Thread C:\Windows\system32\svchost.exe [1488:1688] 000000000127ef60
Thread C:\Windows\system32\svchost.exe [1488:1692] 000000000127ef60
Thread C:\Windows\Explorer.EXE [1892:7768] 00000000046bef60
Thread C:\Windows\Explorer.EXE [1892:2960] 00000000046bef60
Thread C:\Windows\Explorer.EXE [1892:4668] 00000000046bef60
Thread C:\Windows\Explorer.EXE [1892:8716] 00000000046bef60
Thread C:\Windows\Explorer.EXE [1892:6604] 00000000046de310
Thread C:\Windows\Explorer.EXE [1892:8860] 00000000046de310
Thread C:\Windows\system32\svchost.exe [5744:5840] 000000000059ef60
Thread C:\Windows\system32\svchost.exe [5744:5844] 000000000059ef60
Thread C:\Windows\system32\svchost.exe [5744:5848] 000000000059ef60
Thread C:\Windows\system32\svchost.exe [5744:5852] 000000000059ef60
Thread C:\Windows\System32\svchost.exe [1384:5724] 000000000065ef60
Thread C:\Windows\System32\svchost.exe [1384:5700] 000000000065ef60
Thread C:\Windows\System32\svchost.exe [1384:5696] 000000000065ef60
Thread C:\Windows\System32\svchost.exe [1384:5792] 000000000065ef60
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:1880] 000000000102ef60
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:5540] 000000000102ef60
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:5592] 000000000102ef60
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:796] 000000000102ef60
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:5560] 000000000104e310
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5528:6092] 000000000104e310
---- Processes - GMER 2.1 ----

Process C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp (*** suspicious ***) @ C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp [2012](2015-02-18 18:25:40) 0000000000aa0000
Process C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs (*** suspicious ***) @ C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs [2164](2015-02-18 18:25:27) 00000000008e0000

---- EOF - GMER 2.1 ----



Im Taskmanager habe ich kürzlich zwei Prozesse gesehen, die da nicht hingehören (die heißen wie zwei Songs von den Prinzen), da hat sich meine Frau wohl ihre "Infektion" abgeholt...

Vielen Dank für Eure Zeit.

Fanou

Alt 02.03.2015, 09:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 03.03.2015, 22:25   #3
Fanou
 
Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Guten Abend,

Vielen Dank, schrauber, für die schnelle Antwort. Ich habe mir die Tools heruntergeladen, der MB-Scan läuft gerade. Danke auch für den
Code:
ATTFilter
Hinweis
         
, das habe ich wohl vorher überlesen.

Logfiles kommen asap.

Hier das MBAR-LOG, TDSS mach ich gleich:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.03.03.06
  rootkit: v2015.02.25.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17633
Sonja :: PC [administrator]

03.03.2015 22:18:00
mbar-log-2015-03-03 (22-18-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 395341
Time elapsed: 43 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSS hat was gefunden, ich habe "Skip" gesetzt, hier das Log:
Code:
ATTFilter
23:17:13.0231 0x0f5c  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:17:20.0481 0x0f5c  ============================================================
23:17:20.0481 0x0f5c  Current date / time: 2015/03/03 23:17:20.0481
23:17:20.0481 0x0f5c  SystemInfo:
23:17:20.0481 0x0f5c  
23:17:20.0481 0x0f5c  OS Version: 6.1.7601 ServicePack: 1.0
23:17:20.0481 0x0f5c  Product type: Workstation
23:17:20.0481 0x0f5c  ComputerName: PC
23:17:20.0481 0x0f5c  UserName: Sonja
23:17:20.0481 0x0f5c  Windows directory: C:\Windows
23:17:20.0481 0x0f5c  System windows directory: C:\Windows
23:17:20.0481 0x0f5c  Running under WOW64
23:17:20.0481 0x0f5c  Processor architecture: Intel x64
23:17:20.0481 0x0f5c  Number of processors: 4
23:17:20.0481 0x0f5c  Page size: 0x1000
23:17:20.0481 0x0f5c  Boot type: Normal boot
23:17:20.0481 0x0f5c  ============================================================
23:17:20.0801 0x0f5c  KLMD registered as C:\Windows\system32\drivers\52590260.sys
23:17:21.0911 0x0f5c  System UUID: {0DA0F262-08EE-2711-F97B-1C91E59548AD}
23:17:22.0821 0x0f5c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:17:22.0821 0x0f5c  ============================================================
23:17:22.0821 0x0f5c  \Device\Harddisk0\DR0:
23:17:22.0821 0x0f5c  MBR partitions:
23:17:22.0821 0x0f5c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
23:17:22.0821 0x0f5c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
23:17:22.0821 0x0f5c  ============================================================
23:17:22.0931 0x0f5c  C: <-> \Device\Harddisk0\DR0\Partition2
23:17:22.0931 0x0f5c  ============================================================
23:17:22.0931 0x0f5c  Initialize success
23:17:22.0931 0x0f5c  ============================================================
23:18:27.0751 0x14a0  ============================================================
23:18:27.0751 0x14a0  Scan started
23:18:27.0751 0x14a0  Mode: Manual; SigCheck; TDLFS; 
23:18:27.0751 0x14a0  ============================================================
23:18:27.0751 0x14a0  KSN ping started
23:18:42.0171 0x14a0  KSN ping finished: true
23:18:43.0101 0x14a0  ================ Scan system memory ========================
23:18:43.0101 0x14a0  System memory - ok
23:18:43.0101 0x14a0  ================ Scan services =============================
23:18:43.0331 0x14a0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:18:43.0501 0x14a0  1394ohci - ok
23:18:43.0641 0x14a0  [ C8030D922511A926D0AA06B78C4B87A9, 6D093CE1F43249839D4A2C3D832A57A8358203F6F6BA9349AB1E7806701A9E1D ] acedrv06        C:\Windows\system32\drivers\acedrv06.sys
23:18:43.0691 0x14a0  acedrv06 - detected UnsignedFile.Multi.Generic ( 1 )
23:18:46.0061 0x14a0  Detect skipped due to KSN trusted
23:18:46.0061 0x14a0  acedrv06 - ok
23:18:46.0141 0x14a0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:18:46.0161 0x14a0  ACPI - ok
23:18:46.0261 0x14a0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:18:46.0341 0x14a0  AcpiPmi - ok
23:18:46.0641 0x14a0  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:18:46.0651 0x14a0  AdobeARMservice - ok
23:18:46.0901 0x14a0  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:18:46.0921 0x14a0  AdobeFlashPlayerUpdateSvc - ok
23:18:47.0021 0x14a0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:18:47.0051 0x14a0  adp94xx - ok
23:18:47.0111 0x14a0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:18:47.0131 0x14a0  adpahci - ok
23:18:47.0141 0x14a0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:18:47.0161 0x14a0  adpu320 - ok
23:18:47.0191 0x14a0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:18:47.0321 0x14a0  AeLookupSvc - ok
23:18:47.0431 0x14a0  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
23:18:47.0491 0x14a0  AFD - ok
23:18:47.0561 0x14a0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:18:47.0571 0x14a0  agp440 - ok
23:18:47.0591 0x14a0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:18:47.0671 0x14a0  ALG - ok
23:18:47.0741 0x14a0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:18:47.0751 0x14a0  aliide - ok
23:18:47.0801 0x14a0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:18:47.0811 0x14a0  amdide - ok
23:18:47.0841 0x14a0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:18:47.0881 0x14a0  AmdK8 - ok
23:18:47.0881 0x14a0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:18:47.0901 0x14a0  AmdPPM - ok
23:18:47.0931 0x14a0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:18:47.0941 0x14a0  amdsata - ok
23:18:47.0961 0x14a0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:18:47.0981 0x14a0  amdsbs - ok
23:18:48.0011 0x14a0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:18:48.0021 0x14a0  amdxata - ok
23:18:48.0101 0x14a0  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
23:18:48.0151 0x14a0  AppID - ok
23:18:48.0171 0x14a0  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:18:48.0201 0x14a0  AppIDSvc - ok
23:18:48.0271 0x14a0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
23:18:48.0331 0x14a0  Appinfo - ok
23:18:48.0351 0x14a0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:18:48.0361 0x14a0  arc - ok
23:18:48.0371 0x14a0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:18:48.0381 0x14a0  arcsas - ok
23:18:48.0571 0x14a0  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:18:48.0591 0x14a0  aspnet_state - ok
23:18:48.0641 0x14a0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:18:48.0711 0x14a0  AsyncMac - ok
23:18:48.0781 0x14a0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:18:48.0801 0x14a0  atapi - ok
23:18:48.0961 0x14a0  [ 956BC6EB96AA09478BD897AF8DF55A62, 07221CE77A08BF44AEEC5B65BD9991920853DD69592FFEAF86A63B70DB988796 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:18:49.0151 0x14a0  athr - ok
23:18:49.0241 0x14a0  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:18:49.0341 0x14a0  AudioEndpointBuilder - ok
23:18:49.0361 0x14a0  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:18:49.0391 0x14a0  AudioSrv - ok
23:18:49.0461 0x14a0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:18:49.0561 0x14a0  AxInstSV - ok
23:18:49.0661 0x14a0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:18:49.0721 0x14a0  b06bdrv - ok
23:18:49.0801 0x14a0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:18:49.0841 0x14a0  b57nd60a - ok
23:18:49.0921 0x14a0  [ A424CB46A145E5AABF15621550976DF2, B6CA183FD5ED72237D2DC1F599FD04A066C06A717A2CF63AF08D3AA0A227D7BA ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
23:18:49.0931 0x14a0  b57xdbd - ok
23:18:50.0011 0x14a0  [ BE4E6FD5A898812B85D5817AD9754A9F, 46A7C80283BE53F43A0D73DA3338461024DD002A7CF43660F9C7D640E0C72876 ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
23:18:50.0021 0x14a0  b57xdmp - ok
23:18:50.0091 0x14a0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:18:50.0151 0x14a0  BDESVC - ok
23:18:50.0161 0x14a0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:18:50.0221 0x14a0  Beep - ok
23:18:50.0301 0x14a0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:18:50.0391 0x14a0  BFE - ok
23:18:50.0441 0x14a0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:18:50.0631 0x14a0  BITS - ok
23:18:50.0691 0x14a0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:18:50.0731 0x14a0  blbdrive - ok
23:18:50.0801 0x14a0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:18:50.0821 0x14a0  bowser - ok
23:18:50.0871 0x14a0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:18:50.0911 0x14a0  BrFiltLo - ok
23:18:50.0921 0x14a0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:18:50.0941 0x14a0  BrFiltUp - ok
23:18:50.0981 0x14a0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:18:51.0031 0x14a0  Browser - ok
23:18:51.0061 0x14a0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:18:51.0121 0x14a0  Brserid - ok
23:18:51.0131 0x14a0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:18:51.0161 0x14a0  BrSerWdm - ok
23:18:51.0171 0x14a0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:18:51.0191 0x14a0  BrUsbMdm - ok
23:18:51.0201 0x14a0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:18:51.0211 0x14a0  BrUsbSer - ok
23:18:51.0291 0x14a0  [ 0970D8B7151E9113BF8D44CE2E954DF7, D467DFFA1668F3BE29620154A13867568C25211ED823BE6A220D2DEE7E3A1278 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
23:18:51.0301 0x14a0  bScsiMSa - ok
23:18:51.0391 0x14a0  [ 0C1EEE5AF32402D306874B110DE237EC, B0FE0F3B6A1E2C003E6F4B6330601C43126881262B328D7DD93AC2C0B714DC86 ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
23:18:51.0401 0x14a0  bScsiSDa - ok
23:18:51.0431 0x14a0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:18:51.0471 0x14a0  BTHMODEM - ok
23:18:51.0541 0x14a0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:18:51.0601 0x14a0  bthserv - ok
23:18:51.0881 0x14a0  [ 9AB06ED83F55D6918D6118ED75E0BC13, 3718BCF333BA7EBA4773971C73047B39A52C2E15B5873ED102C79DE17A0ACE01 ] bujixodo        C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\jnsb2E1C.tmp
23:18:51.0891 0x14a0  bujixodo - detected UnsignedFile.Multi.Generic ( 1 )
23:18:54.0381 0x14a0  Detect turned to UDS exact due to KSN untrusted
23:18:54.0481 0x14a0  bujixodo ( UDS:DangerousObject.Multi.Generic ) - infected
23:18:54.0481 0x14a0  Force sending object to P2P due to detect: bujixodo
23:18:56.0981 0x14a0  Object send P2P result: true
23:18:59.0591 0x14a0  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
23:18:59.0651 0x14a0  c2cautoupdatesvc - ok
23:18:59.0781 0x14a0  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
23:18:59.0851 0x14a0  c2cpnrsvc - ok
23:18:59.0901 0x14a0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:18:59.0961 0x14a0  cdfs - ok
23:19:00.0021 0x14a0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:19:00.0061 0x14a0  cdrom - ok
23:19:00.0121 0x14a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:19:00.0161 0x14a0  CertPropSvc - ok
23:19:00.0221 0x14a0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:19:00.0251 0x14a0  circlass - ok
23:19:00.0291 0x14a0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:19:00.0311 0x14a0  CLFS - ok
23:19:00.0381 0x14a0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:19:00.0391 0x14a0  clr_optimization_v2.0.50727_32 - ok
23:19:00.0431 0x14a0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:19:00.0441 0x14a0  clr_optimization_v2.0.50727_64 - ok
23:19:00.0581 0x14a0  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:19:00.0591 0x14a0  clr_optimization_v4.0.30319_32 - ok
23:19:00.0651 0x14a0  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:19:00.0681 0x14a0  clr_optimization_v4.0.30319_64 - ok
23:19:00.0741 0x14a0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:19:00.0771 0x14a0  CmBatt - ok
23:19:00.0811 0x14a0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:19:00.0821 0x14a0  cmdide - ok
23:19:00.0881 0x14a0  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:19:00.0951 0x14a0  CNG - ok
23:19:01.0031 0x14a0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:19:01.0041 0x14a0  Compbatt - ok
23:19:01.0101 0x14a0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:19:01.0141 0x14a0  CompositeBus - ok
23:19:01.0171 0x14a0  COMSysApp - ok
23:19:01.0201 0x14a0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:19:01.0211 0x14a0  crcdisk - ok
23:19:01.0261 0x14a0  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:19:01.0311 0x14a0  CryptSvc - ok
23:19:01.0521 0x14a0  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:19:01.0551 0x14a0  cvhsvc - ok
23:19:01.0601 0x14a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:19:01.0691 0x14a0  DcomLaunch - ok
23:19:01.0741 0x14a0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:19:01.0801 0x14a0  defragsvc - ok
23:19:01.0871 0x14a0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:19:01.0921 0x14a0  DfsC - ok
23:19:02.0031 0x14a0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:19:02.0131 0x14a0  Dhcp - ok
23:19:02.0261 0x14a0  [ D6EDA3363C9C9D2CE5753FE104C5C24E, 0209735581858E583EDB1F94ED154C4519ACF740FD8CF2D1FFE9C20E5089683C ] dibudyzy        C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\nsrFB92.tmpfs
23:19:02.0291 0x14a0  dibudyzy - detected UnsignedFile.Multi.Generic ( 1 )
23:19:04.0981 0x14a0  dibudyzy ( UnsignedFile.Multi.Generic ) - warning
23:19:07.0361 0x14a0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:19:07.0411 0x14a0  discache - ok
23:19:07.0501 0x14a0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
23:19:07.0511 0x14a0  Disk - ok
23:19:07.0601 0x14a0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:19:07.0621 0x14a0  Dnscache - ok
23:19:07.0651 0x14a0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:19:07.0731 0x14a0  dot3svc - ok
23:19:07.0781 0x14a0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:19:07.0821 0x14a0  DPS - ok
23:19:07.0921 0x14a0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:19:07.0951 0x14a0  drmkaud - ok
23:19:08.0101 0x14a0  [ 9DD3A22F804697606C2B7FF9E912FF6B, BBE2FC0D554030BA9E3A96CC4A360D61DBCCAA1D81BD7547809F29A3AF0B3A25 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:19:08.0121 0x14a0  DsiWMIService - ok
23:19:08.0201 0x14a0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:19:08.0271 0x14a0  DXGKrnl - ok
23:19:08.0341 0x14a0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] e47f97f2        C:\Windows\system32\rundll32.exe
23:19:08.0371 0x14a0  e47f97f2 - ok
23:19:08.0451 0x14a0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:19:08.0511 0x14a0  EapHost - ok
23:19:08.0661 0x14a0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:19:08.0811 0x14a0  ebdrv - ok
23:19:08.0861 0x14a0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
23:19:08.0891 0x14a0  EFS - ok
23:19:08.0971 0x14a0  [ 5332EC2BA1C112BD4BB1F38127848FEF, 156585CE4011546B20EDD20D04E639A0788B1DE6455B23B94E2CD31BA725FE3C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
23:19:08.0981 0x14a0  EgisTec Ticket Service - ok
23:19:09.0081 0x14a0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:19:09.0181 0x14a0  ehRecvr - ok
23:19:09.0241 0x14a0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:19:09.0271 0x14a0  ehSched - ok
23:19:09.0351 0x14a0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:19:09.0381 0x14a0  elxstor - ok
23:19:09.0511 0x14a0  [ 48425C93B6F36529707206E4FA680CF3, 328BD59DEDFAD359EF79CCFBC2AD3E9C95657EC616AE0611F5EFEB34B810692A ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
23:19:09.0541 0x14a0  ePowerSvc - ok
23:19:09.0551 0x14a0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:19:09.0581 0x14a0  ErrDev - ok
23:19:09.0671 0x14a0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:19:09.0761 0x14a0  EventSystem - ok
23:19:09.0781 0x14a0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:19:09.0851 0x14a0  exfat - ok
23:19:09.0881 0x14a0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:19:09.0921 0x14a0  fastfat - ok
23:19:10.0011 0x14a0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:19:10.0091 0x14a0  Fax - ok
23:19:10.0121 0x14a0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
23:19:10.0151 0x14a0  fdc - ok
23:19:10.0201 0x14a0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:19:10.0251 0x14a0  fdPHost - ok
23:19:10.0291 0x14a0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:19:10.0321 0x14a0  FDResPub - ok
23:19:10.0351 0x14a0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:19:10.0371 0x14a0  FileInfo - ok
23:19:10.0391 0x14a0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:19:10.0441 0x14a0  Filetrace - ok
23:19:10.0541 0x14a0  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:19:10.0581 0x14a0  FLEXnet Licensing Service - ok
23:19:10.0631 0x14a0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:19:10.0661 0x14a0  flpydisk - ok
23:19:10.0721 0x14a0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:19:10.0741 0x14a0  FltMgr - ok
23:19:10.0821 0x14a0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
23:19:10.0941 0x14a0  FontCache - ok
23:19:10.0991 0x14a0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:19:11.0001 0x14a0  FontCache3.0.0.0 - ok
23:19:11.0021 0x14a0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:19:11.0031 0x14a0  FsDepends - ok
23:19:11.0061 0x14a0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:19:11.0071 0x14a0  Fs_Rec - ok
23:19:11.0151 0x14a0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:19:11.0171 0x14a0  fvevol - ok
23:19:11.0241 0x14a0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:19:11.0251 0x14a0  gagp30kx - ok
23:19:11.0311 0x14a0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:19:11.0401 0x14a0  gpsvc - ok
23:19:11.0501 0x14a0  [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
23:19:11.0511 0x14a0  GREGService - ok
23:19:11.0711 0x14a0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:19:11.0721 0x14a0  gupdate - ok
23:19:11.0761 0x14a0  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:19:11.0771 0x14a0  gupdatem - ok
23:19:11.0821 0x14a0  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:19:11.0831 0x14a0  gusvc - ok
23:19:11.0861 0x14a0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:19:11.0921 0x14a0  hcw85cir - ok
23:19:11.0991 0x14a0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:19:12.0051 0x14a0  HdAudAddService - ok
23:19:12.0111 0x14a0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:19:12.0131 0x14a0  HDAudBus - ok
23:19:12.0221 0x14a0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:19:12.0251 0x14a0  HidBatt - ok
23:19:12.0251 0x14a0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:19:12.0331 0x14a0  HidBth - ok
23:19:12.0341 0x14a0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:19:12.0361 0x14a0  HidIr - ok
23:19:12.0401 0x14a0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:19:12.0471 0x14a0  hidserv - ok
23:19:12.0551 0x14a0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
23:19:12.0571 0x14a0  HidUsb - ok
23:19:12.0601 0x14a0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:19:12.0671 0x14a0  hkmsvc - ok
23:19:12.0701 0x14a0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:19:12.0761 0x14a0  HomeGroupListener - ok
23:19:12.0791 0x14a0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:19:12.0861 0x14a0  HomeGroupProvider - ok
23:19:12.0921 0x14a0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:19:12.0931 0x14a0  HpSAMD - ok
23:19:13.0221 0x14a0  HPSLPSVC - ok
23:19:13.0311 0x14a0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:19:13.0421 0x14a0  HTTP - ok
23:19:13.0461 0x14a0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:19:13.0481 0x14a0  hwpolicy - ok
23:19:13.0551 0x14a0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:19:13.0571 0x14a0  i8042prt - ok
23:19:13.0611 0x14a0  [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
23:19:13.0641 0x14a0  iaStor - ok
23:19:13.0721 0x14a0  [ E79A8E33BD136D14BAE1FA20EB2EF124, 54AD784570282FEF21021BE76C57EE878EC6FF6423CE2FFC3A4372AF6C3112D4 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:19:13.0731 0x14a0  IAStorDataMgrSvc - ok
23:19:13.0811 0x14a0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:19:13.0831 0x14a0  iaStorV - ok
23:19:13.0911 0x14a0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:19:13.0961 0x14a0  idsvc - ok
23:19:13.0971 0x14a0  IEEtwCollectorService - ok
23:19:14.0441 0x14a0  [ 9937600A1584FF00565D5379EB4C9EDB, CF03333E9E7BD940B27194A9CF21ED8A6A10B698B545A898291976F650FC2675 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:19:14.0961 0x14a0  igfx - ok
23:19:15.0041 0x14a0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:19:15.0051 0x14a0  iirsp - ok
23:19:15.0131 0x14a0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:19:15.0181 0x14a0  IKEEXT - ok
23:19:15.0361 0x14a0  [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:19:15.0481 0x14a0  IntcAzAudAddService - ok
23:19:15.0571 0x14a0  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:19:15.0601 0x14a0  IntcDAud - ok
23:19:15.0641 0x14a0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:19:15.0651 0x14a0  intelide - ok
23:19:15.0711 0x14a0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:19:15.0751 0x14a0  intelppm - ok
23:19:15.0791 0x14a0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:19:15.0841 0x14a0  IPBusEnum - ok
23:19:15.0871 0x14a0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:19:15.0901 0x14a0  IpFilterDriver - ok
23:19:15.0961 0x14a0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:19:16.0031 0x14a0  iphlpsvc - ok
23:19:16.0051 0x14a0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:19:16.0071 0x14a0  IPMIDRV - ok
23:19:16.0081 0x14a0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:19:16.0121 0x14a0  IPNAT - ok
23:19:16.0171 0x14a0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:19:16.0211 0x14a0  IRENUM - ok
23:19:16.0211 0x14a0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:19:16.0221 0x14a0  isapnp - ok
23:19:16.0271 0x14a0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:19:16.0281 0x14a0  iScsiPrt - ok
23:19:16.0371 0x14a0  [ 455B75C19BF3F1F2EE3AC10E1169826C, C8CE6DE48E0B4621F2851A994261FA787556A27F9868A8859E5E8A8354028257 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
23:19:16.0391 0x14a0  k57nd60a - ok
23:19:16.0451 0x14a0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:19:16.0461 0x14a0  kbdclass - ok
23:19:16.0501 0x14a0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:19:16.0531 0x14a0  kbdhid - ok
23:19:16.0551 0x14a0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
23:19:16.0561 0x14a0  KeyIso - ok
23:19:16.0591 0x14a0  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:19:16.0611 0x14a0  KSecDD - ok
23:19:16.0641 0x14a0  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:19:16.0661 0x14a0  KSecPkg - ok
23:19:16.0681 0x14a0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:19:16.0711 0x14a0  ksthunk - ok
23:19:16.0741 0x14a0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:19:16.0791 0x14a0  KtmRm - ok
23:19:16.0871 0x14a0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:19:16.0931 0x14a0  LanmanServer - ok
23:19:17.0031 0x14a0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:19:17.0091 0x14a0  LanmanWorkstation - ok
23:19:17.0191 0x14a0  [ 93B73DED2BC688F140C6AE2FBAD45789, B6859BC5D309B99BCCDC3717108B714497AAE9C5B26CE5B201344A41FC4CFF9D ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
23:19:17.0201 0x14a0  Live Updater Service - ok
23:19:17.0261 0x14a0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:19:17.0321 0x14a0  lltdio - ok
23:19:17.0351 0x14a0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:19:17.0411 0x14a0  lltdsvc - ok
23:19:17.0441 0x14a0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:19:17.0491 0x14a0  lmhosts - ok
23:19:17.0591 0x14a0  [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:19:17.0611 0x14a0  LMS - ok
23:19:17.0681 0x14a0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:19:17.0701 0x14a0  LSI_FC - ok
23:19:17.0701 0x14a0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:19:17.0721 0x14a0  LSI_SAS - ok
23:19:17.0721 0x14a0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:19:17.0741 0x14a0  LSI_SAS2 - ok
23:19:17.0751 0x14a0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:19:17.0761 0x14a0  LSI_SCSI - ok
23:19:17.0821 0x14a0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:19:17.0871 0x14a0  luafv - ok
23:19:17.0901 0x14a0  McAfee SiteAdvisor Service - ok
23:19:17.0941 0x14a0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:19:17.0951 0x14a0  Mcx2Svc - ok
23:19:17.0961 0x14a0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:19:17.0971 0x14a0  megasas - ok
23:19:18.0081 0x14a0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:19:18.0111 0x14a0  MegaSR - ok
23:19:18.0171 0x14a0  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:19:18.0181 0x14a0  MEIx64 - ok
23:19:18.0241 0x14a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:19:18.0311 0x14a0  MMCSS - ok
23:19:18.0311 0x14a0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:19:18.0371 0x14a0  Modem - ok
23:19:18.0391 0x14a0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:19:18.0401 0x14a0  monitor - ok
23:19:18.0421 0x14a0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:19:18.0431 0x14a0  mouclass - ok
23:19:18.0441 0x14a0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
23:19:18.0491 0x14a0  mouhid - ok
23:19:18.0541 0x14a0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:19:18.0551 0x14a0  mountmgr - ok
23:19:18.0651 0x14a0  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:19:18.0671 0x14a0  MozillaMaintenance - ok
23:19:18.0711 0x14a0  [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
23:19:18.0731 0x14a0  MpFilter - ok
23:19:18.0741 0x14a0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:19:18.0751 0x14a0  mpio - ok
23:19:18.0831 0x14a0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:19:18.0881 0x14a0  mpsdrv - ok
23:19:18.0941 0x14a0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:19:19.0021 0x14a0  MpsSvc - ok
23:19:19.0071 0x14a0  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:19:19.0131 0x14a0  MRxDAV - ok
23:19:19.0151 0x14a0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:19:19.0181 0x14a0  mrxsmb - ok
23:19:19.0201 0x14a0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:19:19.0251 0x14a0  mrxsmb10 - ok
23:19:19.0271 0x14a0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:19:19.0311 0x14a0  mrxsmb20 - ok
23:19:19.0351 0x14a0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:19:19.0361 0x14a0  msahci - ok
23:19:19.0391 0x14a0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:19:19.0401 0x14a0  msdsm - ok
23:19:19.0431 0x14a0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:19:19.0471 0x14a0  MSDTC - ok
23:19:19.0501 0x14a0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:19:19.0561 0x14a0  Msfs - ok
23:19:19.0581 0x14a0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:19:19.0621 0x14a0  mshidkmdf - ok
23:19:19.0631 0x14a0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:19:19.0651 0x14a0  msisadrv - ok
23:19:19.0721 0x14a0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:19:19.0771 0x14a0  MSiSCSI - ok
23:19:19.0781 0x14a0  msiserver - ok
23:19:19.0841 0x14a0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:19:19.0881 0x14a0  MSKSSRV - ok
23:19:19.0991 0x14a0  [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:19:20.0001 0x14a0  MsMpSvc - ok
23:19:20.0041 0x14a0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:19:20.0071 0x14a0  MSPCLOCK - ok
23:19:20.0081 0x14a0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:19:20.0131 0x14a0  MSPQM - ok
23:19:20.0161 0x14a0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:19:20.0181 0x14a0  MsRPC - ok
23:19:20.0201 0x14a0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:19:20.0211 0x14a0  mssmbios - ok
23:19:20.0221 0x14a0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:19:20.0281 0x14a0  MSTEE - ok
23:19:20.0281 0x14a0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:19:20.0301 0x14a0  MTConfig - ok
23:19:20.0331 0x14a0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:19:20.0351 0x14a0  Mup - ok
23:19:20.0431 0x14a0  [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
23:19:20.0441 0x14a0  mwlPSDFilter - ok
23:19:20.0451 0x14a0  [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
23:19:20.0461 0x14a0  mwlPSDNServ - ok
23:19:20.0471 0x14a0  [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
23:19:20.0481 0x14a0  mwlPSDVDisk - ok
23:19:20.0521 0x14a0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:19:20.0591 0x14a0  napagent - ok
23:19:20.0681 0x14a0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:19:20.0741 0x14a0  NativeWifiP - ok
23:19:20.0841 0x14a0  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:19:20.0911 0x14a0  NDIS - ok
23:19:20.0971 0x14a0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:19:21.0001 0x14a0  NdisCap - ok
23:19:21.0071 0x14a0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:19:21.0121 0x14a0  NdisTapi - ok
23:19:21.0181 0x14a0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:19:21.0211 0x14a0  Ndisuio - ok
23:19:21.0241 0x14a0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:19:21.0291 0x14a0  NdisWan - ok
23:19:21.0321 0x14a0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:19:21.0351 0x14a0  NDProxy - ok
23:19:21.0411 0x14a0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:19:21.0461 0x14a0  NetBIOS - ok
23:19:21.0491 0x14a0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:19:21.0531 0x14a0  NetBT - ok
23:19:21.0551 0x14a0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
23:19:21.0571 0x14a0  Netlogon - ok
23:19:21.0611 0x14a0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:19:21.0661 0x14a0  Netman - ok
23:19:21.0801 0x14a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:21.0841 0x14a0  NetMsmqActivator - ok
23:19:21.0851 0x14a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:21.0861 0x14a0  NetPipeActivator - ok
23:19:21.0881 0x14a0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:19:21.0941 0x14a0  netprofm - ok
23:19:21.0951 0x14a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:21.0961 0x14a0  NetTcpActivator - ok
23:19:21.0971 0x14a0  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:19:21.0991 0x14a0  NetTcpPortSharing - ok
23:19:22.0081 0x14a0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:19:22.0091 0x14a0  nfrd960 - ok
23:19:22.0161 0x14a0  [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:19:22.0171 0x14a0  NisDrv - ok
23:19:22.0271 0x14a0  [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
23:19:22.0291 0x14a0  NisSrv - ok
23:19:22.0381 0x14a0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:19:22.0441 0x14a0  NlaSvc - ok
23:19:22.0581 0x14a0  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
23:19:22.0661 0x14a0  NOBU - ok
23:19:22.0681 0x14a0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:19:22.0741 0x14a0  Npfs - ok
23:19:22.0771 0x14a0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:19:22.0831 0x14a0  nsi - ok
23:19:22.0851 0x14a0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:19:22.0911 0x14a0  nsiproxy - ok
23:19:23.0001 0x14a0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:19:23.0091 0x14a0  Ntfs - ok
23:19:23.0201 0x14a0  [ 1873214666F6F0A883742DF91FBC48C9, DCF5382CE338D4B5B0C3A3B722A19B6C7BAB59EB7B266FEF04698B79070E2C4B ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
23:19:23.0211 0x14a0  NTI IScheduleSvc - ok
23:19:23.0251 0x14a0  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
23:19:23.0261 0x14a0  NTIDrvr - ok
23:19:23.0271 0x14a0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:19:23.0331 0x14a0  Null - ok
23:19:23.0841 0x14a0  [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:19:24.0331 0x14a0  nvlddmkm - ok
23:19:24.0391 0x14a0  [ F76296368BB813E0C6996501A3271C7C, FA1C127F881C09C5066CB83A686AFD7A40D731922185EA4001A52ABA230FD812 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
23:19:24.0401 0x14a0  nvpciflt - ok
23:19:24.0421 0x14a0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:19:24.0431 0x14a0  nvraid - ok
23:19:24.0441 0x14a0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:19:24.0451 0x14a0  nvstor - ok
23:19:24.0551 0x14a0  [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc           C:\Windows\system32\nvvsvc.exe
23:19:24.0591 0x14a0  nvsvc - ok
23:19:24.0751 0x14a0  [ C63E582366EAD77978BFFD959A66DBB8, BBAC11300AFED29291A08EEC8A740DA67C8C003AF89D06F9E0671CCF0E7908A0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:19:24.0801 0x14a0  nvUpdatusService - ok
23:19:24.0811 0x14a0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:19:24.0831 0x14a0  nv_agp - ok
23:19:24.0841 0x14a0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:19:24.0871 0x14a0  ohci1394 - ok
23:19:25.0011 0x14a0  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:19:25.0021 0x14a0  ose - ok
23:19:25.0311 0x14a0  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:19:25.0521 0x14a0  osppsvc - ok
23:19:25.0571 0x14a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:19:25.0591 0x14a0  p2pimsvc - ok
23:19:25.0641 0x14a0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:19:25.0681 0x14a0  p2psvc - ok
23:19:25.0721 0x14a0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
23:19:25.0761 0x14a0  Parport - ok
23:19:25.0791 0x14a0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:19:25.0811 0x14a0  partmgr - ok
23:19:25.0891 0x14a0  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:19:25.0911 0x14a0  PcaSvc - ok
23:19:25.0941 0x14a0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:19:25.0961 0x14a0  pci - ok
23:19:26.0001 0x14a0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:19:26.0011 0x14a0  pciide - ok
23:19:26.0031 0x14a0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:19:26.0051 0x14a0  pcmcia - ok
23:19:26.0071 0x14a0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:19:26.0081 0x14a0  pcw - ok
23:19:26.0241 0x14a0  [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
23:19:26.0281 0x14a0  PDF Architect Helper Service - ok
23:19:26.0391 0x14a0  [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
23:19:26.0411 0x14a0  PDF Architect Service - ok
23:19:26.0481 0x14a0  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:19:26.0541 0x14a0  PEAUTH - ok
23:19:26.0631 0x14a0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:19:26.0661 0x14a0  PerfHost - ok
23:19:26.0761 0x14a0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:19:26.0851 0x14a0  pla - ok
23:19:26.0931 0x14a0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:19:27.0001 0x14a0  PlugPlay - ok
23:19:27.0011 0x14a0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:19:27.0051 0x14a0  PNRPAutoReg - ok
23:19:27.0081 0x14a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:19:27.0101 0x14a0  PNRPsvc - ok
23:19:27.0141 0x14a0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:19:27.0211 0x14a0  PolicyAgent - ok
23:19:27.0221 0x14a0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:19:27.0271 0x14a0  Power - ok
23:19:27.0341 0x14a0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:19:27.0391 0x14a0  PptpMiniport - ok
23:19:27.0431 0x14a0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:19:27.0461 0x14a0  Processor - ok
23:19:27.0531 0x14a0  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:19:27.0591 0x14a0  ProfSvc - ok
23:19:27.0621 0x14a0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:19:27.0631 0x14a0  ProtectedStorage - ok
23:19:27.0681 0x14a0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:19:27.0741 0x14a0  Psched - ok
23:19:27.0821 0x14a0  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
23:19:27.0831 0x14a0  PSI - ok
23:19:27.0911 0x14a0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:19:27.0991 0x14a0  ql2300 - ok
23:19:28.0001 0x14a0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:19:28.0011 0x14a0  ql40xx - ok
23:19:28.0051 0x14a0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:19:28.0081 0x14a0  QWAVE - ok
23:19:28.0091 0x14a0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:19:28.0111 0x14a0  QWAVEdrv - ok
23:19:28.0121 0x14a0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:19:28.0181 0x14a0  RasAcd - ok
23:19:28.0251 0x14a0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:19:28.0301 0x14a0  RasAgileVpn - ok
23:19:28.0311 0x14a0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:19:28.0361 0x14a0  RasAuto - ok
23:19:28.0391 0x14a0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:19:28.0451 0x14a0  Rasl2tp - ok
23:19:28.0491 0x14a0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:19:28.0541 0x14a0  RasMan - ok
23:19:28.0571 0x14a0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:19:28.0611 0x14a0  RasPppoe - ok
23:19:28.0681 0x14a0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:19:28.0751 0x14a0  RasSstp - ok
23:19:28.0791 0x14a0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:19:28.0861 0x14a0  rdbss - ok
23:19:28.0881 0x14a0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:19:28.0901 0x14a0  rdpbus - ok
23:19:28.0921 0x14a0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:19:28.0991 0x14a0  RDPCDD - ok
23:19:29.0041 0x14a0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:19:29.0081 0x14a0  RDPENCDD - ok
23:19:29.0101 0x14a0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:19:29.0141 0x14a0  RDPREFMP - ok
23:19:29.0271 0x14a0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:19:29.0301 0x14a0  RdpVideoMiniport - ok
23:19:29.0341 0x14a0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:19:29.0381 0x14a0  RDPWD - ok
23:19:29.0431 0x14a0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:19:29.0451 0x14a0  rdyboost - ok
23:19:29.0481 0x14a0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:19:29.0511 0x14a0  RemoteAccess - ok
23:19:29.0541 0x14a0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:19:29.0591 0x14a0  RemoteRegistry - ok
23:19:29.0651 0x14a0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:19:29.0711 0x14a0  RpcEptMapper - ok
23:19:29.0731 0x14a0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:19:29.0751 0x14a0  RpcLocator - ok
23:19:29.0781 0x14a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:19:29.0831 0x14a0  RpcSs - ok
23:19:29.0901 0x14a0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:19:29.0931 0x14a0  rspndr - ok
23:19:29.0951 0x14a0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
23:19:29.0961 0x14a0  SamSs - ok
23:19:29.0981 0x14a0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:19:30.0001 0x14a0  sbp2port - ok
23:19:30.0021 0x14a0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:19:30.0061 0x14a0  SCardSvr - ok
23:19:30.0081 0x14a0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:19:30.0141 0x14a0  scfilter - ok
23:19:30.0201 0x14a0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:19:30.0301 0x14a0  Schedule - ok
23:19:30.0341 0x14a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:19:30.0381 0x14a0  SCPolicySvc - ok
23:19:30.0401 0x14a0  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:19:30.0441 0x14a0  sdbus - ok
23:19:30.0471 0x14a0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:19:30.0541 0x14a0  SDRSVC - ok
23:19:30.0601 0x14a0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:19:30.0641 0x14a0  secdrv - ok
23:19:30.0681 0x14a0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:19:30.0731 0x14a0  seclogon - ok
23:19:30.0871 0x14a0  [ DA6C0E0B15CD0B135FD385AEABAE3A4C, 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
23:19:30.0921 0x14a0  Secunia PSI Agent - ok
23:19:31.0001 0x14a0  [ 71761EDC432A0E39CF621105884E738E, 935133326B794F6DEAA97B9B6B6295AC6A884C3B73ABCD5662A79CEAD8EEA5EE ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
23:19:31.0031 0x14a0  Secunia Update Agent - ok
23:19:31.0051 0x14a0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:19:31.0081 0x14a0  SENS - ok
23:19:31.0141 0x14a0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:19:31.0181 0x14a0  SensrSvc - ok
23:19:31.0251 0x14a0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:19:31.0271 0x14a0  Serenum - ok
23:19:31.0341 0x14a0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
23:19:31.0371 0x14a0  Serial - ok
23:19:31.0381 0x14a0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:19:31.0391 0x14a0  sermouse - ok
23:19:31.0441 0x14a0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:19:31.0481 0x14a0  SessionEnv - ok
23:19:31.0481 0x14a0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:19:31.0501 0x14a0  sffdisk - ok
23:19:31.0501 0x14a0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:19:31.0521 0x14a0  sffp_mmc - ok
23:19:31.0521 0x14a0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:19:31.0541 0x14a0  sffp_sd - ok
23:19:31.0541 0x14a0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:19:31.0581 0x14a0  sfloppy - ok
23:19:31.0671 0x14a0  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:19:31.0721 0x14a0  Sftfs - ok
23:19:31.0831 0x14a0  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:19:31.0861 0x14a0  sftlist - ok
23:19:31.0931 0x14a0  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:19:31.0951 0x14a0  Sftplay - ok
23:19:32.0061 0x14a0  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:19:32.0071 0x14a0  Sftredir - ok
23:19:32.0071 0x14a0  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:19:32.0081 0x14a0  Sftvol - ok
23:19:32.0141 0x14a0  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:19:32.0161 0x14a0  sftvsa - ok
23:19:32.0241 0x14a0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:19:32.0281 0x14a0  SharedAccess - ok
23:19:32.0341 0x14a0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:19:32.0411 0x14a0  ShellHWDetection - ok
23:19:32.0471 0x14a0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:19:32.0481 0x14a0  SiSRaid2 - ok
23:19:32.0491 0x14a0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:19:32.0501 0x14a0  SiSRaid4 - ok
23:19:32.0531 0x14a0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:19:32.0571 0x14a0  Smb - ok
23:19:32.0621 0x14a0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:19:32.0651 0x14a0  SNMPTRAP - ok
23:19:32.0681 0x14a0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:19:32.0691 0x14a0  spldr - ok
23:19:32.0751 0x14a0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:19:32.0821 0x14a0  Spooler - ok
23:19:32.0951 0x14a0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:19:33.0121 0x14a0  sppsvc - ok
23:19:33.0141 0x14a0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:19:33.0201 0x14a0  sppuinotify - ok
23:19:33.0241 0x14a0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:19:33.0331 0x14a0  srv - ok
23:19:33.0361 0x14a0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:19:33.0411 0x14a0  srv2 - ok
23:19:33.0431 0x14a0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:19:33.0471 0x14a0  srvnet - ok
23:19:33.0511 0x14a0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:19:33.0561 0x14a0  SSDPSRV - ok
23:19:33.0571 0x14a0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:19:33.0621 0x14a0  SstpSvc - ok
23:19:33.0631 0x14a0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:19:33.0651 0x14a0  stexstor - ok
23:19:33.0721 0x14a0  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
23:19:33.0771 0x14a0  StillCam - ok
23:19:33.0881 0x14a0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:19:33.0941 0x14a0  stisvc - ok
23:19:33.0961 0x14a0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:19:33.0971 0x14a0  swenum - ok
23:19:34.0001 0x14a0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:19:34.0091 0x14a0  swprv - ok
23:19:34.0211 0x14a0  [ EF51B22706DB03F0857FADE127C804EC, F3A97B8D94E96ACF93448CDF33DED97B076C3D8FFE42E9EAD088EE662306277B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:19:34.0291 0x14a0  SynTP - ok
23:19:34.0371 0x14a0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:19:34.0491 0x14a0  SysMain - ok
23:19:34.0521 0x14a0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:19:34.0541 0x14a0  TabletInputService - ok
23:19:34.0561 0x14a0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:19:34.0631 0x14a0  TapiSrv - ok
23:19:34.0651 0x14a0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:19:34.0711 0x14a0  TBS - ok
23:19:34.0851 0x14a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:19:34.0941 0x14a0  Tcpip - ok
23:19:35.0031 0x14a0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:19:35.0091 0x14a0  TCPIP6 - ok
23:19:35.0151 0x14a0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:19:35.0181 0x14a0  tcpipreg - ok
23:19:35.0221 0x14a0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:19:35.0241 0x14a0  TDPIPE - ok
23:19:35.0271 0x14a0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:19:35.0281 0x14a0  TDTCP - ok
23:19:35.0361 0x14a0  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:19:35.0411 0x14a0  tdx - ok
23:19:35.0431 0x14a0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:19:35.0441 0x14a0  TermDD - ok
23:19:35.0521 0x14a0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
23:19:35.0591 0x14a0  TermService - ok
23:19:35.0631 0x14a0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:19:35.0661 0x14a0  Themes - ok
23:19:35.0691 0x14a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:19:35.0731 0x14a0  THREADORDER - ok
23:19:35.0801 0x14a0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:19:35.0861 0x14a0  TrkWks - ok
23:19:35.0951 0x14a0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:19:36.0001 0x14a0  TrustedInstaller - ok
23:19:36.0071 0x14a0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:19:36.0091 0x14a0  tssecsrv - ok
23:19:36.0151 0x14a0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:19:36.0191 0x14a0  TsUsbFlt - ok
23:19:36.0251 0x14a0  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:19:36.0291 0x14a0  TsUsbGD - ok
23:19:36.0381 0x14a0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:19:36.0441 0x14a0  tunnel - ok
23:19:36.0461 0x14a0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:19:36.0481 0x14a0  uagp35 - ok
23:19:36.0481 0x14a0  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:19:36.0491 0x14a0  UBHelper - ok
23:19:36.0521 0x14a0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:19:36.0561 0x14a0  udfs - ok
23:19:36.0581 0x14a0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:19:36.0591 0x14a0  UI0Detect - ok
23:19:36.0601 0x14a0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:19:36.0611 0x14a0  uliagpkx - ok
23:19:36.0661 0x14a0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:19:36.0701 0x14a0  umbus - ok
23:19:36.0701 0x14a0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:19:36.0721 0x14a0  UmPass - ok
23:19:36.0871 0x14a0  [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:19:36.0971 0x14a0  UNS - ok
23:19:37.0001 0x14a0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:19:37.0071 0x14a0  upnphost - ok
23:19:37.0111 0x14a0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:19:37.0131 0x14a0  usbccgp - ok
23:19:37.0181 0x14a0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:19:37.0201 0x14a0  usbcir - ok
23:19:37.0211 0x14a0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:19:37.0241 0x14a0  usbehci - ok
23:19:37.0311 0x14a0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:19:37.0331 0x14a0  usbhub - ok
23:19:37.0351 0x14a0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:19:37.0381 0x14a0  usbohci - ok
23:19:37.0441 0x14a0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:19:37.0451 0x14a0  usbprint - ok
23:19:37.0471 0x14a0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:19:37.0501 0x14a0  USBSTOR - ok
23:19:37.0521 0x14a0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:19:37.0531 0x14a0  usbuhci - ok
23:19:37.0611 0x14a0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:19:37.0631 0x14a0  usbvideo - ok
23:19:37.0661 0x14a0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:19:37.0711 0x14a0  UxSms - ok
23:19:37.0731 0x14a0  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
23:19:37.0741 0x14a0  VaultSvc - ok
23:19:37.0811 0x14a0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:19:37.0831 0x14a0  vdrvroot - ok
23:19:37.0861 0x14a0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:19:37.0951 0x14a0  vds - ok
23:19:38.0011 0x14a0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:19:38.0031 0x14a0  vga - ok
23:19:38.0061 0x14a0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:19:38.0121 0x14a0  VgaSave - ok
23:19:38.0131 0x14a0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:19:38.0151 0x14a0  vhdmp - ok
23:19:38.0181 0x14a0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:19:38.0191 0x14a0  viaide - ok
23:19:38.0211 0x14a0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:19:38.0231 0x14a0  volmgr - ok
23:19:38.0261 0x14a0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:19:38.0291 0x14a0  volmgrx - ok
23:19:38.0311 0x14a0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:19:38.0331 0x14a0  volsnap - ok
23:19:38.0391 0x14a0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:19:38.0411 0x14a0  vsmraid - ok
23:19:38.0501 0x14a0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:19:38.0631 0x14a0  VSS - ok
23:19:38.0651 0x14a0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:19:38.0671 0x14a0  vwifibus - ok
23:19:38.0691 0x14a0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:19:38.0721 0x14a0  vwififlt - ok
23:19:38.0761 0x14a0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:19:38.0841 0x14a0  W32Time - ok
23:19:38.0891 0x14a0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:19:38.0921 0x14a0  WacomPen - ok
23:19:38.0971 0x14a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:19:39.0021 0x14a0  WANARP - ok
23:19:39.0051 0x14a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:19:39.0091 0x14a0  Wanarpv6 - ok
23:19:39.0201 0x14a0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:19:39.0321 0x14a0  wbengine - ok
23:19:39.0351 0x14a0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:19:39.0371 0x14a0  WbioSrvc - ok
23:19:39.0411 0x14a0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:19:39.0441 0x14a0  wcncsvc - ok
23:19:39.0461 0x14a0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:19:39.0481 0x14a0  WcsPlugInService - ok
23:19:39.0501 0x14a0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:19:39.0511 0x14a0  Wd - ok
23:19:39.0581 0x14a0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:19:39.0631 0x14a0  Wdf01000 - ok
23:19:39.0711 0x14a0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:19:39.0761 0x14a0  WdiServiceHost - ok
23:19:39.0771 0x14a0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:19:39.0781 0x14a0  WdiSystemHost - ok
23:19:39.0841 0x14a0  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:19:39.0901 0x14a0  WebClient - ok
23:19:39.0931 0x14a0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:19:40.0001 0x14a0  Wecsvc - ok
23:19:40.0021 0x14a0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:19:40.0081 0x14a0  wercplsupport - ok
23:19:40.0131 0x14a0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:19:40.0181 0x14a0  WerSvc - ok
23:19:40.0261 0x14a0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:19:40.0291 0x14a0  WfpLwf - ok
23:19:40.0311 0x14a0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:19:40.0321 0x14a0  WIMMount - ok
23:19:40.0341 0x14a0  WinDefend - ok
23:19:40.0381 0x14a0  WinHttpAutoProxySvc - ok
23:19:40.0451 0x14a0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:19:40.0531 0x14a0  Winmgmt - ok
23:19:40.0631 0x14a0  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
23:19:40.0741 0x14a0  WinRM - ok
23:19:40.0831 0x14a0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:19:40.0911 0x14a0  Wlansvc - ok
23:19:41.0011 0x14a0  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:19:41.0021 0x14a0  wlcrasvc - ok
23:19:41.0141 0x14a0  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:19:41.0261 0x14a0  wlidsvc - ok
23:19:41.0341 0x14a0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:19:41.0351 0x14a0  WmiAcpi - ok
23:19:41.0381 0x14a0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:19:41.0421 0x14a0  wmiApSrv - ok
23:19:41.0491 0x14a0  WMPNetworkSvc - ok
23:19:41.0521 0x14a0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:19:41.0541 0x14a0  WPCSvc - ok
23:19:41.0551 0x14a0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:19:41.0571 0x14a0  WPDBusEnum - ok
23:19:41.0581 0x14a0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:19:41.0641 0x14a0  ws2ifsl - ok
23:19:41.0671 0x14a0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:19:41.0711 0x14a0  wscsvc - ok
23:19:41.0721 0x14a0  WSearch - ok
23:19:41.0831 0x14a0  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:19:41.0951 0x14a0  wuauserv - ok
23:19:42.0001 0x14a0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:19:42.0021 0x14a0  WudfPf - ok
23:19:42.0101 0x14a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:19:42.0141 0x14a0  WUDFRd - ok
23:19:42.0181 0x14a0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:19:42.0201 0x14a0  wudfsvc - ok
23:19:42.0261 0x14a0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:19:42.0291 0x14a0  WwanSvc - ok
23:19:42.0321 0x14a0  ================ Scan global ===============================
23:19:42.0371 0x14a0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:19:42.0431 0x14a0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:19:42.0451 0x14a0  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:19:42.0541 0x14a0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:19:42.0581 0x14a0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:19:42.0601 0x14a0  [ Global ] - ok
23:19:42.0601 0x14a0  ================ Scan MBR ==================================
23:19:42.0671 0x14a0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:19:43.0061 0x14a0  \Device\Harddisk0\DR0 - ok
23:19:43.0061 0x14a0  ================ Scan VBR ==================================
23:19:43.0061 0x14a0  [ EF40068D07DC651A18753107D0A43527 ] \Device\Harddisk0\DR0\Partition1
23:19:43.0121 0x14a0  \Device\Harddisk0\DR0\Partition1 - ok
23:19:43.0121 0x14a0  [ 3D85220D32F89770771D54322D4730C6 ] \Device\Harddisk0\DR0\Partition2
23:19:43.0161 0x14a0  \Device\Harddisk0\DR0\Partition2 - ok
23:19:43.0161 0x14a0  ================ Scan generic autorun ======================
23:19:43.0211 0x14a0  [ BA9E8BF3E91C14DE99FDB1FA946D07AF, 9C3F5F52EE5B8D02B15EE18AA492FB110547A8DCDA3F8284A614F4E1A30F9BB1 ] C:\Windows\system32\igfxtray.exe
23:19:43.0231 0x14a0  IgfxTray - ok
23:19:43.0251 0x14a0  [ B20857C91A3E992A5AC93D8625C53CAE, ECB89856B267E2F4930CB7B404B51425C6375A47F864577C1A7B8B255278EC12 ] C:\Windows\system32\hkcmd.exe
23:19:43.0271 0x14a0  HotKeysCmds - ok
23:19:43.0291 0x14a0  [ 29E120E36791B2E620CC398847C28E12, 7C2904FEDD50F49447FD091D33BB3BFA5A2A684101ADB123BC2C08699320B912 ] C:\Windows\system32\igfxpers.exe
23:19:43.0311 0x14a0  Persistence - ok
23:19:43.0311 0x14a0  SynTPEnh - ok
23:19:43.0801 0x14a0  [ 5DADA908E14051D65DB1991CB0B1F58D, DC02EDA032CEC2241F302995BF010B0376D5421A3E97583CB8A13A80993290B4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:19:44.0231 0x14a0  RtHDVCpl - ok
23:19:44.0331 0x14a0  [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
23:19:44.0401 0x14a0  RtHDVBg_Dolby - ok
23:19:44.0531 0x14a0  [ F0474296AC4E0E6BDE733C1B8513E41A, 2E54894FC1B422F0C520D11166204926D3994A3440037D655C73D66D7118859C ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
23:19:44.0591 0x14a0  Power Management - ok
23:19:44.0701 0x14a0  [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
23:19:44.0781 0x14a0  MSC - ok
23:19:44.0861 0x14a0  [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
23:19:44.0921 0x14a0  Norton Online Backup - ok
23:19:44.0961 0x14a0  [ 0D360F06B168A6F37ACA9D9F958245DA, 0F37D510AE0A31503A359F65D5C04CD798B178A3A3E2601DFBAB6534B3C7C23C ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
23:19:44.0981 0x14a0  BackupManagerTray - ok
23:19:45.0061 0x14a0  [ 9ABC4E3B00CFA3A47D5569F5B49FE42F, 5D33CCE770BC9BC3AFA544A21F100A7F1E5A36577FDB30884160AC4BFE6A1838 ] C:\Program Files (x86)\Launch Manager\LManager.exe
23:19:45.0101 0x14a0  LManager - ok
23:19:45.0151 0x14a0  [ E6CC0FA3C1040C791EB3F4BA6C789411, 095D5965FEE00ACB6D8713B2E2772A409A84F42D85383AEAF5FC3E2E393DC07D ] C:\Dolby PCEE4\pcee4.exe
23:19:45.0171 0x14a0  Dolby Advanced Audio v2 - ok
23:19:45.0201 0x14a0  [ D35187E38B0BD6E116C2CE582CAC4273, B3C652E0875D4354ACE6F475BC84B4BCA41A1AD8AF5FBE9DE9A9B66B7FCC2756 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
23:19:45.0221 0x14a0  SuiteTray - ok
23:19:45.0221 0x14a0  ZoneAlarm Installer - ok
23:19:45.0251 0x14a0  Download Protect - ok
23:19:45.0361 0x14a0  [ 39D5333A11EC3CB56F80D42312F2EE7C, B6CBF4BCCE9A506E1F669312DC3A92498B919E755B11783C434D72B8A886252F ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
23:19:45.0401 0x14a0  DivXMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
23:19:55.0401 0x14a0  DivXMediaServer ( UnsignedFile.Multi.Generic ) - warning
23:19:55.0401 0x14a0  Force sending object to P2P due to detect: C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
23:19:59.0881 0x14a0  Object send P2P result: true
23:20:02.0421 0x14a0  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
23:20:02.0471 0x14a0  DivXUpdate - ok
23:20:02.0551 0x14a0  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
23:20:02.0561 0x14a0  HP Software Update - ok
23:20:02.0641 0x14a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:20:02.0731 0x14a0  Sidebar - ok
23:20:02.0751 0x14a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:20:02.0771 0x14a0  mctadmin - ok
23:20:02.0771 0x14a0  IsMyWinLockerReboot - ok
23:20:02.0811 0x14a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:20:02.0851 0x14a0  Sidebar - ok
23:20:02.0851 0x14a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:20:02.0871 0x14a0  mctadmin - ok
23:20:02.0871 0x14a0  IsMyWinLockerReboot - ok
23:20:02.0911 0x14a0  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:20:02.0951 0x14a0  Sidebar - ok
23:20:02.0961 0x14a0  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:20:02.0981 0x14a0  mctadmin - ok
23:20:02.0991 0x14a0  IsMyWinLockerReboot - ok
23:20:03.0071 0x14a0  [ F911551E5B9B5029CF56A57E42A7AC90, 53F4C53C9B67505519215B6EA1F52DF47382A7196E662D470521B3706C7E1437 ] C:\Program Files (x86)\Lidl_Fotos\dd.exe
23:20:03.0101 0x14a0  Device Detection - ok
23:20:03.0271 0x14a0  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
23:20:03.0361 0x14a0  HP Photosmart 5520 series (NET) - ok
23:20:03.0371 0x14a0  GoogleDriveSync - ok
23:20:04.0751 0x14a0  [ BC59AE9A62B28A31487BFD32373BCD5D, A57C1887558B0E652F69B60658E4A3F805E11FCC077DBE925985F3789D57A100 ] C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
23:20:04.0941 0x14a0  Amazon Music - ok
23:20:04.0951 0x14a0  Waiting for KSN requests completion. In queue: 11
23:20:05.0951 0x14a0  Waiting for KSN requests completion. In queue: 11
23:20:06.0951 0x14a0  Waiting for KSN requests completion. In queue: 11
23:20:07.0951 0x14a0  Waiting for KSN requests completion. In queue: 11
23:20:08.0961 0x14a0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
23:20:08.0981 0x14a0  Win FW state via NFP2: enabled
23:20:11.0331 0x14a0  ============================================================
23:20:11.0331 0x14a0  Scan finished
23:20:11.0331 0x14a0  ============================================================
23:20:11.0341 0x159c  Detected object count: 3
23:20:11.0341 0x159c  Actual detected object count: 3
23:22:30.0081 0x159c  bujixodo ( UDS:DangerousObject.Multi.Generic ) - skipped by user
23:22:30.0081 0x159c  bujixodo ( UDS:DangerousObject.Multi.Generic ) - User select action: Skip 
23:22:30.0081 0x159c  dibudyzy ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:30.0081 0x159c  dibudyzy ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:22:30.0081 0x159c  DivXMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:30.0081 0x159c  DivXMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Geändert von Fanou (03.03.2015 um 23:24 Uhr) Grund: Beitragsverdichtung

Alt 04.03.2015, 08:56   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Zitat:
23:22:30.0081 0x159c bujixodo ( UDSangerousObject.Multi.Generic ) - skipped by user
23:22:30.0081 0x159c bujixodo ( UDSangerousObject.Multi.Generic ) - User select action: Skip
23:22:30.0081 0x159c dibudyzy ( UnsignedFile.Multi.Generic ) - skipped by user
23:22:30.0081 0x159c dibudyzy ( UnsignedFile.Multi.Generic ) - User select action: Skip


Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Drücke auf Start Scan.
    Mache während dem Scan nichts am Rechner
  • Gehe sicher das Cure ( default ) angehackt ist !
  • Drücke Continue --> Reboot.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.03.2015, 09:40   #5
Fanou
 
Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Guten Morgen schrauber,

der Scan ist gerade gelaufen, die beiden Funde wurden wieder entdeckt, aber ich kann kein "CURE" auswählen. Die Auswahlmöglichkeiten sind: "DELETE" "SKIP" & "COPY TO QUARANTINE".

Welches ist hier richtig?

Vielen Dank.


Alt 04.03.2015, 11:28   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Delete
__________________
--> Windows 7, Adware eingefangen (Digisaver etc.)

Alt 04.03.2015, 12:20   #7
Fanou
 
Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



TDSS ist durch, System ist neu gebootet. Banner im FF sind immer noch da.

Hier das logfile:

Code:
ATTFilter
12:07:56.0272 0x0b68  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
12:07:58.0284 0x0b68  ============================================================
12:07:58.0284 0x0b68  Current date / time: 2015/03/04 12:07:58.0284
12:07:58.0284 0x0b68  SystemInfo:
12:07:58.0284 0x0b68  
12:07:58.0284 0x0b68  OS Version: 6.1.7601 ServicePack: 1.0
12:07:58.0284 0x0b68  Product type: Workstation
12:07:58.0284 0x0b68  ComputerName: PC
12:07:58.0284 0x0b68  UserName: Sonja
12:07:58.0284 0x0b68  Windows directory: C:\Windows
12:07:58.0284 0x0b68  System windows directory: C:\Windows
12:07:58.0284 0x0b68  Running under WOW64
12:07:58.0284 0x0b68  Processor architecture: Intel x64
12:07:58.0284 0x0b68  Number of processors: 4
12:07:58.0284 0x0b68  Page size: 0x1000
12:07:58.0284 0x0b68  Boot type: Normal boot
12:07:58.0284 0x0b68  ============================================================
12:07:58.0284 0x0b68  BG loaded
12:08:11.0294 0x0b68  System UUID: {0DA0F262-08EE-2711-F97B-1C91E59548AD}
12:08:16.0536 0x0b68  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:08:16.0536 0x0b68  ============================================================
12:08:16.0536 0x0b68  \Device\Harddisk0\DR0:
12:08:16.0536 0x0b68  MBR partitions:
12:08:16.0552 0x0b68  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
12:08:16.0552 0x0b68  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
12:08:16.0552 0x0b68  ============================================================
12:08:17.0566 0x0b68  C: <-> \Device\Harddisk0\DR0\Partition2
12:08:17.0566 0x0b68  ============================================================
12:08:17.0566 0x0b68  Initialize success
12:08:17.0566 0x0b68  ============================================================
         

Alt 04.03.2015, 16:25   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Neuen Scan mit TDSSKIller bitte. Die Banner sind im Moment das kleinere Übel
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 04.03.2015, 19:53   #9
Fanou
 
Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Guten Abend, hier das frische TDSS-Log:

Code:
ATTFilter
19:43:26.0886 0x1a64  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
19:43:31.0826 0x1a64  ============================================================
19:43:31.0826 0x1a64  Current date / time: 2015/03/04 19:43:31.0826
19:43:31.0826 0x1a64  SystemInfo:
19:43:31.0826 0x1a64  
19:43:31.0826 0x1a64  OS Version: 6.1.7601 ServicePack: 1.0
19:43:31.0826 0x1a64  Product type: Workstation
19:43:31.0826 0x1a64  ComputerName: PC
19:43:31.0826 0x1a64  UserName: Sonja
19:43:31.0826 0x1a64  Windows directory: C:\Windows
19:43:31.0826 0x1a64  System windows directory: C:\Windows
19:43:31.0826 0x1a64  Running under WOW64
19:43:31.0826 0x1a64  Processor architecture: Intel x64
19:43:31.0826 0x1a64  Number of processors: 4
19:43:31.0826 0x1a64  Page size: 0x1000
19:43:31.0826 0x1a64  Boot type: Normal boot
19:43:31.0826 0x1a64  ============================================================
19:43:31.0826 0x1a64  BG loaded
19:43:37.0786 0x1a64  System UUID: {0DA0F262-08EE-2711-F97B-1C91E59548AD}
19:43:40.0216 0x1a64  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:40.0296 0x1a64  ============================================================
19:43:40.0296 0x1a64  \Device\Harddisk0\DR0:
19:43:40.0296 0x1a64  MBR partitions:
19:43:40.0296 0x1a64  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
19:43:40.0296 0x1a64  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
19:43:40.0296 0x1a64  ============================================================
19:43:40.0896 0x1a64  C: <-> \Device\Harddisk0\DR0\Partition2
19:43:41.0156 0x1a64  ============================================================
19:43:41.0156 0x1a64  Initialize success
19:43:41.0156 0x1a64  ============================================================
19:43:53.0526 0x1c44  ============================================================
19:43:53.0526 0x1c44  Scan started
19:43:53.0526 0x1c44  Mode: Manual; SigCheck; TDLFS; 
19:43:53.0526 0x1c44  ============================================================
19:43:53.0526 0x1c44  KSN ping started
19:44:07.0548 0x1c44  KSN ping finished: true
19:44:09.0148 0x1c44  ================ Scan system memory ========================
19:44:09.0148 0x1c44  System memory - ok
19:44:09.0148 0x1c44  ================ Scan services =============================
19:44:09.0578 0x1c44  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:44:09.0808 0x1c44  1394ohci - ok
19:44:10.0178 0x1c44  [ C8030D922511A926D0AA06B78C4B87A9, 6D093CE1F43249839D4A2C3D832A57A8358203F6F6BA9349AB1E7806701A9E1D ] acedrv06        C:\Windows\system32\drivers\acedrv06.sys
19:44:10.0368 0x1c44  acedrv06 - detected UnsignedFile.Multi.Generic ( 1 )
19:44:12.0968 0x1c44  Detect skipped due to KSN trusted
19:44:12.0968 0x1c44  acedrv06 - ok
19:44:13.0178 0x1c44  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:44:13.0198 0x1c44  ACPI - ok
19:44:13.0308 0x1c44  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:44:13.0578 0x1c44  AcpiPmi - ok
19:44:14.0048 0x1c44  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:44:14.0238 0x1c44  AdobeARMservice - ok
19:44:14.0638 0x1c44  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:14.0658 0x1c44  AdobeFlashPlayerUpdateSvc - ok
19:44:14.0738 0x1c44  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:44:14.0768 0x1c44  adp94xx - ok
19:44:14.0838 0x1c44  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:44:14.0868 0x1c44  adpahci - ok
19:44:14.0878 0x1c44  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:44:14.0903 0x1c44  adpu320 - ok
19:44:15.0030 0x1c44  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:44:15.0200 0x1c44  AeLookupSvc - ok
19:44:15.0340 0x1c44  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
19:44:15.0460 0x1c44  AFD - ok
19:44:15.0520 0x1c44  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
19:44:15.0530 0x1c44  agp440 - ok
19:44:15.0610 0x1c44  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
19:44:15.0690 0x1c44  ALG - ok
19:44:15.0760 0x1c44  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:44:15.0780 0x1c44  aliide - ok
19:44:15.0870 0x1c44  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
19:44:15.0910 0x1c44  amdide - ok
19:44:16.0030 0x1c44  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:44:16.0080 0x1c44  AmdK8 - ok
19:44:16.0080 0x1c44  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:44:16.0170 0x1c44  AmdPPM - ok
19:44:16.0190 0x1c44  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:44:16.0210 0x1c44  amdsata - ok
19:44:16.0270 0x1c44  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:44:16.0290 0x1c44  amdsbs - ok
19:44:16.0300 0x1c44  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:44:16.0310 0x1c44  amdxata - ok
19:44:16.0390 0x1c44  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
19:44:16.0440 0x1c44  AppID - ok
19:44:16.0460 0x1c44  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:44:16.0500 0x1c44  AppIDSvc - ok
19:44:16.0570 0x1c44  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
19:44:16.0620 0x1c44  Appinfo - ok
19:44:16.0690 0x1c44  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
19:44:16.0710 0x1c44  arc - ok
19:44:16.0710 0x1c44  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:44:16.0730 0x1c44  arcsas - ok
19:44:17.0180 0x1c44  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:44:17.0250 0x1c44  aspnet_state - ok
19:44:17.0360 0x1c44  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:17.0420 0x1c44  AsyncMac - ok
19:44:17.0510 0x1c44  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
19:44:17.0520 0x1c44  atapi - ok
19:44:17.0680 0x1c44  [ 956BC6EB96AA09478BD897AF8DF55A62, 07221CE77A08BF44AEEC5B65BD9991920853DD69592FFEAF86A63B70DB988796 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
19:44:17.0960 0x1c44  athr - ok
19:44:18.0040 0x1c44  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:44:18.0160 0x1c44  AudioEndpointBuilder - ok
19:44:18.0180 0x1c44  [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:44:18.0210 0x1c44  AudioSrv - ok
19:44:18.0290 0x1c44  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:44:18.0400 0x1c44  AxInstSV - ok
19:44:18.0510 0x1c44  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:44:18.0600 0x1c44  b06bdrv - ok
19:44:18.0680 0x1c44  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:44:18.0740 0x1c44  b57nd60a - ok
19:44:18.0810 0x1c44  [ A424CB46A145E5AABF15621550976DF2, B6CA183FD5ED72237D2DC1F599FD04A066C06A717A2CF63AF08D3AA0A227D7BA ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
19:44:18.0860 0x1c44  b57xdbd - ok
19:44:18.0910 0x1c44  [ BE4E6FD5A898812B85D5817AD9754A9F, 46A7C80283BE53F43A0D73DA3338461024DD002A7CF43660F9C7D640E0C72876 ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
19:44:18.0920 0x1c44  b57xdmp - ok
19:44:18.0980 0x1c44  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:44:19.0030 0x1c44  BDESVC - ok
19:44:19.0060 0x1c44  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:44:19.0110 0x1c44  Beep - ok
19:44:19.0230 0x1c44  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
19:44:19.0440 0x1c44  BFE - ok
19:44:19.0500 0x1c44  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
19:44:19.0732 0x1c44  BITS - ok
19:44:19.0812 0x1c44  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
19:44:19.0852 0x1c44  blbdrive - ok
19:44:19.0922 0x1c44  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:44:19.0952 0x1c44  bowser - ok
19:44:20.0002 0x1c44  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:44:20.0042 0x1c44  BrFiltLo - ok
19:44:20.0042 0x1c44  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:44:20.0062 0x1c44  BrFiltUp - ok
19:44:20.0122 0x1c44  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
19:44:20.0192 0x1c44  Browser - ok
19:44:20.0212 0x1c44  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:44:20.0292 0x1c44  Brserid - ok
19:44:20.0292 0x1c44  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:44:20.0362 0x1c44  BrSerWdm - ok
19:44:20.0362 0x1c44  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:44:20.0442 0x1c44  BrUsbMdm - ok
19:44:20.0442 0x1c44  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:44:20.0452 0x1c44  BrUsbSer - ok
19:44:20.0542 0x1c44  [ 0970D8B7151E9113BF8D44CE2E954DF7, D467DFFA1668F3BE29620154A13867568C25211ED823BE6A220D2DEE7E3A1278 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
19:44:20.0552 0x1c44  bScsiMSa - ok
19:44:20.0632 0x1c44  [ 0C1EEE5AF32402D306874B110DE237EC, B0FE0F3B6A1E2C003E6F4B6330601C43126881262B328D7DD93AC2C0B714DC86 ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
19:44:20.0662 0x1c44  bScsiSDa - ok
19:44:20.0702 0x1c44  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:44:20.0782 0x1c44  BTHMODEM - ok
19:44:20.0852 0x1c44  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
19:44:20.0902 0x1c44  bthserv - ok
19:44:21.0682 0x1c44  [ 1F79342D9EB530A48742F651E570983A, 99E0B613C23FA8591E248DFA6FF2D3EE19E262BE6E070A0E43E256B69687017F ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
19:44:21.0742 0x1c44  c2cautoupdatesvc - ok
19:44:21.0962 0x1c44  [ E4938E0A376CF0B9D989EE5C0A146891, 9DF6AB5781CD60862D9664CA9A8AF0696A1FB6D09D804CD8DE9630F40DE59E90 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
19:44:22.0042 0x1c44  c2cpnrsvc - ok
19:44:22.0102 0x1c44  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:44:22.0172 0x1c44  cdfs - ok
19:44:22.0282 0x1c44  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:44:22.0322 0x1c44  cdrom - ok
19:44:22.0412 0x1c44  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
19:44:22.0452 0x1c44  CertPropSvc - ok
19:44:22.0542 0x1c44  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
19:44:22.0582 0x1c44  circlass - ok
19:44:22.0622 0x1c44  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
19:44:22.0652 0x1c44  CLFS - ok
19:44:22.0772 0x1c44  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:22.0782 0x1c44  clr_optimization_v2.0.50727_32 - ok
19:44:22.0872 0x1c44  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:44:22.0882 0x1c44  clr_optimization_v2.0.50727_64 - ok
19:44:23.0052 0x1c44  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:23.0072 0x1c44  clr_optimization_v4.0.30319_32 - ok
19:44:23.0112 0x1c44  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:44:23.0132 0x1c44  clr_optimization_v4.0.30319_64 - ok
19:44:23.0182 0x1c44  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:44:23.0212 0x1c44  CmBatt - ok
19:44:23.0252 0x1c44  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:44:23.0262 0x1c44  cmdide - ok
19:44:23.0312 0x1c44  [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG             C:\Windows\system32\Drivers\cng.sys
19:44:23.0392 0x1c44  CNG - ok
19:44:23.0452 0x1c44  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:44:23.0462 0x1c44  Compbatt - ok
19:44:23.0532 0x1c44  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:44:23.0572 0x1c44  CompositeBus - ok
19:44:23.0592 0x1c44  COMSysApp - ok
19:44:23.0622 0x1c44  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:44:23.0632 0x1c44  crcdisk - ok
19:44:23.0702 0x1c44  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:44:23.0762 0x1c44  CryptSvc - ok
19:44:24.0042 0x1c44  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:44:24.0182 0x1c44  cvhsvc - ok
19:44:24.0272 0x1c44  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:44:24.0372 0x1c44  DcomLaunch - ok
19:44:24.0432 0x1c44  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
19:44:24.0512 0x1c44  defragsvc - ok
19:44:24.0572 0x1c44  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:44:24.0632 0x1c44  DfsC - ok
19:44:24.0692 0x1c44  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:44:24.0762 0x1c44  Dhcp - ok
19:44:24.0772 0x1c44  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
19:44:24.0832 0x1c44  discache - ok
19:44:24.0922 0x1c44  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
19:44:24.0932 0x1c44  Disk - ok
19:44:25.0012 0x1c44  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:44:25.0072 0x1c44  Dnscache - ok
19:44:25.0092 0x1c44  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:44:25.0172 0x1c44  dot3svc - ok
19:44:25.0242 0x1c44  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
19:44:25.0282 0x1c44  DPS - ok
19:44:25.0392 0x1c44  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:44:25.0412 0x1c44  drmkaud - ok
19:44:25.0552 0x1c44  [ 9DD3A22F804697606C2B7FF9E912FF6B, BBE2FC0D554030BA9E3A96CC4A360D61DBCCAA1D81BD7547809F29A3AF0B3A25 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
19:44:25.0572 0x1c44  DsiWMIService - ok
19:44:25.0652 0x1c44  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:44:25.0702 0x1c44  DXGKrnl - ok
19:44:25.0782 0x1c44  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] e47f97f2        C:\Windows\system32\rundll32.exe
19:44:25.0812 0x1c44  e47f97f2 - ok
19:44:25.0892 0x1c44  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
19:44:25.0952 0x1c44  EapHost - ok
19:44:26.0282 0x1c44  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:44:26.0572 0x1c44  ebdrv - ok
19:44:26.0652 0x1c44  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS             C:\Windows\System32\lsass.exe
19:44:26.0732 0x1c44  EFS - ok
19:44:26.0812 0x1c44  [ 5332EC2BA1C112BD4BB1F38127848FEF, 156585CE4011546B20EDD20D04E639A0788B1DE6455B23B94E2CD31BA725FE3C ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
19:44:26.0822 0x1c44  EgisTec Ticket Service - ok
19:44:26.0952 0x1c44  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:44:27.0042 0x1c44  ehRecvr - ok
19:44:27.0102 0x1c44  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
19:44:27.0142 0x1c44  ehSched - ok
19:44:27.0222 0x1c44  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:44:27.0252 0x1c44  elxstor - ok
19:44:27.0422 0x1c44  [ 48425C93B6F36529707206E4FA680CF3, 328BD59DEDFAD359EF79CCFBC2AD3E9C95657EC616AE0611F5EFEB34B810692A ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
19:44:27.0492 0x1c44  ePowerSvc - ok
19:44:27.0522 0x1c44  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:44:27.0552 0x1c44  ErrDev - ok
19:44:27.0622 0x1c44  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
19:44:27.0672 0x1c44  EventSystem - ok
19:44:27.0722 0x1c44  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
19:44:27.0792 0x1c44  exfat - ok
19:44:27.0852 0x1c44  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:44:27.0892 0x1c44  fastfat - ok
19:44:27.0972 0x1c44  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
19:44:28.0072 0x1c44  Fax - ok
19:44:28.0132 0x1c44  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
19:44:28.0142 0x1c44  fdc - ok
19:44:28.0212 0x1c44  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
19:44:28.0262 0x1c44  fdPHost - ok
19:44:28.0322 0x1c44  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:44:28.0382 0x1c44  FDResPub - ok
19:44:28.0432 0x1c44  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:44:28.0442 0x1c44  FileInfo - ok
19:44:28.0462 0x1c44  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:44:28.0532 0x1c44  Filetrace - ok
19:44:28.0622 0x1c44  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:44:28.0652 0x1c44  FLEXnet Licensing Service - ok
19:44:28.0732 0x1c44  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:44:28.0762 0x1c44  flpydisk - ok
19:44:28.0802 0x1c44  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:44:28.0822 0x1c44  FltMgr - ok
19:44:29.0032 0x1c44  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
19:44:29.0172 0x1c44  FontCache - ok
19:44:29.0222 0x1c44  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:44:29.0232 0x1c44  FontCache3.0.0.0 - ok
19:44:29.0252 0x1c44  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:44:29.0262 0x1c44  FsDepends - ok
19:44:29.0292 0x1c44  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:44:29.0302 0x1c44  Fs_Rec - ok
19:44:29.0392 0x1c44  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:44:29.0412 0x1c44  fvevol - ok
19:44:29.0502 0x1c44  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:44:29.0522 0x1c44  gagp30kx - ok
19:44:29.0872 0x1c44  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
19:44:29.0982 0x1c44  gpsvc - ok
19:44:30.0122 0x1c44  [ C9B2D1D3F86FD3673EF847DEF73B6F9E, 9D3822A6464F685F770F8D02A8AE623A676888F135E8425C3BAF1CC077429A7F ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
19:44:30.0132 0x1c44  GREGService - ok
19:44:30.0352 0x1c44  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:30.0362 0x1c44  gupdate - ok
19:44:30.0422 0x1c44  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:44:30.0432 0x1c44  gupdatem - ok
19:44:30.0482 0x1c44  [ C1B577B2169900F4CF7190C39F085794, 73E104B96A48F4C80D8C37254ECB0891D15C0D2F0C251B57C168F90D60316447 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:44:30.0502 0x1c44  gusvc - ok
19:44:30.0552 0x1c44  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:44:30.0602 0x1c44  hcw85cir - ok
19:44:30.0692 0x1c44  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:44:30.0802 0x1c44  HdAudAddService - ok
19:44:30.0872 0x1c44  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:44:30.0902 0x1c44  HDAudBus - ok
19:44:30.0942 0x1c44  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:44:30.0972 0x1c44  HidBatt - ok
19:44:31.0012 0x1c44  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:44:31.0052 0x1c44  HidBth - ok
19:44:31.0052 0x1c44  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:44:31.0132 0x1c44  HidIr - ok
19:44:31.0172 0x1c44  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
19:44:31.0232 0x1c44  hidserv - ok
19:44:31.0352 0x1c44  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
19:44:31.0372 0x1c44  HidUsb - ok
19:44:31.0402 0x1c44  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:44:31.0452 0x1c44  hkmsvc - ok
19:44:31.0522 0x1c44  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:44:31.0582 0x1c44  HomeGroupListener - ok
19:44:31.0612 0x1c44  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:44:31.0652 0x1c44  HomeGroupProvider - ok
19:44:31.0712 0x1c44  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:44:31.0722 0x1c44  HpSAMD - ok
19:44:32.0622 0x1c44  HPSLPSVC - ok
19:44:32.0702 0x1c44  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:44:32.0822 0x1c44  HTTP - ok
19:44:32.0912 0x1c44  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:44:32.0922 0x1c44  hwpolicy - ok
19:44:33.0012 0x1c44  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:33.0022 0x1c44  i8042prt - ok
19:44:33.0122 0x1c44  [ 26CF4275034214ECEDD8EC17B0A18A99, 95A08C63971C28F1BC97040C0ADA247E3B43DE7D937B14E33A394B955D0AC8B7 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
19:44:33.0212 0x1c44  iaStor - ok
19:44:33.0322 0x1c44  [ E79A8E33BD136D14BAE1FA20EB2EF124, 54AD784570282FEF21021BE76C57EE878EC6FF6423CE2FFC3A4372AF6C3112D4 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:44:33.0332 0x1c44  IAStorDataMgrSvc - ok
19:44:33.0402 0x1c44  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:44:33.0432 0x1c44  iaStorV - ok
19:44:33.0502 0x1c44  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:44:33.0562 0x1c44  idsvc - ok
19:44:33.0572 0x1c44  IEEtwCollectorService - ok
19:44:34.0102 0x1c44  [ 9937600A1584FF00565D5379EB4C9EDB, CF03333E9E7BD940B27194A9CF21ED8A6A10B698B545A898291976F650FC2675 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
19:44:34.0728 0x1c44  igfx - ok
19:44:34.0858 0x1c44  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:44:34.0868 0x1c44  iirsp - ok
19:44:34.0978 0x1c44  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
19:44:35.0088 0x1c44  IKEEXT - ok
19:44:35.0309 0x1c44  [ CB7DADEF3D83FE2C12655A0BDCBA99F2, AD55A578986F008ED01635D3BB26414D71F418640099BFA92D9CABAB6A88E01D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
19:44:35.0460 0x1c44  IntcAzAudAddService - ok
19:44:35.0580 0x1c44  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
19:44:35.0620 0x1c44  IntcDAud - ok
19:44:35.0660 0x1c44  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
19:44:35.0670 0x1c44  intelide - ok
19:44:35.0740 0x1c44  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:44:35.0770 0x1c44  intelppm - ok
19:44:35.0820 0x1c44  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:44:35.0880 0x1c44  IPBusEnum - ok
19:44:35.0930 0x1c44  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:35.0970 0x1c44  IpFilterDriver - ok
19:44:36.0090 0x1c44  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:44:36.0190 0x1c44  iphlpsvc - ok
19:44:36.0220 0x1c44  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:44:36.0250 0x1c44  IPMIDRV - ok
19:44:36.0280 0x1c44  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:44:36.0350 0x1c44  IPNAT - ok
19:44:36.0450 0x1c44  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:44:36.0490 0x1c44  IRENUM - ok
19:44:36.0490 0x1c44  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:44:36.0500 0x1c44  isapnp - ok
19:44:36.0580 0x1c44  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:44:36.0600 0x1c44  iScsiPrt - ok
19:44:36.0680 0x1c44  [ 455B75C19BF3F1F2EE3AC10E1169826C, C8CE6DE48E0B4621F2851A994261FA787556A27F9868A8859E5E8A8354028257 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
19:44:36.0700 0x1c44  k57nd60a - ok
19:44:36.0800 0x1c44  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
19:44:36.0810 0x1c44  kbdclass - ok
19:44:36.0840 0x1c44  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
19:44:36.0880 0x1c44  kbdhid - ok
19:44:36.0890 0x1c44  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso          C:\Windows\system32\lsass.exe
19:44:36.0900 0x1c44  KeyIso - ok
19:44:36.0950 0x1c44  [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:44:36.0960 0x1c44  KSecDD - ok
19:44:37.0010 0x1c44  [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:44:37.0030 0x1c44  KSecPkg - ok
19:44:37.0050 0x1c44  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:44:37.0080 0x1c44  ksthunk - ok
19:44:37.0280 0x1c44  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:44:37.0330 0x1c44  KtmRm - ok
19:44:37.0420 0x1c44  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:44:37.0490 0x1c44  LanmanServer - ok
19:44:37.0560 0x1c44  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:44:37.0620 0x1c44  LanmanWorkstation - ok
19:44:37.0730 0x1c44  [ 93B73DED2BC688F140C6AE2FBAD45789, B6859BC5D309B99BCCDC3717108B714497AAE9C5B26CE5B201344A41FC4CFF9D ] Live Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe
19:44:37.0750 0x1c44  Live Updater Service - ok
19:44:37.0830 0x1c44  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:44:37.0890 0x1c44  lltdio - ok
19:44:37.0990 0x1c44  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:44:38.0080 0x1c44  lltdsvc - ok
19:44:38.0130 0x1c44  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:44:38.0180 0x1c44  lmhosts - ok
19:44:38.0280 0x1c44  [ 50C7CE53EF461870410355F1F2E7D515, D6E84C63D74E4603D37FD7CC88BF51DE23CD17DB1D1AD4ADBED62F949F3C470C ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:44:38.0300 0x1c44  LMS - ok
19:44:38.0390 0x1c44  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:44:38.0400 0x1c44  LSI_FC - ok
19:44:38.0410 0x1c44  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:44:38.0420 0x1c44  LSI_SAS - ok
19:44:38.0430 0x1c44  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:44:38.0440 0x1c44  LSI_SAS2 - ok
19:44:38.0450 0x1c44  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:44:38.0460 0x1c44  LSI_SCSI - ok
19:44:38.0570 0x1c44  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
19:44:38.0640 0x1c44  luafv - ok
19:44:38.0690 0x1c44  McAfee SiteAdvisor Service - ok
19:44:38.0730 0x1c44  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:44:38.0740 0x1c44  Mcx2Svc - ok
19:44:38.0750 0x1c44  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:44:38.0760 0x1c44  megasas - ok
19:44:38.0870 0x1c44  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:44:38.0890 0x1c44  MegaSR - ok
19:44:38.0970 0x1c44  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:44:38.0980 0x1c44  MEIx64 - ok
19:44:38.0990 0x1c44  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
19:44:39.0060 0x1c44  MMCSS - ok
19:44:39.0060 0x1c44  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
19:44:39.0140 0x1c44  Modem - ok
19:44:39.0210 0x1c44  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:44:39.0220 0x1c44  monitor - ok
19:44:39.0280 0x1c44  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:44:39.0310 0x1c44  mouclass - ok
19:44:39.0310 0x1c44  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
19:44:39.0360 0x1c44  mouhid - ok
19:44:39.0400 0x1c44  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:44:39.0420 0x1c44  mountmgr - ok
19:44:39.0520 0x1c44  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:44:39.0530 0x1c44  MozillaMaintenance - ok
19:44:39.0590 0x1c44  [ FBA4CDA6B3B00D7A116DCC2B5C7E9790, FE909159323290555971F031E7911DCCD035B873E630A230A660C13D57719206 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
19:44:39.0620 0x1c44  MpFilter - ok
19:44:39.0630 0x1c44  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:44:39.0653 0x1c44  mpio - ok
19:44:39.0722 0x1c44  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:44:39.0772 0x1c44  mpsdrv - ok
19:44:39.0822 0x1c44  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:44:39.0972 0x1c44  MpsSvc - ok
19:44:40.0012 0x1c44  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:44:40.0072 0x1c44  MRxDAV - ok
19:44:40.0102 0x1c44  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:40.0132 0x1c44  mrxsmb - ok
19:44:40.0162 0x1c44  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:40.0212 0x1c44  mrxsmb10 - ok
19:44:40.0242 0x1c44  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:40.0272 0x1c44  mrxsmb20 - ok
19:44:40.0322 0x1c44  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:44:40.0332 0x1c44  msahci - ok
19:44:40.0362 0x1c44  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:44:40.0382 0x1c44  msdsm - ok
19:44:40.0472 0x1c44  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
19:44:40.0512 0x1c44  MSDTC - ok
19:44:40.0542 0x1c44  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:44:40.0602 0x1c44  Msfs - ok
19:44:40.0622 0x1c44  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:44:40.0652 0x1c44  mshidkmdf - ok
19:44:40.0682 0x1c44  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:44:40.0692 0x1c44  msisadrv - ok
19:44:40.0822 0x1c44  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:44:40.0892 0x1c44  MSiSCSI - ok
19:44:40.0892 0x1c44  msiserver - ok
19:44:40.0972 0x1c44  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:44:41.0002 0x1c44  MSKSSRV - ok
19:44:41.0392 0x1c44  [ F46BA4E7F4A34295B20917CD77F6CEC9, 1A91AC1AC1FBFC6922D0430D752240A91C9001373B1F84F960FDE0AC062A411A ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:44:41.0402 0x1c44  MsMpSvc - ok
19:44:41.0472 0x1c44  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:41.0502 0x1c44  MSPCLOCK - ok
19:44:41.0532 0x1c44  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:44:41.0592 0x1c44  MSPQM - ok
19:44:41.0672 0x1c44  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:44:41.0692 0x1c44  MsRPC - ok
19:44:41.0722 0x1c44  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:44:41.0732 0x1c44  mssmbios - ok
19:44:41.0752 0x1c44  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:44:41.0822 0x1c44  MSTEE - ok
19:44:41.0842 0x1c44  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:44:41.0882 0x1c44  MTConfig - ok
19:44:41.0912 0x1c44  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
19:44:41.0922 0x1c44  Mup - ok
19:44:42.0062 0x1c44  [ C009123B206C56854F4E88596035231D, 670403A40B425F77C90ECB048A0C8BC11FB19E40A8CECC2C3DCF79175B745863 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
19:44:42.0072 0x1c44  mwlPSDFilter - ok
19:44:42.0102 0x1c44  [ BF3739EEB9F008B1DEBAC115089A53F8, 8546AB69087656259BBE17D6F80F4AB164B04171673CE2BF9FFD1B5C9584E9A4 ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
19:44:42.0112 0x1c44  mwlPSDNServ - ok
19:44:42.0162 0x1c44  [ 38DD143D95E7A01B86F219DDA9C28779, 5FA8C0595CCF835DBCE1CC5322E8FD4BFB6DFB6CF869BB7CB73F919445D469AA ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
19:44:42.0172 0x1c44  mwlPSDVDisk - ok
19:44:42.0352 0x1c44  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
19:44:42.0442 0x1c44  napagent - ok
19:44:42.0612 0x1c44  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:44:42.0662 0x1c44  NativeWifiP - ok
19:44:42.0832 0x1c44  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:44:42.0872 0x1c44  NDIS - ok
19:44:42.0962 0x1c44  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:44:43.0002 0x1c44  NdisCap - ok
19:44:43.0342 0x1c44  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:43.0412 0x1c44  NdisTapi - ok
19:44:44.0681 0x1c44  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:44.0739 0x1c44  Ndisuio - ok
19:44:44.0906 0x1c44  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:45.0098 0x1c44  NdisWan - ok
19:44:45.0148 0x1c44  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:44:45.0198 0x1c44  NDProxy - ok
19:44:45.0528 0x1c44  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:44:45.0638 0x1c44  NetBIOS - ok
19:44:45.0718 0x1c44  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:44:46.0028 0x1c44  NetBT - ok
19:44:46.0098 0x1c44  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon        C:\Windows\system32\lsass.exe
19:44:46.0108 0x1c44  Netlogon - ok
19:44:46.0228 0x1c44  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
19:44:46.0288 0x1c44  Netman - ok
19:44:47.0658 0x1c44  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:47.0678 0x1c44  NetMsmqActivator - ok
19:44:47.0688 0x1c44  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:47.0698 0x1c44  NetPipeActivator - ok
19:44:47.0838 0x1c44  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
19:44:49.0188 0x1c44  netprofm - ok
19:44:49.0408 0x1c44  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:49.0428 0x1c44  NetTcpActivator - ok
19:44:49.0438 0x1c44  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:44:49.0458 0x1c44  NetTcpPortSharing - ok
19:44:49.0558 0x1c44  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:44:49.0568 0x1c44  nfrd960 - ok
19:44:49.0668 0x1c44  [ E10B84385C3FEEF4BDE8E6A980535522, 56D9E47B76CDABE45E64C9E74DCBCC2F7C07A44519ED938BD730018C48445614 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:44:49.0688 0x1c44  NisDrv - ok
19:44:50.0220 0x1c44  [ 9BF50324444C46997C2492D505B47F2D, 42C74456C64F7D688E0911255746BD2A52A3590AED22B24F7E385760D720B8E9 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
19:44:50.0260 0x1c44  NisSrv - ok
19:44:50.0372 0x1c44  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:44:50.0624 0x1c44  NlaSvc - ok
19:44:51.0646 0x1c44  [ 5839A8027D6D324A7CD494051A96628C, 474F2D0BB463ABE68D7C4D2C630860AED4B722EC62C616C91EE00AA965378382 ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:44:51.0806 0x1c44  NOBU - ok
19:44:51.0906 0x1c44  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:44:51.0976 0x1c44  Npfs - ok
19:44:52.0066 0x1c44  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
19:44:52.0166 0x1c44  nsi - ok
19:44:52.0216 0x1c44  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:44:52.0256 0x1c44  nsiproxy - ok
19:44:52.0676 0x1c44  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:44:52.0756 0x1c44  Ntfs - ok
19:44:53.0036 0x1c44  [ 1873214666F6F0A883742DF91FBC48C9, DCF5382CE338D4B5B0C3A3B722A19B6C7BAB59EB7B266FEF04698B79070E2C4B ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
19:44:53.0316 0x1c44  NTI IScheduleSvc - ok
19:44:53.0356 0x1c44  [ EE3BA1024594D5D09E314F206B94069E, 34C8EC3DF1C3088D8A0442CAA4F5506665AFB2DF016709457ED2AB7DA45F53A6 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
19:44:53.0366 0x1c44  NTIDrvr - ok
19:44:53.0376 0x1c44  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
19:44:53.0436 0x1c44  Null - ok
19:44:54.0318 0x1c44  [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:44:54.0943 0x1c44  nvlddmkm - ok
19:44:55.0012 0x1c44  [ F76296368BB813E0C6996501A3271C7C, FA1C127F881C09C5066CB83A686AFD7A40D731922185EA4001A52ABA230FD812 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
19:44:55.0032 0x1c44  nvpciflt - ok
19:44:55.0122 0x1c44  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:44:55.0134 0x1c44  nvraid - ok
19:44:55.0144 0x1c44  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:44:55.0164 0x1c44  nvstor - ok
19:44:55.0366 0x1c44  [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:44:55.0432 0x1c44  nvsvc - ok
19:44:55.0688 0x1c44  [ C63E582366EAD77978BFFD959A66DBB8, BBAC11300AFED29291A08EEC8A740DA67C8C003AF89D06F9E0671CCF0E7908A0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:44:55.0766 0x1c44  nvUpdatusService - ok
19:44:55.0800 0x1c44  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:44:55.0820 0x1c44  nv_agp - ok
19:44:55.0840 0x1c44  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:44:55.0890 0x1c44  ohci1394 - ok
19:44:56.0090 0x1c44  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:44:56.0270 0x1c44  ose - ok
19:44:56.0800 0x1c44  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:44:57.0092 0x1c44  osppsvc - ok
19:44:57.0224 0x1c44  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:44:57.0304 0x1c44  p2pimsvc - ok
19:44:57.0396 0x1c44  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
19:44:57.0476 0x1c44  p2psvc - ok
19:44:57.0516 0x1c44  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
19:44:57.0556 0x1c44  Parport - ok
19:44:57.0596 0x1c44  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:44:57.0606 0x1c44  partmgr - ok
19:44:57.0706 0x1c44  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:44:57.0736 0x1c44  PcaSvc - ok
19:44:57.0776 0x1c44  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
19:44:57.0796 0x1c44  pci - ok
19:44:57.0846 0x1c44  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
19:44:57.0866 0x1c44  pciide - ok
19:44:57.0956 0x1c44  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:44:57.0976 0x1c44  pcmcia - ok
19:44:58.0026 0x1c44  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:44:58.0046 0x1c44  pcw - ok
19:44:58.0256 0x1c44  [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files (x86)\PDF Architect\HelperService.exe
19:44:58.0458 0x1c44  PDF Architect Helper Service - ok
19:44:58.0778 0x1c44  [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files (x86)\PDF Architect\ConversionService.exe
19:44:58.0918 0x1c44  PDF Architect Service - ok
19:44:59.0028 0x1c44  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:44:59.0158 0x1c44  PEAUTH - ok
19:44:59.0358 0x1c44  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:44:59.0428 0x1c44  PerfHost - ok
19:44:59.0588 0x1c44  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
19:44:59.0702 0x1c44  pla - ok
19:44:59.0814 0x1c44  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:44:59.0914 0x1c44  PlugPlay - ok
19:44:59.0984 0x1c44  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:45:00.0044 0x1c44  PNRPAutoReg - ok
19:45:00.0134 0x1c44  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:45:00.0164 0x1c44  PNRPsvc - ok
19:45:00.0256 0x1c44  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:45:00.0358 0x1c44  PolicyAgent - ok
19:45:00.0440 0x1c44  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
19:45:00.0520 0x1c44  Power - ok
19:45:00.0630 0x1c44  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:45:00.0710 0x1c44  PptpMiniport - ok
19:45:00.0740 0x1c44  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
19:45:00.0810 0x1c44  Processor - ok
19:45:00.0890 0x1c44  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:45:00.0970 0x1c44  ProfSvc - ok
19:45:01.0030 0x1c44  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:45:01.0040 0x1c44  ProtectedStorage - ok
19:45:01.0140 0x1c44  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:45:01.0210 0x1c44  Psched - ok
19:45:01.0330 0x1c44  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
19:45:01.0360 0x1c44  PSI - ok
19:45:01.0570 0x1c44  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:45:01.0680 0x1c44  ql2300 - ok
19:45:01.0690 0x1c44  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:45:01.0710 0x1c44  ql40xx - ok
19:45:01.0750 0x1c44  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
19:45:01.0790 0x1c44  QWAVE - ok
19:45:01.0820 0x1c44  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:45:01.0850 0x1c44  QWAVEdrv - ok
19:45:01.0850 0x1c44  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:45:01.0942 0x1c44  RasAcd - ok
19:45:02.0012 0x1c44  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:45:02.0082 0x1c44  RasAgileVpn - ok
19:45:02.0162 0x1c44  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
19:45:02.0212 0x1c44  RasAuto - ok
19:45:02.0262 0x1c44  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:45:02.0332 0x1c44  Rasl2tp - ok
19:45:02.0472 0x1c44  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
19:45:02.0544 0x1c44  RasMan - ok
19:45:02.0584 0x1c44  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:45:02.0624 0x1c44  RasPppoe - ok
19:45:02.0734 0x1c44  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:45:02.0814 0x1c44  RasSstp - ok
19:45:02.0864 0x1c44  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:45:02.0954 0x1c44  rdbss - ok
19:45:02.0994 0x1c44  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:45:03.0014 0x1c44  rdpbus - ok
19:45:03.0034 0x1c44  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:03.0104 0x1c44  RDPCDD - ok
19:45:03.0214 0x1c44  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:45:03.0264 0x1c44  RDPENCDD - ok
19:45:03.0304 0x1c44  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:45:03.0344 0x1c44  RDPREFMP - ok
19:45:03.0494 0x1c44  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:45:03.0554 0x1c44  RdpVideoMiniport - ok
19:45:03.0654 0x1c44  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:45:03.0714 0x1c44  RDPWD - ok
19:45:03.0784 0x1c44  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:45:03.0804 0x1c44  rdyboost - ok
19:45:03.0884 0x1c44  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:45:03.0934 0x1c44  RemoteAccess - ok
19:45:04.0034 0x1c44  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:45:04.0134 0x1c44  RemoteRegistry - ok
19:45:04.0194 0x1c44  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:45:04.0274 0x1c44  RpcEptMapper - ok
19:45:04.0344 0x1c44  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
19:45:04.0364 0x1c44  RpcLocator - ok
19:45:04.0524 0x1c44  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
19:45:04.0597 0x1c44  RpcSs - ok
19:45:04.0656 0x1c44  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:45:04.0710 0x1c44  rspndr - ok
19:45:04.0728 0x1c44  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs           C:\Windows\system32\lsass.exe
19:45:04.0748 0x1c44  SamSs - ok
19:45:04.0789 0x1c44  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:45:04.0800 0x1c44  sbp2port - ok
19:45:04.0930 0x1c44  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:45:04.0999 0x1c44  SCardSvr - ok
19:45:05.0019 0x1c44  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:45:05.0062 0x1c44  scfilter - ok
19:45:05.0494 0x1c44  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
19:45:05.0626 0x1c44  Schedule - ok
19:45:05.0676 0x1c44  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:45:05.0726 0x1c44  SCPolicySvc - ok
19:45:05.0766 0x1c44  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
19:45:05.0806 0x1c44  sdbus - ok
19:45:05.0856 0x1c44  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:45:05.0926 0x1c44  SDRSVC - ok
19:45:06.0036 0x1c44  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:45:06.0116 0x1c44  secdrv - ok
19:45:06.0176 0x1c44  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
19:45:06.0236 0x1c44  seclogon - ok
19:45:06.0686 0x1c44  [ DA6C0E0B15CD0B135FD385AEABAE3A4C, 1DBED093D4BD1E800828D8E0EB19EDA7FD1E963AABD4F71D61F1AD04F669290F ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
19:45:06.0816 0x1c44  Secunia PSI Agent - ok
19:45:06.0976 0x1c44  [ 71761EDC432A0E39CF621105884E738E, 935133326B794F6DEAA97B9B6B6295AC6A884C3B73ABCD5662A79CEAD8EEA5EE ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
19:45:07.0140 0x1c44  Secunia Update Agent - ok
19:45:07.0200 0x1c44  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
19:45:07.0260 0x1c44  SENS - ok
19:45:07.0280 0x1c44  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:45:07.0362 0x1c44  SensrSvc - ok
19:45:07.0432 0x1c44  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
19:45:07.0462 0x1c44  Serenum - ok
19:45:07.0562 0x1c44  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
19:45:07.0602 0x1c44  Serial - ok
19:45:07.0612 0x1c44  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:45:07.0632 0x1c44  sermouse - ok
19:45:07.0682 0x1c44  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
19:45:07.0742 0x1c44  SessionEnv - ok
19:45:07.0742 0x1c44  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:45:07.0762 0x1c44  sffdisk - ok
19:45:07.0772 0x1c44  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:45:07.0792 0x1c44  sffp_mmc - ok
19:45:07.0844 0x1c44  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:45:07.0924 0x1c44  sffp_sd - ok
19:45:07.0964 0x1c44  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:45:08.0204 0x1c44  sfloppy - ok
19:45:10.0748 0x1c44  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
19:45:10.0898 0x1c44  Sftfs - ok
19:45:11.0198 0x1c44  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:45:11.0248 0x1c44  sftlist - ok
19:45:11.0448 0x1c44  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:45:11.0468 0x1c44  Sftplay - ok
19:45:11.0548 0x1c44  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:45:11.0558 0x1c44  Sftredir - ok
19:45:11.0588 0x1c44  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
19:45:11.0598 0x1c44  Sftvol - ok
19:45:11.0718 0x1c44  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:45:11.0738 0x1c44  sftvsa - ok
19:45:11.0848 0x1c44  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:45:11.0888 0x1c44  SharedAccess - ok
19:45:11.0998 0x1c44  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:45:12.0078 0x1c44  ShellHWDetection - ok
19:45:12.0168 0x1c44  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:45:12.0188 0x1c44  SiSRaid2 - ok
19:45:12.0208 0x1c44  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:45:12.0218 0x1c44  SiSRaid4 - ok
19:45:12.0288 0x1c44  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:45:12.0328 0x1c44  Smb - ok
19:45:12.0498 0x1c44  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:45:12.0548 0x1c44  SNMPTRAP - ok
19:45:12.0578 0x1c44  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:45:12.0588 0x1c44  spldr - ok
19:45:12.0698 0x1c44  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
19:45:12.0788 0x1c44  Spooler - ok
19:45:13.0068 0x1c44  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
19:45:13.0238 0x1c44  sppsvc - ok
19:45:13.0298 0x1c44  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:45:13.0388 0x1c44  sppuinotify - ok
19:45:13.0428 0x1c44  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:45:13.0538 0x1c44  srv - ok
19:45:13.0568 0x1c44  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:45:13.0618 0x1c44  srv2 - ok
19:45:13.0648 0x1c44  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:45:13.0698 0x1c44  srvnet - ok
19:45:13.0758 0x1c44  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:45:13.0798 0x1c44  SSDPSRV - ok
19:45:13.0848 0x1c44  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:45:13.0888 0x1c44  SstpSvc - ok
19:45:13.0908 0x1c44  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:45:13.0918 0x1c44  stexstor - ok
19:45:14.0038 0x1c44  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
19:45:14.0098 0x1c44  StillCam - ok
19:45:14.0358 0x1c44  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
19:45:14.0398 0x1c44  stisvc - ok
19:45:14.0468 0x1c44  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:45:14.0478 0x1c44  swenum - ok
19:45:14.0558 0x1c44  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
19:45:14.0618 0x1c44  swprv - ok
19:45:15.0088 0x1c44  [ EF51B22706DB03F0857FADE127C804EC, F3A97B8D94E96ACF93448CDF33DED97B076C3D8FFE42E9EAD088EE662306277B ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
19:45:15.0138 0x1c44  SynTP - ok
19:45:15.0708 0x1c44  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
19:45:15.0828 0x1c44  SysMain - ok
19:45:15.0888 0x1c44  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:45:15.0908 0x1c44  TabletInputService - ok
19:45:16.0058 0x1c44  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:45:16.0128 0x1c44  TapiSrv - ok
19:45:16.0218 0x1c44  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
19:45:16.0278 0x1c44  TBS - ok
19:45:16.0478 0x1c44  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:45:16.0598 0x1c44  Tcpip - ok
19:45:16.0728 0x1c44  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:45:16.0808 0x1c44  TCPIP6 - ok
19:45:16.0908 0x1c44  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:45:16.0948 0x1c44  tcpipreg - ok
19:45:17.0028 0x1c44  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:45:17.0098 0x1c44  TDPIPE - ok
19:45:17.0128 0x1c44  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:45:17.0138 0x1c44  TDTCP - ok
19:45:17.0178 0x1c44  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:45:17.0238 0x1c44  tdx - ok
19:45:17.0258 0x1c44  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:45:17.0278 0x1c44  TermDD - ok
19:45:17.0608 0x1c44  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
19:45:17.0678 0x1c44  TermService - ok
19:45:17.0708 0x1c44  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
19:45:17.0778 0x1c44  Themes - ok
19:45:17.0838 0x1c44  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
19:45:17.0878 0x1c44  THREADORDER - ok
19:45:17.0908 0x1c44  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
19:45:17.0988 0x1c44  TrkWks - ok
19:45:18.0148 0x1c44  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:45:18.0198 0x1c44  TrustedInstaller - ok
19:45:18.0308 0x1c44  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:18.0318 0x1c44  tssecsrv - ok
19:45:18.0378 0x1c44  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:45:18.0428 0x1c44  TsUsbFlt - ok
19:45:18.0478 0x1c44  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:45:18.0538 0x1c44  TsUsbGD - ok
19:45:18.0638 0x1c44  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:45:18.0718 0x1c44  tunnel - ok
19:45:18.0748 0x1c44  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:45:18.0758 0x1c44  uagp35 - ok
19:45:18.0788 0x1c44  [ A17D5E1A6DF4EAB0A480F2C490DE4C9D, 1EA835F172B6BF3D7F496E079DF1CDF00122B2110C08D61427582BC9405D2B7B ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
19:45:18.0798 0x1c44  UBHelper - ok
19:45:18.0858 0x1c44  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:45:18.0898 0x1c44  udfs - ok
19:45:18.0948 0x1c44  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:45:18.0968 0x1c44  UI0Detect - ok
19:45:18.0988 0x1c44  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:45:19.0008 0x1c44  uliagpkx - ok
19:45:19.0118 0x1c44  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:45:19.0158 0x1c44  umbus - ok
19:45:19.0188 0x1c44  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:45:19.0208 0x1c44  UmPass - ok
19:45:19.0548 0x1c44  [ 374EBDA379A8F38E0CFC2211611E7167, 0D6C3002B28E27C052227488CEE69FA99399421FF777EB48031E6080A759F532 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:45:19.0714 0x1c44  UNS - ok
19:45:19.0870 0x1c44  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
19:45:19.0972 0x1c44  upnphost - ok
19:45:20.0032 0x1c44  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:20.0102 0x1c44  usbccgp - ok
19:45:20.0152 0x1c44  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:45:20.0202 0x1c44  usbcir - ok
19:45:20.0242 0x1c44  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:45:20.0282 0x1c44  usbehci - ok
19:45:20.0402 0x1c44  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:45:20.0422 0x1c44  usbhub - ok
19:45:20.0462 0x1c44  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:45:20.0512 0x1c44  usbohci - ok
19:45:20.0622 0x1c44  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:45:20.0642 0x1c44  usbprint - ok
19:45:20.0672 0x1c44  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:20.0722 0x1c44  USBSTOR - ok
19:45:20.0772 0x1c44  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:45:20.0782 0x1c44  usbuhci - ok
19:45:20.0852 0x1c44  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:45:20.0872 0x1c44  usbvideo - ok
19:45:20.0922 0x1c44  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
19:45:20.0992 0x1c44  UxSms - ok
19:45:21.0012 0x1c44  [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc        C:\Windows\system32\lsass.exe
19:45:21.0032 0x1c44  VaultSvc - ok
19:45:21.0102 0x1c44  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:45:21.0112 0x1c44  vdrvroot - ok
19:45:21.0362 0x1c44  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
19:45:21.0442 0x1c44  vds - ok
19:45:21.0552 0x1c44  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:21.0562 0x1c44  vga - ok
19:45:21.0592 0x1c44  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:45:21.0652 0x1c44  VgaSave - ok
19:45:21.0772 0x1c44  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:45:21.0782 0x1c44  vhdmp - ok
19:45:21.0812 0x1c44  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:45:21.0822 0x1c44  viaide - ok
19:45:21.0852 0x1c44  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:45:21.0872 0x1c44  volmgr - ok
19:45:21.0992 0x1c44  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:45:22.0012 0x1c44  volmgrx - ok
19:45:22.0152 0x1c44  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:45:22.0172 0x1c44  volsnap - ok
19:45:22.0322 0x1c44  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:45:22.0332 0x1c44  vsmraid - ok
19:45:22.0912 0x1c44  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
19:45:22.0992 0x1c44  VSS - ok
19:45:23.0022 0x1c44  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:45:23.0042 0x1c44  vwifibus - ok
19:45:23.0142 0x1c44  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:45:23.0192 0x1c44  vwififlt - ok
19:45:23.0302 0x1c44  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
19:45:23.0362 0x1c44  W32Time - ok
19:45:23.0472 0x1c44  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:45:23.0542 0x1c44  WacomPen - ok
19:45:23.0712 0x1c44  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:45:23.0752 0x1c44  WANARP - ok
19:45:23.0802 0x1c44  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:45:23.0842 0x1c44  Wanarpv6 - ok
19:45:24.0102 0x1c44  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
19:45:24.0192 0x1c44  wbengine - ok
19:45:24.0272 0x1c44  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:45:24.0292 0x1c44  WbioSrvc - ok
19:45:24.0422 0x1c44  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:45:24.0452 0x1c44  wcncsvc - ok
19:45:24.0492 0x1c44  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:45:24.0532 0x1c44  WcsPlugInService - ok
19:45:24.0602 0x1c44  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
19:45:24.0622 0x1c44  Wd - ok
19:45:24.0942 0x1c44  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:45:24.0994 0x1c44  Wdf01000 - ok
19:45:25.0064 0x1c44  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:45:25.0114 0x1c44  WdiServiceHost - ok
19:45:25.0124 0x1c44  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:45:25.0144 0x1c44  WdiSystemHost - ok
19:45:25.0254 0x1c44  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
19:45:25.0304 0x1c44  WebClient - ok
19:45:25.0374 0x1c44  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:45:25.0454 0x1c44  Wecsvc - ok
19:45:25.0484 0x1c44  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:45:25.0554 0x1c44  wercplsupport - ok
19:45:25.0654 0x1c44  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:45:25.0734 0x1c44  WerSvc - ok
19:45:25.0824 0x1c44  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:25.0854 0x1c44  WfpLwf - ok
19:45:25.0894 0x1c44  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:45:25.0914 0x1c44  WIMMount - ok
19:45:25.0984 0x1c44  WinDefend - ok
19:45:26.0034 0x1c44  WinHttpAutoProxySvc - ok
19:45:26.0284 0x1c44  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:45:26.0324 0x1c44  Winmgmt - ok
19:45:26.0514 0x1c44  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
19:45:26.0674 0x1c44  WinRM - ok
19:45:26.0964 0x1c44  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:45:27.0024 0x1c44  Wlansvc - ok
19:45:27.0184 0x1c44  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:45:27.0194 0x1c44  wlcrasvc - ok
19:45:27.0514 0x1c44  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:45:27.0664 0x1c44  wlidsvc - ok
19:45:27.0814 0x1c44  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:45:27.0824 0x1c44  WmiAcpi - ok
19:45:27.0914 0x1c44  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:45:27.0974 0x1c44  wmiApSrv - ok
19:45:28.0074 0x1c44  WMPNetworkSvc - ok
19:45:28.0154 0x1c44  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:45:28.0214 0x1c44  WPCSvc - ok
19:45:28.0224 0x1c44  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:45:28.0264 0x1c44  WPDBusEnum - ok
19:45:28.0304 0x1c44  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:45:28.0364 0x1c44  ws2ifsl - ok
19:45:28.0404 0x1c44  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
19:45:28.0454 0x1c44  wscsvc - ok
19:45:28.0454 0x1c44  WSearch - ok
19:45:28.0804 0x1c44  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:45:28.0934 0x1c44  wuauserv - ok
19:45:29.0054 0x1c44  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:45:29.0104 0x1c44  WudfPf - ok
19:45:29.0194 0x1c44  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:29.0224 0x1c44  WUDFRd - ok
19:45:29.0284 0x1c44  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:45:29.0314 0x1c44  wudfsvc - ok
19:45:29.0394 0x1c44  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:45:29.0434 0x1c44  WwanSvc - ok
19:45:29.0464 0x1c44  ================ Scan global ===============================
19:45:29.0534 0x1c44  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
19:45:29.0664 0x1c44  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:45:29.0694 0x1c44  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
19:45:29.0794 0x1c44  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
19:45:29.0954 0x1c44  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
19:45:29.0964 0x1c44  [ Global ] - ok
19:45:29.0964 0x1c44  ================ Scan MBR ==================================
19:45:29.0994 0x1c44  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:45:31.0622 0x1c44  \Device\Harddisk0\DR0 - ok
19:45:31.0622 0x1c44  ================ Scan VBR ==================================
19:45:31.0632 0x1c44  [ EF40068D07DC651A18753107D0A43527 ] \Device\Harddisk0\DR0\Partition1
19:45:31.0732 0x1c44  \Device\Harddisk0\DR0\Partition1 - ok
19:45:31.0752 0x1c44  [ 3D85220D32F89770771D54322D4730C6 ] \Device\Harddisk0\DR0\Partition2
19:45:31.0862 0x1c44  \Device\Harddisk0\DR0\Partition2 - ok
19:45:31.0862 0x1c44  ================ Scan generic autorun ======================
19:45:31.0972 0x1c44  [ BA9E8BF3E91C14DE99FDB1FA946D07AF, 9C3F5F52EE5B8D02B15EE18AA492FB110547A8DCDA3F8284A614F4E1A30F9BB1 ] C:\Windows\system32\igfxtray.exe
19:45:31.0982 0x1c44  IgfxTray - ok
19:45:32.0002 0x1c44  [ B20857C91A3E992A5AC93D8625C53CAE, ECB89856B267E2F4930CB7B404B51425C6375A47F864577C1A7B8B255278EC12 ] C:\Windows\system32\hkcmd.exe
19:45:32.0022 0x1c44  HotKeysCmds - ok
19:45:32.0042 0x1c44  [ 29E120E36791B2E620CC398847C28E12, 7C2904FEDD50F49447FD091D33BB3BFA5A2A684101ADB123BC2C08699320B912 ] C:\Windows\system32\igfxpers.exe
19:45:32.0062 0x1c44  Persistence - ok
19:45:32.0062 0x1c44  SynTPEnh - ok
19:45:33.0472 0x1c44  [ 5DADA908E14051D65DB1991CB0B1F58D, DC02EDA032CEC2241F302995BF010B0376D5421A3E97583CB8A13A80993290B4 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
19:45:34.0042 0x1c44  RtHDVCpl - ok
19:45:34.0372 0x1c44  [ E897F9B62E611D59FDFAB82FC829B93A, E11E1A488D461105104E7FFD9F8219BDD231807FE33600233BEF11A432E138FD ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
19:45:34.0542 0x1c44  RtHDVBg_Dolby - ok
19:45:35.0062 0x1c44  [ F0474296AC4E0E6BDE733C1B8513E41A, 2E54894FC1B422F0C520D11166204926D3994A3440037D655C73D66D7118859C ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
19:45:35.0163 0x1c44  Power Management - ok
19:45:35.0484 0x1c44  [ 87A4BA086E5B5DF0F36E3F6D7234D701, EE26338497E016A95CB5970777B7B7AC8FAEF4E491713D729EDEFBCDC9FBF4A4 ] c:\Program Files\Microsoft Security Client\msseces.exe
19:45:35.0534 0x1c44  MSC - ok
19:45:35.0734 0x1c44  [ D3E69D500466C17498AAF7F83D12FFF0, F5723FC28396489EADDDCAD67A0E46B56D859590823E3CFA7254BA6709DC5AE6 ] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
19:45:35.0814 0x1c44  Norton Online Backup - ok
19:45:36.0194 0x1c44  [ 0D360F06B168A6F37ACA9D9F958245DA, 0F37D510AE0A31503A359F65D5C04CD798B178A3A3E2601DFBAB6534B3C7C23C ] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
19:45:36.0254 0x1c44  BackupManagerTray - ok
19:45:36.0564 0x1c44  [ 9ABC4E3B00CFA3A47D5569F5B49FE42F, 5D33CCE770BC9BC3AFA544A21F100A7F1E5A36577FDB30884160AC4BFE6A1838 ] C:\Program Files (x86)\Launch Manager\LManager.exe
19:45:36.0654 0x1c44  LManager - ok
19:45:36.0754 0x1c44  [ E6CC0FA3C1040C791EB3F4BA6C789411, 095D5965FEE00ACB6D8713B2E2772A409A84F42D85383AEAF5FC3E2E393DC07D ] C:\Dolby PCEE4\pcee4.exe
19:45:36.0804 0x1c44  Dolby Advanced Audio v2 - ok
19:45:36.0974 0x1c44  [ D35187E38B0BD6E116C2CE582CAC4273, B3C652E0875D4354ACE6F475BC84B4BCA41A1AD8AF5FBE9DE9A9B66B7FCC2756 ] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
19:45:36.0994 0x1c44  SuiteTray - ok
19:45:36.0994 0x1c44  ZoneAlarm Installer - ok
19:45:37.0024 0x1c44  Download Protect - ok
19:45:37.0204 0x1c44  [ 39D5333A11EC3CB56F80D42312F2EE7C, B6CBF4BCCE9A506E1F669312DC3A92498B919E755B11783C434D72B8A886252F ] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
19:45:37.0377 0x1c44  DivXMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
19:45:39.0948 0x1c44  Detect skipped due to KSN trusted
19:45:39.0948 0x1c44  DivXMediaServer - ok
19:45:40.0378 0x1c44  [ 16AFB34618E1286FF856DC600AC49C79, 431EC110507685A0F4472EAE35383B4C1E3DC0B56E01CDECFB18F753181DC995 ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
19:45:40.0448 0x1c44  DivXUpdate - ok
19:45:40.0648 0x1c44  [ 34D296AFC913E302953C70463EF09A48, BC413307CBC56C039EE8A05B51A56E14EF59678FBB33815AEB320078056C8CE7 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
19:45:40.0658 0x1c44  HP Software Update - ok
19:45:41.0018 0x1c44  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:41.0188 0x1c44  Sidebar - ok
19:45:41.0228 0x1c44  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:41.0248 0x1c44  mctadmin - ok
19:45:41.0248 0x1c44  IsMyWinLockerReboot - ok
19:45:41.0288 0x1c44  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:41.0338 0x1c44  Sidebar - ok
19:45:41.0348 0x1c44  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:41.0368 0x1c44  mctadmin - ok
19:45:41.0368 0x1c44  IsMyWinLockerReboot - ok
19:45:41.0418 0x1c44  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:41.0468 0x1c44  Sidebar - ok
19:45:41.0478 0x1c44  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:41.0508 0x1c44  mctadmin - ok
19:45:41.0718 0x1c44  [ 8E27F731A1BDED1B13DEBA9E54FE0B20, 326F0CFC75AD7E552DA5DD64964C06AC0AD6E71BF0D5F568C2AEE9206C2FD0BE ] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe
19:45:41.0728 0x1c44  ScrSav - ok
19:45:41.0758 0x1c44  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
19:45:41.0798 0x1c44  Sidebar - ok
19:45:41.0808 0x1c44  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
19:45:41.0828 0x1c44  mctadmin - ok
19:45:41.0828 0x1c44  IsMyWinLockerReboot - ok
19:45:42.0008 0x1c44  [ F911551E5B9B5029CF56A57E42A7AC90, 53F4C53C9B67505519215B6EA1F52DF47382A7196E662D470521B3706C7E1437 ] C:\Program Files (x86)\Lidl_Fotos\dd.exe
19:45:42.0278 0x1c44  Device Detection - ok
19:45:42.0728 0x1c44  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
19:45:42.0908 0x1c44  HP Photosmart 5520 series (NET) - ok
19:45:42.0938 0x1c44  GoogleDriveSync - ok
19:45:46.0358 0x1c44  [ BC59AE9A62B28A31487BFD32373BCD5D, A57C1887558B0E652F69B60658E4A3F805E11FCC077DBE925985F3789D57A100 ] C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
19:45:47.0558 0x1c44  Amazon Music - ok
19:45:47.0568 0x1c44  Waiting for KSN requests completion. In queue: 14
19:45:48.0568 0x1c44  Waiting for KSN requests completion. In queue: 14
19:45:49.0568 0x1c44  Waiting for KSN requests completion. In queue: 1
19:45:50.0568 0x1c44  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.7.205.0 ), 0x61000 ( enabled : updated )
19:45:50.0938 0x1c44  Win FW state via NFP2: enabled
19:45:53.0358 0x1c44  ============================================================
19:45:53.0358 0x1c44  Scan finished
19:45:53.0358 0x1c44  ============================================================
19:45:53.0358 0x1d90  Detected object count: 0
19:45:53.0368 0x1d90  Actual detected object count: 0
         

Alt 05.03.2015, 07:16   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 05.03.2015, 14:40   #11
Fanou
 
Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Hallo schrauber, hier das Combofix-Log, ist ganz glatt durchgelaufen:

Code:
ATTFilter
ComboFix 15-03-01.01 - Sonja 05.03.2015  14:18:08.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3948.2038 [GMT 1:00]
ausgeführt von:: c:\users\Sonja\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\Install.exe
c:\program files (x86)\CouPExtenssiion
c:\program files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.dat
c:\program files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.tlb
c:\program files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.x64.dll
c:\program files (x86)\DealuExpress
c:\program files (x86)\DealuExpress\lKKpUnz2d5pRII.dat
c:\program files (x86)\DealuExpress\lKKpUnz2d5pRII.tlb
c:\program files (x86)\DealuExpress\lKKpUnz2d5pRII.x64.dll
c:\program files (x86)\UNiDeals i
c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.dat
c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.exe
c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.tlb
c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.x64.dll
c:\programdata\14550590384833052901
c:\programdata\14550590384833052901\14e3ff1a5b63b70f8989e97ff6c777ce.ini
c:\programdata\14550590384833052901\33c7d529881794748989e97ff6c777ce.ini
c:\programdata\14550590384833052901\48b3953b525f68d78989e97ff6c777ce.ini
c:\programdata\14550590384833052901\cd5b15e575e1c3d08989e97ff6c777ce.ini
c:\programdata\14550590384833052901\e62923f612d821d18989e97ff6c777ce.ini
c:\programdata\14550590384833052901\f58fc3a7beebbd868989e97ff6c777ce.ini
c:\programdata\14550590384833052901\f70fcb9ed91b0ab18989e97ff6c777ce.ini
c:\users\Sonja\AppData\Local\nsk1212.tmp
c:\users\Sonja\AppData\Roaming\AnyProtectEx
c:\users\Sonja\AppData\Roaming\AnyProtectEx\installer\ab.test.json
c:\users\Sonja\AppData\Roaming\AnyProtectEx\installer\tempfile.t
c:\users\Sonja\AppData\Roaming\AnyProtectEx\swf\mov01.swf
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org\bootstrap.js
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org\chrome.manifest
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org\content\bg.js
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\jA8B8ktNN@lj.org\install.rdf
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net\bootstrap.js
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net\chrome.manifest
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net\content\bg.js
c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\extensions\v@Nk.net\install.rdf
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-05 bis 2015-03-05  ))))))))))))))))))))))))))))))
.
.
2015-03-04 18:43 . 2015-01-29 09:07	11910896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C34749D-79EB-4213-B6C4-D45938FEF126}\mpengine.dll
2015-03-04 11:09 . 2015-03-04 11:10	--------	d-----w-	c:\users\TEMP
2015-03-04 11:03 . 2015-03-04 11:03	--------	d-----w-	C:\TDSSKiller_Quarantine
2015-03-03 21:15 . 2015-01-29 09:07	11910896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-03-02 19:00 . 2015-03-02 19:00	--------	d-----w-	c:\program files (x86)\7-Zip
2015-03-02 18:07 . 2015-03-03 22:07	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-03-02 07:50 . 2015-03-02 07:50	--------	d-----w-	c:\users\Sonja\AppData\Local\ElevatedDiagnostics
2015-03-02 06:58 . 2015-03-02 07:05	--------	d-----w-	C:\FRST
2015-02-22 07:22 . 2014-09-16 17:36	1188440	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E745D6A7-FB19-43D5-B7EE-CDA81C241544}\gapaengine.dll
2015-02-18 21:13 . 2015-02-06 01:05	318608	----a-w-	c:\windows\SysWow64\abengine.dll
2015-02-18 21:12 . 2015-02-06 01:05	363992	----a-w-	c:\windows\system32\abengine64.dll
2015-02-18 19:37 . 2015-02-27 08:22	--------	d-----w-	c:\programdata\e49f0d02000023f9
2015-02-18 19:23 . 2015-02-18 19:23	--------	d-----w-	c:\program files (x86)\DiGiSSaverr
2015-02-18 19:23 . 2015-02-18 19:23	--------	d-----w-	c:\program files (x86)\SavveNewaAppz
2015-02-18 19:23 . 2015-02-18 19:23	--------	d-----w-	c:\program files (x86)\Secure Downloader
2015-02-18 19:23 . 2015-02-18 19:23	--------	d-----w-	c:\program files (x86)\FinduBesutDeaal
2015-02-18 19:23 . 2015-02-18 19:23	--------	d-----w-	c:\programdata\kfdklpogcdiepbhfmgklkebjdcnhoojl
2015-02-18 18:41 . 2015-02-18 18:41	--------	d-----w-	c:\windows\SysWow64\Flash
2015-02-18 18:41 . 2015-02-18 18:41	--------	d-----w-	c:\program files (x86)\AnyProtectEx
2015-02-18 18:41 . 2015-02-18 18:41	--------	d-sh--w-	c:\users\Sonja\AppData\Local\EmieUserList
2015-02-18 18:41 . 2015-02-18 18:41	--------	d-sh--w-	c:\users\Sonja\AppData\Local\EmieSiteList
2015-02-18 18:41 . 2015-02-18 18:41	--------	d-sh--w-	c:\users\Sonja\AppData\Local\EmieBrowserModeList
2015-02-18 18:38 . 2015-02-18 20:32	--------	d-----w-	c:\users\Sonja\AppData\Local\SmartWeb
2015-02-18 18:33 . 2015-02-18 18:49	--------	d-----w-	c:\programdata\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}
2015-02-18 18:31 . 2015-02-18 18:31	--------	d-----w-	C:\shoplog
2015-02-18 18:25 . 2015-03-04 11:03	--------	d-----w-	c:\users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4
2015-02-18 18:24 . 2015-02-18 18:24	--------	d-----w-	c:\program files (x86)\predm
2015-02-18 18:10 . 2015-02-18 18:29	--------	d-----w-	c:\programdata\{d075ee4c-e609-54bb-d075-5ee4ce60b933}
2015-02-18 18:01 . 2015-02-18 18:01	--------	d-----w-	c:\program files (x86)\clean2PC
2015-02-18 18:01 . 2015-02-18 18:01	--------	d-----w-	c:\program files (x86)\download Manager
2015-02-18 17:59 . 2015-02-18 20:32	--------	d-----w-	c:\program files (x86)\globalUpdate
2015-02-18 17:59 . 2015-02-18 17:59	--------	d-----w-	c:\users\Sonja\AppData\Local\globalUpdate
2015-02-18 17:56 . 2015-02-18 17:56	--------	d-----w-	c:\program files (x86)\Chrome Notepad
2015-02-18 17:55 . 2015-02-18 18:29	--------	d-----w-	c:\programdata\{b11f671d-3060-98e6-b11f-f671d3069c74}
2015-02-18 17:55 . 2015-02-18 17:55	--------	d-----w-	c:\program files (x86)\UniDeealusi
2015-02-18 17:54 . 2015-02-18 17:54	--------	d-----w-	c:\programdata\{2048d42c-81cc-fdba-2048-8d42c81c50b2}
2015-02-18 17:22 . 2015-01-09 03:14	91136	----a-w-	c:\windows\system32\wdi.dll
2015-02-18 17:22 . 2015-01-09 03:14	950272	----a-w-	c:\windows\system32\perftrack.dll
2015-02-18 17:22 . 2015-01-09 03:14	29696	----a-w-	c:\windows\system32\powertracker.dll
2015-02-18 17:22 . 2015-01-09 02:48	76800	----a-w-	c:\windows\SysWow64\wdi.dll
2015-02-12 18:32 . 2015-01-23 03:43	620032	----a-w-	c:\windows\SysWow64\jscript9diag.dll
2015-02-12 18:32 . 2015-01-23 03:17	4300800	----a-w-	c:\windows\SysWow64\jscript9.dll
2015-02-12 18:32 . 2015-01-23 04:42	814080	----a-w-	c:\windows\system32\jscript9diag.dll
2015-02-12 18:32 . 2015-01-23 04:41	6041600	----a-w-	c:\windows\system32\jscript9.dll
2015-02-11 18:42 . 2015-01-12 02:56	49664	----a-w-	c:\program files\Internet Explorer\DiagnosticsHub_is.dll
2015-02-11 18:41 . 2015-01-13 03:10	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-02-11 18:40 . 2014-12-12 05:31	1480192	----a-w-	c:\windows\system32\crypt32.dll
2015-02-11 18:40 . 2014-12-12 05:07	1174528	----a-w-	c:\windows\SysWow64\crypt32.dll
2015-02-11 18:40 . 2014-11-26 03:53	861696	----a-w-	c:\windows\system32\oleaut32.dll
2015-02-11 18:40 . 2014-11-26 03:32	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2015-02-11 18:40 . 2014-12-08 03:09	406528	----a-w-	c:\windows\system32\scesrv.dll
2015-02-11 18:40 . 2014-12-08 02:46	308224	----a-w-	c:\windows\SysWow64\scesrv.dll
2015-02-11 18:40 . 2015-01-14 06:09	5554112	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-02-11 18:40 . 2015-01-14 05:44	3972544	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 18:40 . 2015-01-14 06:05	503808	----a-w-	c:\windows\system32\srcore.dll
2015-02-11 18:40 . 2015-01-14 06:04	296960	----a-w-	c:\windows\system32\rstrui.exe
2015-02-11 18:40 . 2015-01-14 05:44	3917760	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 18:40 . 2015-01-14 06:05	50176	----a-w-	c:\windows\system32\srclient.dll
2015-02-11 18:40 . 2015-01-14 05:41	43008	----a-w-	c:\windows\SysWow64\srclient.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-03 21:17 . 2014-09-03 21:17	136408	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-03 21:17 . 2014-09-03 21:16	107736	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-03 13:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-11 19:12 . 2012-07-03 17:37	116773704	----a-w-	c:\windows\system32\MRT.exe
2015-02-05 17:35 . 2014-11-27 17:45	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 17:35 . 2014-11-27 17:45	701616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-12-19 03:06 . 2015-01-14 19:37	210432	----a-w-	c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 19:37	141312	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 19:37	87040	----a-w-	c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 19:37	303616	----a-w-	c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 19:37	52224	----a-w-	c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 19:37	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Device Detection"="c:\program files (x86)\Lidl_Fotos\dd.exe" [2014-11-26 860528]
"HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Amazon Music"="c:\users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-02-14 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Die Prinzen   Millionar.mp3.lnk - c:\programdata\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen   Millionar.mp3.exe --startup=1 [2015-2-18 1057280]
die prinzen kssen verboten.lnk - c:\programdata\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe --startup=1 [2015-2-18 1050624]
Dropbox.lnk - c:\users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
OptimizerProInstaller.lnk - c:\programdata\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe /startup [2014-2-18 6351352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-11-4 565464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 acedrv06;acedrv06;c:\windows\system32\drivers\acedrv06.sys;c:\windows\SYSNATIVE\drivers\acedrv06.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 e47f97f2;SystemPower;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27 17:35]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 19:43]
.
2015-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-10 19:43]
.
2015-03-05 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2014-12-05 14:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-16 2277480]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.look-for-it.info/?pid=21773&r=2015/02/18&hid=9910709190815872974&lg=EN&cc=DE&unqvl=82&l=1&q=
FF - prefs.js: browser.search.selectedEngine - mystartsearch
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
Wow6432Node-HKLM-Run-Download Protect - c:\programdata\dlprotect.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-09611313.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Amazon MP3-Downloader - c:\program files (x86)\Amazon\MP3 Downloader\Uninstall.exe
AddRemove-Trusted Software Assistant_is1 - c:\program files (x86)\File Type Assistant\unins000.exe
AddRemove-{11F6D5AB-263F-388E-74DE-E3DECD390E3F} - c:\program files (x86)\UNiDeals i\ywtoaxppRj1uoW.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
c:\programdata\NVIDIA\Updatus\Packages\000015f0\updatus.17446539_RUNASUSER.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-05  14:36:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-03-05 13:36
.
Vor Suchlauf: 14 Verzeichnis(se), 49.681.018.880 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 49.900.720.128 Bytes frei
.
- - End Of File - - 5F6E1BC728554B8D1B7B89CB5C6A8544
         
Vielen Dank und viele Grüße

Alt 05.03.2015, 21:09   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 06.03.2015, 22:19   #13
Fanou
 
Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Guten Abend schrauber,

hier schon einmal das mbam-log, hat eine Weile gedauert...
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 06.03.2015
Suchlauf-Zeit: 21:23:35
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.06.06
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sonja

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 420061
Verstrichene Zeit: 44 Min, 4 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.MultiPlug, C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen   Millionar.mp3.exe, 2880, Löschen bei Neustart, [654472b098f2d561d4b6aa7ecb37d42c]
PUP.Optional.MultiPlug, C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe, 2952, Löschen bei Neustart, [4f5aa1816c1e1224563488a0a85acb35]

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 5
PUP.Optional.UninstallBHO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}, In Quarantäne, [baef35ed612977bf29a0ec3f3cc6d030], 
PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [e2c754ce98f2a78ff75eeeb41ce70bf5], 
PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [4a5fcd55206aa39367ee5f4342c16c94], 
PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [4663f42e9bef77bfa5b0fca644bf51af], 
PUP.Optional.Shopperz.A, HKU\S-1-5-21-608024502-4260226369-3383888787-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [614864becdbd1f17d184edb518ebf30d], 

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 5
PUP.Optional.MultiPlug, C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen   Millionar.mp3.exe, Löschen bei Neustart, [654472b098f2d561d4b6aa7ecb37d42c], 
PUP.Optional.MultiPlug, C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe, Löschen bei Neustart, [4f5aa1816c1e1224563488a0a85acb35], 
PUP.Optional.MultiPlug, C:\ProgramData\{2048d42c-81cc-fdba-2048-8d42c81c50b2}\Die Prinzen   Millionar.mp3.exe, In Quarantäne, [8425c65c305ac0766d1d63c542c003fd], 
PUP.Optional.UninstallBHO, C:\Program Files (x86)\Chrome Notepad\Chrome Notepad.exe, In Quarantäne, [baef35ed612977bf29a0ec3f3cc6d030], 
PUP.Optional.UninstallBHO, C:\Program Files (x86)\UniDeealusi\UniDeealusi.exe, In Quarantäne, [b6f3ed354c3e3df9a2277caf0df5926e], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         
adw ist auch gerade fertig:
Code:
ATTFilter
# AdwCleaner v4.111 - Bericht erstellt 06/03/2015 um 22:28:10
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Sonja - PC
# Gestarted von : C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\kfdklpogcdiepbhfmgklkebjdcnhoojl
Ordner Gelöscht : C:\ProgramData\e49f0d02000023f9
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\download Manager
Ordner Gelöscht : C:\Program Files (x86)\DiGiSSaverr
Ordner Gelöscht : C:\Program Files (x86)\FinduBesutDeaal
Ordner Gelöscht : C:\Program Files (x86)\SavveNewaAppz
Ordner Gelöscht : C:\Program Files (x86)\UniDeealusi
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Sonja\AppData\Local\SmartWeb
Ordner Gelöscht : C:\Users\Sonja\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sonja\Documents\Optimizer Pro
Datei Gelöscht : C:\Windows\SysWOW64\abengine.dll
Datei Gelöscht : C:\Windows\System32\abengine64.dll
Datei Gelöscht : C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk

***** [ Geplante Tasks ] *****

Task Gelöscht : ProgramUpdateCheck
Task Gelöscht : zufap3002

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataContainer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataContainer.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTable
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTable.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableFields.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.DataTableHolder.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.LSPLogic.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\abengineLib.ReadOnlyManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3317892
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{36622CCB-325B-421B-BB6C-17C608131E27}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D1B3EBCF-ABF1-4CB2-B438-75B5E741640D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\FileTypeAssistant
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\TheBestDeals
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\TabNav
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Trusted Software Assistant_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11F6D5AB-263F-388E-74DE-E3DECD390E3F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchgol.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 de)

[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.look-for-it.info/?pid=21773&r=2015/02/18&hid=9910709190815872974&lg=EN&cc=DE&unqvl=82&l=1&q=");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "WebSearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.alias", "mystartsearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.mystartsearch.com/web/favicon.ico");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.name", "mystartsearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.mystartsearch.com/web/?type=dspp&ts=1424282597&from=fun&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR&q={searchTerms}");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "mystartsearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.3qknB38nuo6Ezcfw.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1url.indexOf(\"acebook\")>-1[...]
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.rdbL0mb8uu1MI7HP.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1url.indexOf(\"acebook\")>-1[...]
[rajhh0q2.default-1409765728724\prefs.js] - Zeile Gelöscht : user_pref("extensions.zDwPDobU34VPVwfW.scode", "try{(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1url.indexOf(\"acebook\")>-1[...]

-\\ Google Chrome v

[C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : kfdklpogcdiepbhfmgklkebjdcnhoojl

*************************

AdwCleaner[R0].txt - [30885 Bytes] - [08/11/2013 21:14:56]
AdwCleaner[R1].txt - [15937 Bytes] - [06/03/2015 22:25:08]
AdwCleaner[S0].txt - [30143 Bytes] - [08/11/2013 21:16:00]
AdwCleaner[S1].txt - [14220 Bytes] - [06/03/2015 22:28:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [14280  Bytes] ##########
         
jrt ging auch ganz fix:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Sonja on 06.03.2015 at 22:39:13,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Sonja\AppData\Roaming\mozilla\firefox\profiles\rajhh0q2.default-1409765728724\prefs.js

user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "fun");
user_pref("browser.search.searchengine.uid", "WDCXWD3200BPVT-22JJ5T0_WD-WXL1EA1CZAURCZAUR");
user_pref("extensions.3qknB38nuo6Ezcfw.url", "hxxp://solutionprojob.info/sync2/?q=hfZ9ofV9CShEAen0rTw6qHrMg708BNmGWj8wmihGheDUojw8rdsFpdw6qjk8pchIC7n0rjkErTw5rjYErHw6tNhVCT94t
user_pref("extensions.KjV8foO3AAfc11T9.scode", "(function(){try{if(window.self.location.href.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1){return;}}catch(e){}try{var d=[[\"acebo
user_pref("extensions.mYp6UsOYZ4a6Vs7j.scode", "(function(){try{if(window.self.location.href.indexOf(\"pjUFrdCEpjw4rdYFqjY6rTU6qa\")>-1){return;}}catch(e){}try{var d=[[\"acebo
Emptied folder: C:\Users\Sonja\AppData\Roaming\mozilla\firefox\profiles\rajhh0q2.default-1409765728724\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2015 at 22:42:02,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Und ein frisches FRST:


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Sonja (administrator) on PC on 06-03-2015 22:45:13
Running from C:\Users\Sonja\Desktop
Loaded Profiles: UpdatusUser & Sonja (Available profiles: UpdatusUser & Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lidl_Fotos\dd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-608024502-4260226369-3383888787-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Device Detection] => C:\Program Files (x86)\Lidl_Fotos\dd.exe [860528 2014-11-26] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Die Prinzen   Millionar.mp3.lnk
ShortcutTarget: Die Prinzen   Millionar.mp3.lnk -> C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen   Millionar.mp3.exe (No File)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\die prinzen kssen verboten.lnk
ShortcutTarget: die prinzen kssen verboten.lnk -> C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe (No File)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-608024502-4260226369-3383888787-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=www.google.com&OSP=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-608024502-4260226369-3383888787-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-maps.xml
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Secure Downloader) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol [2015-02-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 e47f97f2; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemPower\SystemPower.dll",serv
S2 HPSLPSVC; C:\Users\Sonja\AppData\Local\Temp\7zS1AA1\hpslpsvc64.dll [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2012-10-09] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 22:42 - 2015-03-06 22:42 - 00001679 _____ () C:\Users\Sonja\Desktop\JRT.txt
2015-03-06 22:38 - 2015-03-06 22:38 - 01388333 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2015-03-06 22:20 - 2015-03-06 22:21 - 02126848 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
2015-03-06 22:17 - 2015-03-06 22:17 - 00003163 _____ () C:\Users\Sonja\Desktop\mbam.txt
2015-03-05 14:36 - 2015-03-05 14:36 - 00026706 _____ () C:\ComboFix.txt
2015-03-05 14:36 - 2015-03-05 14:36 - 00000000 ____D () C:\Users\TEMP
2015-03-05 14:16 - 2015-03-05 14:36 - 00000000 ____D () C:\Qoobox
2015-03-05 14:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-05 14:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-05 14:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-05 14:15 - 2015-03-05 14:34 - 00000000 ____D () C:\Windows\erdnt
2015-03-05 14:13 - 2015-03-05 14:13 - 05612482 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe
2015-03-04 12:03 - 2015-03-04 12:03 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-03 22:21 - 2015-03-03 22:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sonja\Desktop\tdsskiller.exe
2015-03-02 20:00 - 2015-03-02 20:00 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-03-02 19:59 - 2015-03-02 19:59 - 01182149 _____ () C:\Users\Sonja\Downloads\7z936.exe
2015-03-02 19:07 - 2015-03-03 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-02 19:03 - 2015-03-03 23:07 - 00000000 ____D () C:\Users\Sonja\Desktop\mbar
2015-03-02 18:08 - 2015-03-02 18:09 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sonja\Desktop\mbar-1.09.1.1004.exe
2015-03-02 08:49 - 2015-03-02 08:49 - 00014138 _____ () C:\Users\Sonja\Desktop\GMER.log
2015-03-02 08:01 - 2015-03-02 08:05 - 00036665 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-03-02 07:59 - 2015-03-06 22:45 - 00018984 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-03-02 07:58 - 2015-03-06 22:45 - 00000000 ____D () C:\FRST
2015-03-02 07:54 - 2015-03-02 07:55 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log
2015-03-02 07:54 - 2015-03-02 07:54 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2015-03-02 07:49 - 2015-03-02 07:49 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe
2015-03-02 07:46 - 2015-03-02 07:46 - 02092544 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe
2015-03-02 07:39 - 2015-03-02 07:39 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe
2015-02-25 21:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 08:01 - 2015-02-20 08:01 - 00840312 _____ (App Web ) C:\Users\Sonja\Downloads\adobe_flash_setup.exe
2015-02-18 20:38 - 2015-02-18 20:38 - 00000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\Secure Downloader
2015-02-18 20:06 - 2015-02-18 20:06 - 00003140 _____ () C:\Windows\System32\Tasks\{8F3DEAAE-1ECC-4362-B02C-A4F771F9C2C7}
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieUserList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieSiteList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieBrowserModeList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-02-18 19:33 - 2015-02-18 19:49 - 00000000 ____D () C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}
2015-02-18 19:31 - 2015-02-18 19:31 - 00000000 ____D () C:\shoplog
2015-02-18 19:25 - 2015-03-04 12:03 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4
2015-02-18 19:10 - 2015-03-06 22:08 - 00000000 ____D () C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\Program Files (x86)\clean2PC
2015-02-18 18:56 - 2015-03-06 22:07 - 00000000 ____D () C:\Program Files (x86)\Chrome Notepad
2015-02-18 18:55 - 2015-03-06 22:08 - 00000000 ____D () C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}
2015-02-18 18:54 - 2015-03-06 22:07 - 00000000 ____D () C:\ProgramData\{2048d42c-81cc-fdba-2048-8d42c81c50b2}
2015-02-18 18:22 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-18 18:22 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 19:32 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 19:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:43 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:42 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:42 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 19:42 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 19:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 19:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 19:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:42 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 19:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 19:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 19:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 19:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:42 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:41 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:41 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:41 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:41 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:41 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:41 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:41 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:41 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:41 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:41 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:41 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:41 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:41 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:40 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:40 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:40 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:40 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-06 22:40 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 22:40 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 22:35 - 2014-11-27 18:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 22:35 - 2014-09-10 20:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 22:35 - 2013-03-10 08:25 - 00000000 ___RD () C:\Users\Sonja\Dropbox
2015-03-06 22:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox
2015-03-06 22:31 - 2014-09-10 20:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-06 22:30 - 2010-11-21 04:47 - 00457328 _____ () C:\Windows\PFRO.log
2015-03-06 22:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 22:30 - 2009-07-14 05:51 - 00139913 _____ () C:\Windows\setupact.log
2015-03-06 22:28 - 2013-11-08 21:14 - 00000000 ____D () C:\AdwCleaner
2015-03-06 22:28 - 2012-01-12 03:20 - 02052727 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 22:14 - 2014-09-03 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 22:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-06 21:29 - 2013-11-30 08:49 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-03-05 14:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-05 14:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-03 22:17 - 2014-09-03 22:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 08:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 07:54 - 2012-06-20 20:21 - 00000000 ____D () C:\Users\Sonja
2015-03-01 09:41 - 2013-02-01 09:32 - 00000000 ____D () C:\NotenBox 7
2015-02-26 18:40 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-20 18:36 - 2012-01-12 12:12 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2015-02-20 18:36 - 2012-01-12 12:12 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2015-02-20 18:36 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-19 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-18 22:10 - 2011-10-14 04:42 - 00000000 ____D () C:\Windows\ca
2015-02-18 20:11 - 2012-06-20 20:39 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:39 - 00001039 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:24 - 00001425 _____ () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-18 19:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-18 19:38 - 2012-10-15 08:21 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe
2015-02-18 19:11 - 2012-07-10 19:37 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc
2015-02-15 20:32 - 2012-10-09 10:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype
2015-02-13 19:33 - 2013-03-10 08:25 - 00001015 _____ () C:\Users\Sonja\Desktop\Dropbox.lnk
2015-02-13 19:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 21:25 - 2009-07-14 05:45 - 00312256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:19 - 2013-11-23 21:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 20:18 - 2013-11-23 21:17 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 20:18 - 2013-08-14 08:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:12 - 2012-07-03 18:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 18:30 - 2014-09-10 20:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 18:30 - 2014-09-10 20:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 18:35 - 2014-11-27 18:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:35 - 2014-11-27 18:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 18:35 - 2014-11-27 18:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Sonja\AppData\Roaming\IVFLS
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Sonja\AppData\Roaming\SX
2015-02-18 20:38 - 2015-02-18 20:38 - 0000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2013-04-02 09:54 - 2013-04-02 09:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-12 03:47 - 2012-01-12 03:49 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-08-03 21:19 - 2012-08-03 21:20 - 0000317 _____ () C:\ProgramData\hpzinstall.log
2014-06-09 18:47 - 2014-06-09 18:50 - 0000032 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2fvvcr.dll
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-11 16:28

==================== End Of Log ============================
         
--- --- ---



Vielen Dank und einen schönen Abend noch

Geändert von Fanou (06.03.2015 um 22:47 Uhr) Grund: Beitragsverdichtung

Alt 07.03.2015, 13:15   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.03.2015, 19:37   #15
Fanou
 
Windows 7, Adware eingefangen (Digisaver etc.) - Standard

Windows 7, Adware eingefangen (Digisaver etc.)



Guten Abend schrauber,

ESET läuft (und läuft und läuft...) und hat inzwischen mehr als 100 Funde. Beim Starten hatte ESET gemeckert, weil noch eine andere Sicherheitssoftware aktiv wäre (MS Security Essentials). Ich hatte den Echtzeitschutz ausgestellt, aber komplett abschalten ließ es sich nicht. Ist das wichtig? Wenn ESET irgendwann mal fertig wird, poste ich das log

Viele Grüße

Fanou

EDIT: ESET ist fertig, hier das log:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e00471f1b600334097eb2bdd5f0a3b67
# engine=22800
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-07 06:44:49
# local_time=2015-03-07 07:44:49 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 2075172 67060005 0 0
# scanned=241127
# found=124
# cleaned=0
# scan_time=16299
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=AB28B1A4103224E83854DEB11EBD402DAD5529AA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\41856.crx.vir"
sh=D2BFE1ABAE9D13BECCD876213422AE4158691D9F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\41856.xpi.vir"
sh=BF11F09E96B9137F299E8996F4A02190D6AD350A ft=1 fh=97d439143ab78456 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bg.exe.vir"
sh=DDC1FF519447F0ED62E2C0F02386DC434926F372 ft=1 fh=c71c00113eef2777 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho.dll.vir"
sh=C7C39A73408243BCB6EE0CC76DE347DD19113DA4 ft=1 fh=3966826d47bc5a39 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-bho64.dll.vir"
sh=60DF1C494356DD54DF33EED5F90FE6142C017162 ft=1 fh=c71c00113f60402f vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-buttonutil.dll.vir"
sh=867C038DF529DA89AD89C615432914B7C904761D ft=1 fh=9ced8610c5ecb309 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-buttonutil.exe.vir"
sh=561919C6621EE0ED548EEB4EF263786DF009F317 ft=1 fh=f3fd0242b69965f6 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-buttonutil64.dll.vir"
sh=27851B0A3A1CB5CAC2E502732C7ACB543B69079C ft=1 fh=9ced8610cd6bcbc4 vn="Variante von Win64/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-buttonutil64.exe.vir"
sh=203CE2C0CF5375C48543730A5CDAC953DF0C4DCA ft=1 fh=94eaaf8006a6b0cd vn="Variante von Win32/Toolbar.CrossRider.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-chromeinstaller.exe.vir"
sh=88B602B1C7FA2020EAFEE73BB0432ADEAE7793D4 ft=1 fh=be9ae14d90318296 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-codedownloader.exe.vir"
sh=F882CB3BFC65FCFC73AA38CCE0FB1F603BC180D1 ft=1 fh=74b78bb7a13dbe46 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-firefoxinstaller.exe.vir"
sh=62CCFE3D5F601EF61C679386011046977EE1C4BF ft=1 fh=6bca5420fd8064b1 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\LyriXeeker-1-updater.exe.vir"
sh=71E2F9D64D3FF023BD84948A4A415796F6DF3657 ft=1 fh=4374af28a4922a52 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyriXeeker-1\utils.exe.vir"
sh=4AF99E43A299B48AB0C9F449A3EECEB34CAD6251 ft=1 fh=c373ebba2dd6fb96 vn="Win32/Toolbar.Besttoolbars.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpecialSavings\AddonsFramework.dll.vir"
sh=5C490584673C131FAEA473748D12B1E019807726 ft=1 fh=d002bc3e2c1073db vn="Variante von Win32/Toolbar.Besttoolbars.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SpecialSavings\ScriptHost.dll.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3317892\UninstallerUI.exe.vir"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=F8935573391555518C560A87DA9D48A7AFB964A9 ft=1 fh=d5f378fbab67b337 vn="Variante von Win32/Adware.Synatix.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\DownloadGuide\Offers\vis-freeware.exe.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\92_superfish_m.js.vir"
sh=DEF8CB14886F5A427CEB5E70D8C1D395AC135F4A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgmpcnmaamenhngcinchjeifhhnlaig\1.24.10_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=2B371F487F7913191E68EE2E12534E82AFDD3CB0 ft=1 fh=cc1a05615fab866c vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Local\Temp\Desk365\eInstall\eInstall.exe.vir"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\102_dealply_m.js.vir"
sh=2301B99B2F03CE326D6A6BDC1CF9FF1E3B72E126 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\107_coupish_m.js.vir"
sh=76383B8DE33E6BBFB98D545DEA12B018A0A8F2C8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\108_icm_m.js.vir"
sh=A18766D6D6FF6B3985879B311F9984C744BBA15C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=431FFC8C5F0160D893723BFF0CCE55742716AE3D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=B1FD213981E274BCEE2697A82C7E87CA7418C39B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=2536CE239CC1E9DCCB8931BC82F1CF8520F55686 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\142_intext_fa_m.js.vir"
sh=C88DBAE0721E7739E511F90647A5238D389729A4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=399782A2AB704FCF977DD8C511424301382F4659 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=E6BDC1907B7FE7C78DC0F1AF9FF678F5EB4D8E73 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=062C50599A7B0E47E52FCE5016D5EC6EE2AD3A1C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=233496F4C4D033E8878BD480C97EB279E62B33F2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\175_coolmirage_m.js.vir"
sh=1B82157104A9F645095DF7AE7B5CF872400DF531 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\178_revizer_ws_dynamic_m.js.vir"
sh=F4ED2E70B2B8D0F1C4EA381BC928D4DD0438F0F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\179_revizer_p_dynamic_m.js.vir"
sh=FA5368990D934C99A38DEF34151ED59F4D95C64F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\92_superfish_m.js.vir"
sh=BFD0F29067CAE71544784708FE5554D6518AD6AD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\usqebtv5.default\Extensions\763ab44b-71df-436c-906e-2ee8e1d7b302@af951efb-381e-47b2-ac45-80df41e44bc7.com\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=EB3CE62B7E6499FC3F1435C5CBB7404813CD4981 ft=1 fh=52891f697437586e vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe"
sh=0357621AC83DF191CD56CBD9EDD510F83884A743 ft=1 fh=6615ee6d091e66c2 vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\CouPExtenssiion\r6yNPHvj7FN2vj.x64.dll.vir"
sh=3E654E75E78E41B04D7D8514611AF6FBD83400C7 ft=1 fh=6615ee6dbe9d5a4b vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\DealuExpress\lKKpUnz2d5pRII.x64.dll.vir"
sh=4F8894A6924E7AF63153D82B71F3AF33A04F0637 ft=1 fh=c71c0011f582e792 vn="Variante von Win32/BHOUninstaller.AB evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\UNiDeals i\ywtoaxppRj1uoW.exe.vir"
sh=2BE782216EFC920ED6DD18F282F5D738DD5DA26A ft=1 fh=6615ee6dabd9942a vn="Variante von Win64/Adware.MultiPlug.F Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\UNiDeals i\ywtoaxppRj1uoW.x64.dll.vir"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Sonja\AppData\Local\nsk1212.tmp.vir"
sh=BA38199B25F5F1ED0B1A356ED2CB07F3006BD7B6 ft=1 fh=d4f71008b2fd795e vn="Variante von Win32/Adware.ICLoader.JA Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\04.03.2015_09.29.56\susp0000\svc0000\tsk0000.dta"
sh=85B0A18DBF5D07B10A356D2EB5BA34DD21A06398 ft=1 fh=c9813bd9794daa8d vn="Variante von Win32/Adware.AdService.AL Anwendung" ac=I fn="C:\TDSSKiller_Quarantine\04.03.2015_09.29.56\uds0000\svc0000\tsk0000.dta"
sh=EB3CE62B7E6499FC3F1435C5CBB7404813CD4981 ft=1 fh=52891f697437586e vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\Users\All Users\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}\OptimizerProInstaller.exe"
sh=4A22EDCDE458813A20BEB36EB2BABE856EDB182B ft=1 fh=e4a65a4c93580ecd vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30DI4YPV\SearchUpdater[1].exe"
sh=3705670AF8CD8741D870A62B421EC5696A97BEFC ft=1 fh=097437150c7024d4 vn="Variante von Win32/PriceGong.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30DI4YPV\SmartWebInstaller[1].exe"
sh=BA38199B25F5F1ED0B1A356ED2CB07F3006BD7B6 ft=1 fh=d4f71008b2fd795e vn="Variante von Win32/Adware.ICLoader.JA Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30DI4YPV\VOsrv[1].exe"
sh=AD274F5D2B12C1A564D13176C716579A8EA54237 ft=1 fh=a225194bb82f217f vn="Variante von Win32/Adware.AddLyrics.DN Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\BlockAndSurf_2222-5510[1].exe"
sh=7BC10D75A0FE5BC368FB0C209221332F83688C14 ft=1 fh=5aa924e8dfac4f5b vn="Win32/VOPackage.BT evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\check[1].exe"
sh=CA3DC635CDEF2C285898DE94134C574D9B8EB80A ft=1 fh=4110cca1220a797d vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\Setup[1].exe"
sh=65781DB72ABE2B33F080EF81E32868ECFE609117 ft=1 fh=a2561662e1683314 vn="Win32/Packed.ScrambleWrapper.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\setup[1].exe_a"
sh=7009002EB02A1801DB6D1C9388FD09C76774A81E ft=1 fh=c71c0011d6caeb29 vn="Variante von Win32/Adware.ConvertAd.AH Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8PUV1RBE\Update_Notifier[1].exe"
sh=8440A220229C46807A4CCDF571107593E2733471 ft=1 fh=75eb7ae1e7a4bc56 vn="Win32/Adware.ConvertAd.BN Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKP3CR5Z\dl[1].htm"
sh=85B0A18DBF5D07B10A356D2EB5BA34DD21A06398 ft=1 fh=c9813bd9794daa8d vn="Variante von Win32/Adware.AdService.AL Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CKP3CR5Z\JOSrv[1].exe"
sh=45C4511F0EC1A01CC992DBF11E232CA2C13062F4 ft=1 fh=183e6b613625d607 vn="Win32/VOPackage.BC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\AnyProtectSetup[1].exe"
sh=B8E1737A46C7D04A983D8D1F018175BBA3A7E5E3 ft=1 fh=7ed2aa8da7f26d60 vn="Variante von Win32/InstallCore.PL evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\Setup[1].exe"
sh=B9E3C39C9B29839FAF2D5E55CD96B4B9CB60B548 ft=1 fh=8b279515fabfc722 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\setup_gmsd_de[1].exe"
sh=355B221F5F0DFFF4A1D7EF495B7569B4973E9DFA ft=1 fh=9911c846256dedc3 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\SFSetup[1].exe"
sh=2DB714F4033CCE659E792E64A64E8092D98E07EB ft=1 fh=f37aa63c7dc75675 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ELS9B15D\VOPackage[1].exe"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Roaming\IVFLS"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Roaming\SX"
sh=453D3B26051E4D9E4B289C39650EE49B1278374B ft=1 fh=5cd7b9f2006f3aba vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\Uninstall.exe"
sh=2DB714F4033CCE659E792E64A64E8092D98E07EB ft=1 fh=f37aa63c7dc75675 vn="Win32/Adware.ConvertAd.AQ Anwendung" ac=I fn="C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4\vnsqC177.tmp"
sh=324E23BD359A094D5C8EBE77CD43035E9993B0B5 ft=1 fh=c0656931bcca232d vn="Variante von Win32/InstallCore.WX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\adobe_flash_setup.exe"
sh=900396F2C3A06863A5B39BA0CC48031A0BC1C5B3 ft=1 fh=ffbd3625738b259d vn="Variante von MSIL/DownloadGuide.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\aren117-20070111-Downloader.exe"
sh=46720407CF76A3A4EBDDAFDBBBFA943B1A8F1E9F ft=1 fh=06416bae119d1e72 vn="Variante von Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\computerbild_downloader_fuer_winzip.exe"
sh=64131EBCE68286BAAEFAC74F12628EBFC159B7CB ft=1 fh=252d3f247af8095f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\PDFCreator-1_6_1_setup.exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\PDFCreator-1_6_2_setup.exe"
sh=534999ED85CB0AE3C21385B37B538044EA2AB339 ft=1 fh=28e16a9d033375cd vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\PDFCreator-1_7_3_setup.exe"
sh=34F2C0844483FE1CF4B3C781A192BD3F164A364A ft=1 fh=ecc511e71376698b vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\PDFCreator-1_9_1-setup-beta.exe"
sh=3224DA93D806263147B59DCC0AE4EF5186F48B6C ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\wz170-32gev.msi"
sh=203DC55D22F8B641565D92113AED0CEE84CD6636 ft=1 fh=a5c82d9e7cb612e7 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\zafwSetupWeb_102_057_000.exe"
sh=106331229BB0E6926354AA973913843E09C71E78 ft=1 fh=e5343e9e04c1f21e vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\zafwSetupWeb_102_081_000.exe"
sh=238B76E136A032D4601301E567760EC10C814124 ft=1 fh=f14483085eb0dc09 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\zafwSetupWeb_110_000_038.exe"
sh=F5061F226B1F7E5B3F646131416BE24B86F9BE88 ft=1 fh=046a44521feb320b vn="Variante von Win32/FileTypeAssistant.A evtl. unerwünschte Anwendung" ac=I fn="C:\zoek_backup\C_PROGRA~2_File Type Assistant\tsassist.exe"
         
Security Check spuckt mir eine Fehlermeldung aus:
Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
FRST lasse ich gleich nochmal drüberlaufen. ... Fertig :
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by Sonja (administrator) on PC on 07-03-2015 19:59:55
Running from C:\Users\Sonja\Desktop
Loaded Profiles: UpdatusUser & Sonja (Available profiles: UpdatusUser & Sonja)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lidl_Fotos\dd.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
() C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-608024502-4260226369-3383888787-1000\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Device Detection] => C:\Program Files (x86)\Lidl_Fotos\dd.exe [860528 2014-11-26] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\...\Run: [Amazon Music] => C:\Users\Sonja\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [450048 2011-09-13] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Die Prinzen   Millionar.mp3.lnk
ShortcutTarget: Die Prinzen   Millionar.mp3.lnk -> C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}\Die Prinzen   Millionar.mp3.exe (No File)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\die prinzen kssen verboten.lnk
ShortcutTarget: die prinzen kssen verboten.lnk -> C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}\die prinzen kssen verboten.exe (No File)
Startup: C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sonja\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Sonja\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-608024502-4260226369-3383888787-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-608024502-4260226369-3383888787-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=de-DE&Src=MSE&Tid=000328B0&OHP=www.google.com&OSP=
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-608024502-4260226369-3383888787-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-02-18] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2014-04-15] (Foxit Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-16] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2014-02-18] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-608024502-4260226369-3383888787-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-images.xml [2014-09-27]
FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\searchplugins\google-maps.xml [2014-09-27]
FF Extension: Adblock Plus - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rajhh0q2.default-1409765728724\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-21]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Secure Downloader) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcfghpoodhahbegndmbojmgkibhiol [2015-02-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 e47f97f2; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemPower\SystemPower.dll",serv
S2 HPSLPSVC; C:\Users\Sonja\AppData\Local\Temp\7zS1AA1\hpslpsvc64.dll [X]
S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 acedrv06; C:\Windows\system32\drivers\acedrv06.sys [147456 2012-10-09] () [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 19:59 - 2015-03-07 19:59 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion
2015-03-07 19:57 - 2015-03-07 19:57 - 00852604 _____ () C:\Users\Sonja\Downloads\SecurityCheck.exe
2015-03-07 19:55 - 2015-03-07 19:55 - 00852604 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe
2015-03-07 15:10 - 2015-03-07 15:10 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-03-07 15:09 - 2015-03-07 15:09 - 02347384 _____ (ESET) C:\Users\Sonja\Desktop\esetsmartinstaller_deu.exe
2015-03-06 22:42 - 2015-03-06 22:42 - 00001679 _____ () C:\Users\Sonja\Desktop\JRT.txt
2015-03-06 22:38 - 2015-03-06 22:38 - 01388333 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe
2015-03-06 22:20 - 2015-03-06 22:21 - 02126848 _____ () C:\Users\Sonja\Desktop\AdwCleaner_4.111.exe
2015-03-06 22:17 - 2015-03-06 22:17 - 00003163 _____ () C:\Users\Sonja\Desktop\mbam.txt
2015-03-05 14:36 - 2015-03-05 14:36 - 00026706 _____ () C:\ComboFix.txt
2015-03-05 14:36 - 2015-03-05 14:36 - 00000000 ____D () C:\Users\TEMP
2015-03-05 14:16 - 2015-03-05 14:36 - 00000000 ____D () C:\Qoobox
2015-03-05 14:16 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-05 14:16 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-05 14:16 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-05 14:16 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-05 14:15 - 2015-03-05 14:34 - 00000000 ____D () C:\Windows\erdnt
2015-03-05 14:13 - 2015-03-05 14:13 - 05612482 ____R (Swearware) C:\Users\Sonja\Desktop\ComboFix.exe
2015-03-04 12:03 - 2015-03-04 12:03 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-03-03 22:21 - 2015-03-03 22:21 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Sonja\Desktop\tdsskiller.exe
2015-03-02 20:00 - 2015-03-02 20:00 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2015-03-02 19:59 - 2015-03-02 19:59 - 01182149 _____ () C:\Users\Sonja\Downloads\7z936.exe
2015-03-02 19:07 - 2015-03-03 23:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-02 19:03 - 2015-03-03 23:07 - 00000000 ____D () C:\Users\Sonja\Desktop\mbar
2015-03-02 18:08 - 2015-03-02 18:09 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Sonja\Desktop\mbar-1.09.1.1004.exe
2015-03-02 08:49 - 2015-03-02 08:49 - 00014138 _____ () C:\Users\Sonja\Desktop\GMER.log
2015-03-02 08:01 - 2015-03-02 08:05 - 00036665 _____ () C:\Users\Sonja\Desktop\Addition.txt
2015-03-02 07:59 - 2015-03-07 19:59 - 00019579 _____ () C:\Users\Sonja\Desktop\FRST.txt
2015-03-02 07:58 - 2015-03-07 20:00 - 00000000 ____D () C:\FRST
2015-03-02 07:54 - 2015-03-02 07:55 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log
2015-03-02 07:54 - 2015-03-02 07:54 - 00000000 _____ () C:\Users\Sonja\defogger_reenable
2015-03-02 07:49 - 2015-03-02 07:49 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe
2015-03-02 07:46 - 2015-03-07 19:59 - 02094592 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe
2015-03-02 07:39 - 2015-03-02 07:39 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe
2015-02-25 21:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 21:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-20 08:01 - 2015-02-20 08:01 - 00840312 _____ (App Web ) C:\Users\Sonja\Downloads\adobe_flash_setup.exe
2015-02-18 20:38 - 2015-02-18 20:38 - 00000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2015-02-18 20:23 - 2015-02-18 20:23 - 00000000 ____D () C:\Program Files (x86)\Secure Downloader
2015-02-18 20:06 - 2015-02-18 20:06 - 00003140 _____ () C:\Windows\System32\Tasks\{8F3DEAAE-1ECC-4362-B02C-A4F771F9C2C7}
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieUserList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieSiteList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 __SHD () C:\Users\Sonja\AppData\Local\EmieBrowserModeList
2015-02-18 19:41 - 2015-02-18 19:41 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-02-18 19:33 - 2015-02-18 19:49 - 00000000 ____D () C:\ProgramData\{dc73b5bd-2ead-65a6-dc73-3b5bd2ead6f4}
2015-02-18 19:31 - 2015-02-18 19:31 - 00000000 ____D () C:\shoplog
2015-02-18 19:25 - 2015-03-04 12:03 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\38FAE90D-1424287507-E111-9C39-DC0EA126DAF4
2015-02-18 19:10 - 2015-03-06 22:08 - 00000000 ____D () C:\ProgramData\{d075ee4c-e609-54bb-d075-5ee4ce60b933}
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC
2015-02-18 19:01 - 2015-02-18 19:01 - 00000000 ____D () C:\Program Files (x86)\clean2PC
2015-02-18 18:56 - 2015-03-06 22:07 - 00000000 ____D () C:\Program Files (x86)\Chrome Notepad
2015-02-18 18:55 - 2015-03-06 22:08 - 00000000 ____D () C:\ProgramData\{b11f671d-3060-98e6-b11f-f671d3069c74}
2015-02-18 18:54 - 2015-03-06 22:07 - 00000000 ____D () C:\ProgramData\{2048d42c-81cc-fdba-2048-8d42c81c50b2}
2015-02-18 18:22 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-18 18:22 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-18 18:22 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-12 19:32 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 19:32 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 19:32 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:43 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:43 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:42 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:42 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:42 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:42 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 19:42 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 19:42 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 19:42 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 19:42 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:42 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 19:42 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 19:42 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:42 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 19:42 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 19:42 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:42 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:42 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 19:42 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 19:42 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 19:42 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 19:42 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:42 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:42 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 19:42 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 19:42 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 19:42 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 19:42 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:42 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:42 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:42 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:42 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:42 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:42 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:42 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:42 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:41 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:41 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:41 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:41 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:41 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:41 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:41 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:41 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:41 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:41 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:41 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:41 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:41 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:41 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:41 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:41 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:41 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:40 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:40 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:40 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:40 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:40 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:40 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:40 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:40 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:40 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 19:40 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:40 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 19:59 - 2012-01-12 03:20 - 01102562 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 19:35 - 2014-11-27 18:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 19:35 - 2014-09-10 20:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 19:31 - 2013-11-30 08:49 - 00000338 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-03-07 18:35 - 2014-09-10 20:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 11:25 - 2015-01-26 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-06 22:40 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 22:40 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 22:35 - 2013-03-10 08:25 - 00000000 ___RD () C:\Users\Sonja\Dropbox
2015-03-06 22:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Dropbox
2015-03-06 22:30 - 2010-11-21 04:47 - 00457328 _____ () C:\Windows\PFRO.log
2015-03-06 22:30 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 22:30 - 2009-07-14 05:51 - 00139913 _____ () C:\Windows\setupact.log
2015-03-06 22:28 - 2013-11-08 21:14 - 00000000 ____D () C:\AdwCleaner
2015-03-06 22:14 - 2014-09-03 22:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-06 22:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-05 14:36 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-03-05 14:29 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-03-03 22:17 - 2014-09-03 22:16 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 14:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 08:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 07:54 - 2012-06-20 20:21 - 00000000 ____D () C:\Users\Sonja
2015-03-01 09:41 - 2013-02-01 09:32 - 00000000 ____D () C:\NotenBox 7
2015-02-26 18:40 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-20 18:36 - 2012-01-12 12:12 - 00700118 _____ () C:\Windows\system32\perfh007.dat
2015-02-20 18:36 - 2012-01-12 12:12 - 00149968 _____ () C:\Windows\system32\perfc007.dat
2015-02-20 18:36 - 2009-07-14 06:13 - 01622228 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-19 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PLA
2015-02-18 22:10 - 2011-10-14 04:42 - 00000000 ____D () C:\Windows\ca
2015-02-18 20:11 - 2012-06-20 20:39 - 00001051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:39 - 00001039 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-18 20:11 - 2012-06-20 20:24 - 00001425 _____ () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-18 19:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-02-18 19:38 - 2012-10-15 08:21 - 00000000 ____D () C:\Users\Sonja\AppData\Local\Adobe
2015-02-18 19:11 - 2012-07-10 19:37 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\vlc
2015-02-15 20:32 - 2012-10-09 10:50 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Skype
2015-02-13 19:33 - 2013-03-10 08:25 - 00001015 _____ () C:\Users\Sonja\Desktop\Dropbox.lnk
2015-02-13 19:33 - 2013-03-10 08:24 - 00000000 ____D () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-11 21:25 - 2009-07-14 05:45 - 00312256 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-11 20:19 - 2013-11-23 21:17 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-02-11 20:18 - 2013-11-23 21:17 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-11 20:18 - 2013-11-23 21:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-02-11 20:18 - 2013-08-14 08:22 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:12 - 2012-07-03 18:37 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-06 18:30 - 2014-09-10 20:43 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 18:30 - 2014-09-10 20:43 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 18:35 - 2014-11-27 18:45 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 18:35 - 2014-11-27 18:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 18:35 - 2014-11-27 18:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Sonja\AppData\Roaming\IVFLS
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Sonja\AppData\Roaming\SX
2015-02-18 20:38 - 2015-02-18 20:38 - 0000042 _____ () C:\Users\Sonja\AppData\Roaming\WB.CFG
2013-04-02 09:54 - 2013-04-02 09:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-01-12 03:47 - 2012-01-12 03:49 - 0015230 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-08-03 21:19 - 2012-08-03 21:20 - 0000317 _____ () C:\ProgramData\hpzinstall.log
2014-06-09 18:47 - 2014-06-09 18:50 - 0000032 _____ () C:\ProgramData\PS.log

Some content of TEMP:
====================
C:\Users\Sonja\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2fvvcr.dll
C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe
C:\Users\Sonja\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-11 16:28

==================== End Of Log ============================
         
--- --- ---


Vielen Dank schonmal.

Geändert von Fanou (07.03.2015 um 20:01 Uhr) Grund: Beitragsverdichtung

Antwort

Themen zu Windows 7, Adware eingefangen (Digisaver etc.)
adobe, adware, browser, cpu, defender, device driver, failed, firefox, flash player, home, homepage, iexplore.exe, install.exe, installmanager.exe, launch, mozilla, msiexec.exe, prozesse, realtek, registry, rundll, security, services.exe, siteadvisor, software, svchost.exe, symantec, system, taskmanager, teredo, windows



Ähnliche Themen: Windows 7, Adware eingefangen (Digisaver etc.)


  1. Windows 7: Trojaner eingefangen, werde ihn nicht los (Crossbrowser, Mystartsearch, Malware-gen, Adware-gen usw.)
    Log-Analyse und Auswertung - 18.09.2015 (14)
  2. Windows 7 nach Datei download Virenbefall (ADWARE/SuperFish.342192 und ADWARE/CrossRider.Gen7)
    Log-Analyse und Auswertung - 23.07.2015 (36)
  3. Adware eingefangen
    Log-Analyse und Auswertung - 10.06.2015 (7)
  4. Windows 8.1: Adware eingefangen (Delta)?
    Log-Analyse und Auswertung - 01.04.2015 (7)
  5. Adware eingefangen! Sämtliche Viren/Adware-Scanner finden nichts.
    Log-Analyse und Auswertung - 23.03.2015 (18)
  6. Windows 8.1: Adware eingefangen und werde sie nichtmehr los
    Plagegeister aller Art und deren Bekämpfung - 02.03.2015 (21)
  7. Windows 8.1:Variant.Adware.Graftor.159320+Adware.Generic.1133960-Virenbefall?
    Log-Analyse und Auswertung - 13.01.2015 (32)
  8. Windows 7: Adware eingefangen
    Log-Analyse und Auswertung - 22.10.2014 (19)
  9. Windows 7: ADWARE/CrossRider.Gen4, ADWARE/EoRezo.Gen4 und ADWARE/MPlug 6.14 durch AntiVir gefunden
    Log-Analyse und Auswertung - 22.10.2014 (4)
  10. eBay-Fake eMail mit ZIP Anhang gespeichert, Windows 7- Avira: Enthält Erkennungsmuster der Adware ADWARE/Adware.Gen
    Log-Analyse und Auswertung - 29.08.2014 (17)
  11. DigiSaver entfernen
    Anleitungen, FAQs & Links - 30.07.2014 (2)
  12. Trojaner gefunden TR/Dldr.Agent.314440 und verschiedene Adwares ADWARE/EoRezo.AF, ADWARE/Adware.Gen7, ADWARE/AgentCV.A.2919
    Log-Analyse und Auswertung - 02.05.2014 (19)
  13. Hab mir Adware Bettersurf Win32 eingefangen, eine Adware die unerwünschte Werbungen im Browser aufzeigt, siehe Beschreibung
    Log-Analyse und Auswertung - 10.03.2014 (1)
  14. Adware eingefangen
    Plagegeister aller Art und deren Bekämpfung - 01.01.2014 (11)
  15. Windows 7: TR/PSW.Zbot.73728.71; JAVA/Lamar.jyi.31; ADWARE/DomaIQ.24569 eingefangen. wie entfernen? log-dateien angehängt.
    Log-Analyse und Auswertung - 12.08.2013 (10)
  16. pup.adware eingefangen und nun?
    Log-Analyse und Auswertung - 27.03.2013 (4)
  17. PC von Adware.Agent.ZGen, Adware.ClickPotato, Adware.ShopperReports, Adware.Hotbar, Adwa angegriffen
    Mülltonne - 30.06.2011 (0)

Zum Thema Windows 7, Adware eingefangen (Digisaver etc.) - Guten Morgen, Meine Frau hat sich beim DL einiges eingefangen, seither ist das surfen sehr unerfreulich (ständige Pop-ups, Banner, Werbetabs). Ich würde mich über fachkundige Unterstützung sehr freuen. Vielen Dank. - Windows 7, Adware eingefangen (Digisaver etc.)...
Archiv
Du betrachtest: Windows 7, Adware eingefangen (Digisaver etc.) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.