Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.05.2015, 00:17   #1
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



Hallo,

folgendes Problem liegt vor:

1) Werbung poppt auf, trotz AdBlock in Firefox Mozilla (Problem habe ich bei anderen PC nicht). gdata meldet im Popup junkware

2) Wörter mit Werbebezug sind blau und unterstrichen und es poppen dazu Sprechblasen auf

3) Virenscan mit Gdata kann das problem nicht beheben (logfile vom Scan wird nachgereicht....muss erst einen großen Scan machen, Leerlaufscan-Ergebnis steht unten)

4) Webseiten stürzen oft ab und können nicht verwendet werden

5) Mozilla Firefox startet unregelmäßig


Ich hoffe ich habe alles richtig gemacht. Danke, dass ihr mir dabei helft! Schöne Grüße, PhiGammaTau

Hier die Logs:

1) "defogger_disable"

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:28 on 08/05/2015 (Eli)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-
         
2) FRST

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Eli (administrator) on STICHLING on 08-05-2015 23:36:59
Running from C:\Users\Eli\Desktop
Loaded Profiles: Eli (Available profiles: Eli & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_169.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [865088 2014-05-22] (Razer Inc)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452280-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452296-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-09]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58471;https=127.0.0.1:58471
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC1C80B5C-CC13-4CF4-94EC-0091DCE2EC00&SearchSource=58&CUI=&UM=2&UP=SP20A5FFEC-637D-4059-827A-E240577FFCFC&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D012715-AE3372CAF8274412FA2F&form=CONBDF&conlogo=CT3330942&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {7F40D5FC-8B38-4C2C-AC25-5E124CBCA051} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=ac4bd0fa00000000000084a6c87778a7&r=62
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = https://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {94047CC2-4EEE-43CC-9C7C-710AA7989960} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default
FF DefaultSearchEngine: Google Default
FF SelectedSearchEngine: Bing
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\searchplugins\google-default.xml [2015-01-31]
FF Extension: Amazon-Icon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\amazon-icon@giga.de [2014-12-11]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\donottrackplus@abine.com [2014-12-06]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\sparpilot@sparpilot.com [2014-12-11]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\veggy@veggyAddon.com [2015-03-25]
FF Extension: Zoom It - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5} [2015-05-08]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-03-01]
FF Extension: html updater - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{058146b7-3c81-4daf-8d37-cdf20fd9af4e}.xpi [2015-01-13]
FF Extension: NoScript - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-08]
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
FF Extension: Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-01]
FF Extension: Adblock Edge - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-01]
FF HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-12-02]
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Eli\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-02-20] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-04-01] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-04-01] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-04-01] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230400 2015-04-01] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-04-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-04-01] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-03-01] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [124928 2015-04-01] (G Data Software AG)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation)
R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-12] (Duplex Secure Ltd.)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 23:33 - 2015-05-08 23:36 - 00046592 _____ () C:\Users\Eli\Desktop\Addition.txt
2015-05-08 23:31 - 2015-05-08 23:37 - 00026946 _____ () C:\Users\Eli\Desktop\FRST.txt
2015-05-08 23:30 - 2015-05-08 23:37 - 00000000 ____D () C:\FRST
2015-05-08 23:29 - 2015-05-08 23:29 - 02102272 _____ (Farbar) C:\Users\Eli\Desktop\FRST64.exe
2015-05-08 23:25 - 2015-05-08 23:28 - 00000520 _____ () C:\Users\Eli\Desktop\defogger_disable.log
2015-05-08 23:25 - 2015-05-08 23:25 - 00000020 _____ () C:\Users\Eli\defogger_reenable
2015-05-08 23:24 - 2015-05-08 23:24 - 00050477 _____ () C:\Users\Eli\Desktop\Defogger.exe
2015-05-07 18:18 - 2015-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 22:04 - 2015-04-14 22:04 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-08 23:34 - 2012-10-12 03:48 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-08 23:34 - 2012-10-12 03:48 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-08 23:34 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-08 23:32 - 2013-12-02 18:26 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002
2015-05-08 23:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-08 23:26 - 2013-12-02 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-08 23:26 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-08 23:25 - 2013-12-02 17:53 - 00000000 ____D () C:\Users\Eli
2015-05-08 23:25 - 2012-10-11 18:53 - 01944346 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-08 23:04 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-08 22:41 - 2013-12-17 11:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-08 18:28 - 2014-10-14 16:12 - 00000000 ____D () C:\Users\Eli\AppData\Local\Adobe
2015-04-22 12:35 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-15 14:37 - 2013-12-03 16:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 14:33 - 2013-12-06 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 14:33 - 2013-12-03 16:57 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 22:04 - 2013-12-17 11:24 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2013-12-02 18:15 - 2013-12-04 14:32 - 0003011 _____ () C:\Users\Eli\AppData\Roaming\AbsoluteReminder.xml
2014-10-16 13:37 - 2015-01-27 12:56 - 0000034 _____ () C:\Users\Eli\AppData\Roaming\AdobeWLCMCache.dat
2015-02-16 14:59 - 2015-02-16 14:59 - 0000000 _____ () C:\Users\Eli\AppData\Roaming\gdfw.log
2015-02-16 14:59 - 2015-02-16 14:59 - 0000779 _____ () C:\Users\Eli\AppData\Roaming\gdscan.log
2014-02-06 00:25 - 2014-02-06 00:25 - 0000784 _____ () C:\Users\Eli\AppData\Local\recently-used.xbel
2012-10-11 18:24 - 2012-10-11 18:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Eli\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Eli\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Eli\AppData\Local\Temp\BackupSetup.exe
C:\Users\Eli\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Eli\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Eli\AppData\Local\Temp\Gw2.exe
C:\Users\Eli\AppData\Local\Temp\hcuninstaller_20141209_122126_4784.exe
C:\Users\Eli\AppData\Local\Temp\installerdll354018595.dll
C:\Users\Eli\AppData\Local\Temp\InstStub.exe
C:\Users\Eli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Eli\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe
C:\Users\Eli\AppData\Local\Temp\mpa04268.exe
C:\Users\Eli\AppData\Local\Temp\MultisineV1.74.exe
C:\Users\Eli\AppData\Local\Temp\nsa683D.exe
C:\Users\Eli\AppData\Local\Temp\nsfD03.exe
C:\Users\Eli\AppData\Local\Temp\nsg1D66.exe
C:\Users\Eli\AppData\Local\Temp\nsi7DA8.exe
C:\Users\Eli\AppData\Local\Temp\nsj6FD7.exe
C:\Users\Eli\AppData\Local\Temp\nsmC563.exe
C:\Users\Eli\AppData\Local\Temp\nso62CE.exe
C:\Users\Eli\AppData\Local\Temp\nso7FEB.exe
C:\Users\Eli\AppData\Local\Temp\nsp2528.exe
C:\Users\Eli\AppData\Local\Temp\nsvC37D.exe
C:\Users\Eli\AppData\Local\Temp\ose00000.exe
C:\Users\Eli\AppData\Local\Temp\sdan.exe
C:\Users\Eli\AppData\Local\Temp\sdapk.exe
C:\Users\Eli\AppData\Local\Temp\sdaspwn.exe
C:\Users\Eli\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Eli\AppData\Local\Temp\SpOrder.dll
C:\Users\Eli\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Eli\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Eli\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-02 15:02

==================== End Of Log ============================
         

3) Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Eli at 2015-05-08 23:37:32
Running from C:\Users\Eli\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2344629883-704184612-3672562925-500 - Administrator - Disabled) => C:\Users\Administrator
Eli (S-1-5-21-2344629883-704184612-3672562925-1002 - Administrator - Enabled) => C:\Users\Eli
Gast (S-1-5-21-2344629883-704184612-3672562925-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Enabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Enabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G*DATA Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.2 - G DATA Software AG)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.)
Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MultisineV1.74 (HKLM-x32\...\MultisineV1.74_is1) (Version:  - SeDuTec)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wajam (HKLM-x32\...\WIntEnhance) (Version: 2.23.2.5 (i2.6) - WIntEnhance) <==== ATTENTION
Windows Driver Package - Lenovo Corporation (LAD) System  (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
World of Tanks (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-05-2015 15:15:31 Windows Update
05-05-2015 03:00:02 Windows Update
08-05-2015 18:28:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16FF2885-7253-4AA9-8852-2A473917C04A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2E06458F-2C06-4D11-8917-ABBC1C4E85B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {335DCE13-5A9A-4E6E-9ADC-75723C6E2C88} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2344629883-704184612-3672562925-1002
Task: {468558C6-6142-46EE-AF56-C44F1020D56B} - System32\Tasks\AdobeAAMUpdater-1.0-Stichling-Eli => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {56EDCD0C-A3CB-4D5A-A17C-4CCFF289CDF6} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {66FB7458-2ABA-44B1-AEF0-139A3D9446F4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {7B4EAAF4-BB23-4289-8328-E6270D2C1760} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {935F9D2C-4CA3-42C1-9252-4194A934B0DD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel)
Task: {AB0E2CCF-033D-4012-929E-9A75683D82F6} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {BBF19BBA-B5BA-44C4-B597-00C9F440B7F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DA5BCC5E-97CB-4BB2-B334-C36524E5D9E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {ED4716DB-CC6A-4917-ADBF-295CE4E9EF84} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-11 17:54 - 2014-11-04 02:04 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-10-11 18:08 - 2014-11-04 00:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-06-02 23:07 - 2014-06-07 00:49 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2013-06-01 03:37 - 2013-06-01 03:38 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-23 05:37 - 2012-08-20 18:58 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-10-11 18:22 - 2010-10-26 06:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-05-22 10:28 - 2014-05-22 10:28 - 00619328 _____ () C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenDevProps.dll
2012-10-11 18:40 - 2012-07-18 14:27 - 00021072 _____ () C:\Program Files (x86)\Lenovo\Lenovo Smart Update\HookDll.dll
2012-10-11 18:08 - 2014-11-04 02:04 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-08 21:02 - 2013-12-08 21:02 - 00017920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\d4b49cde56288aa4c132208d7aba2a82\PSIClient.ni.dll
2012-10-11 18:02 - 2012-06-25 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxp://aeriagames.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Updater"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE411D01-488F-44D5-884E-5EE52559E311}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{36D5C3C9-1548-4F51-990F-0D36FA953832}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AEF317AC-8B64-4CF9-AADD-16D722298F32}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6116444F-39A2-481F-B28B-3C1EB4AC825A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1A59A1C6-FFD0-412C-9967-F04508836AC6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9D5E01DB-721D-4D5D-9144-9BD6B23E059C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{16C1F45C-C07B-4138-A651-7A529A97E91D}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B63CCD4-1AB4-40D6-9BC0-AB1B6E0EE854}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E82E8D3-14EB-4CBC-A93D-C754A6D75414}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D625238B-8BCD-4FEE-BCF4-6FDCDD75086F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3343CC8B-CC8B-417F-8660-1070B80E5D1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{6296C6F2-1A61-4098-9793-EBD77FB7498E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B92E14C8-FE81-44E8-8CBD-18C5A30AB183}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{661054AE-A45C-4733-8F60-1E15E450B0C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{23AEFC51-BEB2-4422-91DD-ACBCCF2110DA}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{D68D57B4-3C61-43FB-AE82-0ED2D703490A}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [{A4FDD966-9ADB-4744-9A41-A2AEEE0CB660}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C7E508E8-74E1-4749-B08C-E6C5D7E92042}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{86AFCA5B-8EE3-4409-9A48-00B737F50B0D}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{0A596237-E7FE-48EA-AE61-46CE6D25F34A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0AF7BEAF-5D1D-41E5-A959-4D51AA40FC84}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{FA933674-7934-4A80-B8A1-8726B63FC074}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [{00B4DBC3-4697-47A9-9906-CAB83DCAEE58}] => (Allow) E:\fsetup.exe
FirewallRules: [{13F753FB-88EE-4A13-9F1F-C4E1811B6C09}] => (Allow) E:\fsetup.exe
FirewallRules: [TCP Query User{26722D95-8E5D-425F-BB66-EF46D1D4B292}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{257EF4E8-F646-440D-BAE7-2FD915BF4AED}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [{BF20EADA-FEC5-43B2-8EF2-7EEE04AF104C}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [{BA9EE5F1-2565-4315-A71B-CFACAB374097}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{D896DF0C-87E7-45B2-8F8F-18D29C7557EB}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FBAE6EDA-2ECE-497A-AEEF-7E04FFB9F5D7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{83912FFF-3BCC-457A-B433-1D650BFE1201}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{56F1213B-665E-453A-B957-B15E742D7137}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D4C394AF-CEA4-4787-A1B0-FE92195BC91B}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C27B5D62-4D23-45B8-831A-56CABA6352F7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D1EF3745-EF41-4BFC-8458-1DF98EC0866D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FE281D1A-F13B-46FE-8D75-844F84019C34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{6B3C3F2D-A0AF-403E-89F9-F82D97F7936B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{514C6518-DE3F-433D-B824-03D5988CC5CD}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{AB5B0666-867F-4225-8921-C07822FD5F2C}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{66EB7665-7D66-476F-8696-73B1659C9424}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{7B144272-3233-4A58-A5E2-BD2985EC7DC9}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{1556DDB9-D2F6-4AE4-9CB7-7431929F01A0}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{2187DA8C-E595-4CE4-BF6D-56B5C9E7C596}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{7CBA81A5-A638-4CF8-B071-98F871B357C3}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{496CF561-D54C-49E8-82B3-1E6B99FA45E0}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{F089B531-CED1-4A9F-B5FC-807F1872D5FA}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{7484905A-547D-4BC9-BBEC-A86A7C6E46C0}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{5A98C1FB-37B3-455D-BF16-09851618DF36}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [{0AFE21E2-9EC6-46A0-9C96-31AD30B5459B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{84F37044-DB78-401C-B848-D3F6ACAA92C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{06400E3E-1A60-4F8A-BF4F-DA79350980E9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6773F3DE-36A9-4D3B-AB23-91D16F48EBAD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{682AB1D3-1F34-4D87-80B8-C4F8C45A7AD1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{40A9BB0C-8A74-4402-A7C1-E061234C2593}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{EAB95CBF-A945-4C20-80FF-8CD75EB87DA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{428888B3-34AF-481D-A128-DB2557E4B123}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{D6A55DF9-C885-4BFC-B076-81F14BA5232E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C97B8697-EDE1-4C9F-B2D9-64F18BC2BF7E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{18B66FF3-C5DC-4FDE-A4A8-64C9AA96171F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E508085F-2BE0-4E7B-A226-FFC95FCB3C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D394A1CD-0698-4949-A90D-C98B1DD36E0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{52F98722-C635-4E81-ADA8-70ED6FF5F6E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E798E883-53B4-459D-812E-91997BA07996}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [UDP Query User{83665DEE-D6AE-49F2-A378-7093E023F5D9}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [{698B3957-6CC3-41CF-A021-3C78009DFE3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{3ABD6377-71A1-435D-AFB3-2F11F84D2322}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F8566532-E41F-49DF-85B3-568CFEC07AFF}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{C2D39783-211D-4EA4-B98A-3AAB6BFFC014}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{31C5EA3D-1BD5-43E8-9181-35543B3BBF69}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{88745C92-B63F-4347-BA8B-9CDD9C44A776}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{EFF43167-5DA6-464A-B786-9274BBEB3DB2}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{22840350-FF81-4BC5-9816-199C39A1EF20}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{7453EB02-9626-4B99-BA59-5234F5AA9ACA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{27E4C84F-6251-4C72-9CAF-60C52179FE9E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{B65B71E3-0387-4F5D-ADAA-635F2351E05A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{21ABDC7C-1243-45BA-84F1-A1017F798BA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{43C24E91-C2F4-4BB8-94F5-C58C878E927D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5578416F-51B9-4F43-A52A-CE71B608ED78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{93199FA7-EC52-4372-A19B-12052066419B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E436FFDA-7958-462B-BC91-CD5E56A852B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{42CFDA77-27C2-4439-A97E-5A95E731FFD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{23964328-54B5-419C-8E8C-F91ED45CF60C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FA125EB3-6A25-45C6-9C81-DAE143991C42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6EC81A98-3078-440D-B8A5-D5DD12BA54C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F06BB976-5FFA-468B-AF69-AB09DAFE94C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{807FFE94-35C9-430E-BFC5-459E3BEF7FE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{ADF4A11C-3766-40EE-B6D3-AF7B8C50ECAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{26D12EFE-6D2F-4261-917A-B3D5CCDFCF69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{164102D1-6D64-49FB-ACD5-500B64E5C41C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BFCC7624-EE53-42D8-AFD6-61483A15C9F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{5B721E22-3416-477C-9E7C-D00EE1FBA868}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{DEC44613-54DC-4AF9-A1FD-612608EBDB4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{C31B1623-7B06-499A-9472-794F28657C18}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{12F8740B-A9DE-4C6C-921F-D29DA39927DD}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C585868-E860-4637-993B-00C3D39B8514}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [UDP Query User{0ACF76D8-F51D-41F1-8690-05C9B45272D8}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [TCP Query User{1853108B-2A2D-4265-81FB-11E4480BFDAF}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{6C16FCF9-C7F1-4BFA-AE82-C601C1714F56}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{AA7ECD86-2D59-47D8-A6A9-7A3382DB3930}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [UDP Query User{E1F55399-4AB8-4183-B065-18EC09B89A4B}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [{E0C220EB-1DE4-463B-83A5-C326BF8E2ED8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0F9D5DC-3336-40CA-B1E5-1CD8006AE313}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E613D5A4-C260-41F3-8243-471CFEC06721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{35C017BE-675C-4396-9D1E-9123EC2A7569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{DD7D7D1F-3372-4E19-8109-394A0486D174}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{CB635730-436E-4A48-9AA0-9A5F211EE047}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{48E1F13C-1635-4E41-8448-39853E6476EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B49DEEB6-AE93-4911-8655-13AA917B846E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{16789348-B2F0-436C-B0E7-FAE827AFEE39}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{918A09DD-7E75-43D1-AE4C-1BA032F5B084}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{75E50E1D-EC04-4BF2-AABF-FE36297B9D93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{A6D3D9AA-BC28-46E0-929C-F765E6A561A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{D9393403-52E2-444E-8C1D-86C282B95F3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{64E61C68-111F-4EEA-930B-D3053C29889E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{59999FBA-2AC3-475A-BF91-E1EF1E7247B2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{9A015A14-72EE-456F-980A-60A303DA91C2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{85690F6D-B45A-4B8B-8DE3-4684C45740DC}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{82457885-B5E3-461C-9EBC-EF0DD33D6920}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{68834CFE-5C93-41BB-9341-3DDA1AE12CD8}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7A457934-AEB7-4F11-A04B-0F47B82DE927}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{75D3ACB4-BA02-4E8A-85B8-CA9617DE3804}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10AA34C-5023-472F-A325-CC0254B2E438}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E0EF15E-E13C-46AE-8F2E-956CC04A033B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD510CB2-E8CD-49B0-A2A7-C0DC245A2607}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C805CD0-8D14-4BE1-ABDC-8DC5432E3542}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4C5F175-A71D-460B-9786-09AFDCC41CF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DAA907E0-5157-484A-86E7-45A5C5F74132}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (05/08/2015 11:37:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:37:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:36:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:36:53Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:36:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:36:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:35:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:35:53Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:35:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:35:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:34:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:34:53Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:34:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:34:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:33:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:33:53Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:33:23 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:33:23Z. Fehlercode: 0x80041316.

Error: (05/08/2015 11:32:53 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-14T21:32:53Z. Fehlercode: 0x80041316.


System errors:
=============
Error: (05/07/2015 05:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)

Error: (05/07/2015 05:55:14 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)

Error: (05/06/2015 02:40:48 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (05/04/2015 02:03:15 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (05/02/2015 03:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)

Error: (05/02/2015 03:51:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)

Error: (05/01/2015 04:44:16 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

Error: (04/30/2015 07:24:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)

Error: (04/30/2015 07:24:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Update für Windows 8 für x64-Systeme (KB2756872)

Error: (04/26/2015 04:54:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Sicherheitsupdate für Internet Explorer Flash Player für Windows 8 für x64-Systeme (KB2934802)


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 40%
Total physical RAM: 8050.48 MB
Available physical RAM: 4776.98 MB
Total Pagefile: 10610.48 MB
Available Pagefile: 6923.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:540.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: C1CDA268)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: C1CDA275)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
4) GMER

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-08 23:45:03
Windows 6.2.9200  x64 \Device\Harddisk1\DR1 -> \Device\00000044 WDC_WD7500BPVT-24HXZT3 rev.03.01A03 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\Eli\AppData\Local\Temp\uwloipog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306          000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314          000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                    000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                    000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe[356] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                  000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW                                                             000007fcd541257c 8 bytes JMP 000007fdd5090340
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW                                                           000007fcd5416b10 1 byte JMP 000007fdd5090298
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW + 2                                                       000007fcd5416b12 7 bytes {JMP 0xffffffffffc79788}
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation                                                    000007fcd5495778 7 bytes JMP 000007fdd5090260
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW                                                            000007fcd54b1564 7 bytes JMP 000007fdd50902d0
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW                                                      000007fcd54c40e4 7 bytes JMP 000007fdd5090228
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx                                                    000007fcd54c4178 8 bytes JMP 000007fdd50901f0
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA                                                             000007fcd54c479c 8 bytes JMP 000007fdd5090308
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW                                                         000007fcd50a28a0 7 bytes JMP 000007fdd50900d8
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary                                                              000007fcd50a28e8 5 bytes JMP 000007fdd5090180
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW                                                           000007fcd50bf590 6 bytes JMP 000007fdd5090148
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW                                                       000007fcd50bf8ac 5 bytes JMP 000007fdd5090110
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW                                                     000007fcd50eaa40 5 bytes JMP 000007fdd50901b8
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!CreateWindowExW                                                              000007fcd7d6c5b0 7 bytes JMP 000007fdd5090420
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo                                                   000007fcd7d731f0 1 byte JMP 000007fdd5090378
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo + 2                                               000007fcd7d731f2 7 bytes {JMP 0xfffffffffd31d188}
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW                                                          000007fcd7d733e0 5 bytes JMP 000007fdd50903e8
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW                                                     000007fcd7d745d0 5 bytes JMP 000007fdd5090458
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA                                                          000007fcd7d77160 5 bytes JMP 000007fdd50903b0
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                        000007fcd5ed1070 8 bytes JMP 000007fdd50904c8
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                      000007fcd5ef0c10 8 bytes JMP 000007fdd5090490
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory1                                                             000007fcd2e16d10 5 bytes JMP 000007fdd2a50110
.text   C:\WINDOWS\system32\dwm.exe[536] C:\WINDOWS\system32\dxgi.dll!CreateDXGIFactory                                                              000007fcd2e1d060 5 bytes JMP 000007fdd2a500d8
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                            000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                            000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1328] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                          000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                                      000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                                      000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                                    000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                            000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\nvvsvc.exe[1344] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                            000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                           000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                           000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 690                                                     000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!GradientFill + 698                                                     000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1728] C:\WINDOWS\system32\MSIMG32.dll!TransparentBlt + 246                                                   000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742  000007fccb451b32 4 bytes [45, CB, FC, 07]
.text   C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1572] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750  000007fccb451b3a 4 bytes [45, CB, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                             000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                             000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                           000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                   000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\Explorer.EXE[2228] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                   000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                              000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                              000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2992] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                            000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742                                              000007fccb451b32 4 bytes [45, CB, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[1708] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750                                              000007fccb451b3a 4 bytes [45, CB, FC, 07]
.text   C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1664] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306      000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1664] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314      000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306            000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314            000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                      000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                      000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3480] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                    000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                               000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                               000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                             000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                     000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3852] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                     000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306    000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314    000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690              000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698              000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe[4276] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246            000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                     000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                     000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                               000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                               000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[4576] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                             000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306          000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe[5556] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314          000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                          000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Windows\System32\igfxpers.exe[5956] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                          000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                    000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                    000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Windows\System32\rundll32.exe[6272] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                  000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6300] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                             000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6300] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                             000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6612] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                          000007fcd5e5177a 4 bytes [E5, D5, FC, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[6612] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                          000007fcd5e51782 4 bytes [E5, D5, FC, 07]
.text   C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690               000007fccfa51532 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698               000007fccfa5153a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[7088] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246             000007fccfa5165a 4 bytes [A5, CF, FC, 07]
.text   C:\Program Files\iTunes\iTunesHelper.exe[4956] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                000007fccb451b32 4 bytes [45, CB, FC, 07]
.text   C:\Program Files\iTunes\iTunesHelper.exe[4956] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                000007fccb451b3a 4 bytes [45, CB, FC, 07]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [620:644]                                                                                                      fffff960008655e8

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk1\DR1                                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
         

5) Gdata Leerlaufscan-Ergebnis

Leerlauf-Scan wurde erfolgreich durchgefürt:
333783 Dateien überprüft.
Keine infizierten Dateien gefunden.

Alt 09.05.2015, 00:33   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



Hi und

Adware/Junkware/Toolbars entfernen

1. Schritt: Malwarebytes

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

2. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



3. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




4. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 09.05.2015, 11:40   #3
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



Hallo! Das ging ja mal fix. Ich bin begeistert.

Leider muss ich einen kleinen Fehler gestehen: Es handelt sich um Windows 8. Ich arbeite nur mehr mit Windows 7 und vergesse das gerne. Ich hoffe das ist kein Problem.

Leider sind alle Logs zusammen zu lang, deshalb poste ich FRST und FRST Addition seperat

Kommen wir zu den Logs:

1) MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 09.05.2015
Suchlauf-Zeit: 10:21:35
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.09.01
Rootkit Datenbank: v2015.04.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Eli

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 416132
Verstrichene Zeit: 35 Min, 50 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 27
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [8015b1e0c0ca53e34d063d170ff4fa06], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [8015b1e0c0ca53e34d063d170ff4fa06], 
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [8015b1e0c0ca53e34d063d170ff4fa06], 
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [0293dfb21c6e44f22b4c450ab94a25db], 
PUP.Optional.ValueApps.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F63AAEDC-3602-49EF-AA45-262380A98980}, In Quarantäne, [c7ce97fa2d5d2412cb722d288f749967], 
PUP.Optional.ValueApps.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F63AAEDC-3602-49EF-AA45-262380A98980}, In Quarantäne, [c7ce97fa2d5d2412cb722d288f749967], 
PUP.Optional.Goobzo, HKLM\SOFTWARE\CLASSES\CLSID\{020B1D4B-5738-4C77-9E19-4F173DD9B486}, In Quarantäne, [f99c29685634320416f454fed432c937], 
PUP.Optional.ModGoog, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [a8ed96fbeaa088ae9f1898b0f60cac54], 
PUP.Optional.ModGoog, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, In Quarantäne, [a8ed96fbeaa088ae9f1898b0f60cac54], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WIntEnhance, In Quarantäne, [e5b0a8e95832ff3768245a833ec524dc], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [2f66157c8dfdb87ea249ce0135ceeb15], 
PUP.Optional.VoPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, In Quarantäne, [1f76f49d0189ef47cf4afc6620e59967], 
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [c3d2642dd4b6a78f83de8d700ef5db25], 
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [187d8e03840626101e435debc83daf51], 
PUP.Optional.GoHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\GoHD, In Quarantäne, [4550741d99f1082ee48a914953b045bb], 
PUP.Optional.iWebar.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, In Quarantäne, [306559382367082e61d5d30a5ba89c64], 
PUP.Optional.Crossrider.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\_CrossriderRegNamePlaceHolder_, In Quarantäne, [deb730617119be78540596d047bea65a], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\WajIEnhance, In Quarantäne, [51446031a2e8af871d8f5a8714ef37c9], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\WIntEnhance, In Quarantäne, [7124256cb8d248ee5439974614efb64a], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [9df8d2bfc6c4ff37ec755aee986d8c74], 
PUP.Optional.ValueApps.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\CONDUIT\ValueApps, In Quarantäne, [71248908e6a41521e41357c75ba98977], 
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY, In Quarantäne, [6332038e0f7b1c1acf43636f9a69659b], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [eea768290b7fd95d7214889656ae30d0], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\INSTALLCORE, In Quarantäne, [197c0d847b0f6bcb1e3292a2d134738d], 
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [a1f47b16c8c2c3731a46708d9e6548b8], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-500\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\13641, In Quarantäne, [5b3a97fa593137ffdbd3fbf539ca13ed], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WIntEnhance, In Quarantäne, [167f0a87b5d53afc47e05e3fcf3441bf], 

Registrierungswerte: 5
PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\Eli\AppData\Roaming\VOPackage\uninstall.exe", In Quarantäne, [484d8b06f59541f575816d8dfa096799]
PUP.Optional.GlobalUpdate.C, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\GLOBALUPDATE\UPDATE\PROXY|source, Firefox, In Quarantäne, [6332038e0f7b1c1acf43636f9a69659b]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\INSTALLCORE|tb, 0B1G1O1S0V1G1F, In Quarantäne, [197c0d847b0f6bcb1e3292a2d134738d]
PUP.Optional.Trovi.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3314958&octid=EB_ORIGINAL_CTID&ISID=MC1C80B5C-CC13-4CF4-94EC-0091DCE2EC00&SearchSource=58&CUI=&UM=2&UP=SP20A5FFEC-637D-4059-827A-E240577FFCFC&q={searchTerms}&SSPV=, In Quarantäne, [40552b6611794ee8c602431e2fd6f907]
PUP.Optional.Conduit.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SuggestionsURL_JSON, hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [d7beb7da5f2bb185833f10c24fb4ea16]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 35
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam, In Quarantäne, [167f0a87b5d53afc47e05e3fcf3441bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\08E5E7B594794F0BBE49339568DE77D9, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\332BDC0594A240118CA450B27A28DBC0, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\37F9948D03134EECA3BFA1421F80FE25, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\3C7A668A88AF446C807794C6E037863D, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\950706C9A18D4E28A7BD6B054ABEBC82, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.Conduit.A, C:\Users\Eli\AppData\Local\Temp\mam-ct3317212, In Quarantäne, [6134efa24545fb3b4b6e178bef1402fe], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Temp\mt_ffx\Softonic, In Quarantäne, [0392b5dc0a8094a2239f5251cb386e92], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Temp\mt_ffx\Softonic\Softonic, In Quarantäne, [0392b5dc0a8094a2239f5251cb386e92], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14, In Quarantäne, [0392b5dc0a8094a2239f5251cb386e92], 
PUP.Optional.SystemSpeedup, C:\Users\Eli\AppData\Roaming\systweak\ssd, In Quarantäne, [6c29f1a0dbaff34332b8c5eb54af956b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Eli\AppData\Local\Temp\comh.485073, In Quarantäne, [1c79375a4149fc3a5a695c55d23114ec], 
PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\VOPackage, In Quarantäne, [692c5041b4d61f17a53e309546bd2ed2], 
PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, In Quarantäne, [2372cbc69eec8ea8c61e7a4bed16eb15], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance, In Quarantäne, [91044f42325854e2f95a4583986b10f0], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\Uninstall Wajam, In Quarantäne, [91044f42325854e2f95a4583986b10f0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\content, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\skin, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\modules, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.ValueApps.A, C:\Users\Eli\AppData\Roaming\ValueApps, In Quarantäne, [7d18b9d8d3b71c1ad6f8d8f5f80b8977], 
PUP.Optional.ValueApps.A, C:\Users\Eli\AppData\Roaming\ValueApps\IE, In Quarantäne, [7d18b9d8d3b71c1ad6f8d8f5f80b8977], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 

Dateien: 211
PUP.Optional.OpenCandy.A, C:\Users\Eli\AppData\Roaming\OpenCandy\950706C9A18D4E28A7BD6B054ABEBC82\Setupsft_chr_p1v7.exe, In Quarantäne, [c0d5543d7c0e51e5897d745e3dc828d8], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu.dll, In Quarantäne, [b8ddcbc6d2b8bc7a818977db5bab0000], 
PUP.Optional.Goobzo, C:\Program Files\Common Files\System\SysMenu64.dll, In Quarantäne, [f99c29685634320416f454fed432c937], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsmC563.exe, In Quarantäne, [2c69e0b1f2982a0cc7a9124a50b105fb], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nso62CE.exe, In Quarantäne, [a1f46a2765252e083838f468cd34936d], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nso7FEB.exe, In Quarantäne, [266f256cc5c5f93d6e0283d929d8b14f], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsp2528.exe, In Quarantäne, [880da3eec9c11125a4cc99c3dd243ac6], 
PUP.Optional.Goobzo, C:\Users\Eli\AppData\Local\Temp\dufgmr4c.exe, In Quarantäne, [a9eca4ed0387063031b0f5d6bd449070], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsvC37D.exe, In Quarantäne, [dabb6d24abdf47ef234d8bd1d32e02fe], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsa683D.exe, In Quarantäne, [0392147d206ad95dc6aaa5b7956c08f8], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsfD03.exe, In Quarantäne, [eaab6a270b7fee48f47cf468b24f8080], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsg1D66.exe, In Quarantäne, [9ff65f32d1b92115620e065630d1748c], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsi7DA8.exe, In Quarantäne, [44511f72206a40f6244c4a122fd2768a], 
PUP.Optional.SearchProtect.A, C:\Users\Eli\AppData\Local\Temp\nsj6FD7.exe, In Quarantäne, [cfc64b46a9e1fe385f116af214ed9868], 
PUP.Optional.Mypcbackup, C:\Users\Eli\AppData\Local\Temp\BackupSetup.exe, In Quarantäne, [049101904d3ddf574fb267eb0df90cf4], 
PUP.Optional.Conduit.A, C:\Users\Eli\AppData\Local\Temp\mam-ct3317212\mam_ff.exe, In Quarantäne, [d5c0b4dd8ffbf93d82ce9e95b14fce32], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleCrashHandler.exe, In Quarantäne, [7e171b76a0ea2610c7f069dfc83a4db3], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleUpdate.exe, In Quarantäne, [a8ed96fbeaa088ae9f1898b0f60cac54], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleUpdateBroker.exe, In Quarantäne, [6233eba63456be785760df690ef46f91], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleUpdateOnDemand.exe, In Quarantäne, [deb7a1f00a80ed49298e232527db8e72], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\goopdate.dll, In Quarantäne, [5b3a5041f793979f03b498b05aa8cd33], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\goopdateres_en.dll, In Quarantäne, [1481cec3bfcbf54151667eca1ae8a55b], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\npGoogleUpdate4.dll, In Quarantäne, [cacbdcb502887db98334b8909b67639d], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\psmachine.dll, In Quarantäne, [d3c2b9d8e6a467cf57604afeb34fcb35], 
PUP.Optional.ModGoog, C:\Users\Eli\AppData\Local\Temp\comh.485073\psuser.dll, In Quarantäne, [266f2b6683076ec8e6d1a4a452b0718f], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsa653F.exe, In Quarantäne, [e6afd2bf6426aa8c2749104cb54c21df], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsa78D4.exe, In Quarantäne, [6c299df42f5ba294d59b4319936ec63a], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc3C67.exe, In Quarantäne, [e1b4c7ca1b6fe353650b74e804fd36ca], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc63FB.exe, In Quarantäne, [9cf9d6bb4d3dc3735d131646fa0727d9], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsc9631.exe, In Quarantäne, [375e672a325842f4a7c9b9a36a9737c9], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsd46E6.exe, In Quarantäne, [3b5a3958c9c191a5e78918447091bc44], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnF83A.exe, In Quarantäne, [464fc8c97416b97d3d336bf1cd348e72], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nso2433.exe, In Quarantäne, [f0a5cac761293bfb0868de7e48b936ca], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp6E41.exe, In Quarantäne, [5b3a632e8109cd6991dfee6e04fd30d0], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsp8A58.exe, In Quarantäne, [2570840dbfcb4fe773fdbd9fc9385ba5], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq39A.exe, In Quarantäne, [3a5be4ad414946f05f11f06cce3346ba], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq6061.exe, In Quarantäne, [1e77e8a913775ed8b0c076e6e12014ec], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsq9D4.exe, In Quarantäne, [a8ed127f9cee37ff1e5261fb669b45bb], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsqA660.exe, In Quarantäne, [d0c5246d5733ad898ee291cbeb164eb2], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss792.exe, In Quarantäne, [395c4b46d2b89f97056bbaa2e0217789], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz201C.exe, In Quarantäne, [f0a5642dfd8d5cda551bb3a9917030d0], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz39CA.exe, In Quarantäne, [4352830e1f6b1422fd73bd9f857c857b], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz8702.exe, In Quarantäne, [deb7b2df3258092d4b25055748b9d030], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg24EC.exe, In Quarantäne, [4550eaa7bcced0666a06312bbf42d12f], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg3D93.exe, In Quarantäne, [e9ac8809abdf35012947e577e1206e92], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg475A.exe, In Quarantäne, [20756829e7a3261078f8ec70bb468f71], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg71FA.exe, In Quarantäne, [31645938bcce3600c8a8f8647b86f907], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg92A7.exe, In Quarantäne, [a5f0127f672393a3333db3a9b0519e62], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nshAA19.exe, In Quarantäne, [7421fa97b6d43105422ec498ac55a15f], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsi28E4.exe, In Quarantäne, [e7ae3c555337b086d19f0d4fe61bb749], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsj490B.exe, In Quarantäne, [395ce6abd2b8c86e74fc8fcd0cf5946c], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk652F.exe, In Quarantäne, [4e47028f8406f83ea9c7afad0af7c13f], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsk76F0.exe, In Quarantäne, [4b4afd94800a5ed86d03bf9ded14aa56], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nskDC26.exe, In Quarantäne, [cdc829686e1c78beb9b796c63dc46799], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsl23FF.exe, In Quarantäne, [43525b366d1d082e1957421a976acd33], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsm2089.exe, In Quarantäne, [286d137eb5d52f07a6ca97c52fd2ad53], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsu8777.exe, In Quarantäne, [52433c55682237ff046cb1ab35cc7987], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv4CF3.exe, In Quarantäne, [3560bed33b4f1f17a3cd025aa45dc33d], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsvE0AC.exe, In Quarantäne, [b1e4820fcac01323fa7694c89d6410f0], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw6858.exe, In Quarantäne, [3b5ab7dab8d242f4bcb480dc31d0cc34], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsw8B21.exe, In Quarantäne, [33621978e7a34de99ad63a220af707f9], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx4B13.exe, In Quarantäne, [fd985d340c7e191de58bd78521e0fe02], 
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsf220B.exe, In Quarantäne, [c1d42c659ded7abced839bc1cb36619f], 
PUP.Optional.Giga, C:\Users\Eli\Downloads\Multisine-lnstall.exe, In Quarantäne, [6e274a47c4c61e18aff44ca9af56e11f], 
PUP.Optional.Goobzo.A, C:\Windows\System32\Tasks\SMupdate1, In Quarantäne, [375ea9e8593157df8e67095deb1ade22], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\Wajam\uninstall.exe, In Quarantäne, [167f0a87b5d53afc47e05e3fcf3441bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\08E5E7B594794F0BBE49339568DE77D9\dlm.exe, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\332BDC0594A240118CA450B27A28DBC0\dlm.exe, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\37F9948D03134EECA3BFA1421F80FE25\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.OpenCandy, C:\Users\Eli\AppData\Roaming\OpenCandy\3C7A668A88AF446C807794C6E037863D\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [cacb4c45d5b52b0bfe489c016d9641bf], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\appCntrl.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.html, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\bg.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\chMntz.dll, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CrmAdpt.dll, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\ct.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\CTB.dll, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\dpk.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.htm, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\hprtkMsg.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\json2.min.js, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\logo.png, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\manifest.json, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default\extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\pref.json, In Quarantäne, [bfd6c4cd642639fd3f829b0808fb4cb4], 
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Local\Temp\mt_ffx\Softonic\Softonic\1.8.21.14\softonic.xpi, In Quarantäne, [0392b5dc0a8094a2239f5251cb386e92], 
PUP.Optional.SystemSpeedup, C:\Users\Eli\AppData\Roaming\systweak\ssd\SSDPTstub.exe, In Quarantäne, [6c29f1a0dbaff34332b8c5eb54af956b], 
PUP.Optional.GlobalUpdate.A, C:\Users\Eli\AppData\Local\Temp\comh.485073\GoogleUpdateHelper.msi, In Quarantäne, [1c79375a4149fc3a5a695c55d23114ec], 
PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\VOPackage\Uninstall.exe, In Quarantäne, [692c5041b4d61f17a53e309546bd2ed2], 
PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\VOPackage\VOPackage.exe, In Quarantäne, [692c5041b4d61f17a53e309546bd2ed2], 
PUP.Optional.VOPackage.A, C:\Users\Eli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, In Quarantäne, [2372cbc69eec8ea8c61e7a4bed16eb15], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\uninstall.exe, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\amazon.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\argos.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ask.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\bestbuy.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ebay.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\etsy.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\facebook.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\favicon.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\google.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\homedepot.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\ikea.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\imdb.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\lowes.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\mercado.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\mysearchweb.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\myshopping.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\searchresult.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\sears.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\setting.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\settings.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\shopping.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\target.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\tesco.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\tripadvisor.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\twitter.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\wajam.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\walmart.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\wiki.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\yahoo.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\Logos\zalando.ico, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\1a79481564ec9035d56c0626bb372ba2, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\1af2a17a1d8b2a7a596f70d2e821bf62, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\ApiHandlr.dll, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\b5ee3c46972a98083c47fb2bd1f489f1, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\bc0e8acf5e9055ff0ea289d49ed16c07, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\dba5d5eaa194a5422a01e670dd73b448, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\e5cca93dc1ab51b874334bd320aadf4b, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\FiddlerCore.dll, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\HtmlAgilityPack.dll, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\makecert.exe, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\Newtonsoft.Json.dll, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\WHttpServer.exe, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\wie, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\Program Files (x86)\WIntEnhance\WIntEnhance Internet Enhancer\WJManifest, In Quarantäne, [e0b5c4cdf79343f3034fb31550b3916f], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\Settings.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\SignIn with Facebook.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\SignIn with Twitter.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\WIntEnhance Website.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], 
PUP.Optional.Wajam.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WIntEnhance\Uninstall Wajam\uninstall.lnk, In Quarantäne, [91044f42325854e2f95a4583986b10f0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome.manifest, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\install.rdf, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\content\main.js, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\content\main.xul, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\chrome\skin\icon.png, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.VeggyAddon.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\veggy@veggyAddon.com\modules\XCipher.js, In Quarantäne, [a3f29ef3d5b5a88e375a8d3f659e60a0], 
PUP.Optional.ValueApps.A, C:\Users\Eli\AppData\Roaming\ValueApps\IE\ValueAppLog0.log, In Quarantäne, [7d18b9d8d3b71c1ad6f8d8f5f80b8977], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome.manifest, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\install.rdf, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\content.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\html5slider.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\jquery-1.8.3.min.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\li.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\main.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\main.xul, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\options.html, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\options.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\tools.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\tr.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\content\zoom.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\button.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\icon32x32-disabled.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\icon32x32.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\options.css, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\options_bg.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\otaznik.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\chrome\skin\slider.png, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\addon_d.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\addon_info.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\file_cacher.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\guid.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\observer.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\pref_man.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\pu_upd.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\timer.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\time_passed.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\xcipher.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools\days_passed.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools\ff_info.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools\firstrun.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.ZoomIt.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\{75e0918c-2af9-0d5f-238c-06447e4bf4c5}\modules\tools\os.js, In Quarantäne, [3d58bed3107a6acc35bdf65c53b3f907], 
PUP.Optional.CrossRider.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "14b2c078fa4a5a65c62c0899379bac53");), Ersetzt,[d6bf7b162367e05694a21c3bbb4b19e7]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.admin", false);), Ersetzt,[0590f39e27634de9af9cd68164a2eb15]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 ), Ersetzt,[9ef7ddb4266481b57bd0b5a2c145e41c]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (references

/* Do not edit this file.
 *
 * If you make changes to this file ), Ersetzt,[b4e193fe1a7064d257f465f2ea1c45bb]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (e.
 *
 * If you make changes to this file while t), Ersetzt,[e8ad058cf49677bfff4c2b2c8b7be11f]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you), Ersetzt,[801591001f6b979f85c61b3c8482b54b]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If ), Ersetzt,[e7ae89088901e650da715700e620e818]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If), Ersetzt,[197c286919710333e16a3027cc3a8d73]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If), Ersetzt,[efa6345d296186b0301b0d4a2fd78a76]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you m), Ersetzt,[ddb88b06aedc0234f457ce8947bf9967]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (es

/* Do not edit this file.
 *
 * If y), Ersetzt,[1f76e7aa890142f40e3d84d327dfd12f]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (references

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be ove), Ersetzt,[bed7167b8208c5716ae15dfa5aacbe42]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (tion is running,
 * the changes will be overwritten when the applicatio), Ersetzt,[e2b3aee33b4fb77f2922f463887e5aa6]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: ( this file.
 *
 * If you make changes to this fil), Ersetzt,[9afbfb960981a59191babc9b7195916f]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[fa9bc6cbe8a2999da2a9f3643ec812ee]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you m), Ersetzt,[e9acf69b701a44f2173496c10afce818]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwrit), Ersetzt,[c7cef9988a00ac8abf8c1047bf47758b]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (n is running,
 * the changes will be overwritten w), Ersetzt,[b0e56b26602a4de996b5b7a03ccae41c]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ), Ersetzt,[a6ef444dc4c6bd798ac193c46c9a9d63]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you m), Ersetzt,[1e77a7eab1d977bf85c6332442c426da]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (erences

/* Do not edit this file.
 *
 * If y), Ersetzt,[65302a6792f8053171da381fdd298e72]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make changes to this f), Ersetzt,[eda83e533e4c1e18b79403547e886e92]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: ( this file.
 *
 * If you make changes to this file whil), Ersetzt,[593cbfd2ec9ef04675d68bcc17efb44c]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the a), Ersetzt,[2174662b3e4cd660311a094e61a50000]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (s running,
 * the changes will be overwritten when), Ersetzt,[a0f5cdc42c5ec670fc4f5ff88482c33d]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make changes ), Ersetzt,[0c895e33fb8f37ff3c0f1b3cb452926e]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (Do not edit this file.
 *
 * If you make changes t), Ersetzt,[662ffd943357ce683d0e8bcc7393fb05]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=ac4bd0fa00000000000084a6c87778a7");), Ersetzt,[9bfa276a404a81b5aba88dcaf3139e62]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (AccessId", "1899b96a01f12364c4dec89def30b8ba");
user_pref("PreisHeld.Activated", true);
user_pref("PreisHeld.lastUpdateDomains", 1426595474);
), Ersetzt,[ddb8048d3a502a0c6fe42b2cb155e719]
PUP.Optional.Softonic.A, C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\prefs.js, Gut: (), Schlecht: (lastUpdateDomains", 1426595474);
user_pref("accessibility.blockautorefresh", true);
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pr), Ersetzt,[0590444dc0ca112553002e29b35311ef]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

2) ADW Cleaner

Code:
ATTFilter
# AdwCleaner v4.203 - Bericht erstellt 09/05/2015 um 11:07:40
# Aktualisiert 30/04/2015 von Xplode
# Datenbank : 2015-05-08.1 [Server]
# Betriebssystem : Windows 8  (x64)
# Benutzername : Eli - STICHLING
# Gestarted von : C:\Users\Eli\Desktop\Trojaner Board\AdwCleaner_4.203.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Amazon\ABB
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\WINDOWS\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Users\Eli\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Eli\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Eli\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Eli\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\sparpilot@sparpilot.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\invalidprefs.js

***** [ Geplante Tasks ] *****

Task Gelöscht : SMupdate1
Task Gelöscht : Microsoft\Windows\Multimedia\SMupdate3
Task Gelöscht : Microsoft\Windows\Maintenance\SMupdate2

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F40D5FC-8B38-4C2C-AC25-5E124CBCA051}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\SiteSee
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\YTDownloader
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:58471;hxxps=127.0.0.1:58471
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Daten Gelöscht : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Internetbrowser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v37.0.2 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [4840 Bytes] - [09/05/2015 11:04:58]
AdwCleaner[S0].txt - [4166 Bytes] - [09/05/2015 11:07:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4225  Bytes] ##########
         

3) JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.9 (05.08.2015:1)
OS: Windows 8 x64
Ran by Eli on 09.05.2015 at 11:16:35,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin



~~~ FireFox

Emptied folder: C:\Users\Eli\AppData\Roaming\mozilla\firefox\profiles\fy5swyp3.default\minidumps [48 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2015 at 11:18:29,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
__________________

Alt 09.05.2015, 11:40   #4
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



und noch die zwei anderen Logs FRST und FRST Addition



4) FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2015 01
Ran by Eli (administrator) on STICHLING on 09-05-2015 11:22:26
Running from C:\Users\Eli\Desktop\Trojaner Board
Loaded Profiles: Eli (Available profiles: Eli & Administrator)
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
(G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [380544 2012-06-29] (Alcor Micro Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-29] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-29] (Synaptics)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17079376 2012-10-11] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191568 2012-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-10-14] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Smart Update] => C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe [1706576 2012-07-23] (Lenovo)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [KrakenLauncher] => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe [865088 2014-05-22] (Razer Inc)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2014-10-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe [1855608 2015-02-20] (G DATA Software AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452280-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\MountPoints2: {2a452296-2e3d-11e4-be8b-d17ae6b7db93} - "F:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [174856 2014-11-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [156840 2014-11-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-12-09]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:58471;https=127.0.0.1:58471
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2344629883-704184612-3672562925-1002 -> {94047CC2-4EEE-43CC-9C7C-710AA7989960} URL = 
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-08] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-08] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default
FF DefaultSearchEngine: Google Default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-15] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-15] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF SearchPlugin: C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\searchplugins\google-default.xml [2015-01-31]
FF Extension: Amazon-Icon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\amazon-icon@giga.de [2014-12-11]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\donottrackplus@abine.com [2014-12-06]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-03-01]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\elemhidehelper@adblockplus.org.xpi [2015-03-01]
FF Extension: html updater - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{058146b7-3c81-4daf-8d37-cdf20fd9af4e}.xpi [2015-01-13]
FF Extension: NoScript - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-08]
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
FF Extension: Adblock Plus - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-01]
FF Extension: Adblock Edge - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2015-03-01]
FF HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\Eli\AppData\Local\Google\Chrome\User Data\default
CHR HKLM-x32\...\Chrome\Extension: [ocbnpbkmjpgbdcgiflkgkpnkinifpgpj] - C:\Users\Eli\ChromeExtensions\ocbnpbkmjpgbdcgiflkgkpnkinifpgpj\amazon-icon-2.crx [2014-12-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2527864 2015-03-04] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe [965240 2015-02-20] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3672560 2015-02-20] (G Data Software AG)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [331776 2012-07-26] (Microsoft Corporation)
S2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-12-03] (Ellora Assets Corp.) [File not signed]
R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [3193080 2015-02-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [789112 2015-03-04] (G Data Software AG)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
S2 irstrtsv; C:\WINDOWS\SysWOW64\irstrtsv.exe [193576 2012-08-13] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 Lenovo Smart Update Service; C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe [66640 2012-07-18] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1363160 2014-11-28] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [765144 2014-11-28] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [30720 2013-02-02] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [150016 2015-04-01] (G Data Software AG)
S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [117904 2015-01-08] (G Data Software AG)
R3 GDKBB; C:\WINDOWS\system32\drivers\GDKBB64.sys [27648 2015-04-01] (G Data Software AG)
R1 GDKBFlt; C:\WINDOWS\system32\drivers\GDKBFlt64.sys [20992 2015-04-01] (G Data Software AG)
R1 GDMnIcpt; C:\WINDOWS\system32\drivers\MiniIcpt.sys [230400 2015-04-01] (G Data Software AG)
R3 GDPkIcpt; C:\WINDOWS\system32\drivers\PktIcpt.sys [91648 2015-04-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [68608 2015-04-01] (G Data Software AG)
R1 GRD; C:\WINDOWS\system32\drivers\GRD.sys [106272 2015-03-01] (G Data Software)
R1 HookCentre; C:\WINDOWS\system32\drivers\HookCentre.sys [124928 2015-04-01] (G Data Software AG)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-08-13] (Intel Corporation)
R3 LAD; C:\Windows\System32\drivers\LAD.sys [8704 2012-06-08] (TODO: <Company name>)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-10-08] (Intel Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2014-11-28] (Secunia)
S3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\drivers\rzvkeyboard.sys [31400 2014-05-19] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-29] (Synaptics Incorporated)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [381440 2014-02-12] (Duplex Secure Ltd.)
S3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48096 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 WacHidRouter; \SystemRoot\System32\drivers\wachidrouter.sys [X]
S3 wacomrouterfilter; \SystemRoot\System32\drivers\wacomrouterfilter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 11:16 - 2015-05-09 11:16 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-STICHLING-Windows-8-(64-bit).dat
2015-05-09 11:12 - 2015-05-09 11:12 - 00000000 ____D () C:\RegBackup
2015-05-09 11:04 - 2015-05-09 11:07 - 00000000 ____D () C:\AdwCleaner
2015-05-09 10:20 - 2015-05-09 11:01 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-09 10:20 - 2015-05-09 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-09 10:20 - 2015-05-09 10:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-09 10:20 - 2015-05-09 10:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-09 10:20 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-05-09 10:20 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-09 10:20 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-09 02:05 - 2015-05-09 02:07 - 00303384 _____ () C:\WINDOWS\Minidump\050915-16203-01.dmp
2015-05-09 00:18 - 2015-05-09 11:22 - 00000000 ____D () C:\Users\Eli\Desktop\Trojaner Board
2015-05-08 23:30 - 2015-05-09 11:22 - 00000000 ____D () C:\FRST
2015-05-08 23:25 - 2015-05-08 23:25 - 00000020 _____ () C:\Users\Eli\defogger_reenable
2015-05-07 18:18 - 2015-05-07 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-14 22:04 - 2015-04-14 22:04 - 18178736 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-09 11:08 - 2012-08-01 17:51 - 00177092 _____ () C:\WINDOWS\PFRO.log
2015-05-09 11:08 - 2012-07-26 09:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-09 11:07 - 2012-10-11 18:40 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-05-09 10:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\System
2015-05-09 10:59 - 2012-07-26 09:20 - 00000000 ____D () C:\WINDOWS\Setup
2015-05-09 10:41 - 2013-12-17 11:24 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-09 10:18 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-05-09 02:05 - 2014-10-02 16:11 - 00000000 ____D () C:\WINDOWS\Minidump
2015-05-09 02:05 - 2014-10-02 16:10 - 1800385783 _____ () C:\WINDOWS\MEMORY.DMP
2015-05-08 23:34 - 2012-10-12 03:48 - 00754172 _____ () C:\WINDOWS\system32\perfh007.dat
2015-05-08 23:34 - 2012-10-12 03:48 - 00156362 _____ () C:\WINDOWS\system32\perfc007.dat
2015-05-08 23:34 - 2012-07-26 09:28 - 01748838 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-05-08 23:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-05-08 23:26 - 2013-12-02 18:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-08 23:25 - 2013-12-02 17:53 - 00000000 ____D () C:\Users\Eli
2015-05-08 23:25 - 2012-10-11 18:53 - 01944346 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-08 18:28 - 2014-10-14 16:12 - 00000000 ____D () C:\Users\Eli\AppData\Local\Adobe
2015-04-22 12:35 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-15 14:37 - 2013-12-03 16:57 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 14:33 - 2013-12-06 12:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 14:33 - 2013-12-03 16:57 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-14 22:04 - 2013-12-17 11:24 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2013-12-02 18:15 - 2013-12-04 14:32 - 0003011 _____ () C:\Users\Eli\AppData\Roaming\AbsoluteReminder.xml
2014-10-16 13:37 - 2015-01-27 12:56 - 0000034 _____ () C:\Users\Eli\AppData\Roaming\AdobeWLCMCache.dat
2015-02-16 14:59 - 2015-02-16 14:59 - 0000000 _____ () C:\Users\Eli\AppData\Roaming\gdfw.log
2015-02-16 14:59 - 2015-02-16 14:59 - 0000779 _____ () C:\Users\Eli\AppData\Roaming\gdscan.log
2014-02-06 00:25 - 2014-02-06 00:25 - 0000784 _____ () C:\Users\Eli\AppData\Local\recently-used.xbel
2012-10-11 18:24 - 2012-10-11 18:24 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\Eli\AppData\Local\Temp\amazonicon_v10.exe
C:\Users\Eli\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Eli\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Eli\AppData\Local\Temp\Gw2.exe
C:\Users\Eli\AppData\Local\Temp\hcuninstaller_20141209_122126_4784.exe
C:\Users\Eli\AppData\Local\Temp\installerdll354018595.dll
C:\Users\Eli\AppData\Local\Temp\InstStub.exe
C:\Users\Eli\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Eli\AppData\Local\Temp\mailcheck_ff_2014_12_02.exe
C:\Users\Eli\AppData\Local\Temp\mpa04268.exe
C:\Users\Eli\AppData\Local\Temp\MultisineV1.74.exe
C:\Users\Eli\AppData\Local\Temp\ose00000.exe
C:\Users\Eli\AppData\Local\Temp\Quarantine.exe
C:\Users\Eli\AppData\Local\Temp\sdan.exe
C:\Users\Eli\AppData\Local\Temp\sdapk.exe
C:\Users\Eli\AppData\Local\Temp\sdaspwn.exe
C:\Users\Eli\AppData\Local\Temp\Setup-Wacom.exe
C:\Users\Eli\AppData\Local\Temp\SpOrder.dll
C:\Users\Eli\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Eli\AppData\Local\Temp\sqlite3.dll
C:\Users\Eli\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Eli\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Eli\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-02 15:02

==================== End Of Log ============================
         
--- --- ---



5) FRST Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2015 01
Ran by Eli at 2015-05-09 11:22:52
Running from C:\Users\Eli\Desktop\Trojaner Board
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2344629883-704184612-3672562925-500 - Administrator - Disabled) => C:\Users\Administrator
Eli (S-1-5-21-2344629883-704184612-3672562925-1002 - Administrator - Enabled) => C:\Users\Eli
Gast (S-1-5-21-2344629883-704184612-3672562925-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G DATA INTERNET SECURITY (Disabled - Out of date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G DATA INTERNET SECURITY (Disabled - Out of date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G DATA Personal Firewall (Disabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.1.451 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.2.3042.61510 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.2.3042.61510 - Alcor Micro Corp.) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.44.0 - Conexant)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.3 - Lenovo)
Energy Management (x32 Version: 8.0.2.3 - Lenovo) Hidden
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
G DATA INTERNET SECURITY (HKLM-x32\...\{AC68D2FF-1674-4C16-A536-A69FC11BBD82}) (Version: 25.1.0.2 - G DATA Software AG)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{0728A184-F899-4356-B93D-8228674F0DEB}) (Version: 2.6.1209.0268 - Motorola Solutions, Inc.)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo MediaShow6 (HKLM-x32\...\InstallShield_{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}) (Version: 6.0.4019 - CyberLink Corp.)
Lenovo MediaShow6 (x32 Version: 6.0.4019 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.0710 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.0710 - CyberLink Corp.) Hidden
Lenovo Smart Update (HKLM-x32\...\{29B7C0EB-A1E6-4BC3-8344-70EDE4F189F1}) (Version: 1.5.75 - Lenovo Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
LenovoDrv_x64 (HKLM\...\{83E68458-AF28-4CA4-8AFC-595A10307290}) (Version: 1.0.00 - Lenovo)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MultisineV1.74 (HKLM-x32\...\MultisineV1.74_is1) (Version:  - SeDuTec)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Secunia PSI (3.0.0.10004) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.10004 - Secunia)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.15 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo Corporation (LAD) System  (06/08/2012 1.0.0.3) (HKLM\...\C48768A2A32F4649238F7DCF737A260911895FDE) (Version: 06/08/2012 1.0.0.3 - Lenovo Corporation)
Windows-Treiberpaket - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows-Treiberpaket - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
World of Tanks (HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

01-05-2015 15:15:31 Windows Update
05-05-2015 03:00:02 Windows Update
08-05-2015 18:28:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16FF2885-7253-4AA9-8852-2A473917C04A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {2E06458F-2C06-4D11-8917-ABBC1C4E85B9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {335DCE13-5A9A-4E6E-9ADC-75723C6E2C88} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2344629883-704184612-3672562925-1002
Task: {468558C6-6142-46EE-AF56-C44F1020D56B} - System32\Tasks\AdobeAAMUpdater-1.0-Stichling-Eli => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-10-14] (Adobe Systems Incorporated)
Task: {7B4EAAF4-BB23-4289-8328-E6270D2C1760} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-15] (Microsoft Corporation)
Task: {935F9D2C-4CA3-42C1-9252-4194A934B0DD} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-08-13] (Intel)
Task: {AB0E2CCF-033D-4012-929E-9A75683D82F6} - System32\Tasks\OFFICE2010ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {BBF19BBA-B5BA-44C4-B597-00C9F440B7F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BFA4409F-C4A3-468C-B39B-11E48A0D8E10} - \Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002 No Task File <==== ATTENTION
Task: {DA5BCC5E-97CB-4BB2-B334-C36524E5D9E3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-11 17:54 - 2014-11-04 02:04 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-20 05:42 - 2015-02-20 05:42 - 00382072 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-05-22 10:28 - 2014-05-22 10:28 - 00619328 _____ () C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenDevProps.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\aeriagames.com -> hxxp://aeriagames.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "YouCam Tray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "YouCam Mirage"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Updater"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{FE411D01-488F-44D5-884E-5EE52559E311}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{36D5C3C9-1548-4F51-990F-0D36FA953832}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{AEF317AC-8B64-4CF9-AADD-16D722298F32}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{6116444F-39A2-481F-B28B-3C1EB4AC825A}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{1A59A1C6-FFD0-412C-9967-F04508836AC6}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{9D5E01DB-721D-4D5D-9144-9BD6B23E059C}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{16C1F45C-C07B-4138-A651-7A529A97E91D}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3B63CCD4-1AB4-40D6-9BC0-AB1B6E0EE854}] => (Allow) C:\Users\Eli\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0E82E8D3-14EB-4CBC-A93D-C754A6D75414}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{D625238B-8BCD-4FEE-BCF4-6FDCDD75086F}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3343CC8B-CC8B-417F-8660-1070B80E5D1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{6296C6F2-1A61-4098-9793-EBD77FB7498E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{B92E14C8-FE81-44E8-8CBD-18C5A30AB183}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{661054AE-A45C-4733-8F60-1E15E450B0C3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{23AEFC51-BEB2-4422-91DD-ACBCCF2110DA}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [UDP Query User{D68D57B4-3C61-43FB-AE82-0ED2D703490A}C:\users\eli\appdata\local\temp\gw2.exe] => (Allow) C:\users\eli\appdata\local\temp\gw2.exe
FirewallRules: [{A4FDD966-9ADB-4744-9A41-A2AEEE0CB660}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{C7E508E8-74E1-4749-B08C-E6C5D7E92042}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{86AFCA5B-8EE3-4409-9A48-00B737F50B0D}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{0A596237-E7FE-48EA-AE61-46CE6D25F34A}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [TCP Query User{0AF7BEAF-5D1D-41E5-A959-4D51AA40FC84}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{FA933674-7934-4A80-B8A1-8726B63FC074}C:\program files (x86)\world_of_tanks\wotlauncher.exe] => (Allow) C:\program files (x86)\world_of_tanks\wotlauncher.exe
FirewallRules: [{00B4DBC3-4697-47A9-9906-CAB83DCAEE58}] => (Allow) E:\fsetup.exe
FirewallRules: [{13F753FB-88EE-4A13-9F1F-C4E1811B6C09}] => (Allow) E:\fsetup.exe
FirewallRules: [TCP Query User{26722D95-8E5D-425F-BB66-EF46D1D4B292}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{257EF4E8-F646-440D-BAE7-2FD915BF4AED}C:\program files (x86)\world_of_tanks\worldoftanks.exe] => (Allow) C:\program files (x86)\world_of_tanks\worldoftanks.exe
FirewallRules: [{BF20EADA-FEC5-43B2-8EF2-7EEE04AF104C}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [{BA9EE5F1-2565-4315-A71B-CFACAB374097}] => (Allow) %ProgramFiles% (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{D896DF0C-87E7-45B2-8F8F-18D29C7557EB}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FBAE6EDA-2ECE-497A-AEEF-7E04FFB9F5D7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{83912FFF-3BCC-457A-B433-1D650BFE1201}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{56F1213B-665E-453A-B957-B15E742D7137}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{D4C394AF-CEA4-4787-A1B0-FE92195BC91B}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C27B5D62-4D23-45B8-831A-56CABA6352F7}C:\users\eli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eli\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D1EF3745-EF41-4BFC-8458-1DF98EC0866D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{FE281D1A-F13B-46FE-8D75-844F84019C34}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [TCP Query User{6B3C3F2D-A0AF-403E-89F9-F82D97F7936B}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{514C6518-DE3F-433D-B824-03D5988CC5CD}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{AB5B0666-867F-4225-8921-C07822FD5F2C}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{66EB7665-7D66-476F-8696-73B1659C9424}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{7B144272-3233-4A58-A5E2-BD2985EC7DC9}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [{1556DDB9-D2F6-4AE4-9CB7-7431929F01A0}] => (Allow) C:\Program Files (x86)\lol.launcher.exe
FirewallRules: [TCP Query User{2187DA8C-E595-4CE4-BF6D-56B5C9E7C596}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{7CBA81A5-A638-4CF8-B071-98F871B357C3}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{496CF561-D54C-49E8-82B3-1E6B99FA45E0}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [UDP Query User{F089B531-CED1-4A9F-B5FC-807F1872D5FA}C:\users\eli\desktop\programming\editor\unity.exe] => (Allow) C:\users\eli\desktop\programming\editor\unity.exe
FirewallRules: [TCP Query User{7484905A-547D-4BC9-BBEC-A86A7C6E46C0}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [UDP Query User{5A98C1FB-37B3-455D-BF16-09851618DF36}C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe] => (Block) C:\users\eli\desktop\programming\monodevelop\bin\monodevelop.exe
FirewallRules: [{0AFE21E2-9EC6-46A0-9C96-31AD30B5459B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{84F37044-DB78-401C-B848-D3F6ACAA92C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{06400E3E-1A60-4F8A-BF4F-DA79350980E9}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6773F3DE-36A9-4D3B-AB23-91D16F48EBAD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{682AB1D3-1F34-4D87-80B8-C4F8C45A7AD1}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{40A9BB0C-8A74-4402-A7C1-E061234C2593}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III Beta 2013\Diablo III.exe
FirewallRules: [{EAB95CBF-A945-4C20-80FF-8CD75EB87DA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{428888B3-34AF-481D-A128-DB2557E4B123}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{D6A55DF9-C885-4BFC-B076-81F14BA5232E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C97B8697-EDE1-4C9F-B2D9-64F18BC2BF7E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{18B66FF3-C5DC-4FDE-A4A8-64C9AA96171F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{E508085F-2BE0-4E7B-A226-FFC95FCB3C6D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{D394A1CD-0698-4949-A90D-C98B1DD36E0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{52F98722-C635-4E81-ADA8-70ED6FF5F6E2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E798E883-53B4-459D-812E-91997BA07996}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [UDP Query User{83665DEE-D6AE-49F2-A378-7093E023F5D9}C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe] => (Allow) C:\program files (x86)\deep silver\sacred 2 - fallen angel\system\s2gs.exe
FirewallRules: [{698B3957-6CC3-41CF-A021-3C78009DFE3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{3ABD6377-71A1-435D-AFB3-2F11F84D2322}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{F8566532-E41F-49DF-85B3-568CFEC07AFF}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{C2D39783-211D-4EA4-B98A-3AAB6BFFC014}] => (Allow) C:\Program Files (x86)\Gameforge4D\Elsword_DE\data\x2.exe
FirewallRules: [{31C5EA3D-1BD5-43E8-9181-35543B3BBF69}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{88745C92-B63F-4347-BA8B-9CDD9C44A776}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\TERA-Launcher.exe
FirewallRules: [{EFF43167-5DA6-464A-B786-9274BBEB3DB2}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{22840350-FF81-4BC5-9816-199C39A1EF20}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\TL.exe
FirewallRules: [{7453EB02-9626-4B99-BA59-5234F5AA9ACA}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{27E4C84F-6251-4C72-9CAF-60C52179FE9E}] => (Allow) C:\ProgramData\HappyCloud\Cache\TERA\Client\Binaries\TERA.exe
FirewallRules: [{B65B71E3-0387-4F5D-ADAA-635F2351E05A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{21ABDC7C-1243-45BA-84F1-A1017F798BA1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{43C24E91-C2F4-4BB8-94F5-C58C878E927D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5578416F-51B9-4F43-A52A-CE71B608ED78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{93199FA7-EC52-4372-A19B-12052066419B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E436FFDA-7958-462B-BC91-CD5E56A852B6}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{42CFDA77-27C2-4439-A97E-5A95E731FFD2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{23964328-54B5-419C-8E8C-F91ED45CF60C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FA125EB3-6A25-45C6-9C81-DAE143991C42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{6EC81A98-3078-440D-B8A5-D5DD12BA54C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{F06BB976-5FFA-468B-AF69-AB09DAFE94C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{807FFE94-35C9-430E-BFC5-459E3BEF7FE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{ADF4A11C-3766-40EE-B6D3-AF7B8C50ECAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{26D12EFE-6D2F-4261-917A-B3D5CCDFCF69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{164102D1-6D64-49FB-ACD5-500B64E5C41C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{BFCC7624-EE53-42D8-AFD6-61483A15C9F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{5B721E22-3416-477C-9E7C-D00EE1FBA868}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{DEC44613-54DC-4AF9-A1FD-612608EBDB4F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [TCP Query User{C31B1623-7B06-499A-9472-794F28657C18}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{12F8740B-A9DE-4C6C-921F-D29DA39927DD}C:\users\eli\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\eli\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7C585868-E860-4637-993B-00C3D39B8514}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [UDP Query User{0ACF76D8-F51D-41F1-8690-05C9B45272D8}C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe] => (Allow) C:\program files (x86)\origin games\kingdoms of amalur reckoning\reckoning.exe
FirewallRules: [TCP Query User{1853108B-2A2D-4265-81FB-11E4480BFDAF}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{6C16FCF9-C7F1-4BFA-AE82-C601C1714F56}C:\program files (x86)\binaries\win32\udk.exe] => (Block) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{AA7ECD86-2D59-47D8-A6A9-7A3382DB3930}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [UDP Query User{E1F55399-4AB8-4183-B065-18EC09B89A4B}C:\program files (x86)\binaries\win64\udk.exe] => (Allow) C:\program files (x86)\binaries\win64\udk.exe
FirewallRules: [{E0C220EB-1DE4-463B-83A5-C326BF8E2ED8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C0F9D5DC-3336-40CA-B1E5-1CD8006AE313}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E613D5A4-C260-41F3-8243-471CFEC06721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [{35C017BE-675C-4396-9D1E-9123EC2A7569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Alien Isolation\AI.exe
FirewallRules: [TCP Query User{DD7D7D1F-3372-4E19-8109-394A0486D174}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{CB635730-436E-4A48-9AA0-9A5F211EE047}C:\program files (x86)\java\jre7\bin\java.exe] => (Block) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{48E1F13C-1635-4E41-8448-39853E6476EE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{B49DEEB6-AE93-4911-8655-13AA917B846E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{16789348-B2F0-436C-B0E7-FAE827AFEE39}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{918A09DD-7E75-43D1-AE4C-1BA032F5B084}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{75E50E1D-EC04-4BF2-AABF-FE36297B9D93}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{A6D3D9AA-BC28-46E0-929C-F765E6A561A1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{D9393403-52E2-444E-8C1D-86C282B95F3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{64E61C68-111F-4EEA-930B-D3053C29889E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{59999FBA-2AC3-475A-BF91-E1EF1E7247B2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [UDP Query User{9A015A14-72EE-456F-980A-60A303DA91C2}C:\program files (x86)\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\binaries\win32\udk.exe
FirewallRules: [TCP Query User{85690F6D-B45A-4B8B-8DE3-4684C45740DC}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{82457885-B5E3-461C-9EBC-EF0DD33D6920}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{68834CFE-5C93-41BB-9341-3DDA1AE12CD8}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{7A457934-AEB7-4F11-A04B-0F47B82DE927}C:\program files\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [{75D3ACB4-BA02-4E8A-85B8-CA9617DE3804}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A10AA34C-5023-472F-A325-CC0254B2E438}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9E0EF15E-E13C-46AE-8F2E-956CC04A033B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD510CB2-E8CD-49B0-A2A7-C0DC245A2607}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9C805CD0-8D14-4BE1-ABDC-8DC5432E3542}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B4C5F175-A71D-460B-9786-09AFDCC41CF1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DAA907E0-5157-484A-86E7-45A5C5F74132}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: USB-IF xHCI USB Host Controller
Description: USB-IF xHCI USB Host Controller
Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee}
Manufacturer: Intel Corporation
Service: XHCIPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2015 11:22:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:22:29Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:21:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:21:59Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:21:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:21:29Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:20:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:20:59Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:20:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:20:29Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:19:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:19:59Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:19:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:19:29Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:18:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:18:59Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:18:29 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:18:29Z. Fehlercode: 0x80041316.

Error: (05/09/2015 11:17:59 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2115-04-15T09:17:59Z. Fehlercode: 0x80041316.


System errors:
=============
Error: (05/09/2015 11:16:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/09/2015 11:13:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/09/2015 11:13:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) Capability Licensing Service Interface erreicht.

Error: (05/09/2015 11:13:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/09/2015 11:12:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/09/2015 11:12:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) ME Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/09/2015 11:12:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/09/2015 11:12:45 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/09/2015 11:12:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bluetooth OBEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/09/2015 11:12:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Zero Configuration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 30%
Total physical RAM: 8050.48 MB
Available physical RAM: 5577.19 MB
Total Pagefile: 16242.48 MB
Available Pagefile: 13364.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:532.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: C1CDA268)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 698.6 GB) (Disk ID: C1CDA275)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 10.05.2015, 12:38   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



Da ist noch einiges was mir nicht gefällt...

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.05.2015, 11:44   #6
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



MalwareBytes-Log (2. Log wegen Größe wieder in seperatem Post)

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16750

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 8441544704, free: 5900996608

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16750

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.696000 GHz
Memory total: 8441544704, free: 5991567360

Downloaded database version: v2015.05.12.01
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.05.09.01
=======================================
Initializing...
------------ Kernel report ------------
     05/12/2015 10:56:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\excsd.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\system32\drivers\GDBehave.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\??\C:\WINDOWS\system32\drivers\HookCentre.sys
\??\C:\WINDOWS\system32\drivers\MiniIcpt.sys
\SystemRoot\system32\DRIVERS\excfs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\WINDOWS\system32\drivers\GRD.sys
\SystemRoot\system32\drivers\gdwfpcd64.sys
\??\C:\WINDOWS\system32\drivers\GDKBFlt64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\??\C:\WINDOWS\system32\drivers\GDKBB64.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\irstrtdv.sys
\SystemRoot\System32\drivers\LAD.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\drivers\usbccgp.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\vm332avs.sys
\SystemRoot\system32\DRIVERS\iBtFltCoex.sys
\SystemRoot\system32\DRIVERS\btmhsf.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\DRIVERS\btmaux.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\WINDOWS\system32\drivers\PktIcpt.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.05.12.01
  rootkit: v2015.04.21.01

<<<2>>>
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8009a20060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a1fb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081a4880, DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8009a1f040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8009a20060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8007729e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007729060, DeviceName: \Device\00000044\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd1\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8009a22060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009a21b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80081a5880, DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
DevicePointer: 0xfffffa8009a21040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8009a22060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80069cea90, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80078067f0, DeviceName: \Device\00000043\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\excsd0\, DriverName: \Driver\excsd\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C1CDA268

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3440965542
    GPT Header CurrentLba = 1 BackupLba 46905263
    GPT Header FirstUsableLba 34  LastUsableLba 46905230
    GPT Header Guid 4d055586-3d2c-4a73-9bfd-676be233c282
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3440965542
    Backup GPT header CurrentLba = 46905263 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 46905230
    Backup GPT header Guid 4d055586-3d2c-4a73-9bfd-676be233c282
    Backup GPT header Contains 128 partition entries starting at LBA 46905231
    Backup GPT header Partition entry size = 128

    Partition 0 Type b8cb5058-c187-4719-baf0-379ca2d4c97e
    Partition ID 4613ee39-4727-4347-8134-173f59f716f
    FirstLBA 4096  Last LBA 38512639
    Attributes 0
    Partition Name                                  HFS

    Partition 1 Type d3bfe2de-3daf-11df-ba40-e3a556d89593
    Partition ID 2a772c8c-ecf7-47a6-848b-6776473c6e7b
    FirstLBA 38514688  Last LBA 46903295
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 24015495168 bytes
Sector size: 512 bytes

Done!
Drive 1
This is a System drive
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: C1CDA275

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 88405477
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34  LastUsableLba 1465149134
    GPT Header Guid 9930a47c-a834-4f7b-bdf1-c811d24d24b5
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 88405477
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134
    Backup GPT header Guid 9930a47c-a834-4f7b-bdf1-c811d24d24b5
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 67ad75f0-f79-4aa9-8dd8-f6c8c9c83084
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID fb994476-3cd5-44b1-9ca8-16cc534e5e64
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 1d59e3c6-7396-4886-9dd-c05dc983bc16
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 8b3a40bb-64ec-41fc-93f6-72a049f32dda
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 706910c0-b0be-41af-bc48-6f5c65e3a9cf
    FirstLBA 4892672  Last LBA 1370775551
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 988a9124-2fc7-4a0f-8146-a43f8cbfa2ab
    FirstLBA 1370775552  Last LBA 1423204351
    Attributes 0
    Partition Name                 Basic data partition

    Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 1b13218c-1c45-440e-a521-53c13e8d5bed
    FirstLBA 1423204352  Last LBA 1465147391
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
         

Alt 12.05.2015, 11:56   #7
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



TDSS Killer - Log zu lang. Im Anhang als 7Zip

TDSSKiller-log.7z

Alt 12.05.2015, 17:13   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



Bitte das richtige Log von MBAR posten, siehe Anleitung.

Und alle Logs in CODE-Tags. Auch das vom TDSS-Killer.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2015, 14:45   #9
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



oh...sorry, dass ich das falsche gepostet hab. Ha hab ich schneller eingefügt als ich gelesen hab.

nun das richtige

MBAR
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.12.01
  rootkit: v2015.04.21.01

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Eli :: STICHLING [administrator]

12.05.2015 10:56:50
mbar-log-2015-05-12 (10-56-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 419110
Time elapsed: 27 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSS-Killer (diesmal ungezippt, dafür 2-geteilt)

Code:
ATTFilter
11:35:28.0735 0x0ffc  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
11:35:28.0735 0x0ffc  UEFI system
11:35:52.0424 0x0ffc  ============================================================
11:35:52.0424 0x0ffc  Current date / time: 2015/05/12 11:35:52.0424
11:35:52.0424 0x0ffc  SystemInfo:
11:35:52.0424 0x0ffc  
11:35:52.0424 0x0ffc  OS Version: 6.2.9200 ServicePack: 0.0
11:35:52.0424 0x0ffc  Product type: Workstation
11:35:52.0424 0x0ffc  ComputerName: STICHLING
11:35:52.0424 0x0ffc  UserName: Eli
11:35:52.0424 0x0ffc  Windows directory: C:\WINDOWS
11:35:52.0424 0x0ffc  System windows directory: C:\WINDOWS
11:35:52.0424 0x0ffc  Running under WOW64
11:35:52.0424 0x0ffc  Processor architecture: Intel x64
11:35:52.0424 0x0ffc  Number of processors: 4
11:35:52.0424 0x0ffc  Page size: 0x1000
11:35:52.0424 0x0ffc  Boot type: Normal boot
11:35:52.0424 0x0ffc  ============================================================
11:35:52.0611 0x0ffc  KLMD registered as C:\WINDOWS\system32\drivers\32867245.sys
11:35:52.0799 0x0ffc  System UUID: {4807CDB9-137B-B99C-FB10-07390AB16472}
11:35:53.0425 0x0ffc  Drive \Device\Harddisk0\DR0 - Size: 0x5976F6000 ( 22.37 Gb ), SectorSize: 0x200, Cylinders: 0xB67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:35:53.0441 0x0ffc  Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:35:53.0456 0x0ffc  ============================================================
11:35:53.0456 0x0ffc  \Device\Harddisk0\DR0:
11:35:53.0456 0x0ffc  GPT partitions:
11:35:53.0456 0x0ffc  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {B8CB5058-C187-4719-BAF0-379CA2D4C97E}, UniqueGUID: {4613EE39-4727-4347-8134-173F590F716F}, Name: HFS, StartLBA 0x1000, BlocksNum 0x24B9800
11:35:53.0456 0x0ffc  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {2A772C8C-ECF7-47A6-848B-6776473C6E7B}, Name: Basic data partition, StartLBA 0x24BB000, BlocksNum 0x800000
11:35:53.0456 0x0ffc  MBR partitions:
11:35:53.0456 0x0ffc  \Device\Harddisk1\DR1:
11:35:53.0456 0x0ffc  GPT partitions:
11:35:53.0456 0x0ffc  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {67AD75F0-0F79-4AA9-8DD8-F6C8C9C83084}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x1F4000
11:35:53.0456 0x0ffc  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {FB994476-3CD5-44B1-9CA8-16CC534E5E64}, Name: EFI system partition, StartLBA 0x1F4800, BlocksNum 0x82000
11:35:53.0456 0x0ffc  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {BFBFAFE7-A34F-448A-9A5B-6213EB736C22}, UniqueGUID: {1D59E3C6-7396-4886-9D0D-C05DC983BC16}, Name: Basic data partition, StartLBA 0x276800, BlocksNum 0x1F4000
11:35:53.0456 0x0ffc  \Device\Harddisk1\DR1\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {8B3A40BB-64EC-41FC-93F6-72A049F32DDA}, Name: Microsoft reserved partition, StartLBA 0x46A800, BlocksNum 0x40000
11:35:53.0456 0x0ffc  \Device\Harddisk1\DR1\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {706910C0-B0BE-41AF-BC48-6F5C65E3A9CF}, Name: Basic data partition, StartLBA 0x4AA800, BlocksNum 0x5169B800
11:35:53.0456 0x0ffc  \Device\Harddisk1\DR1\Partition6: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {988A9124-2FC7-4A0F-8146-A43F8CBFA2AB}, Name: Basic data partition, StartLBA 0x51B46000, BlocksNum 0x3200000
11:35:53.0456 0x0ffc  \Device\Harddisk1\DR1\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {1B13218C-1C45-440E-A521-53C13E8D5BED}, Name: Basic data partition, StartLBA 0x54D46000, BlocksNum 0x2800000
11:35:53.0456 0x0ffc  MBR partitions:
11:35:53.0456 0x0ffc  ============================================================
11:35:53.0487 0x0ffc  C: <-> \Device\Harddisk1\DR1\Partition5
11:35:53.0566 0x0ffc  D: <-> \Device\Harddisk1\DR1\Partition6
11:35:53.0566 0x0ffc  ============================================================
11:35:53.0566 0x0ffc  Initialize success
11:35:53.0566 0x0ffc  ============================================================
11:36:23.0303 0x1bf0  ============================================================
11:36:23.0303 0x1bf0  Scan started
11:36:23.0303 0x1bf0  Mode: Manual; SigCheck; TDLFS; 
11:36:23.0303 0x1bf0  ============================================================
11:36:23.0303 0x1bf0  KSN ping started
11:36:28.0397 0x1bf0  KSN ping finished: true
11:36:29.0006 0x1bf0  ================ Scan system memory ========================
11:36:29.0006 0x1bf0  System memory - ok
11:36:29.0006 0x1bf0  ================ Scan services =============================
11:36:29.0256 0x1bf0  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
11:36:29.0303 0x1bf0  1394ohci - ok
11:36:29.0334 0x1bf0  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
11:36:29.0350 0x1bf0  3ware - ok
11:36:29.0381 0x1bf0  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
11:36:29.0412 0x1bf0  ACPI - ok
11:36:29.0412 0x1bf0  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
11:36:29.0428 0x1bf0  acpiex - ok
11:36:29.0444 0x1bf0  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
11:36:29.0459 0x1bf0  acpipagr - ok
11:36:29.0475 0x1bf0  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
11:36:29.0475 0x1bf0  AcpiPmi - ok
11:36:29.0491 0x1bf0  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
11:36:29.0506 0x1bf0  acpitime - ok
11:36:29.0538 0x1bf0  [ 3B42D95D20CD2AACDB0564471AE43ED7, BF49568D7060159F61D5F6DE7ECDECCCD1F920A2881544BA83CF420C822F6653 ] ACPIVPC         C:\WINDOWS\System32\drivers\AcpiVpc.sys
11:36:29.0569 0x1bf0  ACPIVPC - ok
11:36:29.0741 0x1bf0  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:36:29.0756 0x1bf0  AdobeARMservice - ok
11:36:29.0913 0x1bf0  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:36:29.0913 0x1bf0  AdobeFlashPlayerUpdateSvc - ok
11:36:29.0959 0x1bf0  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\WINDOWS\system32\drivers\adp94xx.sys
11:36:29.0991 0x1bf0  adp94xx - ok
11:36:30.0022 0x1bf0  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\WINDOWS\system32\drivers\adpahci.sys
11:36:30.0038 0x1bf0  adpahci - ok
11:36:30.0053 0x1bf0  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\WINDOWS\system32\drivers\adpu320.sys
11:36:30.0069 0x1bf0  adpu320 - ok
11:36:30.0116 0x1bf0  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
11:36:30.0131 0x1bf0  AeLookupSvc - ok
11:36:30.0163 0x1bf0  [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] AFD             C:\WINDOWS\system32\drivers\afd.sys
11:36:30.0194 0x1bf0  AFD - ok
11:36:30.0225 0x1bf0  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\WINDOWS\system32\drivers\agp440.sys
11:36:30.0225 0x1bf0  agp440 - ok
11:36:30.0256 0x1bf0  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\WINDOWS\System32\alg.exe
11:36:30.0272 0x1bf0  ALG - ok
11:36:30.0303 0x1bf0  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\WINDOWS\system32\AUInstallAgent.dll
11:36:30.0319 0x1bf0  AllUserInstallAgent - ok
11:36:30.0350 0x1bf0  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
11:36:30.0366 0x1bf0  AmdK8 - ok
11:36:30.0381 0x1bf0  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
11:36:30.0397 0x1bf0  AmdPPM - ok
11:36:30.0413 0x1bf0  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
11:36:30.0413 0x1bf0  amdsata - ok
11:36:30.0444 0x1bf0  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
11:36:30.0459 0x1bf0  amdsbs - ok
11:36:30.0475 0x1bf0  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
11:36:30.0475 0x1bf0  amdxata - ok
11:36:30.0522 0x1bf0  [ C7BE7FBB9B6BDE11E12A0F204384C1D6, 36A6387B90DFB2488ABF135198F0F9E19EE29F7A521818DF92E64B36A0BE0245 ] AmUStor         C:\WINDOWS\system32\drivers\AmUStor.SYS
11:36:30.0522 0x1bf0  AmUStor - ok
11:36:30.0538 0x1bf0  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\WINDOWS\system32\drivers\appid.sys
11:36:30.0569 0x1bf0  AppID - ok
11:36:30.0600 0x1bf0  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
11:36:30.0616 0x1bf0  AppIDSvc - ok
11:36:30.0631 0x1bf0  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
11:36:30.0647 0x1bf0  Appinfo - ok
11:36:30.0741 0x1bf0  [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:36:30.0741 0x1bf0  Apple Mobile Device Service - ok
11:36:30.0772 0x1bf0  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\WINDOWS\system32\drivers\arc.sys
11:36:30.0788 0x1bf0  arc - ok
11:36:30.0803 0x1bf0  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
11:36:30.0819 0x1bf0  arcsas - ok
11:36:30.0834 0x1bf0  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:36:30.0834 0x1bf0  AsyncMac - ok
11:36:30.0850 0x1bf0  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
11:36:30.0866 0x1bf0  atapi - ok
11:36:30.0897 0x1bf0  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
11:36:30.0913 0x1bf0  AudioEndpointBuilder - ok
11:36:30.0975 0x1bf0  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
11:36:31.0006 0x1bf0  Audiosrv - ok
11:36:31.0178 0x1bf0  [ EAC923325937602A24994969F00788B5, 254913759B6159398A452E81707D97C3BAC45D749904F5A220DB964D9ED4036C ] AVKProxy        C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
11:36:31.0225 0x1bf0  AVKProxy - ok
11:36:31.0303 0x1bf0  [ BCC79D1E0605ABE4B58A9DEE696982A5, 7619EDBB1ABEE4A1B3476D42BCD718876C5BE7F7A4B972414D45F2540F17C665 ] AVKService      C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe
11:36:31.0319 0x1bf0  AVKService - ok
11:36:31.0428 0x1bf0  [ B61A7EBD757437DE398CCD51E559E6B5, FFDB272EC3A8C4CC92E4BDE0228E59733300AEE3AF4D9D84DDAC2FBF14FBA2D4 ] AVKWCtl         C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe
11:36:31.0506 0x1bf0  AVKWCtl - ok
11:36:31.0553 0x1bf0  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
11:36:31.0569 0x1bf0  AxInstSV - ok
11:36:31.0600 0x1bf0  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
11:36:31.0631 0x1bf0  b06bdrv - ok
11:36:31.0663 0x1bf0  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
11:36:31.0678 0x1bf0  BasicDisplay - ok
11:36:31.0694 0x1bf0  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
11:36:31.0694 0x1bf0  BasicRender - ok
11:36:31.0741 0x1bf0  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
11:36:31.0756 0x1bf0  BDESVC - ok
11:36:31.0772 0x1bf0  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
11:36:31.0788 0x1bf0  Beep - ok
11:36:31.0819 0x1bf0  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\WINDOWS\System32\bfe.dll
11:36:31.0850 0x1bf0  BFE - ok
11:36:31.0897 0x1bf0  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\WINDOWS\System32\qmgr.dll
11:36:31.0928 0x1bf0  BITS - ok
11:36:32.0038 0x1bf0  [ 13C358D27CBFAF537FA7CA48B9052CF3, BC6AD061DA6B348774E9B65750C986F43148B78E8F97CCBE9AA99EA7D8759620 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
11:36:32.0053 0x1bf0  Bluetooth Device Monitor - ok
11:36:32.0100 0x1bf0  [ 7525C93645FDA8E9D8F677FEA833798A, 9878B88C57119580EF1F5D1DF93C62A3CFFFD0AC4E764D9AC05C727D0D1B2EED ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
11:36:32.0131 0x1bf0  Bluetooth OBEX Service - ok
11:36:32.0163 0x1bf0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:36:32.0194 0x1bf0  Bonjour Service - ok
11:36:32.0210 0x1bf0  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
11:36:32.0241 0x1bf0  bowser - ok
11:36:32.0272 0x1bf0  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
11:36:32.0288 0x1bf0  BrokerInfrastructure - ok
11:36:32.0319 0x1bf0  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\WINDOWS\System32\browser.dll
11:36:32.0335 0x1bf0  Browser - ok
11:36:32.0366 0x1bf0  [ D4FA5A33E345CFB6D635579A8EE02399, F87E622575D495AA458683C99C427508FCF14349EDBE0FE03F6AA0155E77C111 ] BthA2DP         C:\WINDOWS\system32\drivers\BthA2DP.sys
11:36:32.0381 0x1bf0  BthA2DP - ok
11:36:32.0413 0x1bf0  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
11:36:32.0428 0x1bf0  BthAvrcpTg - ok
11:36:32.0460 0x1bf0  [ A8B20D852B07AE19A13B5D47EC4E4C3B, 86571C9E2BA15BB169CAB2D24C4D0598154C02FD173638CAFC685A7F6B09472D ] BthEnum         C:\WINDOWS\System32\drivers\BthEnum.sys
11:36:32.0475 0x1bf0  BthEnum - ok
11:36:32.0507 0x1bf0  [ E695E706C9E11DD5201605F1F6B4505C, 994DBB540644CBA25992C63E639A8551E066DEC1648139E461892F306F77F101 ] BthHFAud        C:\WINDOWS\system32\DRIVERS\BthHfAud.sys
11:36:32.0507 0x1bf0  BthHFAud - ok
11:36:32.0538 0x1bf0  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
11:36:32.0569 0x1bf0  BthHFEnum - ok
11:36:32.0585 0x1bf0  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
11:36:32.0585 0x1bf0  bthhfhid - ok
11:36:32.0647 0x1bf0  [ 447A41162B74E345C8E80A681867C653, 415A54506FFC37E242F44886ADCF70C35433AD056CCBACA818F24500064FD17C ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
11:36:32.0663 0x1bf0  BthHFSrv - ok
11:36:32.0694 0x1bf0  [ 42201C346F0B8C458E1E9CDE04D68A2C, 6168FD0D10CD06B00B5C79D5D2B5C353AAC22FD99CE8D417DDBA33ED63CFB8BF ] BthLEEnum       C:\WINDOWS\system32\DRIVERS\BthLEEnum.sys
11:36:32.0710 0x1bf0  BthLEEnum - ok
11:36:32.0725 0x1bf0  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
11:36:32.0741 0x1bf0  BTHMODEM - ok
11:36:32.0772 0x1bf0  [ 091BB978E9504D0AD14586929431A957, ACED02B879026A228E35F40847C210BC30A5AFC948FFE922DB21663E4A8DFF1D ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:36:32.0788 0x1bf0  BthPan - ok
11:36:32.0835 0x1bf0  [ 13795CAA34239D97A7211E7F9D96E012, C4F3402B063A7CFCE386D1AE9255975A199164BA9E7DCDB6129725213A0642B1 ] BTHPORT         C:\WINDOWS\System32\Drivers\BTHport.sys
11:36:32.0882 0x1bf0  BTHPORT - ok
11:36:32.0897 0x1bf0  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\WINDOWS\system32\bthserv.dll
11:36:32.0913 0x1bf0  bthserv - ok
11:36:32.0928 0x1bf0  [ 1F715957F5236D30B6020A19A4271F6A, C06B637C2C6919E2DE1055AE249AE3EAF7B4890799F22BF5757CC10CEF145043 ] BTHUSB          C:\WINDOWS\System32\Drivers\BTHUSB.sys
11:36:32.0928 0x1bf0  BTHUSB - ok
11:36:32.0960 0x1bf0  [ 7235891AF09D13C4214DEEE57ED331D0, ADDFF2B043DA537652213381450A87301B27DC2665DA7AB494A8B0DA9E99936E ] btmaux          C:\WINDOWS\system32\DRIVERS\btmaux.sys
11:36:32.0975 0x1bf0  btmaux - ok
11:36:33.0038 0x1bf0  [ 76D0DDD58A773CA1BFB4D30AAE03517A, E631CAAEEA5D1F632FF0A60F4466664A6FD9DA19F4A28A379294D8E6690ADAD9 ] btmhsf          C:\WINDOWS\system32\DRIVERS\btmhsf.sys
11:36:33.0069 0x1bf0  btmhsf - ok
11:36:33.0085 0x1bf0  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
11:36:33.0100 0x1bf0  cdfs - ok
11:36:33.0116 0x1bf0  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
11:36:33.0147 0x1bf0  cdrom - ok
11:36:33.0178 0x1bf0  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
11:36:33.0194 0x1bf0  CertPropSvc - ok
11:36:33.0210 0x1bf0  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
11:36:33.0225 0x1bf0  circlass - ok
11:36:33.0257 0x1bf0  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
11:36:33.0272 0x1bf0  CLFS - ok
11:36:33.0303 0x1bf0  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
11:36:33.0335 0x1bf0  CmBatt - ok
11:36:33.0366 0x1bf0  [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
11:36:33.0382 0x1bf0  CNG - ok
11:36:33.0444 0x1bf0  [ 1F925AA990A6A446E8BA926B2D0A5201, F278C272E3F40C37D04935CE19938C4B63A4BC2AA378D0F56C32FE78308D6993 ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys
11:36:33.0491 0x1bf0  CnxtHdAudService - ok
11:36:33.0507 0x1bf0  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\WINDOWS\System32\drivers\CompositeBus.sys
11:36:33.0522 0x1bf0  CompositeBus - ok
11:36:33.0522 0x1bf0  COMSysApp - ok
11:36:33.0522 0x1bf0  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
11:36:33.0538 0x1bf0  condrv - ok
11:36:33.0725 0x1bf0  [ 0691E1CEB1932B7F1B97FC70AB2AE539, 9DAA3129DAADA60C888A9B8C31C885D8E8B21CA4F6EA58B8827747BE418802F0 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
11:36:33.0741 0x1bf0  cphs - ok
11:36:33.0803 0x1bf0  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
11:36:33.0819 0x1bf0  CryptSvc - ok
11:36:33.0850 0x1bf0  [ 48AED45DF009081AF3F5144F7D624674, 4425C15EB9E1177EE5134A33F63DAF7FF876577946DBF1EAD92C5614025113BB ] CxAudMsg        C:\WINDOWS\system32\CxAudMsg64.exe
11:36:33.0866 0x1bf0  CxAudMsg - ok
11:36:33.0897 0x1bf0  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\WINDOWS\system32\drivers\dam.sys
11:36:33.0913 0x1bf0  dam - ok
11:36:33.0960 0x1bf0  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
11:36:33.0991 0x1bf0  DcomLaunch - ok
11:36:34.0038 0x1bf0  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
11:36:34.0069 0x1bf0  defragsvc - ok
11:36:34.0085 0x1bf0  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\WINDOWS\system32\das.dll
11:36:34.0116 0x1bf0  DeviceAssociationService - ok
11:36:34.0147 0x1bf0  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
11:36:34.0163 0x1bf0  DeviceInstall - ok
11:36:34.0210 0x1bf0  [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
11:36:34.0210 0x1bf0  Dfsc - ok
11:36:34.0241 0x1bf0  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
11:36:34.0257 0x1bf0  dg_ssudbus - ok
11:36:34.0303 0x1bf0  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
11:36:34.0319 0x1bf0  Dhcp - ok
11:36:34.0335 0x1bf0  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\WINDOWS\system32\drivers\discache.sys
11:36:34.0350 0x1bf0  discache - ok
11:36:34.0366 0x1bf0  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\WINDOWS\system32\drivers\disk.sys
11:36:34.0382 0x1bf0  disk - ok
11:36:34.0382 0x1bf0  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
11:36:34.0397 0x1bf0  dmvsc - ok
11:36:34.0413 0x1bf0  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
11:36:34.0428 0x1bf0  Dnscache - ok
11:36:34.0460 0x1bf0  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
11:36:34.0475 0x1bf0  dot3svc - ok
11:36:34.0507 0x1bf0  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\WINDOWS\system32\dps.dll
11:36:34.0522 0x1bf0  DPS - ok
11:36:34.0554 0x1bf0  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
11:36:34.0554 0x1bf0  drmkaud - ok
11:36:34.0585 0x1bf0  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
11:36:34.0600 0x1bf0  DsmSvc - ok
11:36:34.0663 0x1bf0  [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
11:36:34.0725 0x1bf0  DXGKrnl - ok
11:36:34.0772 0x1bf0  [ 651FBD69A9713D623D456A240F96179C, 22A1F306B454EF9C84D25EF266F3ED0E1D896B1F5BE60170E79F37F2DBCA59F4 ] e1iexpress      C:\WINDOWS\system32\DRIVERS\e1i63x64.sys
11:36:34.0804 0x1bf0  e1iexpress - ok
11:36:34.0804 0x1bf0  EagleX64 - ok
11:36:34.0835 0x1bf0  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\WINDOWS\System32\eapsvc.dll
11:36:34.0850 0x1bf0  Eaphost - ok
11:36:34.0960 0x1bf0  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
11:36:35.0069 0x1bf0  ebdrv - ok
11:36:35.0085 0x1bf0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS             C:\WINDOWS\System32\lsass.exe
11:36:35.0100 0x1bf0  EFS - ok
11:36:35.0116 0x1bf0  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
11:36:35.0132 0x1bf0  EhStorClass - ok
11:36:35.0147 0x1bf0  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
11:36:35.0163 0x1bf0  EhStorTcgDrv - ok
11:36:35.0179 0x1bf0  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
11:36:35.0194 0x1bf0  ErrDev - ok
11:36:35.0210 0x1bf0  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\WINDOWS\system32\es.dll
11:36:35.0241 0x1bf0  EventSystem - ok
11:36:35.0382 0x1bf0  [ 21FFB87A70019E9B39C5A8469695ACBA, B41BEDB737CFD33707181DA0B69FC47C01C897AF8B42211A46B54A9FDB2B9004 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:36:35.0397 0x1bf0  EvtEng - ok
11:36:35.0413 0x1bf0  [ D2EAA04AF43154B62FA85B08BAD0A7CA, B18F09CAD04AD61A1B8DCD3BBC70A82FB50008C147389D3245E39856BA940A87 ] excfs           C:\WINDOWS\system32\DRIVERS\excfs.sys
11:36:35.0429 0x1bf0  excfs - ok
11:36:35.0429 0x1bf0  [ E6082A6C109238A725D83184724C4A36, 66F0D4798C357FFCC5A35E45BE8E5F0A97E7BCF98CFAA1BB2269F6D6B910A0A3 ] excsd           C:\WINDOWS\system32\DRIVERS\excsd.sys
11:36:35.0444 0x1bf0  excsd - ok
11:36:35.0475 0x1bf0  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
11:36:35.0491 0x1bf0  exfat - ok
11:36:35.0554 0x1bf0  [ 68030FF4B7669E15916910885E2E6160, 324EC07A0135354A5D41ED841919D61C218ECA718DE8A8357B0D2AD0B621777B ] ExpressCache    C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
11:36:35.0569 0x1bf0  ExpressCache - ok
11:36:35.0585 0x1bf0  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
11:36:35.0600 0x1bf0  fastfat - ok
11:36:35.0663 0x1bf0  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\WINDOWS\system32\fxssvc.exe
11:36:35.0694 0x1bf0  Fax - ok
11:36:35.0710 0x1bf0  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
11:36:35.0725 0x1bf0  fdc - ok
11:36:35.0741 0x1bf0  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
11:36:35.0757 0x1bf0  fdPHost - ok
11:36:35.0772 0x1bf0  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
11:36:35.0788 0x1bf0  FDResPub - ok
11:36:35.0819 0x1bf0  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
11:36:35.0835 0x1bf0  fhsvc - ok
11:36:35.0866 0x1bf0  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
11:36:35.0866 0x1bf0  FileInfo - ok
11:36:35.0897 0x1bf0  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
11:36:35.0913 0x1bf0  Filetrace - ok
11:36:35.0929 0x1bf0  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
11:36:35.0944 0x1bf0  flpydisk - ok
11:36:35.0960 0x1bf0  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
11:36:35.0975 0x1bf0  FltMgr - ok
11:36:36.0038 0x1bf0  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\WINDOWS\system32\FntCache.dll
11:36:36.0085 0x1bf0  FontCache - ok
11:36:36.0210 0x1bf0  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:36:36.0210 0x1bf0  FontCache3.0.0.0 - ok
11:36:36.0304 0x1bf0  [ BDF9B38E0331115B3D94157BAF368408, 9F01AB78441B04027D3C662503EAF0B20F6DC9F16A5AD82B000294454B2B12B3 ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
11:36:36.0319 0x1bf0  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic ( 1 )
11:36:38.0679 0x1bf0  Detect skipped due to KSN trusted
11:36:38.0679 0x1bf0  FreemakeVideoCapture - ok
11:36:38.0726 0x1bf0  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
11:36:38.0741 0x1bf0  FsDepends - ok
11:36:38.0757 0x1bf0  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:36:38.0772 0x1bf0  Fs_Rec - ok
11:36:38.0804 0x1bf0  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
11:36:38.0835 0x1bf0  fvevol - ok
11:36:38.0851 0x1bf0  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\WINDOWS\System32\drivers\fxppm.sys
11:36:38.0866 0x1bf0  FxPPM - ok
11:36:38.0882 0x1bf0  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\WINDOWS\system32\drivers\gagp30kx.sys
11:36:38.0897 0x1bf0  gagp30kx - ok
11:36:38.0913 0x1bf0  [ 22F1DEC206A6756884ED0740DBCB31AF, D1766BDE07CF24809A39264DEF6534552C6919684FB811CA4F3BE63E60250AA4 ] GDBehave        C:\WINDOWS\system32\drivers\GDBehave.sys
11:36:38.0913 0x1bf0  GDBehave - ok
11:36:38.0944 0x1bf0  [ 1314062567B9ED86BFFDE5D8C48C52AE, 01DE02308E478F50DBFE4C6EAE9D0C052C1575283F2C182388E2028F3BF2E756 ] GDElam          C:\WINDOWS\system32\DRIVERS\GDElam.sys
11:36:38.0960 0x1bf0  GDElam - ok
11:36:39.0069 0x1bf0  [ 73F5C62BBE0CDCDFFDC3C0B71F24E4FD, 8BB0796DF4BC6C11AEC33ECDECCAF85946C3BB19C85F1700020AA353000B4361 ] GDFwSvc         C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe
11:36:39.0147 0x1bf0  GDFwSvc - ok
11:36:39.0179 0x1bf0  [ FF5543CDA6B06E3D29A5F312BE5C4919, 91E0BB934EFD01576C94FDA967340563BB92ECE7C5389978FBC9587A9D21B9CF ] GDKBB           C:\WINDOWS\system32\drivers\GDKBB64.sys
11:36:39.0179 0x1bf0  GDKBB - ok
11:36:39.0194 0x1bf0  [ 1543775197DD1A27D16C0FA0FF73CAFB, B149282AFA5A60CEC797B643207F2541722C360989148FBC7A06DA0EB501ABED ] GDKBFlt         C:\WINDOWS\system32\drivers\GDKBFlt64.sys
11:36:39.0210 0x1bf0  GDKBFlt - ok
11:36:39.0226 0x1bf0  [ EBA67BDB064A0A86CE318E8D1B7FD16A, 6C1B7F851EE1D7CE2BEC7C1743E070646CC8E6895135D6B3E176AD6FC82E81D6 ] GDMnIcpt        C:\WINDOWS\system32\drivers\MiniIcpt.sys
11:36:39.0241 0x1bf0  GDMnIcpt - ok
11:36:39.0257 0x1bf0  [ FBDCD080CC7BD1875056B3813B1F2D13, 7196B8FCED495F774A845FA6D55671368B8F94CF7B7DC6C533FE6172F2341324 ] GDPkIcpt        C:\WINDOWS\system32\drivers\PktIcpt.sys
11:36:39.0257 0x1bf0  GDPkIcpt - ok
11:36:39.0351 0x1bf0  [ 2FC204FF990827303D9184B390F5C15E, A194ACE75ADD2E105C1C5555621A2E4292617C37BA17070F88D4CA56B24D9291 ] GDScan          C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
11:36:39.0382 0x1bf0  GDScan - ok
11:36:39.0413 0x1bf0  [ 6DE4E91BA586977CD843BF5C7E3276E5, 5010F93820FEBC25AD2F118EDEEBDE26CCCC92B854B55300952469CB653FCDD9 ] gdwfpcd         C:\WINDOWS\system32\drivers\gdwfpcd64.sys
11:36:39.0414 0x1bf0  gdwfpcd - ok
11:36:39.0445 0x1bf0  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
11:36:39.0445 0x1bf0  GEARAspiWDM - ok
11:36:39.0477 0x1bf0  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
11:36:39.0492 0x1bf0  gencounter - ok
11:36:39.0586 0x1bf0  [ 5140320AEA9D96A3BD48905F68E8E1D2, 30D9719B67D81C18E18944E119BEE294DEDCD005B99F59CB77746F78BAF0B2D8 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
11:36:39.0617 0x1bf0  GfExperienceService - ok
11:36:39.0649 0x1bf0  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
11:36:39.0664 0x1bf0  GPIOClx0101 - ok
11:36:39.0727 0x1bf0  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
11:36:39.0774 0x1bf0  gpsvc - ok
11:36:39.0805 0x1bf0  [ 57875BA7B65C5FE5A87630DC1544C420, 5BB2F6CD21E3855F163B2B15E2E51A3D58637A890D0D3C6AEFB0F60214D6FBD2 ] GRD             C:\WINDOWS\system32\drivers\GRD.sys
11:36:39.0805 0x1bf0  GRD - ok
11:36:39.0836 0x1bf0  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys
11:36:39.0867 0x1bf0  HdAudAddService - ok
11:36:39.0883 0x1bf0  [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
11:36:39.0883 0x1bf0  HDAudBus - ok
11:36:39.0914 0x1bf0  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
11:36:39.0930 0x1bf0  HidBatt - ok
11:36:39.0961 0x1bf0  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
11:36:39.0977 0x1bf0  HidBth - ok
11:36:39.0992 0x1bf0  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
11:36:40.0008 0x1bf0  hidi2c - ok
11:36:40.0024 0x1bf0  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
11:36:40.0039 0x1bf0  HidIr - ok
11:36:40.0070 0x1bf0  [ D42E350C3F5B9DDCE7BDDB109B413109, F015CCAB3719B1834DF3EE0265D905675C743F116526A2882B6077E540B8A74F ] hidkmdf         C:\WINDOWS\System32\drivers\hidkmdf.sys
11:36:40.0086 0x1bf0  hidkmdf - ok
11:36:40.0117 0x1bf0  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\WINDOWS\system32\hidserv.dll
11:36:40.0133 0x1bf0  hidserv - ok
11:36:40.0149 0x1bf0  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
11:36:40.0164 0x1bf0  HidUsb - ok
11:36:40.0211 0x1bf0  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\WINDOWS\system32\kmsvc.dll
11:36:40.0227 0x1bf0  hkmsvc - ok
11:36:40.0258 0x1bf0  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
11:36:40.0274 0x1bf0  HomeGroupListener - ok
11:36:40.0305 0x1bf0  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
11:36:40.0336 0x1bf0  HomeGroupProvider - ok
11:36:40.0352 0x1bf0  [ 20A8E34FE6FD617598E3B90C596D9557, 12A4EEDDB0479300122C32141C0646E48609AFFAF59608B7D7CC8C067C7AC7BB ] HookCentre      C:\WINDOWS\system32\drivers\HookCentre.sys
11:36:40.0352 0x1bf0  HookCentre - ok
11:36:40.0383 0x1bf0  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
11:36:40.0399 0x1bf0  HpSAMD - ok
11:36:40.0430 0x1bf0  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
11:36:40.0461 0x1bf0  HTTP - ok
11:36:40.0477 0x1bf0  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
11:36:40.0492 0x1bf0  hwpolicy - ok
11:36:40.0508 0x1bf0  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
11:36:40.0524 0x1bf0  hyperkbd - ok
11:36:40.0539 0x1bf0  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\WINDOWS\system32\DRIVERS\HyperVideo.sys
11:36:40.0539 0x1bf0  HyperVideo - ok
11:36:40.0570 0x1bf0  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
11:36:40.0570 0x1bf0  i8042prt - ok
11:36:40.0602 0x1bf0  [ 0FE66A51D81A25AACEAAE4C26308121D, C5553F7ABA74A8EB71A4ED0E8F2A6AA2892F871D164F2D4FADB035BE7D1A8C44 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
11:36:40.0617 0x1bf0  iaStorA - ok
11:36:40.0695 0x1bf0  [ 584068E03829BC5C63F54B05E6244E97, C075E8A4853C0DE09A9BF846338F9C8997FE7ACD604B4EC02AA89F0DAA1D985B ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
11:36:40.0711 0x1bf0  IAStorDataMgrSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:36:43.0071 0x1bf0  Detect skipped due to KSN trusted
11:36:43.0071 0x1bf0  IAStorDataMgrSvc - ok
11:36:43.0102 0x1bf0  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
11:36:43.0133 0x1bf0  iaStorV - ok
11:36:43.0164 0x1bf0  [ C430482AC892D52CED021EDDD4D368A2, C54C12EAC14F40BE3E7D7159F8876A664D00CA928000E25306071D28B52EA33A ] ibtfltcoex      C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys
11:36:43.0180 0x1bf0  ibtfltcoex - ok
11:36:43.0414 0x1bf0  [ 28388795BDF79464E8FDADB127671734, 4C740A8E35462C051DE3166BF87F5061518F589D8BCF4C36247FEC4903231593 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
11:36:43.0649 0x1bf0  igfx - ok
11:36:43.0696 0x1bf0  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\WINDOWS\system32\drivers\iirsp.sys
11:36:43.0696 0x1bf0  iirsp - ok
11:36:43.0758 0x1bf0  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
11:36:43.0805 0x1bf0  IKEEXT - ok
11:36:43.0836 0x1bf0  [ FD2032D2EAE8D7F3381EBA5FA3E7FEEA, 46D1DC6A44E20339AD9195EE7CC719DC9BC99C78F8C74E730B671F0D78B9C683 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
11:36:43.0852 0x1bf0  intaud_WaveExtensible - ok
11:36:43.0883 0x1bf0  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
11:36:43.0899 0x1bf0  IntcDAud - ok
11:36:43.0961 0x1bf0  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
11:36:43.0993 0x1bf0  Intel(R) Capability Licensing Service Interface - ok
11:36:44.0055 0x1bf0  [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel(R) ME Service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
11:36:44.0071 0x1bf0  Intel(R) ME Service - ok
11:36:44.0102 0x1bf0  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
11:36:44.0118 0x1bf0  intelide - ok
11:36:44.0133 0x1bf0  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
11:36:44.0149 0x1bf0  intelppm - ok
11:36:44.0164 0x1bf0  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:36:44.0180 0x1bf0  IpFilterDriver - ok
11:36:44.0227 0x1bf0  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
11:36:44.0258 0x1bf0  iphlpsvc - ok
11:36:44.0274 0x1bf0  [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
11:36:44.0289 0x1bf0  IPMIDRV - ok
11:36:44.0305 0x1bf0  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
11:36:44.0321 0x1bf0  IPNAT - ok
11:36:44.0368 0x1bf0  [ 87F8EDF63C97BF0BF21359A3D8ABF0C7, BAAAE1DE50EBD1BCE46F33C5F3A7F3C39F61AB21416D78DAA7F8A19F38F67269 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:36:44.0383 0x1bf0  iPod Service - ok
11:36:44.0399 0x1bf0  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
11:36:44.0414 0x1bf0  IRENUM - ok
11:36:44.0430 0x1bf0  [ 4D9B9A794F22415B8C3E0CCFBE61BC7A, 4CF01BC95F0AD7DC42AF8A0FCE032DF00610524A98CF52F531E9DE93137E7B87 ] irstrtdv        C:\WINDOWS\System32\drivers\irstrtdv.sys
11:36:44.0430 0x1bf0  irstrtdv - ok
11:36:44.0586 0x1bf0  [ E145E934392E7A49FDC6775AC3A347F8, 8E5DBC8C34FB3B68851489E0860BA3ACE6CDF46BB5E2AEFD1DEF6E895566068B ] irstrtsv        C:\WINDOWS\SysWOW64\irstrtsv.exe
11:36:44.0586 0x1bf0  irstrtsv - ok
11:36:44.0602 0x1bf0  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
11:36:44.0618 0x1bf0  isapnp - ok
11:36:44.0649 0x1bf0  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
11:36:44.0680 0x1bf0  iScsiPrt - ok
11:36:44.0711 0x1bf0  [ C59B9CE2855E667809F9E63C20FC44A5, 36C71CDAB84296E408F29588E1993B6E2016841435C6F2CABBB716A2E2947BA8 ] iwdbus          C:\WINDOWS\System32\drivers\iwdbus.sys
11:36:44.0711 0x1bf0  iwdbus - ok
11:36:44.0743 0x1bf0  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11:36:44.0743 0x1bf0  jhi_service - ok
11:36:44.0789 0x1bf0  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
11:36:44.0789 0x1bf0  kbdclass - ok
11:36:44.0805 0x1bf0  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
11:36:44.0821 0x1bf0  kbdhid - ok
11:36:44.0821 0x1bf0  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\WINDOWS\system32\DRIVERS\kdnic.sys
11:36:44.0852 0x1bf0  kdnic - ok
11:36:44.0883 0x1bf0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso          C:\WINDOWS\system32\lsass.exe
11:36:44.0883 0x1bf0  KeyIso - ok
11:36:44.0899 0x1bf0  [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
11:36:44.0914 0x1bf0  KSecDD - ok
11:36:44.0946 0x1bf0  [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
11:36:44.0961 0x1bf0  KSecPkg - ok
11:36:44.0961 0x1bf0  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
11:36:44.0977 0x1bf0  ksthunk - ok
11:36:45.0024 0x1bf0  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
11:36:45.0039 0x1bf0  KtmRm - ok
11:36:45.0071 0x1bf0  [ 61959D7B5A83C524909325AE751F19F9, 1D6AC527C36E9986CDE7B852B11DC9DC8DE367CEEDE0AE481B1FB5C6E4F26C26 ] LAD             C:\WINDOWS\System32\drivers\LAD.sys
11:36:45.0102 0x1bf0  LAD - ok
11:36:45.0149 0x1bf0  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
11:36:45.0180 0x1bf0  LanmanServer - ok
11:36:45.0211 0x1bf0  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
11:36:45.0227 0x1bf0  LanmanWorkstation - ok
11:36:45.0305 0x1bf0  [ 93138543A4D836E97543BA2B857BDBFF, 23B4C52AFDCA16D5DC49F08FE755B1AF457BEBBE1599EF7B9C310C105639384B ] Lenovo Smart Update Service C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update Service.exe
11:36:45.0305 0x1bf0  Lenovo Smart Update Service - ok
11:36:45.0321 0x1bf0  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\WINDOWS\system32\DRIVERS\LhdX64.sys
11:36:45.0336 0x1bf0  LHDmgr - ok
11:36:45.0352 0x1bf0  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\WINDOWS\system32\DRIVERS\lltdio.sys
11:36:45.0368 0x1bf0  lltdio - ok
11:36:45.0399 0x1bf0  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
11:36:45.0414 0x1bf0  lltdsvc - ok
11:36:45.0430 0x1bf0  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
11:36:45.0446 0x1bf0  lmhosts - ok
11:36:45.0477 0x1bf0  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
11:36:45.0493 0x1bf0  LMS - ok
11:36:45.0524 0x1bf0  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
11:36:45.0539 0x1bf0  LSI_SAS - ok
11:36:45.0555 0x1bf0  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\WINDOWS\system32\drivers\lsi_sas2.sys
11:36:45.0571 0x1bf0  LSI_SAS2 - ok
11:36:45.0586 0x1bf0  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\WINDOWS\system32\drivers\lsi_scsi.sys
11:36:45.0586 0x1bf0  LSI_SCSI - ok
11:36:45.0602 0x1bf0  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
11:36:45.0618 0x1bf0  LSI_SSS - ok
11:36:45.0664 0x1bf0  [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM             C:\WINDOWS\System32\lsm.dll
11:36:45.0680 0x1bf0  LSM - ok
11:36:45.0696 0x1bf0  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
11:36:45.0711 0x1bf0  luafv - ok
11:36:45.0743 0x1bf0  [ 1E9E32AEC3E1EB1B31B8169F33168B56, 39114585E1FDBBA31E1F781C6A627281907183F94626EB347B08D1F78992ED2A ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
11:36:45.0758 0x1bf0  MBAMProtector - ok
11:36:45.0836 0x1bf0  [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
11:36:45.0883 0x1bf0  MBAMService - ok
11:36:45.0899 0x1bf0  [ 28B597A61C9AC9B59BC0573D70A62CBF, 032C095ECDAEEE800BD9C7AB08C089E7530A9DD09AE577D1612035F2BFFAA61C ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
11:36:45.0914 0x1bf0  MBAMWebAccessControl - ok
11:36:45.0930 0x1bf0  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
11:36:45.0946 0x1bf0  megasas - ok
11:36:45.0993 0x1bf0  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\WINDOWS\system32\drivers\MegaSR.sys
11:36:46.0008 0x1bf0  MegaSR - ok
11:36:46.0055 0x1bf0  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
11:36:46.0055 0x1bf0  MEIx64 - ok
11:36:46.0086 0x1bf0  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\WINDOWS\system32\mmcss.dll
11:36:46.0102 0x1bf0  MMCSS - ok
11:36:46.0118 0x1bf0  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\WINDOWS\system32\drivers\modem.sys
11:36:46.0133 0x1bf0  Modem - ok
11:36:46.0149 0x1bf0  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
11:36:46.0164 0x1bf0  monitor - ok
11:36:46.0180 0x1bf0  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
11:36:46.0196 0x1bf0  mouclass - ok
11:36:46.0211 0x1bf0  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
11:36:46.0227 0x1bf0  mouhid - ok
11:36:46.0243 0x1bf0  [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
11:36:46.0243 0x1bf0  mountmgr - ok
11:36:46.0290 0x1bf0  [ 03D14BF1DC59130002F6B8BA3AD89DB9, 1729CCD8AAF51CDB86ED67569974D0B6B1CFFA5F90EF6E6004B0D8A305D88C27 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:36:46.0290 0x1bf0  MozillaMaintenance - ok
11:36:46.0321 0x1bf0  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
11:36:46.0321 0x1bf0  mpsdrv - ok
11:36:46.0368 0x1bf0  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
11:36:46.0399 0x1bf0  MpsSvc - ok
11:36:46.0415 0x1bf0  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
11:36:46.0446 0x1bf0  MRxDAV - ok
11:36:46.0461 0x1bf0  [ 93179D48066918323628CB016D8C94DC, FE110BF7A10EDD1DF7F6B933D373FCA51F37413282EBC4187E7C9B1965186BCC ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:36:46.0477 0x1bf0  mrxsmb - ok
11:36:46.0493 0x1bf0  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
11:36:46.0524 0x1bf0  mrxsmb10 - ok
11:36:46.0524 0x1bf0  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26, 9822FA53E6067C0E39B7A3A3F1E88719D5D8B055D86FF894F0475B158289EA45 ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
11:36:46.0540 0x1bf0  mrxsmb20 - ok
11:36:46.0571 0x1bf0  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\WINDOWS\system32\DRIVERS\bridge.sys
11:36:46.0586 0x1bf0  MsBridge - ok
11:36:46.0602 0x1bf0  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\WINDOWS\System32\msdtc.exe
11:36:46.0618 0x1bf0  MSDTC - ok
11:36:46.0633 0x1bf0  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
11:36:46.0633 0x1bf0  Msfs - ok
11:36:46.0665 0x1bf0  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
11:36:46.0680 0x1bf0  msgpiowin32 - ok
11:36:46.0696 0x1bf0  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
11:36:46.0696 0x1bf0  mshidkmdf - ok
11:36:46.0711 0x1bf0  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
11:36:46.0727 0x1bf0  mshidumdf - ok
11:36:46.0727 0x1bf0  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
11:36:46.0743 0x1bf0  msisadrv - ok
11:36:46.0774 0x1bf0  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
11:36:46.0790 0x1bf0  MSiSCSI - ok
11:36:46.0790 0x1bf0  msiserver - ok
11:36:46.0805 0x1bf0  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:36:46.0821 0x1bf0  MSKSSRV - ok
11:36:46.0836 0x1bf0  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\WINDOWS\system32\DRIVERS\mslldp.sys
11:36:46.0852 0x1bf0  MsLldp - ok
11:36:46.0852 0x1bf0  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:36:46.0868 0x1bf0  MSPCLOCK - ok
11:36:46.0883 0x1bf0  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
11:36:46.0899 0x1bf0  MSPQM - ok
11:36:46.0915 0x1bf0  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
11:36:46.0946 0x1bf0  MsRPC - ok
11:36:46.0946 0x1bf0  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
11:36:46.0961 0x1bf0  mssmbios - ok
11:36:46.0977 0x1bf0  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
11:36:46.0993 0x1bf0  MSTEE - ok
11:36:47.0008 0x1bf0  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
11:36:47.0008 0x1bf0  MTConfig - ok
11:36:47.0024 0x1bf0  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
11:36:47.0040 0x1bf0  Mup - ok
11:36:47.0055 0x1bf0  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
11:36:47.0055 0x1bf0
         

Alt 13.05.2015, 14:46   #10
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



TDSS-Killer Teil 2

Code:
ATTFilter
11:36:47.0258 0x1bf0  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
11:36:47.0290 0x1bf0  NativeWifiP - ok
11:36:47.0321 0x1bf0  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
11:36:47.0336 0x1bf0  NcaSvc - ok
11:36:47.0352 0x1bf0  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
11:36:47.0352 0x1bf0  NcdAutoSetup - ok
11:36:47.0399 0x1bf0  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
11:36:47.0446 0x1bf0  NDIS - ok
11:36:47.0461 0x1bf0  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\WINDOWS\system32\DRIVERS\ndiscap.sys
11:36:47.0477 0x1bf0  NdisCap - ok
11:36:47.0493 0x1bf0  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys
11:36:47.0493 0x1bf0  NdisImPlatform - ok
11:36:47.0524 0x1bf0  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:36:47.0540 0x1bf0  NdisTapi - ok
11:36:47.0555 0x1bf0  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:36:47.0571 0x1bf0  Ndisuio - ok
11:36:47.0586 0x1bf0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:36:47.0602 0x1bf0  NdisWan - ok
11:36:47.0618 0x1bf0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:36:47.0633 0x1bf0  NDISWANLEGACY - ok
11:36:47.0665 0x1bf0  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
11:36:47.0680 0x1bf0  NDProxy - ok
11:36:47.0696 0x1bf0  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
11:36:47.0711 0x1bf0  Ndu - ok
11:36:47.0727 0x1bf0  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
11:36:47.0727 0x1bf0  NetBIOS - ok
11:36:47.0743 0x1bf0  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
11:36:47.0774 0x1bf0  NetBT - ok
11:36:47.0774 0x1bf0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon        C:\WINDOWS\system32\lsass.exe
11:36:47.0790 0x1bf0  Netlogon - ok
11:36:47.0821 0x1bf0  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\WINDOWS\System32\netman.dll
11:36:47.0852 0x1bf0  Netman - ok
11:36:47.0883 0x1bf0  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
11:36:47.0915 0x1bf0  netprofm - ok
11:36:48.0024 0x1bf0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:36:48.0024 0x1bf0  NetTcpPortSharing - ok
11:36:48.0149 0x1bf0  [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64        C:\WINDOWS\system32\DRIVERS\NETwew00.sys
11:36:48.0243 0x1bf0  NETwNe64 - ok
11:36:48.0493 0x1bf0  [ 57B9C04D673F236D41FAB03842C8640B, 898DCBBBF94875059CD328B0FC75BE36A4E3DD471C6E28BFAE064BCF84349518 ] NETwNs64        C:\WINDOWS\system32\DRIVERS\NETwNs64.sys
11:36:48.0727 0x1bf0  NETwNs64 - ok
11:36:48.0774 0x1bf0  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\WINDOWS\system32\drivers\nfrd960.sys
11:36:48.0790 0x1bf0  nfrd960 - ok
11:36:48.0821 0x1bf0  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
11:36:48.0852 0x1bf0  NlaSvc - ok
11:36:48.0868 0x1bf0  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] npf             C:\WINDOWS\system32\drivers\npf.sys
11:36:48.0883 0x1bf0  npf - ok
11:36:48.0899 0x1bf0  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
11:36:48.0915 0x1bf0  Npfs - ok
11:36:48.0915 0x1bf0  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
11:36:48.0930 0x1bf0  npsvctrig - ok
11:36:48.0993 0x1bf0  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\WINDOWS\system32\nsisvc.dll
11:36:49.0008 0x1bf0  nsi - ok
11:36:49.0008 0x1bf0  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
11:36:49.0024 0x1bf0  nsiproxy - ok
11:36:49.0087 0x1bf0  [ 76929F4A69E425911A63B407E26C2589, 17896DB6EDEF2637D159432DB61E8B5FA2F4F54B5F50BCD6215827C321ED2C2A ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
11:36:49.0149 0x1bf0  Ntfs - ok
11:36:49.0165 0x1bf0  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\WINDOWS\system32\drivers\Null.sys
11:36:49.0180 0x1bf0  Null - ok
11:36:49.0555 0x1bf0  [ FDB03499693DEFD0B6754264C187F967, 7A011832868A685E37DFA7815AABABD7BE14D7E4F05FE1F5349E5BC96AA1DE82 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
11:36:49.0883 0x1bf0  nvlddmkm - ok
11:36:50.0040 0x1bf0  [ E024300408694566DDF65AB5E004F880, EE3B7863F993952308BFD8E4BB39F4D107BC94C0B97ED2A5BAAB8F4C9A6A67D0 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
11:36:50.0087 0x1bf0  NvNetworkService - ok
11:36:50.0102 0x1bf0  [ E468BB323598F1871B9EDC4725A195E6, 9731ECF4487472D91EB47B1BFCA3171237D250285E6B79D1C24547C118D0D9BC ] nvpciflt        C:\WINDOWS\system32\DRIVERS\nvpciflt.sys
11:36:50.0118 0x1bf0  nvpciflt - ok
11:36:50.0133 0x1bf0  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
11:36:50.0133 0x1bf0  nvraid - ok
11:36:50.0149 0x1bf0  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
11:36:50.0165 0x1bf0  nvstor - ok
11:36:50.0274 0x1bf0  [ 285F0E48D99FC882971A8BE107D2E74A, 224B8C232884725E5141AF9CA311940C38E7CDA12A5CC41C25F0D348E31769DA ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
11:36:50.0290 0x1bf0  NvStreamKms - ok
11:36:50.0821 0x1bf0  [ 465D714F8D79DEEBC5F0ED766C16DFFD, 6CF3E8C6BA456511541B77C63C9618C78B8C97ED087684ABE91F3BE84A5B79FD ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
11:36:51.0352 0x1bf0  NvStreamSvc - ok
11:36:51.0415 0x1bf0  [ 103C5A4A296D7958B2E150A15884B240, D57DCDD668CAE26AC4EDD30BF415421B8F63071245538FC8D940CD430A169445 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
11:36:51.0446 0x1bf0  nvsvc - ok
11:36:51.0477 0x1bf0  [ 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3, 4C3C36ADC9EC0FDED3E3FFC7918680B643652AD39458FAA8525392DAD0ABD845 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
11:36:51.0493 0x1bf0  nvvad_WaveExtensible - ok
11:36:51.0509 0x1bf0  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\WINDOWS\system32\drivers\nv_agp.sys
11:36:51.0524 0x1bf0  nv_agp - ok
11:36:51.0602 0x1bf0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:36:51.0634 0x1bf0  odserv - ok
11:36:51.0649 0x1bf0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:36:51.0665 0x1bf0  ose - ok
11:36:51.0696 0x1bf0  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
11:36:51.0727 0x1bf0  p2pimsvc - ok
11:36:51.0759 0x1bf0  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
11:36:51.0790 0x1bf0  p2psvc - ok
11:36:51.0821 0x1bf0  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\WINDOWS\System32\drivers\parport.sys
11:36:51.0837 0x1bf0  Parport - ok
11:36:51.0884 0x1bf0  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
11:36:51.0899 0x1bf0  partmgr - ok
11:36:51.0930 0x1bf0  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
11:36:51.0946 0x1bf0  PcaSvc - ok
11:36:51.0962 0x1bf0  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\WINDOWS\system32\drivers\pci.sys
11:36:51.0977 0x1bf0  pci - ok
11:36:51.0993 0x1bf0  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
11:36:51.0993 0x1bf0  pciide - ok
11:36:52.0009 0x1bf0  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
11:36:52.0024 0x1bf0  pcmcia - ok
11:36:52.0040 0x1bf0  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
11:36:52.0040 0x1bf0  pcw - ok
11:36:52.0055 0x1bf0  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
11:36:52.0071 0x1bf0  pdc - ok
11:36:52.0118 0x1bf0  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
11:36:52.0165 0x1bf0  PEAUTH - ok
11:36:52.0290 0x1bf0  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
11:36:52.0305 0x1bf0  PerfHost - ok
11:36:52.0368 0x1bf0  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\WINDOWS\system32\pla.dll
11:36:52.0415 0x1bf0  pla - ok
11:36:52.0430 0x1bf0  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
11:36:52.0446 0x1bf0  PlugPlay - ok
11:36:52.0446 0x1bf0  PnkBstrA - ok
11:36:52.0462 0x1bf0  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
11:36:52.0477 0x1bf0  PNRPAutoReg - ok
11:36:52.0509 0x1bf0  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
11:36:52.0524 0x1bf0  PNRPsvc - ok
11:36:52.0555 0x1bf0  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
11:36:52.0587 0x1bf0  PolicyAgent - ok
11:36:52.0618 0x1bf0  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\WINDOWS\system32\umpo.dll
11:36:52.0618 0x1bf0  Power - ok
11:36:52.0649 0x1bf0  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:36:52.0665 0x1bf0  PptpMiniport - ok
11:36:52.0821 0x1bf0  [ 9D59831262CAD44E709D695FC9D5E7AB, F95C5475F91DA667C8D5C96253944CE8A0F2C9B1ED4DF8703E5D1D47A0C730B5 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
11:36:52.0915 0x1bf0  PrintNotify - ok
11:36:52.0946 0x1bf0  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\WINDOWS\System32\drivers\processr.sys
11:36:52.0962 0x1bf0  Processor - ok
11:36:52.0993 0x1bf0  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
11:36:53.0009 0x1bf0  ProfSvc - ok
11:36:53.0040 0x1bf0  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\WINDOWS\system32\DRIVERS\pacer.sys
11:36:53.0055 0x1bf0  Psched - ok
11:36:53.0087 0x1bf0  [ DD3FD48D69F5FBBB21D46D1514C1C2DB, 2B188E3AC4BD9B608D375DD550507717852C2AF7C0F99FFED90098999B9D4F01 ] PSI             C:\WINDOWS\system32\DRIVERS\psi_mf_amd64.sys
11:36:53.0087 0x1bf0  PSI - ok
11:36:53.0118 0x1bf0  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\WINDOWS\system32\qwave.dll
11:36:53.0134 0x1bf0  QWAVE - ok
11:36:53.0149 0x1bf0  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
11:36:53.0149 0x1bf0  QWAVEdrv - ok
11:36:53.0181 0x1bf0  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:36:53.0181 0x1bf0  RasAcd - ok
11:36:53.0212 0x1bf0  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\WINDOWS\system32\DRIVERS\AgileVpn.sys
11:36:53.0227 0x1bf0  RasAgileVpn - ok
11:36:53.0243 0x1bf0  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
11:36:53.0259 0x1bf0  RasAuto - ok
11:36:53.0290 0x1bf0  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:36:53.0305 0x1bf0  Rasl2tp - ok
11:36:53.0337 0x1bf0  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\WINDOWS\System32\rasmans.dll
11:36:53.0352 0x1bf0  RasMan - ok
11:36:53.0368 0x1bf0  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:36:53.0384 0x1bf0  RasPppoe - ok
11:36:53.0399 0x1bf0  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\WINDOWS\system32\DRIVERS\rassstp.sys
11:36:53.0415 0x1bf0  RasSstp - ok
11:36:53.0446 0x1bf0  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:36:53.0477 0x1bf0  rdbss - ok
11:36:53.0509 0x1bf0  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
11:36:53.0524 0x1bf0  rdpbus - ok
11:36:53.0556 0x1bf0  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
11:36:53.0571 0x1bf0  RDPDR - ok
11:36:53.0602 0x1bf0  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
11:36:53.0602 0x1bf0  RdpVideoMiniport - ok
11:36:53.0618 0x1bf0  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
11:36:53.0634 0x1bf0  RDPWD - ok
11:36:53.0665 0x1bf0  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
11:36:53.0681 0x1bf0  rdyboost - ok
11:36:53.0774 0x1bf0  [ 1791B1C8C72E13D193ADE659E7DB87C1, F0C1EA05283BB89ACBE721D0CDBB30FD8F1E75D5545158D29D6EC11E41B145BA ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:36:53.0790 0x1bf0  RegSrvc - ok
11:36:53.0821 0x1bf0  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
11:36:53.0837 0x1bf0  RemoteAccess - ok
11:36:53.0884 0x1bf0  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
11:36:53.0899 0x1bf0  RemoteRegistry - ok
11:36:53.0931 0x1bf0  [ CCBFCABDFE2BC22F0645CEAADDB36004, 279EA9075079F91165027CEFD4FBC61A213CA602EE7DE106F7D2D243468706AA ] RFCOMM          C:\WINDOWS\System32\drivers\rfcomm.sys
11:36:53.0946 0x1bf0  RFCOMM - ok
11:36:53.0962 0x1bf0  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
11:36:53.0977 0x1bf0  RpcEptMapper - ok
11:36:54.0009 0x1bf0  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\WINDOWS\system32\locator.exe
11:36:54.0024 0x1bf0  RpcLocator - ok
11:36:54.0071 0x1bf0  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
11:36:54.0087 0x1bf0  RpcSs - ok
11:36:54.0118 0x1bf0  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\WINDOWS\system32\DRIVERS\rspndr.sys
11:36:54.0134 0x1bf0  rspndr - ok
11:36:54.0181 0x1bf0  [ 7D9DA8EC6784A9EE213C676709D46BE6, 9861D1EF107F7D1590B89098EAEA7F509C1EF46999C37703F3766BAD733D8AD2 ] RTL8168         C:\WINDOWS\system32\DRIVERS\Rt630x64.sys
11:36:54.0212 0x1bf0  RTL8168 - ok
11:36:54.0243 0x1bf0  [ B6105E2B2F81D8CBA5A5E005F97EA4F5, CDFDEEEB1C351DF0C55B4FFE318B93939DC57AC9919B64B2FC67F6D39CF4A77F ] rzendpt         C:\WINDOWS\System32\drivers\rzendpt.sys
11:36:54.0243 0x1bf0  rzendpt - ok
11:36:54.0259 0x1bf0  [ D30A8C2D23A7AB6664028A9C72E1809E, 1F2486F02A332CA68BA82B69B0188861EA0BA470D0A8CA1C0A4A771D84BC3613 ] rzudd           C:\WINDOWS\System32\drivers\rzudd.sys
11:36:54.0274 0x1bf0  rzudd - ok
11:36:54.0290 0x1bf0  [ 9B64E507A0A31F73AEAA1308A49064E2, A53BF15B20811DB6D100C77A7A9DC8D5229D3F0633C12B14EBF1FFDCED46DB73 ] rzvkeyboard     C:\WINDOWS\System32\drivers\rzvkeyboard.sys
11:36:54.0290 0x1bf0  rzvkeyboard - ok
11:36:54.0306 0x1bf0  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
11:36:54.0321 0x1bf0  s3cap - ok
11:36:54.0352 0x1bf0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs           C:\WINDOWS\system32\lsass.exe
11:36:54.0352 0x1bf0  SamSs - ok
11:36:54.0368 0x1bf0  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
11:36:54.0384 0x1bf0  sbp2port - ok
11:36:54.0431 0x1bf0  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
11:36:54.0446 0x1bf0  SCardSvr - ok
11:36:54.0462 0x1bf0  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
11:36:54.0477 0x1bf0  scfilter - ok
11:36:54.0540 0x1bf0  [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule        C:\WINDOWS\system32\schedsvc.dll
11:36:54.0587 0x1bf0  Schedule - ok
11:36:54.0618 0x1bf0  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
11:36:54.0634 0x1bf0  SCPolicySvc - ok
11:36:54.0649 0x1bf0  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
11:36:54.0665 0x1bf0  sdbus - ok
11:36:54.0696 0x1bf0  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
11:36:54.0696 0x1bf0  SDRSVC - ok
11:36:54.0743 0x1bf0  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
11:36:54.0743 0x1bf0  sdstor - ok
11:36:54.0774 0x1bf0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\WINDOWS\system32\drivers\secdrv.sys
11:36:54.0774 0x1bf0  secdrv - ok
11:36:54.0790 0x1bf0  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\WINDOWS\system32\seclogon.dll
11:36:54.0806 0x1bf0  seclogon - ok
11:36:54.0899 0x1bf0  [ 5E0E975998BF1612E18B898E5D17838B, 76C11C62DB8055F03F868685E8E2016D99D3FC48313CB51C69E7CEA589D80890 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
11:36:54.0946 0x1bf0  Secunia PSI Agent - ok
11:36:54.0977 0x1bf0  [ 508DD2E1D5F272B2D3196335DEA2BC26, 2BDC828DB9D9766445C345E82751FA7EF94A089EC84565675EDADE3EC7EB5748 ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
11:36:54.0993 0x1bf0  Secunia Update Agent - ok
11:36:55.0009 0x1bf0  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\WINDOWS\System32\sens.dll
11:36:55.0024 0x1bf0  SENS - ok
11:36:55.0040 0x1bf0  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
11:36:55.0056 0x1bf0  SensrSvc - ok
11:36:55.0087 0x1bf0  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
11:36:55.0102 0x1bf0  SerCx - ok
11:36:55.0102 0x1bf0  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
11:36:55.0118 0x1bf0  Serenum - ok
11:36:55.0165 0x1bf0  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
11:36:55.0181 0x1bf0  Serial - ok
11:36:55.0181 0x1bf0  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
11:36:55.0181 0x1bf0  sermouse - ok
11:36:55.0212 0x1bf0  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
11:36:55.0227 0x1bf0  SessionEnv - ok
11:36:55.0243 0x1bf0  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
11:36:55.0259 0x1bf0  sfloppy - ok
11:36:55.0306 0x1bf0  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
11:36:55.0321 0x1bf0  SharedAccess - ok
11:36:55.0368 0x1bf0  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:36:55.0399 0x1bf0  ShellHWDetection - ok
11:36:55.0399 0x1bf0  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
11:36:55.0415 0x1bf0  SiSRaid2 - ok
11:36:55.0431 0x1bf0  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
11:36:55.0431 0x1bf0  SiSRaid4 - ok
11:36:55.0462 0x1bf0  [ 23D6E5B073B9848D6B9973306A1E9591, 169F690898D4E85E3129C9C2FBD53D9A40DF68BDBDE7FE0E394808989173B649 ] SmbDrvI         C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
11:36:55.0462 0x1bf0  SmbDrvI - ok
11:36:55.0477 0x1bf0  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
11:36:55.0493 0x1bf0  SNMPTRAP - ok
11:36:55.0524 0x1bf0  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
11:36:55.0540 0x1bf0  spaceport - ok
11:36:55.0571 0x1bf0  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
11:36:55.0571 0x1bf0  SpbCx - ok
11:36:55.0602 0x1bf0  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\WINDOWS\System32\spoolsv.exe
11:36:55.0634 0x1bf0  Spooler - ok
11:36:55.0790 0x1bf0  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
11:36:55.0931 0x1bf0  sppsvc - ok
11:36:55.0946 0x1bf0  sptd - ok
11:36:55.0962 0x1bf0  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
11:36:55.0978 0x1bf0  srv - ok
11:36:56.0024 0x1bf0  [ 56218A571ECF8D55E0CDFF8DF2546CF1, 44B34722108EDDC8757A0B7C939A854457BB7EBC92A83C4284DFFAECFC2E3619 ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
11:36:56.0071 0x1bf0  srv2 - ok
11:36:56.0087 0x1bf0  [ 14FC338B80CFF7E04215133B568D15C4, 1F437BE0EC887097F0C3409D4198A20981FC325FDF915532AB85070D337DEF2B ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
11:36:56.0118 0x1bf0  srvnet - ok
11:36:56.0181 0x1bf0  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
11:36:56.0196 0x1bf0  SSDPSRV - ok
11:36:56.0259 0x1bf0  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
11:36:56.0274 0x1bf0  SstpSvc - ok
11:36:56.0290 0x1bf0  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
11:36:56.0306 0x1bf0  ssudmdm - ok
11:36:56.0353 0x1bf0  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
11:36:56.0353 0x1bf0  stexstor - ok
11:36:56.0415 0x1bf0  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
11:36:56.0446 0x1bf0  stisvc - ok
11:36:56.0462 0x1bf0  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
11:36:56.0478 0x1bf0  storahci - ok
11:36:56.0493 0x1bf0  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\WINDOWS\system32\DRIVERS\vmstorfl.sys
11:36:56.0509 0x1bf0  storflt - ok
11:36:56.0524 0x1bf0  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\WINDOWS\system32\storsvc.dll
11:36:56.0540 0x1bf0  StorSvc - ok
11:36:56.0556 0x1bf0  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
11:36:56.0556 0x1bf0  storvsc - ok
11:36:56.0571 0x1bf0  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\WINDOWS\system32\svsvc.dll
11:36:56.0587 0x1bf0  svsvc - ok
11:36:56.0603 0x1bf0  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\WINDOWS\System32\drivers\swenum.sys
11:36:56.0603 0x1bf0  swenum - ok
11:36:56.0634 0x1bf0  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\WINDOWS\System32\swprv.dll
11:36:56.0665 0x1bf0  swprv - ok
11:36:56.0681 0x1bf0  [ EC3D443A4D29AA584DB8FD44C27E3262, F45711B62939B4F666251B3F949CDA55FAD6A0D7B52B424963C98585892013F4 ] SynTP           C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:36:56.0696 0x1bf0  SynTP - ok
11:36:56.0759 0x1bf0  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\WINDOWS\system32\sysmain.dll
11:36:56.0806 0x1bf0  SysMain - ok
11:36:56.0837 0x1bf0  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
11:36:56.0853 0x1bf0  SystemEventsBroker - ok
11:36:56.0884 0x1bf0  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
11:36:56.0899 0x1bf0  TabletInputService - ok
11:36:56.0915 0x1bf0  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
11:36:56.0931 0x1bf0  TapiSrv - ok
11:36:57.0009 0x1bf0  [ 37D85E873C9531A2F88DD9C63D3F8A9E, C31FF8324962B72DAED445F0A264E3E2E51296DDC98A5914DCE155693FB18868 ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
11:36:57.0087 0x1bf0  Tcpip - ok
11:36:57.0149 0x1bf0  [ 37D85E873C9531A2F88DD9C63D3F8A9E, C31FF8324962B72DAED445F0A264E3E2E51296DDC98A5914DCE155693FB18868 ] TCPIP6          C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:36:57.0212 0x1bf0  TCPIP6 - ok
11:36:57.0259 0x1bf0  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
11:36:57.0274 0x1bf0  tcpipreg - ok
11:36:57.0290 0x1bf0  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
11:36:57.0306 0x1bf0  tdx - ok
11:36:57.0306 0x1bf0  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
11:36:57.0321 0x1bf0  terminpt - ok
11:36:57.0353 0x1bf0  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\WINDOWS\System32\termsrv.dll
11:36:57.0384 0x1bf0  TermService - ok
11:36:57.0399 0x1bf0  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\WINDOWS\system32\themeservice.dll
11:36:57.0415 0x1bf0  Themes - ok
11:36:57.0446 0x1bf0  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\WINDOWS\system32\mmcss.dll
11:36:57.0446 0x1bf0  THREADORDER - ok
11:36:57.0478 0x1bf0  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\WINDOWS\System32\TimeBrokerServer.dll
11:36:57.0493 0x1bf0  TimeBroker - ok
11:36:57.0524 0x1bf0  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\WINDOWS\system32\drivers\tpm.sys
11:36:57.0540 0x1bf0  TPM - ok
11:36:57.0556 0x1bf0  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
11:36:57.0571 0x1bf0  TrkWks - ok
11:36:57.0618 0x1bf0  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
11:36:57.0634 0x1bf0  TrustedInstaller - ok
11:36:57.0665 0x1bf0  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\WINDOWS\system32\drivers\tsusbflt.sys
11:36:57.0681 0x1bf0  TsUsbFlt - ok
11:36:57.0696 0x1bf0  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
11:36:57.0712 0x1bf0  TsUsbGD - ok
11:36:57.0728 0x1bf0  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\WINDOWS\system32\DRIVERS\tunnel.sys
11:36:57.0743 0x1bf0  tunnel - ok
11:36:57.0759 0x1bf0  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\WINDOWS\system32\drivers\uagp35.sys
11:36:57.0790 0x1bf0  uagp35 - ok
11:36:57.0806 0x1bf0  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
11:36:57.0806 0x1bf0  UASPStor - ok
11:36:57.0837 0x1bf0  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\WINDOWS\System32\drivers\ucx01000.sys
11:36:57.0853 0x1bf0  UCX01000 - ok
11:36:57.0884 0x1bf0  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
11:36:57.0915 0x1bf0  udfs - ok
11:36:57.0931 0x1bf0  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
11:36:57.0946 0x1bf0  UI0Detect - ok
11:36:57.0962 0x1bf0  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\WINDOWS\system32\drivers\uliagpkx.sys
11:36:57.0962 0x1bf0  uliagpkx - ok
11:36:57.0978 0x1bf0  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
11:36:57.0993 0x1bf0  umbus - ok
11:36:58.0009 0x1bf0  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
11:36:58.0024 0x1bf0  UmPass - ok
11:36:58.0040 0x1bf0  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
11:36:58.0056 0x1bf0  UmRdpService - ok
11:36:58.0150 0x1bf0  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
11:36:58.0165 0x1bf0  UNS - ok
11:36:58.0196 0x1bf0  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\WINDOWS\System32\upnphost.dll
11:36:58.0228 0x1bf0  upnphost - ok
11:36:58.0259 0x1bf0  [ 30F02F642C2D141CAABD412B48A29D76, E94610E0CB46A9DD811AC03B028310D91E13B63A57A39749EEAC70FB5E729EE3 ] usb3Hub         C:\WINDOWS\System32\drivers\usb3Hub.sys
11:36:58.0274 0x1bf0  usb3Hub - ok
11:36:58.0306 0x1bf0  [ 9E9F21FF91D7ECC0BCCB94D3FE52A959, 85461393D62ED939F6741C2D0A90C8AB34F4415173223BB4CFC119715D10E7A7 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
11:36:58.0321 0x1bf0  usbaudio - ok
11:36:58.0353 0x1bf0  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
11:36:58.0368 0x1bf0  usbccgp - ok
11:36:58.0400 0x1bf0  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
11:36:58.0415 0x1bf0  usbcir - ok
11:36:58.0446 0x1bf0  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
11:36:58.0446 0x1bf0  usbehci - ok
11:36:58.0493 0x1bf0  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
11:36:58.0509 0x1bf0  usbhub - ok
11:36:58.0540 0x1bf0  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
11:36:58.0556 0x1bf0  USBHUB3 - ok
11:36:58.0603 0x1bf0  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
11:36:58.0603 0x1bf0  usbohci - ok
11:36:58.0618 0x1bf0  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
11:36:58.0634 0x1bf0  usbprint - ok
11:36:58.0650 0x1bf0  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:36:58.0665 0x1bf0  usbscan - ok
11:36:58.0696 0x1bf0  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
11:36:58.0696 0x1bf0  USBSTOR - ok
11:36:58.0743 0x1bf0  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
11:36:58.0759 0x1bf0  usbuhci - ok
11:36:58.0790 0x1bf0  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\WINDOWS\System32\Drivers\usbvideo.sys
11:36:58.0806 0x1bf0  usbvideo - ok
11:36:58.0821 0x1bf0  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
11:36:58.0837 0x1bf0  USBXHCI - ok
11:36:58.0853 0x1bf0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
11:36:58.0868 0x1bf0  VaultSvc - ok
11:36:58.0900 0x1bf0  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
11:36:58.0915 0x1bf0  vdrvroot - ok
11:36:58.0962 0x1bf0  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\WINDOWS\System32\vds.exe
11:36:58.0978 0x1bf0  vds - ok
11:36:58.0993 0x1bf0  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
11:36:59.0009 0x1bf0  VerifierExt - ok
11:36:59.0040 0x1bf0  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
11:36:59.0071 0x1bf0  vhdmp - ok
11:36:59.0087 0x1bf0  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\WINDOWS\system32\drivers\viaide.sys
11:36:59.0103 0x1bf0  viaide - ok
11:36:59.0150 0x1bf0  [ 71B51CF0B12E216D1FA8262B3B8E7DB4, E392CE09E02519AD2E31FB42ECEEDA5D252A9F3F1F9E137AA0726784EF7DFB71 ] vm332avs        C:\WINDOWS\System32\Drivers\vm332avs.sys
11:36:59.0181 0x1bf0  vm332avs - ok
11:36:59.0212 0x1bf0  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
11:36:59.0228 0x1bf0  vmbus - ok
11:36:59.0228 0x1bf0  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
11:36:59.0243 0x1bf0  VMBusHID - ok
11:36:59.0290 0x1bf0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\WINDOWS\System32\ICSvc.dll
11:36:59.0306 0x1bf0  vmicheartbeat - ok
11:36:59.0321 0x1bf0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll
11:36:59.0337 0x1bf0  vmickvpexchange - ok
11:36:59.0337 0x1bf0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\WINDOWS\System32\ICSvc.dll
11:36:59.0368 0x1bf0  vmicrdv - ok
11:36:59.0368 0x1bf0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\WINDOWS\System32\ICSvc.dll
11:36:59.0384 0x1bf0  vmicshutdown - ok
11:36:59.0400 0x1bf0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\WINDOWS\System32\ICSvc.dll
11:36:59.0415 0x1bf0  vmictimesync - ok
11:36:59.0431 0x1bf0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\WINDOWS\System32\ICSvc.dll
11:36:59.0446 0x1bf0  vmicvss - ok
11:36:59.0462 0x1bf0  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
11:36:59.0462 0x1bf0  volmgr - ok
11:36:59.0478 0x1bf0  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
11:36:59.0493 0x1bf0  volmgrx - ok
11:36:59.0525 0x1bf0  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
11:36:59.0540 0x1bf0  volsnap - ok
11:36:59.0556 0x1bf0  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
11:36:59.0556 0x1bf0  vpci - ok
11:36:59.0587 0x1bf0  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
11:36:59.0603 0x1bf0  vsmraid - ok
11:36:59.0665 0x1bf0  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\WINDOWS\system32\vssvc.exe
11:36:59.0728 0x1bf0  VSS - ok
11:36:59.0759 0x1bf0  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
11:36:59.0775 0x1bf0  VSTXRAID - ok
11:36:59.0790 0x1bf0  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
11:36:59.0790 0x1bf0  vwifibus - ok
11:36:59.0806 0x1bf0  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\WINDOWS\system32\DRIVERS\vwififlt.sys
11:36:59.0821 0x1bf0  vwififlt - ok
11:36:59.0821 0x1bf0  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\WINDOWS\system32\DRIVERS\vwifimp.sys
11:36:59.0837 0x1bf0  vwifimp - ok
11:36:59.0884 0x1bf0  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\WINDOWS\system32\w32time.dll
11:36:59.0900 0x1bf0  W32Time - ok
11:36:59.0915 0x1bf0  WacHidRouter - ok
11:36:59.0915 0x1bf0  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
11:36:59.0931 0x1bf0  WacomPen - ok
11:36:59.0931 0x1bf0  wacomrouterfilter - ok
11:36:59.0946 0x1bf0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:36:59.0962 0x1bf0  Wanarp - ok
11:36:59.0962 0x1bf0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:36:59.0978 0x1bf0  Wanarpv6 - ok
11:37:00.0040 0x1bf0  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\WINDOWS\system32\wbengine.exe
11:37:00.0087 0x1bf0  wbengine - ok
11:37:00.0118 0x1bf0  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
11:37:00.0134 0x1bf0  WbioSrvc - ok
11:37:00.0181 0x1bf0  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
11:37:00.0196 0x1bf0  Wcmsvc - ok
11:37:00.0228 0x1bf0  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
11:37:00.0243 0x1bf0  wcncsvc - ok
11:37:00.0259 0x1bf0  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll
11:37:00.0275 0x1bf0  WcsPlugInService - ok
11:37:00.0322 0x1bf0  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\WINDOWS\system32\drivers\wd.sys
11:37:00.0322 0x1bf0  Wd - ok
11:37:00.0353 0x1bf0  [ FD47DF026B32969B8A68721A0243E8EE, 57A7B9B40CEDADFB023AEDD9F29869F1B93EA2596F47B5DDC233D57FC585CCE1 ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
11:37:00.0368 0x1bf0  WdBoot - ok
11:37:00.0400 0x1bf0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
11:37:00.0431 0x1bf0  Wdf01000 - ok
11:37:00.0462 0x1bf0  [ 5F425D842DD6ADE9F95A51A0616AFAD7, 807B8E6A4FE443A362076C225F588A8C897CFE24A6367F4D461C8F6D3EF004C5 ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
11:37:00.0478 0x1bf0  WdFilter - ok
11:37:00.0493 0x1bf0  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
11:37:00.0509 0x1bf0  WdiServiceHost - ok
11:37:00.0525 0x1bf0  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
11:37:00.0540 0x1bf0  WdiSystemHost - ok
11:37:00.0587 0x1bf0  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\WINDOWS\System32\webclnt.dll
11:37:00.0603 0x1bf0  WebClient - ok
11:37:00.0618 0x1bf0  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
11:37:00.0650 0x1bf0  Wecsvc - ok
11:37:00.0650 0x1bf0  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
11:37:00.0681 0x1bf0  wercplsupport - ok
11:37:00.0712 0x1bf0  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
11:37:00.0728 0x1bf0  WerSvc - ok
11:37:00.0743 0x1bf0  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\WINDOWS\system32\DRIVERS\wfplwfs.sys
11:37:00.0759 0x1bf0  WFPLWFS - ok
11:37:00.0775 0x1bf0  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
11:37:00.0790 0x1bf0  WiaRpc - ok
11:37:00.0822 0x1bf0  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
11:37:00.0837 0x1bf0  WIMMount - ok
11:37:00.0853 0x1bf0  WinDefend - ok
11:37:00.0915 0x1bf0  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
11:37:00.0947 0x1bf0  WinHttpAutoProxySvc - ok
11:37:01.0009 0x1bf0  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
11:37:01.0040 0x1bf0  Winmgmt - ok
11:37:01.0134 0x1bf0  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
11:37:01.0228 0x1bf0  WinRM - ok
11:37:01.0259 0x1bf0  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\WINDOWS\system32\DRIVERS\WinUsb.sys
11:37:01.0275 0x1bf0  WinUsb - ok
11:37:01.0337 0x1bf0  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
11:37:01.0384 0x1bf0  WlanSvc - ok
11:37:01.0462 0x1bf0  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
11:37:01.0525 0x1bf0  wlidsvc - ok
11:37:01.0556 0x1bf0  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
11:37:01.0572 0x1bf0  WmiAcpi - ok
11:37:01.0603 0x1bf0  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
11:37:01.0618 0x1bf0  wmiApSrv - ok
11:37:01.0650 0x1bf0  WMPNetworkSvc - ok
11:37:01.0665 0x1bf0  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\WINDOWS\system32\DRIVERS\wpcfltr.sys
11:37:01.0681 0x1bf0  wpcfltr - ok
11:37:01.0728 0x1bf0  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\WINDOWS\System32\wpcsvc.dll
11:37:01.0743 0x1bf0  WPCSvc - ok
11:37:01.0759 0x1bf0  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
11:37:01.0775 0x1bf0  WPDBusEnum - ok
11:37:01.0806 0x1bf0  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
11:37:01.0806 0x1bf0  WpdUpFltr - ok
11:37:01.0837 0x1bf0  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
11:37:01.0853 0x1bf0  ws2ifsl - ok
11:37:01.0884 0x1bf0  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
11:37:01.0900 0x1bf0  wscsvc - ok
11:37:01.0931 0x1bf0  [ 74EFDA0526862C3D8D01A776182798EA, 7C9AD6118CB344C63B60A8BA5FA8C85ADED30933821ABD1427857E826EFC2952 ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
11:37:01.0947 0x1bf0  WSDPrintDevice - ok
11:37:01.0962 0x1bf0  [ FA07DF46070F0826139709EF4D31FB71, 8F46A55D5C4336536E7974C9CEAFED55E7E9E9BF133D2AD0F6A55174F70B2F03 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
11:37:01.0962 0x1bf0  WSDScan - ok
11:37:01.0978 0x1bf0  WSearch - ok
11:37:02.0072 0x1bf0  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\WINDOWS\System32\WSService.dll
11:37:02.0165 0x1bf0  WSService - ok
11:37:02.0197 0x1bf0  [ 72B4E9DF6456C43C42A1419B09486045, 536BA7377B5BEA7EA46864453933111DB88DB8FB689C68915ACD7261A996E61D ] wsvd            C:\WINDOWS\system32\DRIVERS\wsvd.sys
11:37:02.0212 0x1bf0  wsvd - ok
11:37:02.0322 0x1bf0  [ 311E5E1976E0BD9110A88B93158055D5, F1AA738D6AD74C33785EEFE1FBE8A869AAB62417B7D079389293AB1209A849C1 ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
11:37:02.0415 0x1bf0  wuauserv - ok
11:37:02.0462 0x1bf0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
11:37:02.0478 0x1bf0  WudfPf - ok
11:37:02.0493 0x1bf0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\WINDOWS\System32\drivers\WUDFRd.sys
11:37:02.0509 0x1bf0  WUDFRd - ok
11:37:02.0540 0x1bf0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
11:37:02.0556 0x1bf0  wudfsvc - ok
11:37:02.0572 0x1bf0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:37:02.0587 0x1bf0  WUDFWpdFs - ok
11:37:02.0603 0x1bf0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
11:37:02.0618 0x1bf0  WUDFWpdMtp - ok
11:37:02.0650 0x1bf0  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
11:37:02.0665 0x1bf0  WwanSvc - ok
11:37:02.0712 0x1bf0  [ 6FDEE5E0741A3FFA5E5772C6C94E3F64, 859EBC7F8FF3CE9F3301B5BF93CF0C84C2A4271F205B67D9B8DC463DC67DE661 ] XHCIPort        C:\WINDOWS\System32\drivers\XHCIPort.sys
11:37:02.0728 0x1bf0  XHCIPort - ok
11:37:02.0900 0x1bf0  [ 2AC426C57AC3D6A226D66E5A03223C90, 45AD44153D280E4066BA62260CE7733AC3DC23D59951BBCC0F8D4F5226F97203 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
11:37:02.0993 0x1bf0  ZeroConfigService - ok
11:37:02.0993 0x1bf0  ================ Scan global ===============================
11:37:03.0040 0x1bf0  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\WINDOWS\system32\basesrv.dll
11:37:03.0072 0x1bf0  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\WINDOWS\system32\winsrv.dll
11:37:03.0118 0x1bf0  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\WINDOWS\system32\sxssrv.dll
11:37:03.0150 0x1bf0  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\WINDOWS\system32\services.exe
11:37:03.0165 0x1bf0  [ Global ] - ok
11:37:03.0165 0x1bf0  ================ Scan MBR ==================================
11:37:03.0165 0x1bf0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
11:37:03.0197 0x1bf0  \Device\Harddisk0\DR0 - ok
11:37:03.0212 0x1bf0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
11:37:04.0087 0x1bf0  \Device\Harddisk1\DR1 - ok
11:37:04.0087 0x1bf0  ================ Scan VBR ==================================
11:37:04.0087 0x1bf0  [ 4442C0A6C04745FB6E5882AD4133A05F ] \Device\Harddisk0\DR0\Partition1
11:37:04.0087 0x1bf0  \Device\Harddisk0\DR0\Partition1 - ok
11:37:04.0087 0x1bf0  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition2
11:37:04.0087 0x1bf0  \Device\Harddisk0\DR0\Partition2 - ok
11:37:04.0087 0x1bf0  [ 7D4CD281F9782D49DA51F9F6FA82A928 ] \Device\Harddisk1\DR1\Partition1
11:37:04.0103 0x1bf0  \Device\Harddisk1\DR1\Partition1 - ok
11:37:04.0134 0x1bf0  [ 3CF36EAD2469C67ACCB7D886203D1877 ] \Device\Harddisk1\DR1\Partition2
11:37:04.0165 0x1bf0  \Device\Harddisk1\DR1\Partition2 - ok
11:37:04.0181 0x1bf0  [ 60E867BF43E85A53E606029EDB86B4C9 ] \Device\Harddisk1\DR1\Partition3
11:37:04.0228 0x1bf0  \Device\Harddisk1\DR1\Partition3 - ok
11:37:04.0244 0x1bf0  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition4
11:37:04.0244 0x1bf0  \Device\Harddisk1\DR1\Partition4 - ok
11:37:04.0259 0x1bf0  [ 25397A095B029666AA67A3F43565A7E0 ] \Device\Harddisk1\DR1\Partition5
11:37:04.0259 0x1bf0  \Device\Harddisk1\DR1\Partition5 - ok
11:37:04.0290 0x1bf0  [ 90B8C7F7F116D89D5F3D2BE0D1FE6523 ] \Device\Harddisk1\DR1\Partition6
11:37:04.0306 0x1bf0  \Device\Harddisk1\DR1\Partition6 - ok
11:37:04.0322 0x1bf0  [ 6A34FFAA14A3769DBA0A8C51D4ADD22B ] \Device\Harddisk1\DR1\Partition7
11:37:04.0322 0x1bf0  \Device\Harddisk1\DR1\Partition7 - ok
11:37:04.0322 0x1bf0  ================ Scan generic autorun ======================
11:37:04.0369 0x1bf0  [ 2A7839D0AF1EBE4173FD7D652487C8A3, 5E4FC2D1E983C1759FA3590123EEE3F492685350B4D5FCDE0753BC23D7E69D32 ] C:\WINDOWS\system32\igfxtray.exe
11:37:04.0384 0x1bf0  IgfxTray - ok
11:37:04.0431 0x1bf0  [ C598B49A2E91FA2AF19B703D39F755DB, EBB9572BD00635576B7BFB4CD605BB702C19FB36480570D1AF48644EB366C0FA ] C:\WINDOWS\system32\hkcmd.exe
11:37:04.0447 0x1bf0  HotKeysCmds - ok
11:37:04.0462 0x1bf0  [ 343938B466553E657B438DC123A53037, 6181902478D7BAC7D6E763A629D10C5EA41982B4716DADFB5006ECFFEAAC3353 ] C:\WINDOWS\system32\igfxpers.exe
11:37:04.0478 0x1bf0  Persistence - ok
11:37:04.0540 0x1bf0  [ 552894CB0AB64664A48E544F4B50FEA2, 3C8B89444D5B32E01284C9C02448995E41FA4A29EE789170A43679AA119F7395 ] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
11:37:04.0556 0x1bf0  AmIcoSinglun64 - ok
11:37:04.0556 0x1bf0  BTMTrayAgent - ok
11:37:04.0556 0x1bf0  SynTPEnh - ok
11:37:04.0556 0x1bf0  SynLenovoGestureMgr - ok
11:37:04.0619 0x1bf0  [ DD8C5A331E1F83510C5A788CB9AA8727, BDEDB9B9D3B0C16B217A67B9B02C9E339E133E4FE05E144DCB344D80C6786078 ] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
11:37:04.0650 0x1bf0  cAudioFilterAgent - ok
11:37:04.0665 0x1bf0  [ 42361B4BD80768E82B80285851037665, A555A6BF8016645B838FEA993AD273D1F472586F3600619DC243B1C33438FA07 ] C:\Program Files\Conexant\ForteConfig\fmapp.exe
11:37:04.0665 0x1bf0  ForteConfig - ok
11:37:04.0744 0x1bf0  [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SAII\SACpl.exe
11:37:04.0790 0x1bf0  SmartAudio - detected UnsignedFile.Multi.Generic ( 1 )
11:37:07.0353 0x1bf0  Detect skipped due to KSN trusted
11:37:07.0353 0x1bf0  SmartAudio - ok
11:37:07.0853 0x1bf0  [ 65EE16AACAEBAF3D8EDEA422177B2DA0, D15F841043D04ACE2F3D376F0EA2A3F42B4FAAE78C82913529EB8576608D0B22 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
11:37:08.0213 0x1bf0  Energy Management - ok
11:37:08.0322 0x1bf0  [ 5EAF38FC08B9DE07AE8A3D814A3CF959, F9F1844F20106EE77664B848A056D6E06105647C61FC2F2B64BDFD05F76E7E3D ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
11:37:08.0338 0x1bf0  EnergyUtility - ok
11:37:08.0931 0x1bf0  [ C08AF3D7162084119A3089D40240E592, B68F51E176A1193496108E60999C96656A166B7868A6C403B329AA2DBA3EAFD2 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
11:37:08.0978 0x1bf0  NvBackend - ok
11:37:09.0041 0x1bf0  [ 3A6209AC494296C24C2065CB4392B5F4, 944556A8521D4E59EE35B364C9FB1A3846924D512E73C2CB32DD440022E6B1B5 ] C:\WINDOWS\system32\rundll32.exe
11:37:09.0072 0x1bf0  ShadowPlay - ok
11:37:09.0322 0x1bf0  [ E265333FED70984757A2506DE17CF381, B31FE2E6505C182B65FD73127165F4FF84D63C8BF53D644117FE15191E690369 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
11:37:09.0353 0x1bf0  AdobeAAMUpdater-1.0 - ok
11:37:09.0556 0x1bf0  [ FF0FAB199882C00D6DC54CA035865C49, BF4D65D96F8DC0057042C2A4B70106D156B0D13C75839935BC9051089363C495 ] C:\Program Files\iTunes\iTunesHelper.exe
11:37:09.0572 0x1bf0  iTunesHelper - ok
11:37:09.0681 0x1bf0  [ 3A5D0E1BF0D7B954FD3A8BE474FCAABA, 2B41DF59122496519C8B68518AD566F3B7F28BECD089BF15B50D3D78C7369760 ] C:\Program Files (x86)\USB Camera2\VM332STI.EXE
11:37:09.0713 0x1bf0  332BigDog - ok
11:37:09.0838 0x1bf0  [ 50D1476C84446135A990F4939DC2DC1D, D062F92863E32EC075BD672F3C185CE8C9329F8B679D5508C396131B1DB30EF7 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
11:37:09.0853 0x1bf0  Dolby Home Theater v4 - ok
11:37:10.0072 0x1bf0  [ A1741C3B79F9DF8895E05EF43579E74B, 446094FDBA93518ABE1CDEC50E24AB60BC7CA78022A289AF5C21461778FD8001 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
11:37:10.0088 0x1bf0  YouCam Mirage - ok
11:37:10.0103 0x1bf0  [ 79EDDBCBFFC23585BC1495AFC03CC4D7, 325A6C067A52BAD7070C1C758EA69645FD8083AC6D0ABA8340BDBE1A712E005F ] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
11:37:10.0119 0x1bf0  YouCam Tray - ok
11:37:10.0447 0x1bf0  [ E77D7E64EF93D0DFA5C3EC560B02FC0C, 4EE508B1D5A16AF71AC5E9C45F7A712A13EA25D6C8ED8B1FC4F1D1DF093F9BD5 ] C:\Program Files (x86)\Lenovo\Lenovo Smart Update\Lenovo Smart Update.exe
11:37:10.0494 0x1bf0  Smart Update - ok
11:37:10.0744 0x1bf0  [ 43E946AAD268FEAFB1E286677E70CB5D, 7798926B3CF11D1CF7DFF9B3D67AD3DC67010A62F3132CAEA273EB299A61B176 ] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
11:37:10.0760 0x1bf0  Intel AppUp(SM) center - ok
11:37:10.0885 0x1bf0  [ 574A817D9F08444166907FDC28DE4E0B, D3142EF23C5D07E17F0AC09D61B4AD1589DC39FD35C90AD768789CB14FF9C4C8 ] C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe
11:37:10.0916 0x1bf0  KrakenLauncher - ok
11:37:11.0088 0x1bf0  [ FF568C146B9D2C2EE86DBEB1784DD739, 2BB426476650B3ADBB066D0D3ABC233629E25ADE9DCE7CD2630FAED4B08CAA5D ] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
11:37:11.0166 0x1bf0  Adobe Creative Cloud - ok
11:37:11.0244 0x1bf0  [ 442CC2A5247327548826D284B7CC7287, 8005CB98F7519EDC84FE88009EE354B753929DDA71761571E68BECCBC3D88D02 ] C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe
11:37:11.0291 0x1bf0  GDFirewallTray - ok
11:37:11.0306 0x1bf0  Waiting for KSN requests completion. In queue: 15
11:37:12.0322 0x1bf0  Waiting for KSN requests completion. In queue: 15
11:37:13.0338 0x1bf0  Waiting for KSN requests completion. In queue: 15
11:37:14.0353 0x1bf0  AV detected via SS2: G DATA INTERNET SECURITY, C:\Program Files (x86)\G DATA\InternetSecurity\AVK\avkwscpe.exe ( 25.1.0.0 ), 0x41010 ( enabled : outofdate )
11:37:14.0353 0x1bf0  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.3.215.0 ), 0x60100 ( disabled : updated )
11:37:14.0353 0x1bf0  FW detected via SS2: G*DATA Personal Firewall, C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe ( 22.0.0.1 ), 0x41010 ( enabled )
11:37:16.0776 0x1bf0  ============================================================
11:37:16.0776 0x1bf0  Scan finished
11:37:16.0776 0x1bf0  ============================================================
11:37:16.0776 0x0540  Detected object count: 0
11:37:16.0776 0x0540  Actual detected object count: 0
         

Alt 13.05.2015, 15:04   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
Task: {BFA4409F-C4A3-468C-B39B-11E48A0D8E10} - \Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002 No Task File <==== ATTENTION
RemoveProxy:
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.05.2015, 23:33   #12
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01
Ran by Eli at 2015-05-15 23:19:31 Run:1
Running from C:\Users\Eli\Desktop\Trojaner Board
Loaded Profiles: Eli (Available profiles: Eli & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-19\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\WINDOWS\explorer.exe [2391280 2013-06-01] (Microsoft Corporation) <==== ATTENTION 
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: {ab5696aa-439a-44e9-a82d-48c7ae8939ae} - C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi [2014-12-12]
Task: {BFA4409F-C4A3-468C-B39B-11E48A0D8E10} - \Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002 No Task File <==== ATTENTION
RemoveProxy:
EmptyTemp:
*****************

HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Users\Eli\AppData\Roaming\Mozilla\Firefox\Profiles\fy5swyp3.default\Extensions\{ab5696aa-439a-44e9-a82d-48c7ae8939ae}.xpi => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BFA4409F-C4A3-468C-B39B-11E48A0D8E10} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2344629883-704184612-3672562925-1002" => Key deleted successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.


========= End of RemoveProxy: =========

EmptyTemp: => Removed 3.8 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 23:21:03 ====
         

Alt 16.05.2015, 13:29   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.05.2015, 23:36   #14
PhiGammaTau
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



mbam
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 18.05.2015
Suchlauf-Zeit: 15:20:03
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.18.03
Rootkit Datenbank: v2015.05.16.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Eli

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 404265
Verstrichene Zeit: 28 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 3
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CA228C2-B948-403D-83CD-C820283770A9}, In Quarantäne, [40dbc5d01179290ddb780f60739228d8], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CA228C2-B948-403D-83CD-C820283770A9}, In Quarantäne, [9f7c5f36701a82b4f75ccfa0ae5734cc], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86C00F97-6B26-48E9-80E0-8B2598DC3BC3}, In Quarantäne, [64b755407c0e43f39db539361ce90bf5], 

Registrierungswerte: 3
PUP.Optional.CrossRider.A, HKU\S-1-5-18\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CA228C2-B948-403D-83CD-C820283770A9}|AppName, e29da3ee-f709-4bd1-9e68-f6aed42bdb9f-2.exe-codedownloader.exe, In Quarantäne, [40dbc5d01179290ddb780f60739228d8]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{4CA228C2-B948-403D-83CD-C820283770A9}|AppName, e29da3ee-f709-4bd1-9e68-f6aed42bdb9f-2.exe-codedownloader.exe, In Quarantäne, [9f7c5f36701a82b4f75ccfa0ae5734cc]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2344629883-704184612-3672562925-1002\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{86C00F97-6B26-48E9-80E0-8B2598DC3BC3}|AppName, iWebar-enabler.exe-buttonutil.exe, In Quarantäne, [64b755407c0e43f39db539361ce90bf5]

Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)

Ordner: 0
(Keine schädliche Elemente gefunden)

Dateien: 0
(Keine schädliche Elemente gefunden)

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         

ESET

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f98c3b3f7f2ee54a8ec99f8bb931ecbc
# engine=23900
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-18 04:05:54
# local_time=2015-05-18 06:05:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7877267 59248629 0 0
# scanned=338893
# found=67
# cleaned=0
# scan_time=7793
sh=08A5CE348D319335A92076C65C1091277AFED1B9 ft=1 fh=158b9db86261fb7d vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=D0227C65B2F0F39645BD725986B09DB6E304724A ft=1 fh=7e4b7455bc0c3d48 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\Autodesk SketchBook - CHIP-Installer.exe"
sh=1297D09CC8DEAD0393BED14FAFCE2F9B65F27C13 ft=1 fh=9f3eda1b132edd36 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\MP3 schneiden 2015 - CHIP-Installer.exe"
sh=A2A621BC4263312E6E9268DE177F0D69D08611DC ft=1 fh=31688d33b9a64798 vn="Win32/InstallMonetizer.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\MP3CutterSetup.exe"
sh=B0C76EBBBBC7233DA994EC5739F61A6BEF3966B1 ft=1 fh=ea0d0894559c4cce vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\PaintTool SAI - CHIP-Installer.exe"
sh=838B7CEDBDFC850CA951F4293CC74011F763A114 ft=1 fh=1cec1feb8e462f54 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\Secunia Personal Software Inspector PSI - CHIP-Installer.exe"
sh=4EC1CCC669F9573DB0FECA6803FBB247C24ECF45 ft=1 fh=301078c3b1327434 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eli\Downloads\Thunderbird - CHIP-Installer.exe"
sh=4E625E1536AE21EF16121F600E6D2CD519A78F88 ft=1 fh=f22fcd0c28258089 vn="Variante von Win32/Packed.Komodia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\LavasoftTcpService.dll"
sh=4E625E1536AE21EF16121F600E6D2CD519A78F88 ft=1 fh=f22fcd0c28258089 vn="Variante von Win32/Packed.Komodia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\LavasoftTcpService.dll"
sh=EDAF8A2B6318DD482F0BBDC2A96C109697D86E5A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\arcadi2_sourceID_m[1].js"
sh=FBB7D706F207407D497E9D92FFAEB182CCDEECC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\base[1].js"
sh=140BE41E58E7CB6E9B38B4ED892886CED78C2E58 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\corticas_m[1].js"
sh=414BA1B7AEF9A844B50F88BC0548E60F296EF5F5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\corticas_ru_m[1].js"
sh=EE0C01CA81EBB2B46504012816E1B3EC0FE5F29C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\cortica_m[1].js"
sh=A7400B116369A3142513FD9A3E93134369137036 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\coupons_intext_ads_5_m[1].js"
sh=839E6E1F5A9176E34A973717146FCD1CBFB1F44C ft=1 fh=94e7912e1fc3f926 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\IminentMinibarIE[1].exe"
sh=CCC3C799A2C39E3513F5C5DBEC392D4C873732F6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Iminent.K evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\iminent[1].msi"
sh=64E1E6B4EF399CFE19D4D144505F344FF97E8CCB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\intext_fa_m[1].js"
sh=CF138C16214F3451EE8CF965CB30532461AA0614 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\superfish_no_search_no_coupons_m[1].js"
sh=5BD7B82662A263F1138F5E2A90138A8BFA5C4853 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\819UYFOX\widdit_m[1].js"
sh=40364CD66B83A2B2D060BAF8948B89BBEF4E024B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\50onred_ads_only_no_fb_m[1].js"
sh=C7C186E54D042C9DCAACD170347F10C188AEC85D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\arcadi2_m[1].js"
sh=D67303051C4C06CDA7B352169D649F4AEFF862B6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\arcadi3_m[1].js"
sh=DED4D5AC65600899CE571E960D7B9D20DBEFD9BB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\coupish_m[1].js"
sh=DB51332A37F65FD4863EE1B8A5BA62A02DA885F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\ibario_pops_m[1].js"
sh=52E4B498947D3D88D7C6042611258238D71CA0C4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\monetizationLoader[1].js"
sh=1F2641FFCA5C1DACAAA217BE7C9989F7AC05C1A1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\similar_web_m[1].js"
sh=69C3AF55C20BCCC3E20E0FD53946E475A79FC691 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLG82EN5\superfish_m[1].js"
sh=288FB4BEC59EEF7E0827216B4286A69802EDC05F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\cortica_rollover_m[1].js"
sh=83CDCE21D2E22142F1D24D0C225529B9D8485EAB ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\dealply_m[1].js"
sh=1D0D0004624903CF66D059CC3EFB513926B2B8BC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\icm_m[1].js"
sh=4666A52D4EEF9AD0B5BEF9DFF1A9163C17D03398 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\initializer[1].js"
sh=63362C65C083ABF77E174E7351F333927EB9A5C9 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\luck_m[1].js"
sh=5DB1EA4D428D69A859A6A2D90A649C17BB42E02C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\revizer_p_m[1].js"
sh=A1AAE6746EE56E39AB7C51C70B8215BE3D0F4ACD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\revizer_ws_m[1].js"
sh=17455E3C3ACDC5230501BB3BA992829B8669DDC5 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2QREQWM\superfish_no_coupons_m[1].js"
sh=F8BD38D50F0348CEF64D0B397BF6BAC1EC8A3CD0 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\ads_only_5_m[1].js"
sh=BA13B61D2A823E7CBBDC85CD5CE511946BC86E65 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\debug[1].js"
sh=5F4085D36D3743A164582B9628469218ECD72EBA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\getdeal_m[1].js"
sh=C5DD383664008DA61501CCBAF1279A498CC468F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\icm1_5_m[1].js"
sh=60D25EF0BC5392D5A28A39F59C89C2D51915213B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\intext_5_m[1].js"
sh=24AA0A999D9AA9ED69DBD3AD37D4C0C1A4D8DC89 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\intext_adv_m[1].js"
sh=E008307C95AD4C1D040B009D307E13C03146B1BF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\jollywallet_m[1].js"
sh=2F35EDB7F0766853F74783CBC08D786A5A951C44 ft=1 fh=e60ee7886b57df84 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\MinibarChrome[1].exe"
sh=176D4038122B1FF7370825F721F36F73103C5873 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE4CGSIX\superfish_pricora_m[1].js"
sh=E0C5DA830661148F1D2401700F094155E38A2BA0 ft=1 fh=53f7a24e2a3a886d vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\BackupSetup.exe"
sh=CE89DB7BD06670FD77A7C1B37FF1A66BB99DF770 ft=1 fh=0247e0c60ea383d8 vn="Variante von Win32/Toolbar.Iminent.K evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\IminentSetup_20130624.exe"
sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsh182D.exe"
sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsn1A22.exe"
sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsuF6E8.exe"
sh=3560FE1E82F4F75412E044A2A0B6F964ED25A9D2 ft=1 fh=460447689ed950e5 vn="Win32/Conduit.SearchProtect.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsvFAE0.exe"
sh=1A54ACCFE082C9E5DFE27DDC9F4DF2F0873BD16A ft=1 fh=495e9f00037b22a4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\BabMaint.exe"
sh=DED201AE02FB9EA3646489AFEDA49270C4620D9C ft=1 fh=c71c001196f8c3ac vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\BExternal.dll"
sh=E7DA69DC319E3A568AF676E7C010E504D36769CF ft=1 fh=d44f21574d5abbac vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\BUSolForMontiera.dll"
sh=26E07D42BAB3A34C96AE91D3718CFFD471B58D1D ft=1 fh=c7113caa6531040e vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\BUSolution.dll"
sh=64F13C808BEAA930DD0D72293FBDCB2AB3A1907F ft=1 fh=78152fcda9790a4e vn="Win32/Toolbar.Babylon.AE evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\ChromeToolbarSetup.dll"
sh=1466BC1893B6D4B277A177CD2C7D1BEF65F6AAEB ft=1 fh=407239d3cdeb51cc vn="Win32/Toolbar.Babylon.U evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\CrxInstaller.dll"
sh=246DDBC3A2C223A6B9072637D93DC2A2832D097A ft=1 fh=c71c0011b04f613a vn="Win32/Toolbar.Babylon.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\DSearchLink.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\IEHelper.dll"
sh=25EA5C7F4A48D166A2006CA37B936ECA340F58ED ft=1 fh=c71c0011e4611a52 vn="Win32/Toolbar.Babylon.V evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\MntrDLLInstall.dll"
sh=63B9ACAA33978D6BA181B45C51DABE9FF76B50AA ft=1 fh=75ac944de1f3f413 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\18B4440C-BAB0-7891-BEAC-835EB16C5509\Latest\Setup.exe"
sh=FD77BC87BEE4F586A299540541FE37A2F7180FBE ft=1 fh=5fa0813bf2381fde vn="Win32/Toolbar.Babylon.AF evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\bus9F21\CrxUpdater_d.exe"
sh=2B371F487F7913191E68EE2E12534E82AFDD3CB0 ft=1 fh=cc1a05615fab866c vn="Variante von Win32/ELEX.BF evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\Desk365\eInstall\eInstall.exe"
sh=8D42292E1F367536E3A0E40F8F8BE763A44BFFDC ft=1 fh=4e44c9fd2ff900af vn="Variante von MSIL/DomaIQ.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\Java.exe\fd408aac63dd468fbf89d48b3f3b830c\Java.exe"
sh=BCFC6E8124ABACDB78DA6A77E8295EB9161774DF ft=1 fh=950b2dabbce3725b vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\Java.exe\fd408aac63dd468fbf89d48b3f3b830c\software\DeltaTB.exe"
sh=6E8456842327BFF5D9E4626C4BC1ACF7D47B743B ft=1 fh=65f221955421308c vn="Win32/SpeedUpMyPC.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\Java.exe\fd408aac63dd468fbf89d48b3f3b830c\software\speedupmypc.exe"
sh=CFEA4966763430CC0959E80BE57007C4E6796BE8 ft=1 fh=72a97c1669f92c5b vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Windows.old\Users\Eli\AppData\Local\Temp\nsh5FB4.tmp\Helper.dll"
         

Alt 19.05.2015, 11:32   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Standard

Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig



Zitat:
C:\Users\Eli\Downloads\Autodesk SketchBook - CHIP-Installer.exe
C:\Users\Eli\Downloads\MP3 schneiden 2015 - CHIP-Installer.exe
C:\Users\Eli\Downloads\PaintTool SAI - CHIP-Installer.exe
C:\Users\Eli\Downloads\Secunia Personal Software Inspector PSI - CHIP-Installer.exe
C:\Users\Eli\Downloads\Thunderbird - CHIP-Installer.exe
In Zukunft KEINE Downloads mehr von chip.de!!! => CHIP-Installer - was ist das? - Anleitungen


FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Eli\Downloads\Autodesk SketchBook - CHIP-Installer.exe
C:\Users\Eli\Downloads\MP3 schneiden 2015 - CHIP-Installer.exe
C:\Users\Eli\Downloads\MP3CutterSetup.exe
C:\Users\Eli\Downloads\PaintTool SAI - CHIP-Installer.exe
C:\Users\Eli\Downloads\Secunia Personal Software Inspector PSI - CHIP-Installer.exe
C:\Users\Eli\Downloads\Thunderbird - CHIP-Installer.exe
C:\Windows\System32\LavasoftTcpService.dll
C:\Windows\SysWOW64\LavasoftTcpService.dll
C:\Windows.old
EmptyTemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig
device driver, junkware, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.crossrider.c, pup.optional.dynconie.a, pup.optional.globalupdate.a, pup.optional.globalupdate.c, pup.optional.gohd.a, pup.optional.goobzo, pup.optional.installcore.a, pup.optional.iwebar.a, pup.optional.modgoog, pup.optional.mypcbackup, pup.optional.opencandy, pup.optional.opencandy.a, pup.optional.searchprotect.a, pup.optional.softonic.a, pup.optional.systemspeedup, pup.optional.trovi.a, pup.optional.valueapps.a, pup.optional.veggyaddon.a, pup.optional.vopackage, pup.optional.vopackage.a, pup.optional.wajam.a, pup.optional.zoomit.a, required, ytdownloader



Ähnliche Themen: Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig


  1. Spybot und Avira funktionieren nicht mehr richtig - hab ich mir was eingefangen?
    Plagegeister aller Art und deren Bekämpfung - 01.10.2015 (13)
  2. Windows 7: Webseiten werden auf Werbung umgeleitet, Chrome startet nicht mehr
    Log-Analyse und Auswertung - 03.06.2015 (3)
  3. Windows 7: Computer ist langsam, Installation von Antiviren/Spam-Software nicht möglich, Werbung auf Webseiten
    Log-Analyse und Auswertung - 04.01.2015 (14)
  4. Windows 7 64 bit; Werbung poppt ständig auf; Computer wird langsamer
    Plagegeister aller Art und deren Bekämpfung - 26.11.2014 (51)
  5. Windows 8 - Sound funktioniert nicht richtig/Youtube(andere Musikmöglichkeiten) funktionieren auch nicht!
    Log-Analyse und Auswertung - 17.07.2014 (9)
  6. Windows 7: Webseiten werden auf Werbung umgeleitet, dauernd neue Tabs und Seiten ohne das ich was mache
    Log-Analyse und Auswertung - 24.06.2014 (35)
  7. Werbung Poppt im Browser (Crome) auf Windows 7 64 bit
    Log-Analyse und Auswertung - 20.06.2014 (7)
  8. Windows 7 64bit, Security Essentials wird durch Gruppenrichtlinie geblockt + Werbung poppt auf
    Log-Analyse und Auswertung - 08.06.2014 (9)
  9. Externe Boxen, Lautsprecher funktionieren nicht richtig
    Netzwerk und Hardware - 28.12.2013 (5)
  10. Win7, Google Chrome seit heute mit Werbung-einige Webseiten funktionieren nicht mehr richtig, ungewollte Sounds in Windows
    Log-Analyse und Auswertung - 27.12.2013 (9)
  11. Word und Excel Starter funktionieren nicht mehr richtig
    Alles rund um Windows - 03.10.2013 (1)
  12. Ressourenmonitor / resmon.exe funktionieren nicht mehr richtig
    Alles rund um Windows - 30.09.2013 (4)
  13. Windows Updates funktionieren nicht mehr, zusätzlich überall Werbung beim surfen
    Plagegeister aller Art und deren Bekämpfung - 08.08.2013 (25)
  14. Webseitenlinks funktionieren manchmal nicht richtig, dubiose Umleitungen
    Plagegeister aller Art und deren Bekämpfung - 09.04.2012 (6)
  15. USB-Anschlüsse funktionieren nicht richtig
    Netzwerk und Hardware - 06.11.2011 (4)
  16. Explorer/XP-Desktop startet nicht richtig, IE poppt zu falschen Seiten, Win-Update geht nicht
    Log-Analyse und Auswertung - 23.10.2010 (8)
  17. Maustastenbelegungen funktionieren in Firefox nicht richtig
    Netzwerk und Hardware - 15.07.2010 (0)

Zum Thema Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig - Hallo, folgendes Problem liegt vor: 1) Werbung poppt auf, trotz AdBlock in Firefox Mozilla (Problem habe ich bei anderen PC nicht). gdata meldet im Popup junkware 2) Wörter mit Werbebezug - Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig...
Archiv
Du betrachtest: Windows 7: Werbung poppt dauernd auf, Webseiten funktionieren nicht richtig auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.