Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.05.2015, 19:50   #1
shorlo
 
Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Hallo Lieber Helfer,

seit gestern startet mein Rechner immer nach kurzer Zeit neu, wenn ich versuche mit Mozilla Firefox im Internet zu surfen. Es erscheint dann immer ein blauer Bildschirm, auf dem dann ein weißer Text auf Englisch abläuft. Als oberstes steht dann immer so etwas wie "crash dump". Kurz danach geht der Bildschirm aus und mein Laptop fährt wieder hoch.

Nachdem das ein paarmal passiert ist, habe ich mir über den Internetexplorer das Virenscanprogramm AVG herunter geladen und meinen PC gescannt. Dabei wurden 14 Probleme erkannt und bis auf eines konnten sie alle behoben werden.

Folgende Bedrohung wird mir nun noch angezeigt:
DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260
Schweregrad: Mittel
Status: ungelöst
Identifiziert durch: Anti-Rootkit


Wie kann ich meinen Laptop wieder bereinigen, ohne Daten zu verlieren?

Kann diese Bedrohung etwas mit dem Neustartproblem bei der Benutzung von Firefox zu tun haben?

Ich wäre sehr dankbar für Eure Hilfe!

Liebe Grüße, Shorlo

Folgende Schritte habe ich nach Eurer Checkliste ausgeführt:

Schritt 1:
Laufwerksemulationen abschalten mit Defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:16 on 14/05/2015 (Shorlogere)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Schritt 2:
Systemscan mit FRST (Leider konnte ich die Datei nicht auf dem Desktop ausführen. Stattdessen habe ich die Datei auf dem Datenträger C, unter dem Computernamen abgespeichert und ausgeführt.)

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2015 01
Ran by Shorlogere (administrator) on SHORLOGERE-PC on 14-05-2015 18:25:41
Running from C:\Users\Shorlogere
Loaded Profiles: Shorlogere (Available profiles: Shorlogere)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\InCD.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Realtek Semiconductor Corp.) C:\Users\Shorlogere\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [107112 2006-11-21] (Symantec Corporation)
HKLM\...\Run: [osCheck] => C:\Program Files\Norton Internet Security\osCheck.exe [22696 2006-11-21] (Symantec Corporation)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-08-31] (CyberLink)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2007-10-17] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] => C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [SecurDisc] => D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe [1629480 2008-05-06] (Nero AG)
HKLM\...\Run: [InCD] => D:\Programme\Nero 7\Nero 7\InCD\InCD.exe [1057064 2008-05-06] (Nero AG)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [DivXMediaServer] => D:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [Amazon Music] => C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\MountPoints2: {73e82071-845b-11e0-9279-b62e8fc268d4} - H:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\acer.scr [83554304 2007-04-19] ()
HKU\S-1-5-18\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2011-08-28]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2007-12-26]
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN26618805922697228&UM=2&ctid=CT3312331
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
URLSearchHook: HKLM - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 - Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll (ClientConnect Ltd.)
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> DefaultScope {7A3B3DB0-D955-4AAC-9732-80AB6E3199BD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN26618805922697228&UM=2
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9479001DE030911F&affID=121564&tsp=4982
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {3F61328A-CE9B-40CA-A639-5B3771784314} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {7A3B3DB0-D955-4AAC-9732-80AB6E3199BD} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN26618805922697228&UM=2
BHO: DVDVideoSoftTB DE Toolbar -> {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} -> C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll [2014-03-26] (ClientConnect Ltd.)
BHO: Yahoo! Toolbar Helper -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29] (Yahoo! Inc.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-11-21] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programme\java\bin\ssv.dll [2012-03-11] (Sun Microsystems, Inc.)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll [2007-04-25] (HiTRUST)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programme\java\bin\jp2ssv.dll [2012-03-11] (Sun Microsystems, Inc.)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-11-11] (DVDVideoSoft Ltd.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll [2007-04-25] (HiTRUST)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-11-21] (Symantec Corporation)
Toolbar: HKLM - Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29] (Yahoo! Inc.)
Toolbar: HKLM - toolplugin - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Shorlogere\AppData\Roaming\toolplugin\toolbar.dll No File
Toolbar: HKLM - DVDVideoSoftTB DE Toolbar - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll [2014-03-26] (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> DVDVideoSoftTB DE Toolbar - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll [2014-03-26] (ClientConnect Ltd.)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shorlogere\AppData\Roaming\Mozilla\Firefox\Profiles\oj6v75dv.default-1431546951963
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Programme\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Programme\DivX\DivX Web Player\npdivx32.dll [2013-08-28] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> D:\Programme\java\bin\plugin2\npjp2.dll [2012-03-11] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3128768096-592464525-3037917805-1000: amazon.com/AmazonMP3DownloaderPlugin -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-03-11] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-09-08] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-13]
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-24]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-05-13]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-11-21] (Symantec Corporation)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-08-28] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-10] () [File not signed]
R2 InCDsrv; D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe [1553192 2008-05-06] (Nero AG)
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-11-21] (Symantec Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
S3 NBService; D:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed]
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2011-05-21] ()
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-11-21] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-10-30] (acer) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [269792 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] (AVG Technologies CZ, s.r.o.)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [105592 2011-07-28] (Symantec Corporation)
R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20110818.001\IDSvix86.sys [287792 2011-04-27] (Symantec Corporation)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2008-05-06] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36648 2008-05-06] (Nero AG)
U1 InCDrec; C:\Windows\System32\drivers\InCDRec.sys [16936 2008-05-06] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38312 2008-05-06] (Nero AG)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20110818.003\NAVENG.SYS [86136 2011-08-04] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20110818.003\NAVEX15.SYS [1576312 2011-08-04] (Symantec Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-12-26] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-01-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-01-03] (RapidSolution Software AG)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-11-21] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-21] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-21] (Symantec Corporation)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12720 2009-08-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2011-05-21] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2009-08-03] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2009-08-03] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [38448 2009-08-03] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-08-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-08-03] (Symantec Corporation)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-01-03] (RapidSolution Software AG)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2007-12-05] (Cyberlink Corp.)
S4 blbdrive; No ImagePath
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 18:24 - 2015-05-14 18:24 - 01144832 _____ (Farbar) C:\Users\Shorlogere\FRST.exe
2015-05-14 18:21 - 2015-05-14 18:25 - 00000000 ____D () C:\FRST
2015-05-14 18:16 - 2015-05-14 18:16 - 00000482 _____ () C:\Users\Shorlogere\Desktop\defogger_disable.log
2015-05-14 18:16 - 2015-05-14 18:16 - 00000000 _____ () C:\Users\Shorlogere\defogger_reenable
2015-05-14 18:14 - 2015-05-14 18:14 - 00050477 _____ () C:\Users\Shorlogere\Desktop\Defogger.exe
2015-05-14 15:08 - 2015-05-14 15:08 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\AVG2015
2015-05-14 15:06 - 2015-05-14 15:06 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-14 15:06 - 2015-05-14 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-14 15:02 - 2015-05-14 15:07 - 00000000 ____D () C:\ProgramData\AVG2015
2015-05-14 15:02 - 2015-05-14 15:02 - 00000000 ___HD () C:\$AVG
2015-05-14 14:58 - 2015-05-14 14:58 - 00000000 ____D () C:\Program Files\AVG
2015-05-14 14:55 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Avg2015
2015-05-14 14:55 - 2015-05-14 15:13 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-14 14:55 - 2015-05-14 14:55 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\MFAData
2015-05-13 21:59 - 2015-05-13 21:59 - 00143352 _____ () C:\Windows\Minidump\Mini051315-04.dmp
2015-05-13 20:54 - 2015-05-13 20:54 - 00143352 _____ () C:\Windows\Minidump\Mini051315-03.dmp
2015-05-13 20:42 - 2015-05-13 20:42 - 00143352 _____ () C:\Windows\Minidump\Mini051315-02.dmp
2015-05-13 20:35 - 2015-05-13 20:35 - 00143352 _____ () C:\Windows\Minidump\Mini051315-01.dmp
2015-05-13 13:17 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-13 13:15 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-13 13:15 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-13 13:15 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-13 13:15 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:15 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:15 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:14 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:03 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:55 - 2015-05-13 12:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 21:17 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:17 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:17 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:17 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:17 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:17 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:17 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:17 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:17 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-12 21:17 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-16 10:55 - 2015-04-16 10:56 - 34359344 _____ (DVDVideoSoft Ltd. ) C:\Users\Shorlogere\Downloads\FreeYouTubeDownload(2).exe
2015-04-15 13:05 - 2015-04-15 13:05 - 00206816 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2015-04-15 09:53 - 2015-03-09 03:01 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 09:45 - 2015-03-05 04:24 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 09:44 - 2015-03-05 04:32 - 00244152 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 09:44 - 2015-03-05 04:23 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 09:43 - 2015-03-14 04:21 - 01205168 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 09:43 - 2015-03-13 03:51 - 03604920 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 09:43 - 2015-03-13 03:51 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 02:35 - 2015-04-14 02:35 - 00875720 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-04-14 02:35 - 2015-04-14 02:35 - 00536776 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 18:25 - 2011-05-21 15:27 - 00000000 ____D () C:\Users\Shorlogere
2015-05-14 18:18 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 18:18 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 17:40 - 2011-05-21 16:14 - 01730727 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 17:33 - 2012-10-07 16:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 17:31 - 2012-04-01 17:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-14 17:31 - 2012-04-01 17:52 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 17:20 - 2006-11-02 12:33 - 00006626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 17:16 - 2011-07-21 09:01 - 00157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.001
2015-05-14 17:16 - 2011-06-27 18:57 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\Skype
2015-05-14 17:13 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 15:57 - 2011-10-16 21:46 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\toolplugin
2015-05-14 15:06 - 2013-06-06 10:40 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\TuneUp Software
2015-05-13 22:54 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 21:59 - 2011-11-03 17:40 - 417634770 _____ () C:\Windows\MEMORY.DMP
2015-05-13 21:59 - 2011-11-03 17:40 - 00000000 ____D () C:\Windows\Minidump
2015-05-13 21:38 - 2015-01-11 21:16 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-13 21:38 - 2014-12-08 12:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-13 21:38 - 2014-05-22 09:13 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Mama-Stick
2015-05-13 21:38 - 2013-05-02 10:45 - 00000000 ____D () C:\ProgramData\Protexis
2015-05-13 21:38 - 2012-09-30 11:05 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2015-05-13 21:38 - 2012-05-05 11:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-13 21:38 - 2012-01-05 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 21:38 - 2012-01-05 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 21:38 - 2011-06-27 18:56 - 00000000 ___RD () C:\Program Files\Skype
2015-05-13 21:38 - 2011-05-21 22:24 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-05-13 21:38 - 2011-05-21 22:21 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Microsoft Help
2015-05-13 21:38 - 2011-05-21 15:29 - 00000000 ___HD () C:\Users\Shorlogere\AppData\Local\acer eNM
2015-05-13 21:38 - 2011-05-21 15:27 - 00000000 ___RD () C:\Users\Shorlogere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2011-05-21 15:27 - 00000000 ___RD () C:\Users\Shorlogere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2007-12-26 08:16 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-13 21:38 - 2007-12-26 08:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\restore
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 __RSD () C:\Windows\Media
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-05-13 18:24 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-13 18:13 - 2006-11-02 14:47 - 00308168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 13:13 - 2013-07-19 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 13:06 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-08 23:18 - 2011-05-21 17:53 - 00000534 _____ () C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere.job
2015-05-08 21:12 - 2011-05-21 18:02 - 00000016 _____ () C:\Windows\system32\coh.cache
2015-05-07 13:32 - 2011-05-21 22:36 - 00002631 _____ () C:\Users\Shorlogere\Desktop\Microsoft Office Word 2007.lnk
2015-05-06 15:29 - 2013-06-18 12:58 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\vlc
2015-04-29 09:34 - 2014-05-18 20:44 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-28 12:39 - 2014-03-19 15:39 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Umwandlung
2015-04-27 19:09 - 2011-05-21 18:20 - 00000049 __RSH () C:\Users\Public\Documents\HBEPGUID.TXT
2015-04-23 12:50 - 2011-05-21 22:43 - 00245760 _____ () C:\Users\Shorlogere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-16 18:25 - 2011-05-21 16:09 - 00280364 _____ () C:\Windows\PFRO.log
2015-04-16 11:00 - 2014-11-17 13:31 - 00001038 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-04-16 11:00 - 2014-11-17 13:29 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-04-16 11:00 - 2011-08-29 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-16 10:58 - 2014-11-17 13:30 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-04-16 10:57 - 2011-08-29 20:39 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\DVDVideoSoft
2015-04-15 22:33 - 2012-10-07 16:17 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 22:33 - 2011-05-23 18:42 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 13:07 - 2015-02-03 16:04 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Hits
2015-04-15 09:37 - 2013-05-14 12:20 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2011-07-21 09:01 - 2015-05-14 17:16 - 0157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.001
2011-07-21 08:53 - 2014-08-03 16:40 - 0157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.dat
2013-10-12 22:54 - 2013-10-12 22:53 - 0030894 _____ () C:\Users\Shorlogere\AppData\Roaming\speedanalysis.ico
2012-01-05 13:46 - 2014-05-17 09:32 - 0000680 _____ () C:\Users\Shorlogere\AppData\Local\d3d9caps.dat
2011-05-21 22:43 - 2015-04-23 12:50 - 0245760 _____ () C:\Users\Shorlogere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-05 14:28 - 2012-01-05 14:29 - 0029347 _____ () C:\Users\Shorlogere\AppData\Local\HWVendorDetection.log

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2744.dll
C:\Users\Shorlogere\FRST.exe


Some content of TEMP:
====================
C:\Users\Shorlogere\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Shorlogere\AppData\Local\Temp\install_helper.exe
C:\Users\Shorlogere\AppData\Local\Temp\nsc43E9.exe
C:\Users\Shorlogere\AppData\Local\Temp\nsc809B.exe
C:\Users\Shorlogere\AppData\Local\Temp\nsfBFDC.exe
C:\Users\Shorlogere\AppData\Local\Temp\nshE105.exe
C:\Users\Shorlogere\AppData\Local\Temp\nss599E.exe
C:\Users\Shorlogere\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Shorlogere\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Shorlogere\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Shorlogere\AppData\Local\Temp\SPStub.exe
C:\Users\Shorlogere\AppData\Local\Temp\symlcsv1.exe
C:\Users\Shorlogere\AppData\Local\Temp\tbappb.dll
C:\Users\Shorlogere\AppData\Local\Temp\tmd_34013404.exe
C:\Users\Shorlogere\AppData\Local\Temp\tmd_34015178.exe
C:\Users\Shorlogere\AppData\Local\Temp\tmd_34015742.exe
C:\Users\Shorlogere\AppData\Local\Temp\tmd_34018003.exe
C:\Users\Shorlogere\AppData\Local\Temp\uninst1.exe
C:\Users\Shorlogere\AppData\Local\Temp\vlc-2.0.7-win32.exe
C:\Users\Shorlogere\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Shorlogere\AppData\Local\Temp\vlc-2.1.5-win32.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 17:24

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-05-2015 01
Ran by Shorlogere at 2015-05-14 18:27:23
Running from C:\Users\Shorlogere
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3128768096-592464525-3037917805-500 - Administrator - Disabled)
Gast (S-1-5-21-3128768096-592464525-3037917805-501 - Limited - Disabled)
Shorlogere (S-1-5-21-3128768096-592464525-3037917805-1000 - Administrator - Enabled) => C:\Users\Shorlogere

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Videosoft Media Toolkit Ultimate (HKLM\...\4Videosoft Media Toolkit Ultimate_is1) (Version:  - )
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.13.4811 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN)
Acer Crystal Eye Webcam Video Class Camera  (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.30.500-1.0 - Suyin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4207 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4011 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4011 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4009 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4024 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4016 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.20071026 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1005 - Acer Inc.)
Acoustica Effects Pack (HKLM\...\Acoustica Effects Pack) (Version: 3.0 - Acoustica, Inc)
Acoustica Mixcraft 5 (HKLM\...\Acoustica Mixcraft 5) (Version:  - Acoustica)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe SVG Viewer (HKLM\...\Adobe SVG Viewer) (Version: 1.0 - Adobe Systems, Inc.)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AppCore (Version: 1 - Symantec Corporation) Hidden
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM\...\{8ABEEC21-B23C-4610-B57A-BE94345D4096}) (Version: 9.0.57913.1300 - RapidSolution Software AG)
AV (Version: 1 - Symantec Corporation) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP640 series Benutzerregistrierung (HKLM\...\Canon MP640 series Benutzerregistrierung) (Version:  - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
ccCommon (Version: 106.1.1.4 - Symantec) Hidden
CDex extraction audio (HKLM\...\CDex) (Version:  - )
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.2.0.12 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.2.0.12 - Corel Corporation) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
DVDVideoSoftTB DE Toolbar (HKLM\...\DVDVideoSoftTB_DE Toolbar) (Version: 6.9.1.502 - DVDVideoSoftTB DE)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.0.20150211 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.3.128 (HKLM\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
ICA (Version: 15.2.0.12 - Corel Corporation) Hidden
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
IPM_PSP_COM (Version: 15.2.0.12 - Corel Corporation) Hidden
iTunes (HKLM\...\{69995C7A-062A-4A90-A4DF-8C22895DF522}) (Version: 10.4.1.10 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 de) (HKLM\...\Mozilla Firefox 38.0 (x86 de)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nero 7 Premium (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21031}) (Version: 7.03.1357 - Nero AG)
Norton AntiVirus (Version: 14.1.0.27 - Symantec Corporation) Hidden
Norton Confidential Browser Component (Version: 1.1.0.6 - Symantec Corporation) Hidden
Norton Confidential Web Protection Component (Version: 1.1.0.6 - Symantec Corporation) Hidden
Norton Internet Security (Symantec Corporation) (HKLM\...\SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}) (Version: 10.1.0.26 - Symantec Corporation)
Norton Internet Security (Version: 10.1.0 - Symantec Corp.) Hidden
Norton Internet Security (Version: 10.1.0.26 - Symantec Corporation) Hidden
Norton Protection Center (Version: 2007.1.2.11 - Symantec Corporation) Hidden
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Orion (HKLM\...\{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}) (Version: 1.0.214 - Convesoft)
PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074324(3.7)_Vista_Acer - CyberLink Corporation)
PSPPContent (Version: 15.2.0.12 - Corel Corporation) Hidden
PSPPHelp (Version: 15.2.0.12 - Corel Corporation) Hidden
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5443 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
schrankplaner (HKLM\...\schrankplaner3.600) (Version: 3.600 - Schrankplaner GmbH)
Setup (Version: 15.2.0.12 - Ihr Firmenname) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SPBBC 32bit (Version: 3.1.1.4 - Symantec Corporation) Hidden
Symantec Real Time Storage Protection Component (Version: 10.1.1.5 - Symantec Corporation) Hidden
SymNet (Version: 7.2.5.8 - Symantec Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Toolbar mit Pop-Up-Blocker (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3128768096-592464525-3037917805-1000_Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}\InprocServer32 -> C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-3128768096-592464525-3037917805-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-3128768096-592464525-3037917805-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Shorlogere\AppData\Local\Conduit\Community Alerts\Alert.dll (ClientConnect Ltd.)

==================== Restore Points  =========================

14-05-2015 14:58:20 Installed AVG 2015
14-05-2015 14:59:44 Installed AVG 2015

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4AF949F5-6323-40F6-86FE-8C43F409599A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {503EE400-8E34-4376-9EDC-C074D314B857} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {8248FC8B-2BCA-405C-A1BA-8050465381E3} - System32\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2006-11-21] (Symantec Corporation)
Task: {C15F4F04-6430-4D59-A3D7-AA08E8C239E8} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {DCF179C3-5770-465D-BB5A-89AE913B5B72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)
Task: {EA878563-08D5-42E0-9B44-9392FFE42759} - System32\Tasks\{E1412B5E-4FC1-4B33-8BC8-B0CD68799628} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {F231B09C-A3B7-4DE8-8846-8B89F31E72E7} - System32\Tasks\{5FF01C47-6D8D-497E-B2A3-0CABFC08B0B4} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {FB578DB4-DD3D-424B-AF4F-5FFA4527E47B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere.job => C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca

==================== Loaded Modules (whitelisted) ==============

2007-04-25 17:30 - 2007-04-25 17:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2007-04-25 17:31 - 2007-04-25 17:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll
2006-11-21 06:35 - 2006-11-21 06:35 - 00009384 _____ () C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
2007-12-26 07:56 - 2006-11-24 13:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-12-26 07:56 - 2006-10-24 11:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2007-12-26 07:54 - 2007-01-23 15:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-05-21 15:34 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2011-05-21 15:34 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2007-12-26 07:41 - 2007-12-10 11:23 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2007-12-26 07:41 - 2007-12-10 11:22 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2007-12-26 07:41 - 2007-12-10 11:23 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2007-12-26 13:29 - 2003-06-07 07:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-17 11:54 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-03 14:04 - 2014-10-03 14:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 14:04 - 2014-10-03 14:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 14:04 - 2014-10-03 14:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2007-12-26 07:45 - 2007-07-24 11:39 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2007-12-26 07:39 - 2007-08-29 11:35 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2007-12-26 07:39 - 2007-09-07 18:23 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2011-05-21 15:28 - 2007-08-31 17:37 - 00106496 ____N () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
2011-05-21 15:28 - 2007-03-22 11:51 - 00003584 ____N () C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll
2007-12-26 07:46 - 2007-04-11 17:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2007-12-26 07:46 - 2007-04-11 16:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
2007-12-26 07:48 - 2007-10-01 18:01 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2007-12-26 07:48 - 2007-10-01 18:01 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
2007-12-26 07:41 - 2007-12-10 11:23 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2007-12-26 07:47 - 2007-08-28 15:21 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
2007-12-26 07:41 - 2007-12-10 11:23 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Control Panel\Desktop\\Wallpaper -> D:\Eigene Dateien\Bilder\Kunst\Zeichnung\weißer Hintergrund-40-Prozent.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{D5502EE8-28FF-44C6-8C25-B32C755E8A23}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{1109A187-1A2D-40E6-9544-FACFCEDB241E}] => (Allow) C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe
FirewallRules: [{3FF3ED83-3584-470C-A079-BF1918320F97}] => (Allow) C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{39508C32-D4AA-48CA-8EC3-0399BB5612A6}] => (Allow) C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe
FirewallRules: [{B3C7FE4B-D00B-4363-AD53-26106AF18422}] => (Allow) C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe
FirewallRules: [{DB914D97-A9BB-404C-BE6F-9DCEC6D80B20}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe
FirewallRules: [{91C9CE29-E1C6-4853-8242-8A51091186AD}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
FirewallRules: [{1C8BE10A-956D-4D85-B214-AEC14868C449}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{839CE49B-5F82-4200-A720-799D28DBFB9A}] => (Allow) LPort=80
FirewallRules: [{029637F0-34D4-4D38-AD9A-8EE86436AFFA}] => (Allow) LPort=80
FirewallRules: [{ADBA2C91-377D-40CB-A05E-91EE025D7A9B}] => (Allow) LPort=80
FirewallRules: [{4C520401-8141-4BCF-8DB2-0D350B4DD791}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFB284BB-D529-4020-9762-3A658B182DA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD3A48B9-F59E-4F31-A1D3-F91F17E106D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{449FE487-33E5-4ABF-9DF2-D7E8C2CC84BA}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_656
FirewallRules: [{71E8CD53-C672-426D-B920-A8B1329C8FE0}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_600
FirewallRules: [{2BEC8E50-0712-488A-AB87-7F204FD0D359}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_625
FirewallRules: [{E8B0636D-AD65-4B39-A4D3-A7223EB11FD8}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_634
FirewallRules: [{1F7F0461-9FD1-4DBF-93A7-F466C1B66CB2}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_613
FirewallRules: [{528AA44C-FFE7-4461-82C7-845553C56A4C}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_358.decrpt
FirewallRules: [{B625AD4E-B02D-427C-80E2-02EB27290730}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_514
FirewallRules: [{D5DE54C7-61B2-4942-B305-EB355998DBFE}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_518
FirewallRules: [{F77AB3D8-F88A-42C2-9A2F-64F19128FEF7}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_519
FirewallRules: [{D2B99ECC-0944-4E06-98A3-FDFA238ECCF1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B049E3AC-F698-4A40-822E-F6B67165596A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{44C10925-A183-48DF-A8BB-B76AA22CB8D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0A209E63-5F4D-424C-83AC-9507E40265C6}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{07A6615C-9274-4A6E-B1E0-84BAB6F64BE3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{0180980C-841C-4592-949B-89C48031D702}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{FD984B85-8E9D-40A2-B624-78A00624F750}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{01B376CC-AB8C-47E3-88D4-53C1EA394381}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{AAF9CA03-7869-48ED-985F-1858042A2704}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{1259261E-6972-4592-8D2E-453D8D8DF94D}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C3D820B2-E4D2-4D97-A34D-ADA5A5F9C64F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{EE0B0617-DC08-4C82-A1B4-96BC1AE8F29F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{84A13B13-FF09-4FD4-9563-EDF392030790}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{C164BA87-F55B-4AAB-8A9E-86EF651EC5DB}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2015 05:20:36 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (05/14/2015 05:20:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (05/14/2015 05:20:35 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (05/14/2015 05:07:41 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (05/14/2015 05:07:41 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (05/14/2015 05:07:41 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (05/14/2015 02:34:00 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8

Error: (05/14/2015 02:34:00 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (05/14/2015 02:34:00 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (05/14/2015 02:23:10 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8


System errors:
=============
Error: (05/14/2015 05:13:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 14.05.2015 um 17:10:32 unerwartet heruntergefahren.

Error: (05/14/2015 05:12:45 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT)
Description: 1

Error: (05/14/2015 05:12:45 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT)
Description: 0

Error: (05/14/2015 05:00:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 14.05.2015 um 16:57:53 unerwartet heruntergefahren.

Error: (05/14/2015 04:59:55 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT)
Description: 1

Error: (05/14/2015 04:59:55 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT)
Description: 0

Error: (05/14/2015 02:32:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/14/2015 02:31:08 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 10.136.185.163 für die Netzwerkkarte mit der Netzwerkadresse 001DE030911F wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (05/14/2015 02:27:57 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: Die IP-Adresslease 192.168.2.105 für die Netzwerkkarte mit der Netzwerkadresse 001DE030911F wurde durch den DHCP-Server 10.143.181.129 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).

Error: (05/14/2015 02:27:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 14.05.2015 um 14:26:00 unerwartet heruntergefahren.


Microsoft Office Sessions:
=========================
Error: (03/28/2013 01:53:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1334 seconds with 1200 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-05-14 18:26:47.013
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 18:26:46.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 18:26:46.542
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 18:26:46.304
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 18:26:45.969
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 18:26:45.736
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 18:26:45.502
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-14 18:26:45.257
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 70%
Total physical RAM: 3069.32 MB
Available physical RAM: 904.13 MB
Total Pagefile: 6341.79 MB
Available Pagefile: 3170.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.23 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:69.27 GB) (Free:10.55 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:149.05 GB) (Free:19.61 GB) NTFS
Drive e: () (Fixed) (Total:69.04 GB) (Free:8.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 664A344C)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27)
Partition 2: (Active) - (Size=69.3 GB) - (Type=06)
Partition 3: (Not Active) - (Size=69 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: C867E6F0)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Schritt 3:
Scan mit GMER

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-14 19:38:02
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.BBCO 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\SHORLO~1\AppData\Local\Temp\aftyiaog.sys


---- System - GMER 2.1 ----

SSDT            91BFE660                                                                                                              ZwAlertResumeThread
SSDT            91BFE740                                                                                                              ZwAlertThread
SSDT            8A31C378                                                                                                              ZwAllocateVirtualMemory
SSDT            91F42E10                                                                                                              ZwConnectPort
SSDT            91BFE3B0                                                                                                              ZwCreateMutant
SSDT            91F25E40                                                                                                              ZwCreateThread
SSDT            8A31C1D8                                                                                                              ZwFreeVirtualMemory
SSDT            91BFE4A0                                                                                                              ZwImpersonateAnonymousToken
SSDT            91BFE580                                                                                                              ZwImpersonateThread
SSDT            91F1E6E8                                                                                                              ZwMapViewOfSection
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwNotifyChangeKey [0x93A186F0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwNotifyChangeMultipleKeys [0x93A18820]
SSDT            91BFE2D0                                                                                                              ZwOpenEvent
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwOpenProcess [0x93A18010]
SSDT            91F33170                                                                                                              ZwOpenProcessToken
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwOpenThread [0x93A184E0]
SSDT            91F1E488                                                                                                              ZwOpenThreadToken
SSDT            91F2B1A8                                                                                                              ZwResumeThread
SSDT            91F259E0                                                                                                              ZwSetContextThread
SSDT            91F1E558                                                                                                              ZwSetInformationProcess
SSDT            91F258F0                                                                                                              ZwSetInformationThread
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwSuspendProcess [0x93A18300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwSuspendThread [0x93A183F0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwTerminateProcess [0x93A18120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwTerminateThread [0x93A18210]
SSDT            91F1E628                                                                                                              ZwUnmapViewOfSection
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys                                                                          ZwWriteVirtualMemory [0x93A185F0]

---- Kernel code sections - GMER 2.1 ----

.text           ntoskrnl.exe!KeInsertQueue + 30D                                                                                      82478814 8 Bytes  [60, E6, BF, 91, 40, E7, BF, ...] {PUSHA ; OUT 0xbf, AL; XCHG ECX, EAX; INC EAX; OUT 0xbf, EAX; XCHG ECX, EAX}
.text           ntoskrnl.exe!KeInsertQueue + 321                                                                                      82478828 4 Bytes  [78, C3, 31, 8A]
.text           ntoskrnl.exe!KeInsertQueue + 3B1                                                                                      824788B8 4 Bytes  [10, 2E, F4, 91] {ADC [ESI], CH; HLT ; XCHG ECX, EAX}
.text           ntoskrnl.exe!KeInsertQueue + 3E5                                                                                      824788EC 4 Bytes  [B0, E3, BF, 91]
.text           ntoskrnl.exe!KeInsertQueue + 411                                                                                      82478918 4 Bytes  [40, 5E, F2, 91] {INC EAX; POP ESI; XCHG ECX, EAX}
.text           ...                                                                                                                   
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                              section is writeable [0x8F405340, 0x39BD97, 0xE8000020]
                C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl                                                                entry point in "" section [0xAC98A000]
.clc            C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl                                                                unknown last section [0xAC98B000, 0x1000, 0x00000000]

---- User code sections - GMER 2.1 ----

.text           C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE[156] ntdll.dll!NtMapViewOfSection                                      77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE[156] ntdll.dll!NtWriteVirtualMemory                                    77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE[156] KERNEL32.dll!CreateProcessInternalW                               75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[216] ntdll.dll!NtMapViewOfSection                                 77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[216] ntdll.dll!NtWriteVirtualMemory                               77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE[216] KERNEL32.dll!CreateProcessInternalW                          75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1568] ntdll.dll!NtMapViewOfSection                            77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1568] ntdll.dll!NtWriteVirtualMemory                          77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Symantec Shared\ccApp.exe[1568] kernel32.dll!CreateProcessInternalW                     75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1704] ntdll.dll!NtMapViewOfSection                   77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1704] ntdll.dll!NtWriteVirtualMemory                 77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[1704] kernel32.dll!CreateProcessInternalW            75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtMapViewOfSection                                              77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\wmiprvse.exe[1804] ntdll.dll!NtWriteVirtualMemory                                            77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\wmiprvse.exe[1804] kernel32.dll!CreateProcessInternalW                                       75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eAudio\eAudio.exe[1824] ntdll.dll!NtMapViewOfSection                                    77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eAudio\eAudio.exe[1824] ntdll.dll!NtWriteVirtualMemory                                  77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eAudio\eAudio.exe[1824] kernel32.dll!CreateProcessInternalW                             75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\wmiprvse.exe[1844] ntdll.dll!NtMapViewOfSection                                              77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\wmiprvse.exe[1844] ntdll.dll!NtWriteVirtualMemory                                            77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\wmiprvse.exe[1844] kernel32.dll!CreateProcessInternalW                                       75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\unsecapp.exe[2100] ntdll.dll!NtMapViewOfSection                                              77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\unsecapp.exe[2100] ntdll.dll!NtWriteVirtualMemory                                            77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wbem\unsecapp.exe[2100] kernel32.dll!CreateProcessInternalW                                       75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\RtHDVCpl.exe[3828] ntdll.dll!NtMapViewOfSection                                                            77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\RtHDVCpl.exe[3828] ntdll.dll!NtWriteVirtualMemory                                                          77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\RtHDVCpl.exe[3828] kernel32.dll!CreateProcessInternalW                                                     75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe[3832] ntdll.dll!NtMapViewOfSection                          77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe[3832] ntdll.dll!NtWriteVirtualMemory                        77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe[3832] kernel32.dll!CreateProcessInternalW                   75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Launch Manager\LManager.exe[4244] ntdll.dll!NtMapViewOfSection                                       77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Launch Manager\LManager.exe[4244] ntdll.dll!NtWriteVirtualMemory                                     77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Launch Manager\LManager.exe[4244] kernel32.dll!CreateProcessInternalW                                75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[4272] ntdll.dll!NtMapViewOfSection                                    77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[4272] ntdll.dll!NtWriteVirtualMemory                                  77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Synaptics\SynTP\SynTPStart.exe[4272] kernel32.dll!CreateProcessInternalW                             75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe[4308] ntdll.dll!NtMapViewOfSection                                         77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe[4308] ntdll.dll!NtWriteVirtualMemory                                       77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe[4308] kernel32.dll!CreateProcessInternalW                                  75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           D:\Programme\Nero 7\Nero 7\InCD\InCD.exe[4316] ntdll.dll!NtMapViewOfSection                                           77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           D:\Programme\Nero 7\Nero 7\InCD\InCD.exe[4316] ntdll.dll!NtWriteVirtualMemory                                         77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           D:\Programme\Nero 7\Nero 7\InCD\InCD.exe[4316] kernel32.dll!CreateProcessInternalW                                    75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4340] ntdll.dll!NtMapViewOfSection                                       77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4340] ntdll.dll!NtWriteVirtualMemory                                     77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[4340] kernel32.dll!CreateProcessInternalW                                75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\System32\rundll32.exe[4372] ntdll.dll!NtMapViewOfSection                                                   77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\System32\rundll32.exe[4372] ntdll.dll!NtWriteVirtualMemory                                                 77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\System32\rundll32.exe[4372] kernel32.dll!CreateProcessInternalW                                            75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4388] ntdll.dll!NtMapViewOfSection                                   77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4388] ntdll.dll!NtWriteVirtualMemory                                 77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\DivX\DivX Update\DivXUpdate.exe[4388] kernel32.dll!CreateProcessInternalW                            75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\AVG\AVG2015\avgui.exe[4408] ntdll.dll!NtMapViewOfSection                                             77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\AVG\AVG2015\avgui.exe[4408] ntdll.dll!NtWriteVirtualMemory                                           77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\AVG\AVG2015\avgui.exe[4408] kernel32.dll!CreateProcessInternalW                                      75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4428] ntdll.dll!NtMapViewOfSection                                       77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4428] ntdll.dll!NtWriteVirtualMemory                                     77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Sidebar\sidebar.exe[4428] kernel32.dll!CreateProcessInternalW                                75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[4436] ntdll.dll!NtMapViewOfSection                            77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[4436] ntdll.dll!NtWriteVirtualMemory                          77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[4436] kernel32.dll!CreateProcessInternalW                     75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\ehome\ehtray.exe[4444] ntdll.dll!NtMapViewOfSection                                                        77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\ehome\ehtray.exe[4444] ntdll.dll!NtWriteVirtualMemory                                                      77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\ehome\ehtray.exe[4444] kernel32.dll!CreateProcessInternalW                                                 75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe[4460] ntdll.dll!NtMapViewOfSection             77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe[4460] ntdll.dll!NtWriteVirtualMemory           77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe[4460] kernel32.dll!CreateProcessInternalW      75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Skype\Phone\Skype.exe[4492] ntdll.dll!NtMapViewOfSection                                             77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Skype\Phone\Skype.exe[4492] ntdll.dll!NtWriteVirtualMemory                                           77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Skype\Phone\Skype.exe[4492] kernel32.dll!CreateProcessInternalW                                      75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\MyDrive Connect\MyDriveConnect.exe[4500] ntdll.dll!NtMapViewOfSection                                77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\MyDrive Connect\MyDriveConnect.exe[4500] ntdll.dll!NtWriteVirtualMemory                              77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\MyDrive Connect\MyDriveConnect.exe[4500] kernel32.dll!CreateProcessInternalW                         75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[4508] ntdll.dll!NtMapViewOfSection                                 77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[4508] ntdll.dll!NtWriteVirtualMemory                               77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Media Player\wmpnscfg.exe[4508] kernel32.dll!CreateProcessInternalW                          75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4532] ntdll.dll!NtMapViewOfSection                      77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4532] ntdll.dll!NtWriteVirtualMemory                    77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe[4532] kernel32.dll!CreateProcessInternalW               75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4664] ntdll.dll!NtMapViewOfSection                        77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4664] ntdll.dll!NtWriteVirtualMemory                      77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[4664] kernel32.dll!CreateProcessInternalW                 75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4668] ntdll.dll!NtMapViewOfSection                      77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4668] ntdll.dll!NtWriteVirtualMemory                    77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[4668] kernel32.dll!CreateProcessInternalW               75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\System32\rundll32.exe[4912] ntdll.dll!NtMapViewOfSection                                                   77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\System32\rundll32.exe[4912] ntdll.dll!NtWriteVirtualMemory                                                 77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\System32\rundll32.exe[4912] kernel32.dll!CreateProcessInternalW                                            75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Users\SHORLO~1\AppData\Local\Temp\RtkBtMnt.exe[4920] ntdll.dll!NtMapViewOfSection                                  77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Users\SHORLO~1\AppData\Local\Temp\RtkBtMnt.exe[4920] ntdll.dll!NtWriteVirtualMemory                                77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Users\SHORLO~1\AppData\Local\Temp\RtkBtMnt.exe[4920] kernel32.dll!CreateProcessInternalW                           75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4948] ntdll.dll!NtMapViewOfSection                                77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4948] ntdll.dll!NtWriteVirtualMemory                              77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE[4948] kernel32.dll!CreateProcessInternalW                         75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\ehome\ehmsas.exe[5120] ntdll.dll!NtMapViewOfSection                                                        77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\ehome\ehmsas.exe[5120] ntdll.dll!NtWriteVirtualMemory                                                      77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\ehome\ehmsas.exe[5120] kernel32.dll!CreateProcessInternalW                                                 75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5212] ntdll.dll!NtMapViewOfSection                                 77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5212] ntdll.dll!NtWriteVirtualMemory                               77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[5212] kernel32.dll!CreateProcessInternalW                          75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\ctfmon.exe[5288] ntdll.dll!NtMapViewOfSection                                                     77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\ctfmon.exe[5288] ntdll.dll!NtWriteVirtualMemory                                                   77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\ctfmon.exe[5288] kernel32.dll!CreateProcessInternalW                                              75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[5324] ntdll.dll!NtMapViewOfSection             77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[5324] ntdll.dll!NtWriteVirtualMemory           77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[5324] KERNEL32.dll!CreateProcessInternalW      75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\svchost.exe[5676] ntdll.dll!NtMapViewOfSection                                                    77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\svchost.exe[5676] ntdll.dll!NtWriteVirtualMemory                                                  77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\svchost.exe[5676] kernel32.dll!CreateProcessInternalW                                             75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5840] ntdll.dll!NtMapViewOfSection                                      77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5840] ntdll.dll!NtWriteVirtualMemory                                    77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5840] kernel32.dll!CreateProcessInternalW                               75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wuauclt.exe[7572] ntdll.dll!NtMapViewOfSection                                                    77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wuauclt.exe[7572] ntdll.dll!NtWriteVirtualMemory                                                  77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\wuauclt.exe[7572] kernel32.dll!CreateProcessInternalW                                             75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\SearchProtocolHost.exe[7764] ntdll.dll!NtMapViewOfSection                                         77B04820 5 Bytes  JMP 6C7E1460 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\SearchProtocolHost.exe[7764] ntdll.dll!NtWriteVirtualMemory                                       77B05370 5 Bytes  JMP 6C7E1120 C:\Program Files\AVG\AVG2015\avghookx.dll
.text           C:\Windows\system32\SearchProtocolHost.exe[7764] kernel32.dll!CreateProcessInternalW                                  75605477 5 Bytes  JMP 6C7E1260 C:\Program Files\AVG\AVG2015\avghookx.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                               Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                               Wdf01000.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                               SYMTDI.SYS
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                               avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                                                                                               SYMTDI.SYS
AttachedDevice  \Driver\tdx \Device\Udp                                                                                               avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                             avgtdix.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3128768096-592464525-3037917805-1000@RefCount  3

---- Disk sectors - GMER 2.1 ----

Disk            \Device\Harddisk0\DR0                                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----
         
Schritt 4:
Logfile Virenscanner:

Code:
ATTFilter
"Gesamten Computer scannen"
"Hoher Schweregrad";"2";"2";"0"
"Mittlerer Schweregrad";"12";"11";"1"
"Gescannt:";"Gesamten Computer scannen"
"Gestartet:";"14.05.2015, 15:11:04"
"Beendet:";"14.05.2015, 16:50:50"
"Anzahl der Elemente:";"209529"
"Gestartet von:";"Shorlogere"

"Name";"Beschreibung";"Status";"Status";"Priorität"
"D:\Downloads\install_flash_player.exe";"Adware: Generic4.CILY";"Gesichert";"Geheilt";"Mittel"
"C:\Users\Shorlogere\AppData\Local\Temp\Сodec Performer803975.exe";"MalSign.InstallBrain.5BA gefunden";"Gesichert";"Geheilt";"Mittel"
"C:\Windows\System32\roboot.exe";"MalSign.InstallBrain.5BA gefunden";"Gesichert";"Geheilt";"Mittel"
"C:\Users\Shorlogere\AppData\Roaming\OpenCandy\182C00BB324C4427A98EB88C9BF29E17\speedupmypcDE.exe";"Luhe.PUP.Fiha.AE gefunden";"Gesichert";"Geheilt";"Mittel"
"C:\Users\Shorlogere\AppData\Local\Temp\FE244681-BAB0-7891-AFD8-4BF52E1C58E2\Latest\ccp.exe";"Trojaner: Dropper.Generic9.FEC.dropper";"Gesichert";"Geheilt";"Hoch"
"C:\Users\Shorlogere\AppData\Local\Temp\5A380C6E-BAB0-7891-BCC3-A225FD2E5216\Latest\ccp.exe";"Trojaner: Dropper.Generic9.FEC.dropper";"Gesichert";"Geheilt";"Hoch"
"D:\Downloads\CodecPerformerSetup.exe";"MalSign.InstallBrain.5BA gefunden";"Gesichert";"Geheilt";"Mittel"
"<unknown>";"Dienstfunktion NtMapViewOfSection-Hook -> 0xFFFFFFFF911F0260";"Ungelöst";"Ungelöst";"Mittel"
"C:\Users\Shorlogere\AppData\Roaming\toolplugin\toolbar.dll";"Adware: Generic4.CILZ";"Gesichert";"Geheilt";"Mittel"
"D:\Downloads\setup.exe";"MalSign.Generic.713 gefunden";"Gesichert";"Geheilt";"Mittel"
"C:\Users\Shorlogere\AppData\Local\Temp\is1971879534\PlusHd_DE.exe";"MalSign.Generic.390 gefunden";"Gesichert";"Geheilt";"Mittel"
"C:\Users\Shorlogere\AppData\Local\Temp\BackupSetup.exe";"MalSign.Generic.DE7 gefunden";"Gesichert";"Geheilt";"Mittel"
"C:\Users\Shorlogere\AppData\Roaming\OpenCandy\ED592FB353E44B1098A82BC96AB1CD64\OCBrowserHelper_1.0.6.125.exe";"MalSign.OpenCandy.7AF gefunden";"Gesichert";"Geheilt";"Mittel"
"C:\Users\Shorlogere\AppData\Roaming\OpenCandy\ED592FB353E44B1098A82BC96AB1CD64\DeltaTB.exe";"Adware: Toolbar.MT";"Gesichert";"Geheilt";"Mittel"
         

Alt 14.05.2015, 20:17   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________

__________________

Alt 14.05.2015, 21:34   #3
shorlo
 
Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Danke für die schnelle Antwort!

Malwarebytes Anti-Rootkit hat nichts gefunden. Folgender Logfile wurde erstellt:


Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.05.14.04
  rootkit: v2015.04.21.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Shorlogere :: SHORLOGERE-PC [administrator]

14.05.2015 21:29:03
mbar-log-2015-05-14 (21-29-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 324803
Time elapsed: 42 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         


Der TDSSKiller hat 6 Threats gefunden. Folgender Logfile wurde erstellt:

Code:
ATTFilter
23:01:15.0516 0x1aa4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:01:19.0661 0x1aa4  ============================================================
23:01:19.0661 0x1aa4  Current date / time: 2015/05/14 23:01:19.0661
23:01:19.0661 0x1aa4  SystemInfo:
23:01:19.0661 0x1aa4  
23:01:19.0661 0x1aa4  OS Version: 6.0.6002 ServicePack: 2.0
23:01:19.0661 0x1aa4  Product type: Workstation
23:01:19.0661 0x1aa4  ComputerName: SHORLOGERE-PC
23:01:19.0662 0x1aa4  UserName: Shorlogere
23:01:19.0662 0x1aa4  Windows directory: C:\Windows
23:01:19.0662 0x1aa4  System windows directory: C:\Windows
23:01:19.0662 0x1aa4  Processor architecture: Intel x86
23:01:19.0662 0x1aa4  Number of processors: 2
23:01:19.0662 0x1aa4  Page size: 0x1000
23:01:19.0662 0x1aa4  Boot type: Normal boot
23:01:19.0662 0x1aa4  ============================================================
23:01:19.0933 0x1aa4  KLMD registered as C:\Windows\system32\drivers\32062274.sys
23:01:20.0256 0x1aa4  System UUID: {CA74009C-9ADC-F7FF-6F60-C10731DC61DA}
23:01:20.0839 0x1aa4  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:01:21.0205 0x1aa4  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:01:21.0371 0x1aa4  ============================================================
23:01:21.0371 0x1aa4  \Device\Harddisk0\DR0:
23:01:21.0371 0x1aa4  MBR partitions:
23:01:21.0371 0x1aa4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0x157B000, BlocksNum 0x8A8C000
23:01:21.0371 0x1aa4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA007000, BlocksNum 0x8A12000
23:01:21.0371 0x1aa4  \Device\Harddisk1\DR1:
23:01:21.0371 0x1aa4  MBR partitions:
23:01:21.0371 0x1aa4  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
23:01:21.0371 0x1aa4  ============================================================
23:01:21.0405 0x1aa4  C: <-> \Device\Harddisk0\DR0\Partition1
23:01:21.0447 0x1aa4  D: <-> \Device\Harddisk1\DR1\Partition1
23:01:21.0504 0x1aa4  E: <-> \Device\Harddisk0\DR0\Partition2
23:01:21.0505 0x1aa4  ============================================================
23:01:21.0505 0x1aa4  Initialize success
23:01:21.0505 0x1aa4  ============================================================
23:01:27.0706 0x1824  ============================================================
23:01:27.0706 0x1824  Scan started
23:01:27.0707 0x1824  Mode: Manual; SigCheck; TDLFS; 
23:01:27.0707 0x1824  ============================================================
23:01:27.0707 0x1824  KSN ping started
23:01:42.0079 0x1824  KSN ping finished: true
23:01:42.0974 0x1824  ================ Scan system memory ========================
23:01:42.0974 0x1824  System memory - ok
23:01:42.0975 0x1824  ================ Scan services =============================
23:01:43.0181 0x1824  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:01:43.0293 0x1824  ACPI - ok
23:01:43.0433 0x1824  [ 3927397AC60D943DAF8808AFFED582B7, 2688254085C219E8CA9C5494ABDAD8FAE52533CEF7FA3C152715E0B78D591BCF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:01:43.0473 0x1824  AdobeARMservice - ok
23:01:43.0532 0x1824  [ B04A4810C6CC205F9DC72DC22E4AB236, 547321F5C28C80D4818372D65E2A33D4BAC593015DD6613B24586FE4B4A95D5D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:01:43.0617 0x1824  AdobeFlashPlayerUpdateSvc - ok
23:01:43.0690 0x1824  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:01:43.0741 0x1824  adp94xx - ok
23:01:43.0802 0x1824  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:01:43.0845 0x1824  adpahci - ok
23:01:43.0865 0x1824  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:01:43.0896 0x1824  adpu160m - ok
23:01:43.0915 0x1824  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:01:43.0946 0x1824  adpu320 - ok
23:01:43.0980 0x1824  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:01:44.0038 0x1824  AeLookupSvc - ok
23:01:44.0090 0x1824  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
23:01:44.0146 0x1824  AFD - ok
23:01:44.0188 0x1824  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:01:44.0216 0x1824  agp440 - ok
23:01:44.0232 0x1824  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
23:01:44.0260 0x1824  aic78xx - ok
23:01:44.0295 0x1824  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
23:01:44.0372 0x1824  ALG - ok
23:01:44.0410 0x1824  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:01:44.0436 0x1824  aliide - ok
23:01:44.0480 0x1824  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:01:44.0507 0x1824  amdagp - ok
23:01:44.0518 0x1824  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:01:44.0542 0x1824  amdide - ok
23:01:44.0586 0x1824  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
23:01:44.0659 0x1824  AmdK7 - ok
23:01:44.0679 0x1824  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:01:44.0750 0x1824  AmdK8 - ok
23:01:44.0791 0x1824  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
23:01:44.0827 0x1824  Appinfo - ok
23:01:44.0899 0x1824  [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:01:44.0949 0x1824  Apple Mobile Device - ok
23:01:44.0967 0x1824  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
23:01:44.0995 0x1824  arc - ok
23:01:45.0029 0x1824  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:01:45.0057 0x1824  arcsas - ok
23:01:45.0166 0x1824  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
23:01:45.0205 0x1824  aspnet_state - ok
23:01:45.0244 0x1824  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:01:45.0289 0x1824  AsyncMac - ok
23:01:45.0326 0x1824  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
23:01:45.0352 0x1824  atapi - ok
23:01:45.0422 0x1824  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:01:45.0457 0x1824  AudioEndpointBuilder - ok
23:01:45.0471 0x1824  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:01:45.0501 0x1824  Audiosrv - ok
23:01:45.0579 0x1824  [ B5D974C1FD078A68C7536C561B031D39, A8B14474BC346E869DB8C29772CAED833596B9D4BCDDE9A9D4881FD5F78F8F1E ] Automatisches LiveUpdate - Scheduler C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
23:01:45.0639 0x1824  Automatisches LiveUpdate - Scheduler - ok
23:01:45.0701 0x1824  [ 6FF619B5DD6C05DB3D8BA4888EE06B03, 945FC37D86BE7B2B81276988EBD78FB24300F330625134058A8AE6D3FBC44E60 ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
23:01:45.0736 0x1824  Avgdiskx - ok
23:01:45.0998 0x1824  [ ADDD8FF660E3758A4D3C6B47EE71356E, 4B49F4EB513A9DCFB3AD1C0B0105BE913D1B3FB2C2603C7A37DFF4E4FBAE7E53 ] AVGIDSAgent     C:\Program Files\AVG\AVG2015\avgidsagent.exe
23:01:46.0308 0x1824  AVGIDSAgent - ok
23:01:46.0378 0x1824  [ D060A39BFD1C95A4A1CEDCEFBD8BEF89, DC3BFB4A818706C6C74AFAB62A84DFEE0656956300EADC6F71F66E5AEAC47C6B ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
23:01:46.0463 0x1824  AVGIDSDriver - ok
23:01:46.0485 0x1824  [ 4EA0B18E82A51154467CD6A1DB5D2771, 63A78ADE7F23AFBEC991E2FD33C451CFAB50C39DFD75EC41388E81873BB3BEF5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
23:01:46.0516 0x1824  AVGIDSHX - ok
23:01:46.0536 0x1824  [ 120A658BF7CEF020E512D732A439DE0F, CF1EAEE2A506B86C6144DD40DAF62A5F08B1E1E2C364663EA19FF1C447FD0D1A ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
23:01:46.0564 0x1824  AVGIDSShim - ok
23:01:46.0587 0x1824  [ 5897D0F8F83A9FD81F48F64324221EC9, CAC18B1D773C01D556DA929746032A82E64A2F693CACCE25144172691A8F9626 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
23:01:46.0627 0x1824  Avgldx86 - ok
23:01:46.0682 0x1824  [ 960F9A86D0D2585C51BE45912DDEF3DF, 9F8229138F860A7DFCA4482961D6671FFE1BB1E252B40A3E6E757E9D1806828F ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
23:01:46.0718 0x1824  Avglogx - ok
23:01:46.0742 0x1824  [ 0C577B0E18097204DA73FDE1BDD7BAA3, 264D9F4550332CD34ADE31108DBA25431E6B75FE94CBA92C77DC6891EFF50812 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
23:01:46.0772 0x1824  Avgmfx86 - ok
23:01:46.0788 0x1824  [ 33744E25E83260527272125F5624FFC6, CDB7DEA22124CCC3DB98BCC3588B2D6F1B35EE3B49947E1F5EE2BC33967815E5 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
23:01:46.0821 0x1824  Avgrkx86 - ok
23:01:46.0850 0x1824  [ B5F24281DF67005DFDB7593D5C27F837, 6D5DDDDDA4DFE197CC6419DFFD0149C0221204BB0B39F9C38CC2E0D7A7213604 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
23:01:46.0889 0x1824  Avgtdix - ok
23:01:46.0928 0x1824  [ 95A260961EB2401BE0FAB69B7A8A049C, 1966BBE90BA409CA04069B9B0DF4D5DFA179F40DEED2BFF53F950787B32376F5 ] avgwd           C:\Program Files\AVG\AVG2015\avgwdsvc.exe
23:01:46.0964 0x1824  avgwd - ok
23:01:47.0013 0x1824  [ AA6B367CA7DA571DFC3374EC137D87A5, F63C3CD3E65D202DE0A9064720CC6FA9C2470FE86CC6B709202E5CA073899C8A ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:01:47.0089 0x1824  b57nd60x - ok
23:01:47.0126 0x1824  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:01:47.0162 0x1824  Beep - ok
23:01:47.0213 0x1824  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
23:01:47.0269 0x1824  BFE - ok
23:01:47.0346 0x1824  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
23:01:47.0443 0x1824  BITS - ok
23:01:47.0450 0x1824  blbdrive - ok
23:01:47.0503 0x1824  [ 1C87705CCB2F60172B0FC86B5D82F00D, C6413E6603AD7ECDA5107504E109F608154BA43DAFCE319793E8D8B47C2781A3 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:01:47.0711 0x1824  Bonjour Service - ok
23:01:47.0736 0x1824  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:01:47.0791 0x1824  bowser - ok
23:01:47.0830 0x1824  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:01:47.0891 0x1824  BrFiltLo - ok
23:01:47.0919 0x1824  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:01:47.0981 0x1824  BrFiltUp - ok
23:01:48.0022 0x1824  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
23:01:48.0070 0x1824  Browser - ok
23:01:48.0106 0x1824  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
23:01:48.0175 0x1824  Brserid - ok
23:01:48.0208 0x1824  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:01:48.0264 0x1824  BrSerWdm - ok
23:01:48.0283 0x1824  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:01:48.0350 0x1824  BrUsbMdm - ok
23:01:48.0368 0x1824  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:01:48.0435 0x1824  BrUsbSer - ok
23:01:48.0472 0x1824  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:01:48.0555 0x1824  BTHMODEM - ok
23:01:48.0652 0x1824  [ E7AAB1A32AC2EEA4C4B735B8D034C802, A9B82728531A3133FA51EA65F2990C0C1789C829A05BC119FC6F73F028BB390F ] ccEvtMgr        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:01:48.0678 0x1824  ccEvtMgr - ok
23:01:48.0686 0x1824  [ E7AAB1A32AC2EEA4C4B735B8D034C802, A9B82728531A3133FA51EA65F2990C0C1789C829A05BC119FC6F73F028BB390F ] ccSetMgr        C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:01:48.0712 0x1824  ccSetMgr - ok
23:01:48.0761 0x1824  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:01:48.0816 0x1824  cdfs - ok
23:01:48.0862 0x1824  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:01:48.0908 0x1824  cdrom - ok
23:01:48.0956 0x1824  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
23:01:49.0029 0x1824  CertPropSvc - ok
23:01:49.0069 0x1824  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:01:49.0145 0x1824  circlass - ok
23:01:49.0181 0x1824  [ 5D9311526801643000D7032A83B18B12, C5A98868A41446617B3A27C6C4AAFA4E7C093E253E8C1DD5DBFE6FAE21991209 ] CLFS            C:\Windows\system32\CLFS.sys
23:01:49.0218 0x1824  CLFS - ok
23:01:49.0273 0x1824  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:01:49.0339 0x1824  clr_optimization_v2.0.50727_32 - ok
23:01:49.0387 0x1824  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:01:49.0439 0x1824  clr_optimization_v4.0.30319_32 - ok
23:01:49.0452 0x1824  [ E7AAB1A32AC2EEA4C4B735B8D034C802, A9B82728531A3133FA51EA65F2990C0C1789C829A05BC119FC6F73F028BB390F ] CLTNetCnService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:01:49.0477 0x1824  CLTNetCnService - ok
23:01:49.0517 0x1824  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:01:49.0569 0x1824  CmBatt - ok
23:01:49.0599 0x1824  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:01:49.0626 0x1824  cmdide - ok
23:01:49.0675 0x1824  [ 7CE352882828C12DD7632B172253A02C, 4617C4C6A204E418DC2D4F8E95CD309C7B35D704438B1601AF9FE852D069B7EF ] comHost         C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
23:01:49.0721 0x1824  comHost - ok
23:01:49.0752 0x1824  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:01:49.0779 0x1824  Compbatt - ok
23:01:49.0783 0x1824  COMSysApp - ok
23:01:49.0790 0x1824  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:01:49.0815 0x1824  crcdisk - ok
23:01:49.0831 0x1824  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:01:49.0893 0x1824  Crusoe - ok
23:01:49.0941 0x1824  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:01:49.0981 0x1824  CryptSvc - ok
23:01:50.0044 0x1824  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:01:50.0113 0x1824  DcomLaunch - ok
23:01:50.0154 0x1824  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:01:50.0194 0x1824  DfsC - ok
23:01:50.0320 0x1824  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
23:01:50.0463 0x1824  DFSR - ok
23:01:50.0548 0x1824  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:01:50.0587 0x1824  Dhcp - ok
23:01:50.0622 0x1824  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
23:01:50.0653 0x1824  disk - ok
23:01:50.0705 0x1824  [ 73BAF270D24FE726B9CD7F80BB17A23D, 12ADFB26C16A7D3F623C1A6B72D4C6AB9163EBC93CF13CB2AC6897FB95E96105 ] DKbFltr         C:\Windows\system32\DRIVERS\DKbFltr.sys
23:01:50.0746 0x1824  DKbFltr - ok
23:01:50.0802 0x1824  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:01:50.0843 0x1824  Dnscache - ok
23:01:50.0881 0x1824  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
23:01:50.0929 0x1824  dot3svc - ok
23:01:50.0962 0x1824  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
23:01:51.0000 0x1824  DPS - ok
23:01:51.0053 0x1824  [ 5C918D413F5837E67A85775C9873775E, ED23F5BC7F3CB9D7D268B1E1C16B53F7C3EE0E09E752EB9E16F5CEDDC3B455BD ] DritekPortIO    C:\PROGRA~1\LAUNCH~1\DPortIO.sys
23:01:51.0077 0x1824  DritekPortIO - ok
23:01:51.0122 0x1824  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:01:51.0165 0x1824  drmkaud - ok
23:01:51.0221 0x1824  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:01:51.0269 0x1824  DXGKrnl - ok
23:01:51.0338 0x1824  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
23:01:51.0396 0x1824  E1G60 - ok
23:01:51.0426 0x1824  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
23:01:51.0468 0x1824  EapHost - ok
23:01:51.0520 0x1824  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:01:51.0551 0x1824  Ecache - ok
23:01:51.0653 0x1824  [ F54907AA07F60AFF81E1E09E97AF98B0, AA3DDFFFA0821836D3F6FB51457B601518A381A6C527041A49C93918DF0C6CA4 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
23:01:51.0707 0x1824  eDataSecurity Service - ok
23:01:51.0762 0x1824  [ 8F7DBC4BE48F5388A6FE1F285E7948EF, FFAF75605CFB691AD154CE6C3E18BA85A7B24523DDB5406F45DF3BA2EB39BA85 ] eeCtrl          C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:01:51.0802 0x1824  eeCtrl - ok
23:01:51.0883 0x1824  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:01:51.0939 0x1824  ehRecvr - ok
23:01:51.0955 0x1824  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
23:01:52.0028 0x1824  ehSched - ok
23:01:52.0048 0x1824  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
23:01:52.0080 0x1824  ehstart - ok
23:01:52.0145 0x1824  [ E28516FED46251119ADDAF4CF33BA401, 6CB6436F3214760C414D8897ED0A90EFF2F38C498271F3BC7E05D8414409286B ] eLockService    C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
23:01:52.0179 0x1824  eLockService - detected UnsignedFile.Multi.Generic ( 1 )
23:01:54.0668 0x1824  Detect skipped due to KSN trusted
23:01:54.0668 0x1824  eLockService - ok
23:01:54.0728 0x1824  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:01:54.0765 0x1824  elxstor - ok
23:01:54.0820 0x1824  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
23:01:54.0900 0x1824  EMDMgmt - ok
23:01:54.0935 0x1824  [ 29DCAEB81DDE6F154AA4D36B18ECBB1F, 356D0778F53DD0DC49F741201A1F5781708043D35B70EEEBF53D2CE6535698EF ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
23:01:54.0981 0x1824  enecir - ok
23:01:55.0037 0x1824  [ 6FBD3EC576083A4971B6AEB7BA9380EE, E102B4BFC50540880A47F50BE5B1DC0550412DFF60AEBC10CB6CC902304E6421 ] eNet Service    C:\Acer\Empowering Technology\eNet\eNet Service.exe
23:01:55.0065 0x1824  eNet Service - detected UnsignedFile.Multi.Generic ( 1 )
23:01:57.0535 0x1824  Detect skipped due to KSN trusted
23:01:57.0535 0x1824  eNet Service - ok
23:01:57.0575 0x1824  [ 3EE14D400E0FDD0D214275A4A20B7022, D258F9342C3107DD7F144A624E3ED80B8DA6A09594E9DCA6D2AB0EA9C7A482CD ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:01:57.0601 0x1824  EraserUtilRebootDrv - ok
23:01:57.0668 0x1824  [ 59FCCAF915BA89DD98CADF08DA91AFEE, 1286481DF42EBBE13C0FC18ABA514393544CDA17420E71518EF87ADD82D224CB ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
23:01:57.0700 0x1824  eRecoveryService - detected UnsignedFile.Multi.Generic ( 1 )
23:02:00.0037 0x1824  Detect skipped due to KSN trusted
23:02:00.0037 0x1824  eRecoveryService - ok
23:02:00.0231 0x1824  [ 24075F034A8B10718190CB39424D40DF, 93AD0DCB9D879EF8C55E51B6E4C971407BD9958C75E6BCA690BF692D2D4FE475 ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
23:02:00.0277 0x1824  eSettingsService - detected UnsignedFile.Multi.Generic ( 1 )
23:02:02.0757 0x1824  Detect skipped due to KSN trusted
23:02:02.0757 0x1824  eSettingsService - ok
23:02:02.0815 0x1824  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
23:02:02.0868 0x1824  EventSystem - ok
23:02:02.0928 0x1824  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:02:02.0970 0x1824  exfat - ok
23:02:03.0001 0x1824  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:02:03.0055 0x1824  fastfat - ok
23:02:03.0089 0x1824  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:02:03.0156 0x1824  fdc - ok
23:02:03.0183 0x1824  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
23:02:03.0229 0x1824  fdPHost - ok
23:02:03.0247 0x1824  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:02:03.0298 0x1824  FDResPub - ok
23:02:03.0346 0x1824  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:02:03.0374 0x1824  FileInfo - ok
23:02:03.0405 0x1824  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:02:03.0458 0x1824  Filetrace - ok
23:02:03.0493 0x1824  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:02:03.0562 0x1824  flpydisk - ok
23:02:03.0599 0x1824  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:02:03.0630 0x1824  FltMgr - ok
23:02:03.0751 0x1824  [ 7417E869AE5AAC3026329E7749698110, 14545202D90C23EE6A2ADC5627791A3B43B5EEA6F78F44021C9AE2B5B8A351DD ] FontCache       C:\Windows\system32\FntCache.dll
23:02:03.0839 0x1824  FontCache - ok
23:02:03.0978 0x1824  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:02:04.0007 0x1824  FontCache3.0.0.0 - ok
23:02:04.0040 0x1824  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:02:04.0103 0x1824  Fs_Rec - ok
23:02:04.0137 0x1824  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:02:04.0165 0x1824  gagp30kx - ok
23:02:04.0215 0x1824  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:02:04.0237 0x1824  GEARAspiWDM - ok
23:02:04.0282 0x1824  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
23:02:04.0343 0x1824  gpsvc - ok
23:02:04.0409 0x1824  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:02:04.0444 0x1824  gupdate - ok
23:02:04.0451 0x1824  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:02:04.0483 0x1824  gupdatem - ok
23:02:04.0537 0x1824  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:02:04.0612 0x1824  HdAudAddService - ok
23:02:04.0674 0x1824  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:02:04.0736 0x1824  HDAudBus - ok
23:02:04.0760 0x1824  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:02:04.0831 0x1824  HidBth - ok
23:02:04.0952 0x1824  [ D8DF3722D5E961BAA1292AA2F12827E2, 799E194B36BA08D59500A2C45ADD2FB69C7698F3F7F837CC7CFB266D57830BD6 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:02:05.0014 0x1824  HidIr - ok
23:02:05.0047 0x1824  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
23:02:05.0080 0x1824  hidserv - ok
23:02:05.0114 0x1824  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:02:05.0142 0x1824  HidUsb - ok
23:02:05.0188 0x1824  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:02:05.0243 0x1824  hkmsvc - ok
23:02:05.0285 0x1824  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
23:02:05.0312 0x1824  HpCISSs - ok
23:02:05.0357 0x1824  [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:02:05.0405 0x1824  HSFHWAZL - ok
23:02:05.0463 0x1824  [ 3F53B4AF98F8FD83B7F0B8B65D2D90A7, BBE82055699FC998BA54013B7DE7E1BD70E0DAE031A41CA6929B62C61A4A00F7 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:02:05.0649 0x1824  HSF_DPV - ok
23:02:05.0695 0x1824  [ 194BC52FC0F53E540FAF9DE8A9C05255, 83161D0BCEEFEDB9AC0AB14860067EB4F1C726998045E37E2138B41CB1B89C2C ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:02:05.0727 0x1824  HSXHWAZL - ok
23:02:05.0782 0x1824  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:02:05.0845 0x1824  HTTP - ok
23:02:05.0871 0x1824  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
23:02:05.0920 0x1824  i2omp - ok
23:02:05.0978 0x1824  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:02:06.0034 0x1824  i8042prt - ok
23:02:06.0112 0x1824  [ 204A73A56751C68C6031E9D5D611EC98, 02710099E3B1FE62FD207CB8952184C99FA5A69FF23734D0236E8F6B39BC596A ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
23:02:06.0163 0x1824  IAANTMON - ok
23:02:06.0198 0x1824  [ 2358C53F30CB9DCD1D3843C4E2F299B2, C3E5F2D60133B10DEA52AF11E192DFDC4160611F5F0A86ED66138DB91532CA4A ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:02:06.0221 0x1824  iaStor - ok
23:02:06.0235 0x1824  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
23:02:06.0266 0x1824  iaStorV - ok
23:02:06.0337 0x1824  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:02:06.0419 0x1824  idsvc - ok
23:02:06.0583 0x1824  [ B147CCF3B7A42B64AF8EC0520B4B15E3, 0B60E75AE4010A85EFCEF7C7445B13D3271F810A6849ED5B5D69EFE357DBB424 ] IDSvix86        C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20110818.001\IDSvix86.sys
23:02:06.0619 0x1824  IDSvix86 - ok
23:02:06.0648 0x1824  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:02:06.0673 0x1824  iirsp - ok
23:02:06.0722 0x1824  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:02:06.0782 0x1824  IKEEXT - ok
23:02:06.0870 0x1824  [ BC49161697AC99586DE35B7839518487, 62654DE9E782BE02BAC9550B66251AA1738998DED3A8EF8054E6CB37F9A8DDE6 ] InCDfs          C:\Windows\system32\drivers\InCDFs.sys
23:02:06.0899 0x1824  InCDfs - ok
23:02:06.0922 0x1824  [ 1BE060598B70D8F9B19968E3F45F2A64, 410752F2411A39A211AADABE298775BEB13C8747B30FBF86866345D6051FBED8 ] InCDPass        C:\Windows\system32\drivers\InCDPass.sys
23:02:06.0946 0x1824  InCDPass - ok
23:02:06.0975 0x1824  [ 4C5AE0F52A47E09B29B7312C55D44840, 6AB386F842EE2FDC2CC8CC7CA0124A08789A51B2E734113DBF93C623C7118903 ] InCDrec         C:\Windows\system32\drivers\InCDRec.sys
23:02:07.0010 0x1824  InCDrec - ok
23:02:07.0032 0x1824  [ BAA8D6CB8850DC654CD952CA5FD61E33, 899E03CC77AC79AEEEC6E019E8D443CDF10F6EE27A8E545E7FBA1B46AC9C3B7D ] incdrm          C:\Windows\system32\drivers\InCDRm.sys
23:02:07.0056 0x1824  incdrm - ok
23:02:07.0982 0x1824  [ E6BBF9F3EA1031DB38AC5FE876469A77, F6476B45B59A08264165B5EA888CB8226D255F4F540DE94024B4A8DCA8E28951 ] InCDsrv         D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe
23:02:08.0076 0x1824  InCDsrv - ok
23:02:08.0107 0x1824  [ 9D64201C9E5AC8D1F088762BA00FF3AB, 1F83B0C828654B8C195A33CA4424AD9F9CFE411D503BB79986D7396DB9BBC994 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys
23:02:08.0134 0x1824  int15 - ok
23:02:08.0234 0x1824  [ 90A10B39896040B3154613C11C932AEB, DB7614B3F83699D93998B17EC36FFAA0526BE6CA8FF23CCD5CA3194532F3BC0A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:02:08.0637 0x1824  IntcAzAudAddService - ok
23:02:08.0677 0x1824  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:02:08.0702 0x1824  intelide - ok
23:02:08.0739 0x1824  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:02:08.0785 0x1824  intelppm - ok
23:02:08.0825 0x1824  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:02:08.0870 0x1824  IPBusEnum - ok
23:02:08.0902 0x1824  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:02:08.0957 0x1824  IpFilterDriver - ok
23:02:08.0995 0x1824  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:02:09.0043 0x1824  iphlpsvc - ok
23:02:09.0048 0x1824  IpInIp - ok
23:02:09.0080 0x1824  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
23:02:09.0135 0x1824  IPMIDRV - ok
23:02:09.0164 0x1824  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
23:02:09.0207 0x1824  IPNAT - ok
23:02:09.0264 0x1824  [ F62C69376A95795FE7CDB1C778EDACA4, 0DF0EC4330021B6CB862018A1226699F539FE1F479323AC714E58BC412CDAF9E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:02:09.0337 0x1824  iPod Service - ok
23:02:09.0408 0x1824  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:02:09.0449 0x1824  IRENUM - ok
23:02:09.0550 0x1824  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:02:09.0577 0x1824  isapnp - ok
23:02:09.0629 0x1824  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:02:09.0654 0x1824  iScsiPrt - ok
23:02:09.0742 0x1824  [ 36474FDE02F8422B8B1A52EAD9894DBC, 2DEA1AF86E116ECA8C0E722707B6A8F40A9C34D2989764319617587F447ABEAC ] ISPwdSvc        C:\Program Files\Norton Internet Security\isPwdSvc.exe
23:02:09.0775 0x1824  ISPwdSvc - ok
23:02:09.0794 0x1824  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:02:09.0821 0x1824  iteatapi - ok
23:02:09.0839 0x1824  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
23:02:09.0864 0x1824  iteraid - ok
23:02:09.0886 0x1824  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:02:09.0912 0x1824  kbdclass - ok
23:02:09.0951 0x1824  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:02:09.0992 0x1824  kbdhid - ok
23:02:10.0023 0x1824  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
23:02:10.0091 0x1824  KeyIso - ok
23:02:10.0141 0x1824  [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:02:10.0179 0x1824  KSecDD - ok
23:02:10.0239 0x1824  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:02:10.0289 0x1824  KtmRm - ok
23:02:10.0336 0x1824  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:02:10.0387 0x1824  LanmanServer - ok
23:02:10.0426 0x1824  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:02:10.0472 0x1824  LanmanWorkstation - ok
23:02:10.0530 0x1824  [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
23:02:10.0594 0x1824  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
23:02:13.0099 0x1824  Detect skipped due to KSN trusted
23:02:13.0099 0x1824  LightScribeService - ok
23:02:13.0259 0x1824  [ A97EEB81F05BCE3D7AA6C81F04EF39A4, 5FE994FD8CA68BD9182C058F2A3C97AADF529BD10BE6E14E4825DB1F934D7F77 ] LiveUpdate      C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
23:02:13.0612 0x1824  LiveUpdate - ok
23:02:13.0642 0x1824  [ E7AAB1A32AC2EEA4C4B735B8D034C802, A9B82728531A3133FA51EA65F2990C0C1789C829A05BC119FC6F73F028BB390F ] LiveUpdate Notice Ex C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
23:02:13.0669 0x1824  LiveUpdate Notice Ex - ok
23:02:13.0725 0x1824  [ 2D1389E05A807D956829F44BD4B60389, 8496FCCCF2C96550F67F53F91592E3BA7B74654ABD1D84794F6B63A79BC357B2 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
23:02:13.0769 0x1824  LiveUpdate Notice Service - ok
23:02:13.0821 0x1824  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:02:13.0880 0x1824  lltdio - ok
23:02:13.0931 0x1824  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:02:13.0985 0x1824  lltdsvc - ok
23:02:14.0016 0x1824  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:02:14.0152 0x1824  lmhosts - ok
23:02:14.0211 0x1824  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:02:14.0252 0x1824  LSI_FC - ok
23:02:14.0298 0x1824  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:02:14.0329 0x1824  LSI_SAS - ok
23:02:14.0375 0x1824  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:02:14.0401 0x1824  LSI_SCSI - ok
23:02:14.0446 0x1824  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
23:02:14.0514 0x1824  luafv - ok
23:02:14.0604 0x1824  [ C3ED67C05F3923F9A8FEBA7A996337E1, 0A092A22339A9BFFAAB4A8A7C795480C058C0360C743BDF5D5DE042825F464A7 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
23:02:14.0693 0x1824  McComponentHostService - ok
23:02:14.0721 0x1824  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:02:14.0771 0x1824  Mcx2Svc - ok
23:02:14.0810 0x1824  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:02:14.0852 0x1824  mdmxsdk - ok
23:02:14.0878 0x1824  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:02:14.0903 0x1824  megasas - ok
23:02:14.0923 0x1824  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
23:02:14.0979 0x1824  MMCSS - ok
23:02:15.0008 0x1824  MobilityService - ok
23:02:15.0022 0x1824  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
23:02:15.0056 0x1824  Modem - ok
23:02:15.0087 0x1824  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:02:15.0129 0x1824  monitor - ok
23:02:15.0142 0x1824  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:02:15.0169 0x1824  mouclass - ok
23:02:15.0202 0x1824  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:02:15.0257 0x1824  mouhid - ok
23:02:15.0299 0x1824  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:02:15.0326 0x1824  MountMgr - ok
23:02:15.0402 0x1824  [ 9F7A0C2775C9FF1EFD6892B165A95143, CCE6535E3693A08A599A5C1B4986411B89E2198ADBCB3A69F4536286B652AD5F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:02:15.0448 0x1824  MozillaMaintenance - ok
23:02:15.0486 0x1824  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:02:15.0515 0x1824  mpio - ok
23:02:15.0549 0x1824  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:02:15.0604 0x1824  mpsdrv - ok
23:02:15.0644 0x1824  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:02:15.0712 0x1824  MpsSvc - ok
23:02:15.0741 0x1824  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:02:15.0768 0x1824  Mraid35x - ok
23:02:15.0824 0x1824  [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:02:15.0876 0x1824  MRxDAV - ok
23:02:15.0915 0x1824  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:02:15.0965 0x1824  mrxsmb - ok
23:02:16.0000 0x1824  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:02:16.0046 0x1824  mrxsmb10 - ok
23:02:16.0061 0x1824  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:02:16.0111 0x1824  mrxsmb20 - ok
23:02:16.0159 0x1824  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:02:16.0183 0x1824  msahci - ok
23:02:16.0204 0x1824  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:02:16.0231 0x1824  msdsm - ok
23:02:16.0265 0x1824  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
23:02:16.0342 0x1824  MSDTC - ok
23:02:16.0362 0x1824  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:02:16.0417 0x1824  Msfs - ok
23:02:16.0456 0x1824  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:02:16.0481 0x1824  msisadrv - ok
23:02:16.0516 0x1824  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:02:16.0582 0x1824  MSiSCSI - ok
23:02:16.0586 0x1824  msiserver - ok
23:02:16.0615 0x1824  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:02:16.0652 0x1824  MSKSSRV - ok
23:02:16.0682 0x1824  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:02:16.0744 0x1824  MSPCLOCK - ok
23:02:16.0771 0x1824  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:02:16.0821 0x1824  MSPQM - ok
23:02:16.0951 0x1824  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:02:16.0981 0x1824  MsRPC - ok
23:02:17.0016 0x1824  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:02:17.0037 0x1824  mssmbios - ok
23:02:17.0068 0x1824  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:02:17.0137 0x1824  MSTEE - ok
23:02:17.0173 0x1824  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:02:17.0201 0x1824  Mup - ok
23:02:17.0241 0x1824  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
23:02:17.0303 0x1824  napagent - ok
23:02:17.0352 0x1824  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:02:17.0386 0x1824  NativeWifiP - ok
23:02:17.0470 0x1824  [ 862F55824AC81295837B0AB63F91071F, CBCF42A0CCB2FF5BE724FFB8F2270FC578DFAFE44DEB69DD3E7C98B071EF1CE3 ] NAVENG          C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110818.003\NAVENG.SYS
23:02:17.0496 0x1824  NAVENG - ok
23:02:17.0574 0x1824  [ 529D571B551CB9DA44237389B936F1AE, 483B2FEF4E8074712451CC4BF0CBC6870D6687ED974C37A4151270BB8CCCD609 ] NAVEX15         C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110818.003\NAVEX15.SYS
23:02:17.0667 0x1824  NAVEX15 - ok
23:02:18.0107 0x1824  [ 3BAE2BFCB6D69E19C8373F635DD544DC, A32DB5282ED5AFC1650883B1870E46FDC029EF9225075E6916D2E371F18D8B9E ] NBService       D:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe
23:02:18.0174 0x1824  NBService - ok
23:02:18.0241 0x1824  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:02:18.0278 0x1824  NDIS - ok
23:02:18.0315 0x1824  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:02:18.0377 0x1824  NdisTapi - ok
23:02:18.0409 0x1824  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:02:18.0458 0x1824  Ndisuio - ok
23:02:18.0485 0x1824  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:02:18.0603 0x1824  NdisWan - ok
23:02:18.0640 0x1824  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:02:18.0692 0x1824  NDProxy - ok
23:02:18.0729 0x1824  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:02:18.0774 0x1824  NetBIOS - ok
23:02:18.0822 0x1824  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
23:02:18.0873 0x1824  netbt - ok
23:02:18.0890 0x1824  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
23:02:18.0923 0x1824  Netlogon - ok
23:02:18.0959 0x1824  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
23:02:19.0012 0x1824  Netman - ok
23:02:19.0043 0x1824  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:02:19.0089 0x1824  NetMsmqActivator - ok
23:02:19.0097 0x1824  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:02:19.0123 0x1824  NetPipeActivator - ok
23:02:19.0159 0x1824  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
23:02:19.0220 0x1824  netprofm - ok
23:02:19.0228 0x1824  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:02:19.0254 0x1824  NetTcpActivator - ok
23:02:19.0261 0x1824  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
23:02:19.0287 0x1824  NetTcpPortSharing - ok
23:02:19.0423 0x1824  [ A15F219208843A5A210C8CB391384453, E333018B7A841F1E1E6E4A56BA05B4A4FDF46866B3697747ADCF4CA0F43D8A1D ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
23:02:19.0561 0x1824  NETw3v32 - ok
23:02:19.0694 0x1824  [ 38D720E0C8B0ECB9A019980265679798, 38A3CCB0AC7A70481B98E29637E6CE2A3B20737E6FF17AF885AE2229EDF08581 ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
23:02:19.0869 0x1824  NETw4v32 - ok
23:02:19.0890 0x1824  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:02:19.0915 0x1824  nfrd960 - ok
23:02:19.0942 0x1824  [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:02:19.0972 0x1824  NlaSvc - ok
23:02:20.0053 0x1824  [ 193FA51DDDD0BFFDED1C340F0434999A, C05CA0A8568E9CBDA15633ED420C29F52082114B2B9F24EB61369E42C480C080 ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
23:02:20.0088 0x1824  NMIndexingService - ok
23:02:20.0119 0x1824  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:02:20.0163 0x1824  Npfs - ok
23:02:20.0195 0x1824  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
23:02:20.0241 0x1824  nsi - ok
23:02:20.0268 0x1824  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:02:20.0314 0x1824  nsiproxy - ok
23:02:20.0407 0x1824  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:02:20.0487 0x1824  Ntfs - ok
23:02:20.0537 0x1824  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D, 52135D41983A9E9E1DCA250A63017076AE22AA06D77CCF2E5EF41154F958584A ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys
23:02:20.0592 0x1824  NTIDrvr - detected UnsignedFile.Multi.Generic ( 1 )
23:02:23.0032 0x1824  Detect skipped due to KSN trusted
23:02:23.0032 0x1824  NTIDrvr - ok
23:02:23.0057 0x1824  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
23:02:23.0124 0x1824  ntrigdigi - ok
23:02:23.0154 0x1824  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
23:02:23.0204 0x1824  Null - ok
23:02:23.0719 0x1824  [ 16EA3DD7CA9F239381D44421A939A01E, 3045BA2A0A5697B5B61CB19E6FADB4074E4330952995535AB38C7430BA7BBA5F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:02:24.0222 0x1824  nvlddmkm - ok
23:02:24.0283 0x1824  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:02:24.0326 0x1824  nvraid - ok
23:02:24.0364 0x1824  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:02:24.0390 0x1824  nvstor - ok
23:02:24.0427 0x1824  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:02:24.0464 0x1824  nv_agp - ok
23:02:24.0470 0x1824  NwlnkFlt - ok
23:02:24.0475 0x1824  NwlnkFwd - ok
23:02:24.0581 0x1824  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:02:24.0657 0x1824  odserv - ok
23:02:24.0708 0x1824  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:02:24.0755 0x1824  ohci1394 - ok
23:02:24.0810 0x1824  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:02:24.0917 0x1824  ose - ok
23:02:24.0965 0x1824  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:02:25.0035 0x1824  p2pimsvc - ok
23:02:25.0076 0x1824  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:02:25.0123 0x1824  p2psvc - ok
23:02:25.0171 0x1824  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
23:02:25.0239 0x1824  Parport - ok
23:02:25.0267 0x1824  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:02:25.0298 0x1824  partmgr - ok
23:02:25.0332 0x1824  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:02:25.0405 0x1824  Parvdm - ok
23:02:25.0438 0x1824  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:02:25.0480 0x1824  PcaSvc - ok
23:02:25.0510 0x1824  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
23:02:25.0534 0x1824  pci - ok
23:02:25.0545 0x1824  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:02:25.0571 0x1824  pciide - ok
23:02:25.0598 0x1824  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:02:25.0630 0x1824  pcmcia - ok
23:02:25.0702 0x1824  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:02:25.0809 0x1824  PEAUTH - ok
23:02:25.0906 0x1824  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
23:02:26.0051 0x1824  pla - ok
23:02:26.0110 0x1824  [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
23:02:26.0199 0x1824  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic ( 1 )
23:02:28.0557 0x1824  Detect skipped due to KSN trusted
23:02:28.0557 0x1824  PLFlash DeviceIoControl Service - ok
23:02:28.0619 0x1824  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:02:28.0747 0x1824  PlugPlay - ok
23:02:28.0798 0x1824  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
23:02:28.0852 0x1824  PNRPAutoReg - ok
23:02:28.0976 0x1824  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
23:02:29.0022 0x1824  PNRPsvc - ok
23:02:29.0069 0x1824  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:02:29.0141 0x1824  PolicyAgent - ok
23:02:29.0170 0x1824  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:02:29.0222 0x1824  PptpMiniport - ok
23:02:29.0244 0x1824  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
23:02:29.0299 0x1824  Processor - ok
23:02:29.0325 0x1824  [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:02:29.0382 0x1824  ProfSvc - ok
23:02:29.0412 0x1824  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
23:02:29.0446 0x1824  ProtectedStorage - ok
23:02:29.0478 0x1824  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:02:29.0530 0x1824  PSched - ok
23:02:29.0562 0x1824  [ E801D5CC24E1CF18FA87D24D7074B876, 78E7CD12320EE15712DF304F23AFA12CA2ACFDB9A7AA6AEFF3E73F48F0E0F242 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys
23:02:29.0589 0x1824  PSDFilter - ok
23:02:29.0626 0x1824  [ 24B5E3429F7F0E779FC2E6E36A0A5F73, 2BAE150EF1401F2EDD26C91282BDAB7705E12A11A8CABDD6DE539464FCA9E76C ] PSDNServ        C:\Windows\system32\drivers\PSDNServ.sys
23:02:29.0650 0x1824  PSDNServ - ok
23:02:29.0659 0x1824  [ 01CBFD08C0E8A6106BB26FCDA297154E, 9E7F577AFFC63850F65C6811A98A18AF86F4C389197D65F9B9AEF251EF6DD067 ] psdvdisk        C:\Windows\system32\drivers\psdvdisk.sys
23:02:29.0685 0x1824  psdvdisk - ok
23:02:29.0738 0x1824  [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:02:29.0780 0x1824  PSI_SVC_2 - ok
23:02:29.0860 0x1824  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:02:29.0918 0x1824  ql2300 - ok
23:02:29.0975 0x1824  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:02:30.0005 0x1824  ql40xx - ok
23:02:30.0043 0x1824  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
23:02:30.0077 0x1824  QWAVE - ok
23:02:30.0117 0x1824  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:02:30.0156 0x1824  QWAVEdrv - ok
23:02:30.0191 0x1824  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:02:30.0228 0x1824  RasAcd - ok
23:02:30.0266 0x1824  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
23:02:30.0318 0x1824  RasAuto - ok
23:02:30.0351 0x1824  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:02:30.0410 0x1824  Rasl2tp - ok
23:02:30.0459 0x1824  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
23:02:30.0519 0x1824  RasMan - ok
23:02:30.0550 0x1824  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:02:30.0603 0x1824  RasPppoe - ok
23:02:30.0648 0x1824  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:02:30.0677 0x1824  RasSstp - ok
23:02:30.0716 0x1824  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:02:30.0758 0x1824  rdbss - ok
23:02:30.0788 0x1824  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:02:30.0838 0x1824  RDPCDD - ok
23:02:30.0879 0x1824  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
23:02:30.0956 0x1824  rdpdr - ok
23:02:30.0962 0x1824  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:02:31.0013 0x1824  RDPENCDD - ok
23:02:31.0049 0x1824  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:02:31.0097 0x1824  RDPWD - ok
23:02:31.0147 0x1824  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:02:31.0221 0x1824  RemoteAccess - ok
23:02:31.0320 0x1824  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:02:31.0354 0x1824  RemoteRegistry - ok
23:02:31.0411 0x1824  [ 0A468612A19FEB657D127E7C4810F6FC, B31A083FA10051BE5132D759A904E131E9DD1C4CE79310A75213B9C48247739B ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:02:31.0486 0x1824  RichVideo - detected UnsignedFile.Multi.Generic ( 1 )
23:02:33.0826 0x1824  Detect skipped due to KSN trusted
23:02:33.0826 0x1824  RichVideo - ok
23:02:33.0860 0x1824  [ 355AAC141B214BEF1DBC1483AFD9BD50, EB9AF96E81C1644C0190D269119BE71C63B60D50153C6EA2659B488C4456DBDF ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
23:02:33.0900 0x1824  rimmptsk - ok
23:02:33.0905 0x1824  [ A4216C71DD4F60B26418CCFD99CD0815, C189953DD7B3AB31167D8746E8F829D222FEF3F8866317814414EF3E0D92B9E1 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
23:02:33.0944 0x1824  rimsptsk - ok
23:02:33.0951 0x1824  [ D231B577024AA324AF13A42F3A807D10, F63885D67FA40F3640044C79AE8FAA536D307959D2AE9543C4A8F3CE5447CF91 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
23:02:33.0977 0x1824  rismxdp - ok
23:02:34.0001 0x1824  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
23:02:34.0026 0x1824  RpcLocator - ok
23:02:34.0079 0x1824  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
23:02:34.0138 0x1824  RpcSs - ok
23:02:34.0241 0x1824  [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
23:02:34.0268 0x1824  RRNetCap - ok
23:02:34.0296 0x1824  [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
23:02:34.0314 0x1824  RRNetCapMP - ok
23:02:34.0357 0x1824  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:02:34.0412 0x1824  rspndr - ok
23:02:34.0434 0x1824  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
23:02:34.0469 0x1824  SamSs - ok
23:02:34.0499 0x1824  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:02:34.0528 0x1824  sbp2port - ok
23:02:34.0564 0x1824  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:02:34.0596 0x1824  SCardSvr - ok
23:02:34.0656 0x1824  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
23:02:34.0722 0x1824  Schedule - ok
23:02:34.0757 0x1824  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:02:34.0785 0x1824  SCPolicySvc - ok
23:02:34.0816 0x1824  [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:02:34.0852 0x1824  sdbus - ok
23:02:34.0882 0x1824  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:02:34.0922 0x1824  SDRSVC - ok
23:02:34.0964 0x1824  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:02:35.0066 0x1824  secdrv - ok
23:02:35.0118 0x1824  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
23:02:35.0168 0x1824  seclogon - ok
23:02:35.0192 0x1824  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
23:02:35.0236 0x1824  SENS - ok
23:02:35.0273 0x1824  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:02:35.0332 0x1824  Serenum - ok
23:02:35.0355 0x1824  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
23:02:35.0428 0x1824  Serial - ok
23:02:35.0444 0x1824  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:02:35.0510 0x1824  sermouse - ok
23:02:35.0558 0x1824  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:02:35.0613 0x1824  SessionEnv - ok
23:02:35.0672 0x1824  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:02:35.0733 0x1824  sffdisk - ok
23:02:35.0775 0x1824  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:02:35.0853 0x1824  sffp_mmc - ok
23:02:35.0891 0x1824  [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:02:35.0939 0x1824  sffp_sd - ok
23:02:35.0962 0x1824  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:02:36.0026 0x1824  sfloppy - ok
23:02:36.0062 0x1824  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:02:36.0122 0x1824  SharedAccess - ok
23:02:36.0167 0x1824  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:02:36.0214 0x1824  ShellHWDetection - ok
23:02:36.0225 0x1824  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:02:36.0253 0x1824  sisagp - ok
23:02:36.0282 0x1824  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:02:36.0309 0x1824  SiSRaid2 - ok
23:02:36.0329 0x1824  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:02:36.0356 0x1824  SiSRaid4 - ok
23:02:36.0419 0x1824  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
23:02:36.0460 0x1824  SkypeUpdate - ok
23:02:36.0630 0x1824  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
23:02:37.0049 0x1824  slsvc - ok
23:02:37.0103 0x1824  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:02:37.0224 0x1824  SLUINotify - ok
23:02:37.0258 0x1824  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:02:37.0320 0x1824  Smb - ok
23:02:37.0351 0x1824  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:02:37.0379 0x1824  SNMPTRAP - ok
23:02:37.0482 0x1824  [ EF1F141A83C61503333569D2862F3999, A82E72E5707C1F7E6352B5D88861EB6322D2151960769861665E7A0D6D1043D8 ] SNP2UVC         C:\Windows\system32\DRIVERS\snp2uvc.sys
23:02:37.0611 0x1824  SNP2UVC - ok
23:02:37.0662 0x1824  [ 905782BCF15B6E5AF9905B77923C7FA2, 9D9207425C77D6F362A0D924EBF2592D0F2B72DB388E28178ED49F7C9CF590C6 ] SPBBCDrv        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
23:02:37.0707 0x1824  SPBBCDrv - ok
23:02:37.0744 0x1824  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:02:37.0770 0x1824  spldr - ok
23:02:37.0803 0x1824  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
23:02:37.0846 0x1824  Spooler - ok
23:02:37.0888 0x1824  [ 15E29EB26DD53EB6385629F4622B5519, 8D9089EF681CA687CDFEC62DF414706C59DFD9A618B915089BC6A6993520A79F ] SRTSP           C:\Windows\system32\Drivers\SRTSP.SYS
23:02:37.0921 0x1824  SRTSP - ok
23:02:37.0955 0x1824  [ FD0C0333FAE09DBD1170E0D607ECA5C8, 2491C82601BB388CC75CC26E33A024D600CBDE7CDB4809D5472C60AB3917F46F ] SRTSPL          C:\Windows\system32\Drivers\SRTSPL.SYS
23:02:37.0991 0x1824  SRTSPL - ok
23:02:38.0013 0x1824  [ 7E60A4A4035BE470F47C6806DA57DB99, 1B3959E49F28D797523DB7B323EA19C01008EC9E3A80C5A8FFEC497D3F30E636 ] SRTSPX          C:\Windows\system32\Drivers\SRTSPX.SYS
23:02:38.0036 0x1824  SRTSPX - ok
23:02:38.0080 0x1824  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:02:38.0141 0x1824  srv - ok
23:02:38.0188 0x1824  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:02:38.0229 0x1824  srv2 - ok
23:02:38.0244 0x1824  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:02:38.0291 0x1824  srvnet - ok
23:02:38.0324 0x1824  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:02:38.0399 0x1824  SSDPSRV - ok
23:02:38.0441 0x1824  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:02:38.0469 0x1824  SstpSvc - ok
23:02:38.0530 0x1824  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
23:02:38.0587 0x1824  stisvc - ok
23:02:38.0614 0x1824  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:02:38.0639 0x1824  swenum - ok
23:02:38.0674 0x1824  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
23:02:38.0726 0x1824  swprv - ok
23:02:38.0841 0x1824  [ FA2F6A8849219B16460BF44F9D1F3AA7, 540ED111A4F49A082CBB882A8C8BBBF487890F13DF6951F0BFD36D970484A25A ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
23:02:39.0039 0x1824  Symantec Core LC - ok
23:02:39.0103 0x1824  [ 2FE779B1A07747FED8074C433C3C4604, 4E2544308360CD0AEAB88B2FFDA5334C0F4F799ECC9D1945515AA2719920B870 ] SymAppCore      C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
23:02:39.0138 0x1824  SymAppCore - ok
23:02:39.0170 0x1824  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
23:02:39.0196 0x1824  Symc8xx - ok
23:02:39.0242 0x1824  [ 51B57CDA977170AC608D839DBFA1D3EE, 263105C798AA2FEAE079779443F8002004A433C692E1807508B77C2B53DA4536 ] SYMDNS          C:\Windows\System32\Drivers\SYMDNS.SYS
23:02:39.0279 0x1824  SYMDNS - ok
23:02:39.0288 0x1824  [ 06B95820DF51502099A8A15C93E87986, 77F70B2A8B84882840DEFA89D6037EF16E8BF5EADB7D089DD2374C12290D17A5 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT.SYS
23:02:39.0317 0x1824  SymEvent - ok
23:02:39.0340 0x1824  [ A131D8360B01044517AA44529E2137D6, 525E8D0F11054A40FE960DC195A5B40FED79A273323AA4DDC2522DDB0A43D5B7 ] SYMFW           C:\Windows\System32\Drivers\SYMFW.SYS
23:02:39.0378 0x1824  SYMFW - ok
23:02:39.0388 0x1824  [ 2B77868F02DAE02103380B824431B798, ED8E0B8ABE95B36E39F7B17C962DB204BFC905B8546E6D1062E3F6C5FD0874E7 ] SYMIDS          C:\Windows\System32\Drivers\SYMIDS.SYS
23:02:39.0413 0x1824  SYMIDS - ok
23:02:39.0422 0x1824  [ 7D3ADDFE63E5227BD2DBD5692BAFB688, 96F860CC530F50003F80D0A54CB20E0C992A6C4C0E9583200BBF7470899FE3F8 ] SYMNDISV        C:\Windows\System32\Drivers\SYMNDISV.SYS
23:02:39.0464 0x1824  SYMNDISV - ok
23:02:39.0483 0x1824  [ 394B2368212114D538316812AF60FDDD, 74DAC801C692DD858EF2A410D99D9E0DE565599436A8F80D7B39818F062B943F ] SYMREDRV        C:\Windows\System32\Drivers\SYMREDRV.SYS
23:02:39.0535 0x1824  SYMREDRV - ok
23:02:39.0580 0x1824  [ D46676BB414C7531BDFFE637A33F5033, BDF9792FB05455B7B5600063CFC783802F7948ABF614AD74D20CDB0BAAC86D11 ] SYMTDI          C:\Windows\System32\Drivers\SYMTDI.SYS
23:02:39.0616 0x1824  SYMTDI - ok
23:02:39.0654 0x1824  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:02:39.0700 0x1824  Sym_hi - ok
23:02:39.0716 0x1824  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:02:39.0744 0x1824  Sym_u3 - ok
23:02:39.0791 0x1824  [ C5F25D490D0915732508FD421BF76D93, 9DDF1CBC69C3A1D157073F897AE797ECA257F1CC9659A75F6DFF0C30594C06DD ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:02:39.0820 0x1824  SynTP - ok
23:02:39.0882 0x1824  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
23:02:39.0952 0x1824  SysMain - ok
23:02:39.0992 0x1824  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:02:40.0019 0x1824  TabletInputService - ok
23:02:40.0066 0x1824  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:02:40.0125 0x1824  TapiSrv - ok
23:02:40.0165 0x1824  [ D7F411C5AF992BB44E86083A6AA7B045, 0ABD5BA0FB92349C903F9ABCDD7116FED4C8BFD954D32C451BCAC7665B69625F ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
23:02:40.0190 0x1824  tbhsd - ok
23:02:40.0217 0x1824  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
23:02:40.0261 0x1824  TBS - ok
23:02:40.0344 0x1824  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:02:40.0407 0x1824  Tcpip - ok
23:02:40.0441 0x1824  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:02:40.0599 0x1824  Tcpip6 - ok
23:02:40.0670 0x1824  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:02:40.0701 0x1824  tcpipreg - ok
23:02:40.0756 0x1824  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:02:40.0824 0x1824  TDPIPE - ok
23:02:40.0854 0x1824  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:02:40.0919 0x1824  TDTCP - ok
23:02:40.0956 0x1824  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:02:40.0994 0x1824  tdx - ok
23:02:41.0054 0x1824  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:02:41.0080 0x1824  TermDD - ok
23:02:41.0163 0x1824  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
23:02:41.0231 0x1824  TermService - ok
23:02:41.0257 0x1824  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
23:02:41.0304 0x1824  Themes - ok
23:02:41.0324 0x1824  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:02:41.0359 0x1824  THREADORDER - ok
23:02:41.0391 0x1824  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
23:02:41.0446 0x1824  TrkWks - ok
23:02:41.0515 0x1824  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:02:41.0572 0x1824  TrustedInstaller - ok
23:02:41.0601 0x1824  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:02:41.0629 0x1824  tssecsrv - ok
23:02:41.0663 0x1824  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
23:02:41.0705 0x1824  tunmp - ok
23:02:41.0724 0x1824  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:02:41.0759 0x1824  tunnel - ok
23:02:41.0794 0x1824  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:02:41.0822 0x1824  uagp35 - ok
23:02:41.0854 0x1824  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:02:41.0909 0x1824  udfs - ok
23:02:41.0957 0x1824  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:02:41.0997 0x1824  UI0Detect - ok
23:02:42.0016 0x1824  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:02:42.0046 0x1824  uliagpkx - ok
23:02:42.0069 0x1824  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
23:02:42.0103 0x1824  uliahci - ok
23:02:42.0126 0x1824  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:02:42.0155 0x1824  UlSata - ok
23:02:42.0181 0x1824  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
23:02:42.0210 0x1824  ulsata2 - ok
23:02:42.0371 0x1824  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:02:42.0411 0x1824  umbus - ok
23:02:42.0483 0x1824  [ 88BD96A1BAEED33EE8BDF9499C07A841, 1C4DA1B34FE52B8022AB23CBF18D6B16635283625BB2D08E6524292E6009773A ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
23:02:42.0550 0x1824  UMPass - ok
23:02:42.0623 0x1824  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
23:02:42.0672 0x1824  upnphost - ok
23:02:42.0712 0x1824  [ 83CAFCB53201BBAC04D822F32438E244, E3F6FDE4D429FB630B19417DD9752A2CE9F6C9FD58918D714B5438A3D4136853 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
23:02:42.0755 0x1824  USBAAPL - ok
23:02:42.0811 0x1824  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:02:42.0857 0x1824  usbccgp - ok
23:02:42.0892 0x1824  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:02:42.0960 0x1824  usbcir - ok
23:02:42.0998 0x1824  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:02:43.0026 0x1824  usbehci - ok
23:02:43.0054 0x1824  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:02:43.0087 0x1824  usbhub - ok
23:02:43.0102 0x1824  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:02:43.0156 0x1824  usbohci - ok
23:02:43.0199 0x1824  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:02:43.0237 0x1824  usbprint - ok
23:02:43.0292 0x1824  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:02:43.0337 0x1824  usbscan - ok
23:02:43.0374 0x1824  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:02:43.0411 0x1824  USBSTOR - ok
23:02:43.0444 0x1824  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:02:43.0498 0x1824  usbuhci - ok
23:02:43.0536 0x1824  [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2, D29C9A0ED5602BCD529A0D7F538DFA8771B1CAC6F433AA686C3A4917DC596369 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
23:02:43.0597 0x1824  usb_rndisx - ok
23:02:43.0626 0x1824  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
23:02:43.0682 0x1824  UxSms - ok
23:02:43.0725 0x1824  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
23:02:43.0807 0x1824  vds - ok
23:02:43.0841 0x1824  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:02:43.0896 0x1824  vga - ok
23:02:43.0928 0x1824  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:02:43.0968 0x1824  VgaSave - ok
23:02:44.0021 0x1824  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:02:44.0049 0x1824  viaagp - ok
23:02:44.0069 0x1824  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
23:02:44.0125 0x1824  ViaC7 - ok
23:02:44.0144 0x1824  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:02:44.0169 0x1824  viaide - ok
23:02:44.0196 0x1824  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:02:44.0225 0x1824  volmgr - ok
23:02:44.0274 0x1824  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:02:44.0312 0x1824  volmgrx - ok
23:02:44.0355 0x1824  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:02:44.0387 0x1824  volsnap - ok
23:02:44.0422 0x1824  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:02:44.0451 0x1824  vsmraid - ok
23:02:44.0521 0x1824  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
23:02:44.0673 0x1824  VSS - ok
23:02:44.0716 0x1824  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
23:02:44.0782 0x1824  W32Time - ok
23:02:44.0821 0x1824  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:02:44.0891 0x1824  WacomPen - ok
23:02:44.0913 0x1824  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:02:44.0977 0x1824  Wanarp - ok
23:02:44.0985 0x1824  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:02:45.0017 0x1824  Wanarpv6 - ok
23:02:45.0072 0x1824  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:02:45.0125 0x1824  wcncsvc - ok
23:02:45.0154 0x1824  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:02:45.0201 0x1824  WcsPlugInService - ok
23:02:45.0219 0x1824  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
23:02:45.0270 0x1824  Wd - ok
23:02:45.0320 0x1824  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:02:45.0365 0x1824  Wdf01000 - ok
23:02:45.0400 0x1824  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:02:45.0473 0x1824  WdiServiceHost - ok
23:02:45.0478 0x1824  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:02:45.0525 0x1824  WdiSystemHost - ok
23:02:45.0558 0x1824  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
23:02:45.0595 0x1824  WebClient - ok
23:02:45.0634 0x1824  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:02:45.0683 0x1824  Wecsvc - ok
23:02:45.0721 0x1824  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:02:45.0776 0x1824  wercplsupport - ok
23:02:45.0811 0x1824  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:02:45.0844 0x1824  WerSvc - ok
23:02:45.0898 0x1824  [ C9C63410D8CF98F621B9CC62243FB877, 0A9E1FEBBC73D79AB544E6330977F3B281CCE50A8C9101AED0A7DD1DA0BBBEFC ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:02:45.0969 0x1824  winachsf - ok
23:02:46.0044 0x1824  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:02:46.0089 0x1824  WinDefend - ok
23:02:46.0105 0x1824  WinHttpAutoProxySvc - ok
23:02:46.0174 0x1824  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:02:46.0218 0x1824  Winmgmt - ok
23:02:46.0288 0x1824  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:02:46.0440 0x1824  WinRM - ok
23:02:46.0508 0x1824  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:02:46.0569 0x1824  Wlansvc - ok
23:02:46.0591 0x1824  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:02:46.0623 0x1824  WmiAcpi - ok
23:02:46.0667 0x1824  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:02:46.0741 0x1824  wmiApSrv - ok
23:02:46.0897 0x1824  [ F778EE748D7D88FEAF528EF89C589BAE, BA1ACBC9453F171C46CF77739FFE5C800E0572E07FEB51C05821506FF1EDCBBB ] WMIService      C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
23:02:46.0956 0x1824  WMIService - detected UnsignedFile.Multi.Generic ( 1 )
23:02:57.0399 0x1824  WMIService ( UnsignedFile.Multi.Generic ) - warning
23:02:57.0399 0x1824  Force sending object to P2P due to detect: WMIService
23:03:08.0181 0x1824  Object send P2P result: false
23:03:08.0274 0x1824  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:03:08.0363 0x1824  WMPNetworkSvc - ok
23:03:08.0395 0x1824  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:03:08.0439 0x1824  WPCSvc - ok
23:03:08.0497 0x1824  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:03:08.0532 0x1824  WPDBusEnum - ok
23:03:08.0565 0x1824  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:03:08.0622 0x1824  WpdUsb - ok
23:03:08.0734 0x1824  [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:03:08.0809 0x1824  WPFFontCache_v0400 - ok
23:03:08.0848 0x1824  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:03:08.0886 0x1824  ws2ifsl - ok
23:03:08.0920 0x1824  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
23:03:08.0960 0x1824  wscsvc - ok
23:03:08.0965 0x1824  WSearch - ok
23:03:09.0084 0x1824  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:03:09.0253 0x1824  wuauserv - ok
23:03:09.0310 0x1824  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:03:09.0352 0x1824  WudfPf - ok
23:03:09.0398 0x1824  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:03:09.0445 0x1824  WUDFRd - ok
23:03:09.0480 0x1824  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:03:09.0507 0x1824  wudfsvc - ok
23:03:09.0534 0x1824  [ 2E579520E114A9CA309F13BF40AD8292, A7C926AD8E126E90F83799D907AD51F8F3C2C2799E2E2D005357DEE58B73B333 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
23:03:09.0572 0x1824  XAudio - ok
23:03:09.0602 0x1824  [ F82FC2C30A19442B95AE554215837C46, 7CAD611D660264BB22069148DC16601D3458D1372FC1DE85BD004906E19D05B4 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
23:03:09.0686 0x1824  XAudioService - ok
23:03:09.0799 0x1824  [ 5867CE254625645345C833510D24F124, 72808936B15373DDB3B3DAD46D0368A9CBD5CF0829F0FE2D63F3A0731102277C ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
23:03:10.0499 0x1824  {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
23:03:10.0510 0x1824  ================ Scan global ===============================
23:03:10.0551 0x1824  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
23:03:10.0593 0x1824  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:03:10.0628 0x1824  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
23:03:10.0682 0x1824  [ 4F0A7910FC7D8A66433FA9961EEF8BB5, 2086EDEE8CF9CC9BDBDC03018F7C28BB56172F941CB4D6F3D857BCF82B32FB6B ] C:\Windows\system32\services.exe
23:03:10.0691 0x1824  [ Global ] - ok
23:03:10.0691 0x1824  ================ Scan MBR ==================================
23:03:10.0715 0x1824  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0
23:03:13.0021 0x1824  \Device\Harddisk0\DR0 - ok
23:03:13.0024 0x1824  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
23:03:13.0168 0x1824  \Device\Harddisk1\DR1 - ok
23:03:13.0169 0x1824  ================ Scan VBR ==================================
23:03:13.0182 0x1824  [ AE86AFC9B836799AAE78885F1B32D876 ] \Device\Harddisk0\DR0\Partition1
23:03:13.0217 0x1824  \Device\Harddisk0\DR0\Partition1 - ok
23:03:13.0240 0x1824  [ 0347A1424C2AF292A0D54D3B5EF9115D ] \Device\Harddisk0\DR0\Partition2
23:03:13.0254 0x1824  \Device\Harddisk0\DR0\Partition2 - ok
23:03:13.0257 0x1824  [ 3207B8F76CE8B3AC28ECEDDD646FCA11 ] \Device\Harddisk1\DR1\Partition1
23:03:13.0282 0x1824  \Device\Harddisk1\DR1\Partition1 - ok
23:03:13.0283 0x1824  ================ Scan generic autorun ======================
23:03:13.0360 0x1824  [ 0D392EDE3B97E0B3131B2F63EF1DB94E, 3EDA280F91097293E00BF984D377E1111CFDE1FC81B30A3FDEB38F321EF82BB6 ] C:\Program Files\Windows Defender\MSASCui.exe
23:03:13.0469 0x1824  Windows Defender - ok
23:03:13.0676 0x1824  [ A659F31AC25418738351E5BDF4C85780, 771CB4EEFAA83DD7319165483869688C69D76349526953FDE5D973945B6CC337 ] C:\Windows\RtHDVCpl.exe
23:03:14.0150 0x1824  RtHDVCpl - ok
23:03:14.0203 0x1824  [ E090EE780714E376062198C6625D5B51, B9AA58A70C4FF0487061B63E23DA03362DE55030030DF73114FA1C462E09F677 ] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
23:03:14.0331 0x1824  eDataSecurity Loader - detected UnsignedFile.Multi.Generic ( 1 )
23:03:14.0331 0x1824  eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - warning
23:03:14.0354 0x1824  [ D12509C433C20D2818E8C03C401A256F, B42D98B7C268D567DFCD5494FC534969E4588D2A0336E22686221E3892F12EC0 ] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
23:03:14.0379 0x1824  ccApp - ok
23:03:14.0418 0x1824  [ 9F9169BA9B0E44B6C86A5247CEC2CDEE, 5E4D168F381FF98C63C1B689778732AED7CC9C19753B2A905894613ED8FC5622 ] C:\Program Files\Norton Internet Security\osCheck.exe
23:03:14.0447 0x1824  osCheck - ok
23:03:14.0491 0x1824  [ FB1EEAB5A76A943060DEFA4CCC45143B, 45AB4AD74F7EB195EA032888BE2507DA9D0FC2B0A371A397EE6D5DEC9F1E0ADE ] C:\Windows\PLFSetL.exe
23:03:14.0571 0x1824  PLFSetL - ok
23:03:14.0628 0x1824  [ B3E0C20A53D6A55590468B33AA9BC525, 162B848C258B333FE0E8A01B74C6CD602EAAFEBB40838F2987EF4DFF6D589A80 ] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
23:03:14.0657 0x1824  IAAnotif - ok
23:03:14.0758 0x1824  [ 9D7B24A4C61A0368D05F7DE1C21B2D19, 8DA0929FD95B8D715F1E5EC252578B1DEFD516BD72C5400FB08C3E45B4353136 ] C:\Acer\Empowering Technology\eAudio\eAudio.exe
23:03:14.0889 0x1824  eAudio - detected UnsignedFile.Multi.Generic ( 1 )
23:03:14.0890 0x1824  eAudio ( UnsignedFile.Multi.Generic ) - warning
23:03:14.0980 0x1824  [ F082D25C1F5ED9A9132C5F9B8E66DF9F, D95016C8E91B6AA6F502AA627700340BE1C1507E5E74AF4F080133F6C8908C4C ] C:\PROGRA~1\LAUNCH~1\LManager.exe
23:03:15.0044 0x1824  LManager - ok
23:03:15.0124 0x1824  [ BBADDD291165F398BA4F058287175209, B0F07879DA75CB4027A1EAD18C5E055362E73112CF7E8D6CCE672DDCD9A09F69 ] C:\Acer\WR_PopUp\WarReg_PopUp.exe
23:03:15.0172 0x1824  WarReg_PopUp - detected UnsignedFile.Multi.Generic ( 1 )
23:03:15.0172 0x1824  WarReg_PopUp ( UnsignedFile.Multi.Generic ) - warning
23:03:15.0207 0x1824  [ EED2120454E74AA5C257947986B4D068, 1E68F6DF831941B8F3C5F2B0A67AB5F9A9C94901DD37B31654D91DE38110B9E0 ] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
23:03:15.0239 0x1824  SynTPStart - ok
23:03:15.0289 0x1824  [ 2D1389E05A807D956829F44BD4B60389, 8496FCCCF2C96550F67F53F91592E3BA7B74654ABD1D84794F6B63A79BC357B2 ] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
23:03:15.0332 0x1824  Symantec PIF AlertEng - ok
23:03:15.0367 0x1824  [ 5862E2C51AE6085E9463773CE861CF86, F208ABDF68ABF9DAB7C60F9445DF5E2C7CCB1D71C50AD5CA4956B045E8807AA6 ] C:\Acer\AcerTour\Reminder.exe
23:03:15.0385 0x1824  Acer Tour Reminder - detected UnsignedFile.Multi.Generic ( 1 )
23:03:15.0385 0x1824  Acer Tour Reminder ( UnsignedFile.Multi.Generic ) - warning
23:03:15.0470 0x1824  [ D36ED326635F4F04A330022343D3B486, 0E7028017C95227A65DB18F386F74902B116D02D629314B838C5FD52DBE5AFB9 ] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
23:03:15.0666 0x1824  NeroFilterCheck - ok
23:03:15.0769 0x1824  [ A68D88E51E33BA386F70E800B0FDA450, CD32E93D3EC7BF6FF3A87008F12FE41AB5D1F312796791140881469AA7F2C69D ] D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe
23:03:15.0863 0x1824  SecurDisc - ok
23:03:15.0901 0x1824  [ DBD0146722742E697D7B6A01804E130D, E6B85D4A6EAAEE1ECED7FB9D3CA11CC8B2366005B5B032A47C4518E2446BA59A ] D:\Programme\Nero 7\Nero 7\InCD\InCD.exe
23:03:15.0967 0x1824  InCD - ok
23:03:16.0063 0x1824  [ D373E15EB5E2E463EF01CF7BD8D7A1DF, C3422CC25E3591F3A65CE58CE1187A93AA6F71D2976BB67A604473E3C998BEE1 ] C:\Windows\Skytel.exe
23:03:16.0181 0x1824  Skytel - ok
23:03:16.0347 0x1824  [ 0282F454BF380AF26EFC3913C6D435FF, 8E5EB6EBE7044381B3F3E703F3B60F073649856B74A2BEC99A669F1F77C8C5BA ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
23:03:16.0513 0x1824  CanonMyPrinter - ok
23:03:16.0585 0x1824  [ 223AD0CA4092AEFFE0D0DE25502A3DB6, D7A0E5639D329C8245515712125C7C489645B70A06A4F6D1DBE06BA7BD3C96DC ] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
23:03:16.0638 0x1824  CanonSolutionMenu - ok
23:03:16.0643 0x1824  NvSvc - ok
23:03:16.0647 0x1824  NvCplDaemon - ok
23:03:16.0651 0x1824  NvMediaCenter - ok
23:03:16.0797 0x1824  [ 7516C453B017706D857A6E57F75D72AD, EDB67298B432990D16168C023FB8079B475DAEC540594E2020BBE8EBD017B5E9 ] D:\Programme\DivX\DivX Media Server\DivXMediaServer.exe
23:03:16.0837 0x1824  DivXMediaServer - detected UnsignedFile.Multi.Generic ( 1 )
23:03:16.0837 0x1824  DivXMediaServer ( UnsignedFile.Multi.Generic ) - warning
23:03:16.0935 0x1824  [ FB1A303207C1124C2B61A50E5A32AC21, 5BE93B9FDE657DCDAF4E8C02BC3F364C58B115DCE3AD10044FBCDC0FF90C2EBC ] C:\Program Files\DivX\DivX Update\DivXUpdate.exe
23:03:17.0066 0x1824  DivXUpdate - ok
23:03:17.0334 0x1824  [ BEE793728636C7E729937D317B5D1F6D, 2F12F85C6B7861390802BCD88E9615C5DEC3ECD214511111A55D3EE925041C03 ] C:\Program Files\AVG\AVG2015\avgui.exe
23:03:17.0566 0x1824  AVG_UI - ok
23:03:17.0685 0x1824  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:03:17.0801 0x1824  Sidebar - ok
23:03:17.0808 0x1824  WindowsWelcomeCenter - ok
23:03:17.0874 0x1824  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
23:03:17.0962 0x1824  Sidebar - ok
23:03:17.0969 0x1824  WindowsWelcomeCenter - ok
23:03:18.0009 0x1824  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
23:03:18.0179 0x1824  Sidebar - ok
23:03:18.0230 0x1824  [ 1B31D1266691EDD4224B0036449F14B4, A03D67AEF16351D3A4C410759EF58B179DA01A1160F220966510BCA6DCA95AAD ] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
23:03:18.0257 0x1824  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
23:03:18.0311 0x1824  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
23:03:18.0369 0x1824  ehTray.exe - ok
23:03:18.0721 0x1824  [ BC59AE9A62B28A31487BFD32373BCD5D, A57C1887558B0E652F69B60658E4A3F805E11FCC077DBE925985F3789D57A100 ] C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe
23:03:19.0416 0x1824  Amazon Music - ok
23:03:19.0512 0x1824  Skype - ok
23:03:19.0637 0x1824  [ BE0186C2984A1A04E84FF94EE07ACA0C, FDDDAE41ED5A7CAA4F2FEDCF1288F24FA91E1D229D363A4DE28B50DF66EBE7D9 ] C:\Program Files\MyDrive Connect\MyDriveConnect.exe
23:03:19.0724 0x1824  MyDriveConnect.exe - ok
23:03:19.0771 0x1824  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
23:03:19.0808 0x1824  WMPNSCFG - ok
23:03:19.0893 0x1824  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.5941 ), 0x41000 ( enabled : updated )
23:03:19.0900 0x1824  Win FW state via NFP2: enabled
23:03:19.0900 0x1824  ============================================================
23:03:19.0900 0x1824  Scan finished
23:03:19.0900 0x1824  ============================================================
23:03:19.0910 0x19f4  Detected object count: 6
23:03:19.0910 0x19f4  Actual detected object count: 6
23:05:00.0792 0x19f4  WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
23:05:00.0792 0x19f4  WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:05:00.0794 0x19f4  eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - skipped by user
23:05:00.0794 0x19f4  eDataSecurity Loader ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:05:00.0796 0x19f4  eAudio ( UnsignedFile.Multi.Generic ) - skipped by user
23:05:00.0796 0x19f4  eAudio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:05:00.0797 0x19f4  WarReg_PopUp ( UnsignedFile.Multi.Generic ) - skipped by user
23:05:00.0797 0x19f4  WarReg_PopUp ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:05:00.0799 0x19f4  Acer Tour Reminder ( UnsignedFile.Multi.Generic ) - skipped by user
23:05:00.0799 0x19f4  Acer Tour Reminder ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:05:00.0800 0x19f4  DivXMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:05:00.0800 0x19f4  DivXMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
__________________

Geändert von shorlo (14.05.2015 um 22:25 Uhr)

Alt 15.05.2015, 18:50   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Das Problem kommt nur bei Firefox?


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.05.2015, 19:48   #5
shorlo
 
Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Bisher ist das Problem nur bei Firefox aufgetreten. Mit dem Internet Explorer passiert es nicht, dass der Laptop Neustartet.
Andere Programme hatte ich seit dem Problem noch nicht wieder verwendet.

Logfile von Combofix:

Code:
ATTFilter
ComboFix 15-05-13.01 - Shorlogere 15.05.2015  20:08:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3069.1763 [GMT 2:00]
ausgeführt von:: c:\users\Shorlogere\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\drv\Tuner\Yuan\Resources\_desktop.ini
c:\program files\SingAlong
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\users\Public\AlexaNSISPlugin.2744.dll
c:\users\Shorlogere\FRST.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-15 bis 2015-05-15  ))))))))))))))))))))))))))))))
.
.
2015-05-15 18:23 . 2015-05-15 18:23	--------	d-----w-	c:\users\Shorlogere\AppData\Local\temp
2015-05-15 18:23 . 2015-05-15 18:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-14 19:29 . 2015-05-14 19:29	--------	d-----w-	c:\programdata\Malwarebytes
2015-05-14 19:28 . 2015-05-14 20:16	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-05-14 19:28 . 2015-05-14 19:28	119512	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-05-14 19:25 . 2015-05-14 19:25	92888	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-05-14 16:21 . 2015-05-14 16:28	--------	d-----w-	C:\FRST
2015-05-14 13:08 . 2015-05-14 13:08	--------	d-----w-	c:\users\Shorlogere\AppData\Roaming\AVG2015
2015-05-14 13:02 . 2015-05-14 13:07	--------	d-----w-	c:\programdata\AVG2015
2015-05-14 13:02 . 2015-05-14 13:02	--------	d-----w-	C:\$AVG
2015-05-14 12:58 . 2015-05-14 12:58	--------	d-----w-	c:\program files\AVG
2015-05-14 12:55 . 2015-05-15 09:46	--------	d-----w-	c:\programdata\MFAData
2015-05-14 12:55 . 2015-05-14 13:13	--------	d-----w-	c:\users\Shorlogere\AppData\Local\Avg2015
2015-05-14 12:55 . 2015-05-14 12:55	--------	d-----w-	c:\users\Shorlogere\AppData\Local\MFAData
2015-05-13 11:17 . 2015-04-30 16:03	279040	----a-w-	c:\windows\system32\schannel.dll
2015-05-13 11:15 . 2015-04-19 21:24	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2015-05-13 11:15 . 2015-04-19 21:24	189952	----a-w-	c:\windows\system32\d3d10core.dll
2015-05-13 11:15 . 2015-04-19 21:24	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2015-05-13 11:15 . 2015-04-19 20:18	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2015-05-13 11:15 . 2015-04-19 20:13	682496	----a-w-	c:\windows\system32\d2d1.dll
2015-05-13 11:15 . 2015-04-19 21:24	1029120	----a-w-	c:\windows\system32\d3d10.dll
2015-05-13 11:15 . 2015-04-19 20:19	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2015-05-13 11:15 . 2015-04-19 20:12	1072640	----a-w-	c:\windows\system32\DWrite.dll
2015-05-13 11:15 . 2015-04-19 20:12	801792	----a-w-	c:\windows\system32\FntCache.dll
2015-05-13 11:15 . 2015-04-19 04:59	2065408	----a-w-	c:\windows\system32\win32k.sys
2015-05-13 11:14 . 2015-04-30 13:14	102608	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 11:13 . 2015-04-08 01:11	1219584	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2015-05-13 11:13 . 2015-04-08 01:11	985088	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2015-05-13 11:13 . 2015-04-08 01:11	967168	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2015-05-13 11:13 . 2015-04-08 01:11	939008	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2015-05-13 11:13 . 2015-04-07 23:35	1850880	----a-w-	c:\program files\Windows Journal\Journal.exe
2015-05-13 11:03 . 2015-04-10 23:22	279552	----a-w-	c:\windows\system32\services.exe
2015-05-12 19:15 . 2015-04-04 06:39	9201616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{012D6BC9-2E43-4DD6-9359-F31CA5F66C96}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 20:33 . 2012-10-07 14:17	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-04-15 20:33 . 2011-05-23 16:42	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-15 11:05 . 2015-04-15 11:05	206816	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2015-04-14 00:35 . 2015-04-14 00:35	875720	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2015-04-14 00:35 . 2015-04-14 00:35	536776	----a-w-	c:\windows\system32\msvcp120_clr0400.dll
2015-04-09 12:12 . 2015-04-09 12:12	226784	----a-w-	c:\windows\system32\drivers\avgidsdriverx.sys
2015-04-07 10:45 . 2015-04-07 10:45	213984	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2015-04-03 07:37 . 2015-04-03 07:37	110048	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2015-03-20 10:18 . 2015-03-20 10:18	35808	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2015-03-14 02:21 . 2015-04-15 07:43	1205168	----a-w-	c:\windows\system32\ntdll.dll
2015-03-13 01:51 . 2015-04-15 07:43	3604920	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-03-13 01:51 . 2015-04-15 07:43	3552184	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-03-11 10:13 . 2015-03-11 10:13	269792	----a-w-	c:\windows\system32\drivers\avglogx.sys
2015-03-11 10:13 . 2015-03-11 10:13	166880	----a-w-	c:\windows\system32\drivers\avgidshx.sys
2015-03-11 10:13 . 2015-03-11 10:13	132576	----a-w-	c:\windows\system32\drivers\avgdiskx.sys
2015-03-11 10:08 . 2015-03-11 10:08	29664	----a-w-	c:\windows\system32\drivers\avgidsshimx.sys
2015-03-09 01:01 . 2015-04-15 07:53	1249280	----a-w-	c:\windows\system32\msxml3.dll
2015-03-05 02:32 . 2015-04-15 07:44	244152	----a-w-	c:\windows\system32\clfs.sys
2015-03-05 02:24 . 2015-04-15 07:45	297984	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 02:23 . 2015-04-15 07:44	57344	----a-w-	c:\windows\system32\clfsw32.dll
2015-02-24 02:23 . 2014-01-11 15:12	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-20 02:03 . 2015-03-12 08:02	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 00:28 . 2015-03-12 08:02	296960	----a-w-	c:\windows\system32\atmfd.dll
2015-02-17 15:04 . 2015-02-17 15:04	1202848	----a-w-	c:\windows\system32\FM20.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2014-03-26 424224]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2014-03-26 14:19	424224	----a-w-	c:\users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-11-11 13:07	323752	----a-w-	c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2014-03-26 424224]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll" [2014-03-26 424224]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Amazon Music"="c:\users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe" [2014-09-06 6281536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-12-11 30877280]
"MyDriveConnect.exe"="c:\program files\MyDrive Connect\MyDriveConnect.exe" [2014-10-03 1792376]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 107112]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-11-21 22696]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-08-31 1286144]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 768520]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SecurDisc"="d:\programme\Nero 7\Nero 7\InCD\NBHGui.exe" [2008-05-06 1629480]
"InCD"="d:\programme\Nero 7\Nero 7\InCD\InCD.exe" [2008-05-06 1057064]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-15 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-15 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-15 81920]
"DivXMediaServer"="d:\programme\DivX\DivX Media Server\DivXMediaServer.exe" [2013-08-21 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-08-29 1861968]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-04-15 3745232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe 9999 [2007-12-26 535336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Tour"=
"SetPanel"=c:\acer\APanel\APanel.cmd
"PlayMovie"="c:\program files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"eRecoveryService"=
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-15 10:31	988488	----a-w-	c:\program files\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 20:33]
.
2015-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-01 15:52]
.
2015-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-01 15:52]
.
2015-05-15 c:\windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 04:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN26618805922697228&UM=2&ctid=CT3312331
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Free YouTube Download - c:\program files\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Shorlogere\AppData\Roaming\Mozilla\Firefox\Profiles\oj6v75dv.default-1431546951963\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Adobe SVG Viewer - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-05-15 20:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2015-05-15  20:26:58
ComboFix-quarantined-files.txt  2015-05-15 18:26
.
Vor Suchlauf: 9.661.001.728 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.987.057.152 Bytes frei
.
- - End Of File - - E7A204B56B5F8C23C757923435E43258
A863475757CC50891AA8458C415E4B25
         


Alt 16.05.2015, 13:26   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
--> Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260

Alt 16.05.2015, 16:59   #7
shorlo
 
Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Nun habe ich es endlich geschafft. Als mein Laptop durch den ADWCleaner einen Neustart machen wollte, dauerte das Herunterfahren so lange, dass ich irgendwann den PC manuell ausgestellt habe und ihn anschließend wieder hochgefahren habe. ich hoffe das stellt kein Problem dar.

So jetzt folgen die Logfiles:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.05.2015
Suchlauf-Zeit: 14:39:47
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.05.16.02
Rootkit Datenbank: v2015.05.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Shorlogere

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 333930
Verstrichene Zeit: 26 Min, 47 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 32
PUP.Optional.ClientConnect, HKU\S-1-5-21-3128768096-592464525-3037917805-1000_Classes\CLSID\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKLM\SOFTWARE\CLASSES\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKLM\SOFTWARE\CLASSES\CLSID\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKLM\SOFTWARE\CLASSES\Toolbar.CT2625848, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{457EF9F0-0A7C-4302-B47B-C207A8DE8598}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKLM\SOFTWARE\CLASSES\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}\INPROCSERVER32, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKU\S-1-5-21-3128768096-592464525-3037917805-1000_Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}\INPROCSERVER32, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [0f432371b6d4ba7c5eb5d1bd3bc859a7], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [78da5143cdbd7bbbe5d1e96b4ab97789], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [a6ac702445450b2be079f5997a8948b8], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [70e21c7899f12610bb9f7c12d42fb749], 
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}, In Quarantäne, [fb57e0b409810f27e17456ff10f354ac], 
PUP.Optional.InboxToolBar.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}, In Quarantäne, [83cfc9cb404a90a6163d8906b1522dd3], 
PUP.Optional.ClientConnect, HKU\S-1-5-21-3128768096-592464525-3037917805-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}, In Quarantäne, [73dff0a47713bc7af01d1fb36d9428d8], 
PUP.Optional.Babylon.A, HKLM\SOFTWARE\babylontoolbar, In Quarantäne, [71e1f69ec6c4ec4a90d23a01f0152ed2], 
PUP.Optional.DVDVideoSoftTB.A, HKLM\SOFTWARE\DVDVideoSoftTB_DE, In Quarantäne, [5002e8ac5b2f42f477d9fbf9689b4db3], 
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [29294d47494178be2ad62005679d34cc], 
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, In Quarantäne, [5101f1a3dcae280e93009752b3507b85], 
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [e86a068eb0da5cdaecccf940fb0a31cf], 
PUP.Optional.Delta.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\delta LTD, In Quarantäne, [eb67e4b0d0ba2d09f46fdd5e31d418e8], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\DVDVideoSoftTB_DE, In Quarantäne, [30220d877911d6607ad713e1ed16f010], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\Iminent, In Quarantäne, [fc56771d612965d106fb1114b45003fd], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, In Quarantäne, [b59d9301ec9ead89819b3bb20ff4f40c], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\APPDATALOW\SOFTWARE\DVDVideoSoftTB_DE, In Quarantäne, [272b4d477e0cb383a2b0f5fff80b7b85], 
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [2b27078dd9b1a29457556687de250bf5], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\CONDUIT\FF, In Quarantäne, [a3af62327f0b1c1ace72152aae572ed2], 
PUP.Optional.AlexaTB.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\DISTROMATIC\Toolbars, In Quarantäne, [1939bcd85a30ef4758eea69a2dd8a65a], 
PUP.Optional.DVDVideoSoftTB.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DVDVideoSoftTB_DE Toolbar, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 

Registrierungswerte: 13
PUP.Optional.ClientConnect, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, ò?¦apos;짲ä¬?֮췢ó?½¬, In Quarantäne, [e2700a8a127845f1a6679d351be657a9]
PUP.Optional.ClientConnect, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, DVDVideoSoftTB DE Toolbar, In Quarantäne, [e2700a8a127845f1a6679d351be657a9]
PUP.Optional.ClientConnect, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}, In Quarantäne, [3a185044d8b289add061ca89ba49d729], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}, In Quarantäne, [252d6c28b5d5ae887fb22c27fa09bc44], 
PUP.Optional.DVDVideoSoftTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}, In Quarantäne, [55fd97fd68228fa7929ff360d62dc937], 
PUP.Optional.DVDVideoSoftTB.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}, In Quarantäne, [8cc63d57aedcf93d2a0775de7390f709], 
PUP.Optional.Delta.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|URL, hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9479001DE030911F&affID=121564&tsp=4982, In Quarantäne, [67eb692b1a70fe381d4f293edc2935cb]
PUP.Optional.Babylon.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}|FaviconURL, search.babylon.com/favicon.ico, In Quarantäne, [ed65a6ee5b2f47ef82e687e08d7835cb]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7A3B3DB0-D955-4AAC-9732-80AB6E3199BD}|URL, hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3312331&CUI=UN26618805922697228&UM=2, In Quarantäne, [cb87f69ec4c6989ec22c5484da297e82]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7A3B3DB0-D955-4AAC-9732-80AB6E3199BD}|FaviconURL, hxxp://search.conduit.com/favicon.ico, In Quarantäne, [b1a13b597317d3639d517563cd36fe02]
PUP.Optional.Conduit.A, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{7A3B3DB0-D955-4AAC-9732-80AB6E3199BD}|SuggestionsURL_JSON, hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}, In Quarantäne, [c78b3c5897f3181ede102eaa1de638c8]

Registrierungsdaten: 1
PUP.Optional.Conduit, HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com?SearchSource=10&CUI=UN26618805922697228&UM=2&ctid=CT3312331, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com?SearchSource=10&CUI=UN26618805922697228&UM=2&ctid=CT3312331),Ersetzt,[dd75fb995f2bdd59207f908d10f6c53b]

Ordner: 60
PUP.Optional.SpeedAnalysis3.A, C:\Users\Shorlogere\AppData\Roaming\SpeedAnalysis3, In Quarantäne, [9bb79cf8d4b668ce30e07ec5a16434cc], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\02CBB277145D417BA3AE81A9F8F2F47A, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\182C00BB324C4427A98EB88C9BF29E17, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\3562868B32024461AC08E3FB908E2894, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\4543A00D1E6E4A4DB10C704AED09BB20, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\D756966A4A874FF1AC0FE69E56B17C35, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\ED592FB353E44B1098A82BC96AB1CD64, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, In Quarantäne, [84ce01932a60ab8b7906178ce023c53b], 
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3312331, In Quarantäne, [84ce01932a60ab8b7906178ce023c53b], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService, In Quarantäne, [3f13efa55832979f8b687246b44ff60a], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Logs, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\AddedAppDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\DefualtImages, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\DetectedAppDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\EngineFirstTimeDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog\images, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\images, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog\Images, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\Images, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarUntrustedAppsApprovalDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UninstallDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAddedAppDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAppApprovalDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAppPendingDialog, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\EmailNotifier, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\MyStuffApps, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\RadioPlayer, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\AppsMetaData, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\DynamicDialogs, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarHiddenLogin, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarHiddenSettings, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarLogin, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarSettings, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_de, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_de\ToolbarTranslation, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\SearchInNewTab, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\UserDefinedItems, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.MyPCBackup.A, C:\Program Files\MyPC Backup, In Quarantäne, [94be7b19b3d7ce68cb8a894a03007d83], 

Dateien: 251
PUP.Optional.ClientConnect, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\prxtbDVD0.dll, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.ClientConnect, C:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll, In Quarantäne, [e2700a8a127845f1a6679d351be657a9], 
PUP.Optional.Babylon.A, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\02CBB277145D417BA3AE81A9F8F2F47A\DeltaTB.exe, In Quarantäne, [cd85b4e00d7de650a03584b5e31e18e8], 
PUP.Optional.Babylon.A, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\3562868B32024461AC08E3FB908E2894\DeltaTB.exe, In Quarantäne, [b89a365e5d2d1422785df04958a925db], 
PUP.Optional.Koyote.A, C:\Users\Shorlogere\Downloads\FreeVideoConverterSetup-r135-n-bf.exe, In Quarantäne, [f45e43515535ab8bb71df38002ff4ab6], 
PUP.Optional.ClientConnect, C:\Users\Shorlogere\AppData\Local\Conduit\Community Alerts\Alert.dll, In Quarantäne, [73dff0a47713bc7af01d1fb36d9428d8], 
PUP.Optional.ClientConnect, C:\Users\Shorlogere\AppData\Local\Conduit\CT2625848\DVDVideoSoftTB_DEAutoUpdateHelper.exe, In Quarantäne, [67eb4f451e6c0b2bcb426969a75aed13], 
PUP.Optional.SpeedAnalysis2.A, C:\Users\Shorlogere\AppData\Roaming\speedanalysis.ico, In Quarantäne, [371bc2d2602a3ef81ab2bd7de223669a], 
PUP.Optional.SpeedAnalysis3.A, C:\Users\Shorlogere\AppData\Roaming\SpeedAnalysis3\speedanalysis03.crx, In Quarantäne, [9bb79cf8d4b668ce30e07ec5a16434cc], 
PUP.Optional.SpeedAnalysis3.A, C:\Users\Shorlogere\AppData\Roaming\SpeedAnalysis3\install_helper.exe, In Quarantäne, [9bb79cf8d4b668ce30e07ec5a16434cc], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\4543A00D1E6E4A4DB10C704AED09BB20\TuneUpUtilities2013-2200218_de-DE.exe, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\D756966A4A874FF1AC0FE69E56B17C35\PCSU_SL_3.1.2.exe, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\ED592FB353E44B1098A82BC96AB1CD64\5472.ico, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.OpenCandy, C:\Users\Shorlogere\AppData\Roaming\OpenCandy\ED592FB353E44B1098A82BC96AB1CD64\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [4f03187c6a2076c08e77069d7f8420e0], 
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3312331\UninstallerUI.exe, In Quarantäne, [84ce01932a60ab8b7906178ce023c53b], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\1.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\2229.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\371.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\83.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\a.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\b.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\c.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\d.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\e.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\f.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\g.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\h.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\i.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\j.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\k.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\l.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\m.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\n.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\o.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\p.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\q.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\r.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\s.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\t.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\u.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\v.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\w.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\wlu.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\x.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\y.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.PriceGong.A, C:\Users\Shorlogere\AppData\LocalLow\PriceGong\Data\z.txt, In Quarantäne, [57fbb6de7e0c3ff7e33790168e7520e0], 
PUP.Optional.IBUpdater.A, C:\ProgramData\IBUpdaterService\repository.xml, In Quarantäne, [3f13efa55832979f8b687246b44ff60a], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\hk64tbDVD0.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\hk64tbDVD2.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\hk64tbDVD3.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\hktbDVD0.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\hktbDVD2.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\hktbDVD3.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVD0.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVD2.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVD3.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ldrtbDVDV.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVD0.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVD1.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVD2.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVD3.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\tbDVDV.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ThirdPartyComponents.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\toolbar.cfg, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_74_161_CT1616974_Images_633971085913980000_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_74_161_CT1616974_Images_633971087054136250_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_74_161_CT1616974_Images_633971088460386250_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_74_161_CT1616974_Images_633971089234993750_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_74_161_CT1616974_Images_633971089477650000_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_74_161_CT1616974_Images_633971089670306250_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_74_161_CT1616974_Images_633971092504525000_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_74_161_CT1616974_Images_633971094131400000_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___weather_conduit_com_images_weather_Default_partly_cloudy_night_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_images_634897939584104809_24PX_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_eula_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Chess_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Match4_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_SearchEngines_ebay_search_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_Images_633780109207875000_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_Images_633867336948106250_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_Images_634805357596005627_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_images_634805357830383628_24PX_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_Images_634805365593028749_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_Images_634805365841934999_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_images_634806266238479525_24PX_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_48_262_CT2625848_images_634806267538394186_24PX_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Clash_N_Slash_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Connect4_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_FinalFortress_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_FlowerQuest_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Go_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_HiddenExpedition_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_MahjonggArtifacts2_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Marbles_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_bullet_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_flags_france_flag_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_flags_Germany_flag_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_flags_holland_flag_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_flags_italy_flag_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_flags_spain_flag_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_flags_uk_flag_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_flags_usa_flag_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_ArcticQuest_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_AtlantisQuest_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Backgammon_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_BistroStars_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Checkers_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_PyramidRunner_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Reversi_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_RiseofAtlantis_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_SheepMe_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_SnowyBearsAdventures_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_SnowyTreasureHunter_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_Sudoku_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_icons_gamesicons_TicTacToe_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\RoundedCornersIE9.css, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\DialogsAPI.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\excanvas.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\generalDialogStyle.css, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\PIE.htc, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\RoundedCorners.css, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\settings.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\version.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\AddedAppDialog\app-added.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\AddedAppDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\DefualtImages\icon.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\DetectedAppDialog\app-2go.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\DetectedAppDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\EngineFirstTimeDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\EngineFirstTimeDialog\right-click.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog\SearchProtector.css, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog\SearchProtector.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog\images\ok-button.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog\images\separation-line.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\NewSearchProtectorDialog\images\warning.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\bubble.css, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\bubble.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\images\information.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\images\x-default-LTR.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\images\x-default-RTL.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-LTR.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorBubbleDialog\images\x-mouseover-RTL.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog\SearchProtector.css, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog\SearchProtector.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog\Images\info.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog\Images\ok-on.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorDialog\Images\ok.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.css, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\SearchProtectorRetakeover.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.jpg, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\Images\Icon.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\Images\info.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\Images\ok-on.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\SearchProtectorRetakeoverDialog\Images\ok.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.css, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\app-store-icon.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\arrow.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\divider.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\emailNotifier.gif, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\facebook.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\radio.GIF, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\Thumbs.db, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\truste_welcome.GIF, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarFirstTimeDialog\images\weather.GIF, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarUntrustedAppsApprovalDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAddedAppDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAppApprovalDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAppPendingDialog\main.html, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\EmailNotifier\AccountTypes.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\EmailNotifier\aol.com.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\EmailNotifier\comcast.net.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\EmailNotifier\google.com.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\EmailNotifier\hotmail.com.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\EmailNotifier\yahoo.com.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=de&ctid=CT2625848.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=de.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=de&ctid=CT2625848.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=de.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=de&ctid=CT2625848.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=de.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=de&ctid=CT2625848&UM=UM_UNINSTALL_ID.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=de&ctid=CT2625848.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=de.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGong_16.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGong_16.png, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\RadioPlayer\IP_Stations_Media_List.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\RadioPlayer\Predefined_Media_List.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\AppsMetaData\data.bck.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\AppsMetaData\data.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\DynamicDialogs\data.bck.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\DynamicDialogs\data.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarHiddenLogin\data.bck.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarHiddenLogin\data.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarHiddenSettings\data.bck.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarHiddenSettings\data.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarLogin\data.bck.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarLogin\data.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarSettings\data.bck.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_CT2625848\ToolbarSettings\data.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_de\ToolbarTranslation\data.bck.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\Repository\conduit_CT2625848_de\ToolbarTranslation\data.txt, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Users\Shorlogere\AppData\LocalLow\DVDVideoSoftTB_DE\SearchInNewTab\SearchInNewTabContent.xml, In Quarantäne, [3d15286c06845adc2dbaefd14db62ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\DVDVideoSoftTB_DEToolbarHelper.exe, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\GottenAppsContextMenu.xml, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\ldrtbDVDV.dll, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\OtherAppsContextMenu.xml, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\SharedAppsContextMenu.xml, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\tbDVDV.dll, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\toolbar.cfg, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\ToolbarContextMenu.xml, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.DVDVideoSoftTB.A, C:\Program Files\DVDVideoSoftTB_DE\uninstall.exe, In Quarantäne, [6de51183a1e9ef479553328ee71c2ad6], 
PUP.Optional.MyPCBackup.A, C:\Program Files\MyPC Backup\DEL_UnRegisterExtensions.exe, In Quarantäne, [94be7b19b3d7ce68cb8a894a03007d83], 

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
         
Code:
ATTFilter
# AdwCleaner v4.204 - Bericht erstellt 16/05/2015 um 16:24:42
# Aktualisiert 12/05/2015 von Xplode
# Datenbank : 2015-05-12.2 [Server]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Shorlogere - SHORLOGERE-PC
# Gestarted von : C:\Users\Shorlogere\Desktop\AdwCleaner_4.204.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Convesoft
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\Moozy
Ordner Gelöscht : C:\Program Files\Optimizer Pro
Ordner Gelöscht : C:\Users\Shorlogere\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Shorlogere\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Shorlogere\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Shorlogere\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Shorlogere\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Shorlogere\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Shorlogere\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Shorlogere\AppData\Roaming\Toolplugin
Ordner Gelöscht : C:\Users\Shorlogere\AppData\Roaming\RHEng
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\522d9d0e13deb13
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3312331
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{87BEF026-9269-413C-A5B3-11F35451380E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\DriverTuner_Init
Schlüssel Gelöscht : HKLM\SOFTWARE\DriverTuner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Companion
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v9.0.8112.16644


-\\ Mozilla Firefox v38.0 (x86 de)

[oj6v75dv.default-1431546951963\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "chrome://unitedtb/content/newtab/newtab-page.xhtml");

*************************

AdwCleaner[R0].txt - [11800 Bytes] - [16/05/2015 16:11:48]
AdwCleaner[R1].txt - [11860 Bytes] - [16/05/2015 16:23:28]
AdwCleaner[S0].txt - [11532 Bytes] - [16/05/2015 16:24:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11592  Bytes] ##########
         

Alt 16.05.2015, 17:04   #8
shorlo
 
Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.2 (05.15.2015:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Shorlogere on 16.05.2015 at 17:07:13,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7A3B3DB0-D955-4AAC-9732-80AB6E3199BD}



~~~ Files

Successfully deleted: [File] C:\Windows\wininit.ini



~~~ Folders

Successfully deleted: [Folder] C:\Windows\System32\ai_recyclebin



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.05.2015 at 17:10:05,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Shorlogere (administrator) on SHORLOGERE-PC on 16-05-2015 17:46:04
Running from C:\Users\Shorlogere\Desktop
Loaded Profiles: Shorlogere (Available profiles: Shorlogere)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Realtek Semiconductor Corp.) C:\Users\Shorlogere\AppData\Local\temp\RtkBtMnt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\InCD.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [107112 2006-11-21] (Symantec Corporation)
HKLM\...\Run: [osCheck] => C:\Program Files\Norton Internet Security\osCheck.exe [22696 2006-11-21] (Symantec Corporation)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-08-31] (CyberLink)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2007-10-17] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] => C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [SecurDisc] => D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe [1629480 2008-05-06] (Nero AG)
HKLM\...\Run: [InCD] => D:\Programme\Nero 7\Nero 7\InCD\InCD.exe [1057064 2008-05-06] (Nero AG)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [DivXMediaServer] => D:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [Amazon Music] => C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\acer.scr [83554304 2007-04-19] ()
HKU\S-1-5-18\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2007-12-26]
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {3F61328A-CE9B-40CA-A639-5B3771784314} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-11-21] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programme\java\bin\ssv.dll [2012-03-11] (Sun Microsystems, Inc.)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll [2007-04-25] (HiTRUST)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programme\java\bin\jp2ssv.dll [2012-03-11] (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll [2007-04-25] (HiTRUST)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-11-21] (Symantec Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shorlogere\AppData\Roaming\Mozilla\Firefox\Profiles\oj6v75dv.default-1431546951963
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Programme\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Programme\DivX\DivX Web Player\npdivx32.dll [2013-08-28] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> D:\Programme\java\bin\plugin2\npjp2.dll [2012-03-11] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3128768096-592464525-3037917805-1000: amazon.com/AmazonMP3DownloaderPlugin -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-03-11] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-09-08] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-13]
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-24]
FF HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-11-21] (Symantec Corporation)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-08-28] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-10] () [File not signed]
R2 InCDsrv; D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe [1553192 2008-05-06] (Nero AG)
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-11-21] (Symantec Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
S3 NBService; D:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed]
S3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2011-05-21] ()
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-11-21] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-10-30] (acer) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [269792 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] (AVG Technologies CZ, s.r.o.)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [105592 2011-07-28] (Symantec Corporation)
R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20110818.001\IDSvix86.sys [287792 2011-04-27] (Symantec Corporation)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2008-05-06] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36648 2008-05-06] (Nero AG)
U1 InCDrec; C:\Windows\System32\drivers\InCDRec.sys [16936 2008-05-06] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38312 2008-05-06] (Nero AG)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20110818.003\NAVENG.SYS [86136 2011-08-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20110818.003\NAVEX15.SYS [1576312 2011-08-04] (Symantec Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-12-26] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-01-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-01-03] (RapidSolution Software AG)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-11-21] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-21] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-21] (Symantec Corporation)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12720 2009-08-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2011-05-21] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2009-08-03] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2009-08-03] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [38448 2009-08-03] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-08-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-08-03] (Symantec Corporation)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-01-03] (RapidSolution Software AG)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2007-12-05] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; No ImagePath
S3 catchme; \??\C:\Users\SHORLO~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 17:45 - 2015-05-16 17:45 - 01146368 _____ (Farbar) C:\Users\Shorlogere\Desktop\FRST.exe
2015-05-16 17:07 - 2015-05-16 17:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SHORLOGERE-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-16 17:07 - 2015-05-16 17:07 - 00000000 ____D () C:\RegBackup
2015-05-16 17:05 - 2015-05-16 17:05 - 02719698 _____ (Thisisu) C:\Users\Shorlogere\Desktop\JRT.exe
2015-05-16 16:11 - 2015-05-16 16:25 - 00000000 ____D () C:\AdwCleaner
2015-05-16 16:10 - 2015-05-16 16:10 - 02209792 _____ () C:\Users\Shorlogere\Desktop\AdwCleaner_4.204.exe
2015-05-16 14:35 - 2015-05-16 14:35 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-16 14:35 - 2015-05-16 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-16 14:35 - 2015-05-16 14:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-16 14:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-16 14:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-16 14:30 - 2015-05-16 14:30 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Shorlogere\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-15 20:26 - 2015-05-15 20:26 - 00016638 _____ () C:\ComboFix.txt
2015-05-15 20:06 - 2015-05-15 20:27 - 00000000 ____D () C:\Qoobox
2015-05-15 20:06 - 2015-05-15 20:27 - 00000000 ____D () C:\ComboFix
2015-05-15 20:06 - 2015-05-15 20:25 - 00000000 ____D () C:\Windows\erdnt
2015-05-15 20:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-15 20:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-15 20:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-15 19:58 - 2015-05-15 19:58 - 05623645 ____R (Swearware) C:\Users\Shorlogere\Desktop\ComboFix.exe
2015-05-14 22:18 - 2015-05-14 22:18 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Shorlogere\Desktop\tdsskiller.exe
2015-05-14 21:29 - 2015-05-16 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 21:28 - 2015-05-16 17:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 21:28 - 2015-05-14 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 21:25 - 2015-05-14 22:16 - 00000000 ____D () C:\Users\Shorlogere\Desktop\mbar
2015-05-14 21:25 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-14 21:23 - 2015-05-14 21:24 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Shorlogere\Desktop\mbar-1.09.1.1004.exe
2015-05-14 18:39 - 2015-05-14 18:39 - 00380416 _____ () C:\Users\Shorlogere\Desktop\Gmer-19357.exe
2015-05-14 18:21 - 2015-05-16 17:46 - 00000000 ____D () C:\FRST
2015-05-14 18:16 - 2015-05-14 18:16 - 00000482 _____ () C:\Users\Shorlogere\Desktop\defogger_disable.log
2015-05-14 18:16 - 2015-05-14 18:16 - 00000000 _____ () C:\Users\Shorlogere\defogger_reenable
2015-05-14 18:14 - 2015-05-14 18:14 - 00050477 _____ () C:\Users\Shorlogere\Desktop\Defogger.exe
2015-05-14 15:08 - 2015-05-14 15:08 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\AVG2015
2015-05-14 15:06 - 2015-05-14 15:06 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-14 15:06 - 2015-05-14 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-14 15:02 - 2015-05-14 15:07 - 00000000 ____D () C:\ProgramData\AVG2015
2015-05-14 15:02 - 2015-05-14 15:02 - 00000000 ____D () C:\$AVG
2015-05-14 14:58 - 2015-05-14 14:58 - 00000000 ____D () C:\Program Files\AVG
2015-05-14 14:55 - 2015-05-16 11:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-14 14:55 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Avg2015
2015-05-14 14:55 - 2015-05-14 14:55 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\MFAData
2015-05-13 21:59 - 2015-05-13 21:59 - 00143352 _____ () C:\Windows\Minidump\Mini051315-04.dmp
2015-05-13 20:54 - 2015-05-13 20:54 - 00143352 _____ () C:\Windows\Minidump\Mini051315-03.dmp
2015-05-13 20:42 - 2015-05-13 20:42 - 00143352 _____ () C:\Windows\Minidump\Mini051315-02.dmp
2015-05-13 20:35 - 2015-05-13 20:35 - 00143352 _____ () C:\Windows\Minidump\Mini051315-01.dmp
2015-05-13 13:17 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-13 13:15 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-13 13:15 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-13 13:15 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-13 13:15 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:15 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:15 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:14 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:03 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:55 - 2015-05-13 12:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 21:17 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:17 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:17 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:17 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:17 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:17 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:17 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:17 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:17 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-12 21:17 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-04-16 10:55 - 2015-04-16 10:56 - 34359344 _____ (DVDVideoSoft Ltd. ) C:\Users\Shorlogere\Downloads\FreeYouTubeDownload(2).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-16 17:42 - 2011-05-21 16:14 - 01837650 _____ () C:\Windows\WindowsUpdate.log
2015-05-16 17:40 - 2011-07-21 09:01 - 00157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.001
2015-05-16 17:38 - 2012-04-01 17:52 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-16 17:38 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-16 17:38 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-16 17:37 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-16 17:22 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-16 16:56 - 2011-05-21 16:09 - 00387512 _____ () C:\Windows\PFRO.log
2015-05-16 15:54 - 2011-06-27 18:57 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\Skype
2015-05-16 15:54 - 2011-06-27 18:56 - 00000000 ___RD () C:\Program Files\Skype
2015-05-16 15:54 - 2011-06-27 18:56 - 00000000 ____D () C:\ProgramData\Skype
2015-05-16 15:48 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-05-16 15:33 - 2012-10-07 16:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-16 15:31 - 2012-04-01 17:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-16 11:05 - 2006-11-02 12:33 - 00006626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-15 20:27 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-05-15 20:27 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-05-15 20:24 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-05-15 20:22 - 2011-05-21 15:27 - 00000000 ____D () C:\Users\Shorlogere
2015-05-15 20:09 - 2013-05-14 12:20 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\CrashDumps
2015-05-15 20:03 - 2011-05-21 17:53 - 00000534 _____ () C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere.job
2015-05-15 12:34 - 2014-05-18 20:44 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 20:25 - 2011-05-21 22:36 - 00002631 _____ () C:\Users\Shorlogere\Desktop\Microsoft Office Word 2007.lnk
2015-05-14 15:06 - 2013-06-06 10:40 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\TuneUp Software
2015-05-13 21:59 - 2011-11-03 17:40 - 417634770 _____ () C:\Windows\MEMORY.DMP
2015-05-13 21:59 - 2011-11-03 17:40 - 00000000 ____D () C:\Windows\Minidump
2015-05-13 21:38 - 2015-01-11 21:16 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-13 21:38 - 2014-12-08 12:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-13 21:38 - 2014-05-22 09:13 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Mama-Stick
2015-05-13 21:38 - 2013-05-02 10:45 - 00000000 ____D () C:\ProgramData\Protexis
2015-05-13 21:38 - 2012-09-30 11:05 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2015-05-13 21:38 - 2012-05-05 11:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-13 21:38 - 2012-01-05 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 21:38 - 2012-01-05 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 21:38 - 2011-05-21 22:24 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-05-13 21:38 - 2011-05-21 22:21 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Microsoft Help
2015-05-13 21:38 - 2011-05-21 15:29 - 00000000 ___HD () C:\Users\Shorlogere\AppData\Local\acer eNM
2015-05-13 21:38 - 2011-05-21 15:27 - 00000000 ___RD () C:\Users\Shorlogere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2011-05-21 15:27 - 00000000 ___RD () C:\Users\Shorlogere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2007-12-26 08:16 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-13 21:38 - 2007-12-26 08:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\restore
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 __RSD () C:\Windows\Media
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-05-13 18:24 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-13 18:13 - 2006-11-02 14:47 - 00308168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 13:13 - 2013-07-19 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 13:06 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-08 21:12 - 2011-05-21 18:02 - 00000016 _____ () C:\Windows\system32\coh.cache
2015-05-06 15:29 - 2013-06-18 12:58 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\vlc
2015-04-28 12:39 - 2014-03-19 15:39 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Umwandlung
2015-04-27 19:09 - 2011-05-21 18:20 - 00000049 __RSH () C:\Users\Public\Documents\HBEPGUID.TXT
2015-04-23 12:50 - 2011-05-21 22:43 - 00245760 _____ () C:\Users\Shorlogere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-16 11:00 - 2014-11-17 13:31 - 00001038 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-04-16 11:00 - 2014-11-17 13:29 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-04-16 11:00 - 2011-08-29 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-16 10:58 - 2014-11-17 13:30 - 00000000 ____D () C:\Program Files\Free Codec Pack
2015-04-16 10:57 - 2011-08-29 20:39 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\DVDVideoSoft

==================== Files in the root of some directories =======

2011-07-21 09:01 - 2015-05-16 17:40 - 0157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.001
2011-07-21 08:53 - 2014-08-03 16:40 - 0157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.dat
2012-01-05 13:46 - 2014-05-17 09:32 - 0000680 _____ () C:\Users\Shorlogere\AppData\Local\d3d9caps.dat
2011-05-21 22:43 - 2015-04-23 12:50 - 0245760 _____ () C:\Users\Shorlogere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-05 14:28 - 2012-01-05 14:29 - 0029347 _____ () C:\Users\Shorlogere\AppData\Local\HWVendorDetection.log

Some content of TEMP:
====================
C:\Users\Shorlogere\AppData\Local\temp\Quarantine.exe
C:\Users\Shorlogere\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Shorlogere\AppData\Local\temp\sqlite3.dll
C:\Users\Shorlogere\AppData\Local\temp\symlcsv1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-16 17:45

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-05-2015 02
Ran by Shorlogere at 2015-05-16 17:47:00
Running from C:\Users\Shorlogere\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3128768096-592464525-3037917805-500 - Administrator - Disabled)
Gast (S-1-5-21-3128768096-592464525-3037917805-501 - Limited - Disabled)
Shorlogere (S-1-5-21-3128768096-592464525-3037917805-1000 - Administrator - Enabled) => C:\Users\Shorlogere

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Videosoft Media Toolkit Ultimate (HKLM\...\4Videosoft Media Toolkit Ultimate_is1) (Version:  - )
Acer Arcade Deluxe (HKLM\...\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}) (Version: 1.13.4811 - CyberLink Corporation)
Acer Crystal Eye webcam (HKLM\...\{AA047D7C-5E7C-4878-B75C-77589151B563}) (Version: 1.0.14 - SUYIN)
Acer Crystal Eye Webcam Video Class Camera  (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.30.500-1.0 - Suyin)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 2.5.4207 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{AEEAE013-92F1-4515-B278-139F1A692A36}) (Version: 2.5.4241 - HiTRUST Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4011 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4011 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4009 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4024 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4002 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4016 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.68.622 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.3003 - Acer Inc.)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.12.20071026 - Acer Inc.)
Acer Tour (HKLM\...\{94389919-B0AA-4882-9BE8-9F0B004ECA35}) (Version: 2.0.1005 - Acer Inc.)
Acoustica Effects Pack (HKLM\...\Acoustica Effects Pack) (Version: 3.0 - Acoustica, Inc)
Acoustica Mixcraft 5 (HKLM\...\Acoustica Mixcraft 5) (Version:  - Acoustica)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Amazon MP3-Downloader 1.0.17 (HKLM\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Amazon Amazon Music) (Version: 3.4.0.628 - Amazon Services LLC)
AppCore (Version: 1 - Symantec Corporation) Hidden
Apple Application Support (HKLM\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM\...\{8ABEEC21-B23C-4610-B57A-BE94345D4096}) (Version: 9.0.57913.1300 - RapidSolution Software AG)
AV (Version: 1 - Symantec Corporation) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies)
AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden
Bonjour (HKLM\...\{D03482C5-9AD8-496D-B388-692AE04C93AF}) (Version: 3.0.0.2 - Apple Inc.)
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP640 series Benutzerregistrierung (HKLM\...\Canon MP640 series Benutzerregistrierung) (Version:  - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
ccCommon (Version: 106.1.1.4 - Symantec) Hidden
CDex extraction audio (HKLM\...\CDex) (Version:  - )
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Corel PaintShop Pro X5 (HKLM\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.2.0.12 - Corel Corporation)
Corel PaintShop Pro X5 (Version: 15.2.0.12 - Corel Corporation) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 16.0.20150211 - Landesfinanzdirektion Thüringen)
Free Studio version 6.4.3.128 (HKLM\...\Free Studio_is1) (Version: 6.4.3.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.43.806 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.43.806 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.152 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version:  - )
ICA (Version: 15.2.0.12 - Corel Corporation) Hidden
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
IPM_PSP_COM (Version: 15.2.0.12 - Corel Corporation) Hidden
iTunes (HKLM\...\{69995C7A-062A-4A90-A4DF-8C22895DF522}) (Version: 10.4.1.10 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LiveUpdate Notice (Symantec Corporation) (HKLM\...\{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}) (Version: 1.4.5 - Symantec Corporation)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0 (x86 de) (HKLM\...\Mozilla Firefox 38.0 (x86 de)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSRedist (Version: 1.0.0.0 - Symantec Corporation) Hidden
MyDriveConnect 3.3.0.1812 (HKLM\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Nero 7 Premium (HKLM\...\{C6115A28-F277-4E82-B067-84D28BF21031}) (Version: 7.03.1357 - Nero AG)
Norton AntiVirus (Version: 14.1.0.27 - Symantec Corporation) Hidden
Norton Confidential Browser Component (Version: 1.1.0.6 - Symantec Corporation) Hidden
Norton Confidential Web Protection Component (Version: 1.1.0.6 - Symantec Corporation) Hidden
Norton Internet Security (Symantec Corporation) (HKLM\...\SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}) (Version: 10.1.0.26 - Symantec Corporation)
Norton Internet Security (Version: 10.1.0 - Symantec Corp.) Hidden
Norton Internet Security (Version: 10.1.0.26 - Symantec Corporation) Hidden
Norton Protection Center (Version: 2007.1.2.11 - Symantec Corporation) Hidden
NTI Backup NOW! 4.7 (HKLM\...\{67ADE9AF-5CD9-4089-8825-55DE4B366799}) (Version: 4 - NewTech Infosystems)
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Orion (HKLM\...\{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}) (Version: 1.0.214 - Convesoft)
PowerProducer 3.72 (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 074324(3.7)_Vista_Acer - CyberLink Corporation)
PSPPContent (Version: 15.2.0.12 - Corel Corporation) Hidden
PSPPHelp (Version: 15.2.0.12 - Corel Corporation) Hidden
QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5443 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.51.01 - )
schrankplaner (HKLM\...\schrankplaner3.600) (Version: 3.600 - Schrankplaner GmbH)
Setup (Version: 15.2.0.12 - Ihr Firmenname) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.4 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SPBBC 32bit (Version: 3.1.1.4 - Symantec Corporation) Hidden
Symantec Real Time Storage Protection Component (Version: 10.1.1.5 - Symantec Corporation) Hidden
SymNet (Version: 7.2.5.8 - Symantec Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.15.0 - Synaptics)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WEB.DE MailCheck für Mozilla Firefox (HKLM\...\1&1 Mail & Media GmbH Toolbar FF) (Version: 3.0.1.1739 - 1&1 Mail & Media GmbH)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3128768096-592464525-3037917805-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)

==================== Restore Points  =========================

14-05-2015 14:58:20 Installed AVG 2015
14-05-2015 14:59:44 Installed AVG 2015
15-05-2015 13:25:23 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2015-05-15 20:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4AF949F5-6323-40F6-86FE-8C43F409599A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {503EE400-8E34-4376-9EDC-C074D314B857} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {8248FC8B-2BCA-405C-A1BA-8050465381E3} - System32\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere => C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2006-11-21] (Symantec Corporation)
Task: {C15F4F04-6430-4D59-A3D7-AA08E8C239E8} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18] (Sun Microsystems, Inc.)
Task: {DCF179C3-5770-465D-BB5A-89AE913B5B72} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)
Task: {EA878563-08D5-42E0-9B44-9392FFE42759} - System32\Tasks\{E1412B5E-4FC1-4B33-8BC8-B0CD68799628} => C:\Program Files\Skype\\Phone\Skype.exe [2015-04-17] (Skype Technologies S.A.)
Task: {F231B09C-A3B7-4DE8-8846-8B89F31E72E7} - System32\Tasks\{5FF01C47-6D8D-497E-B2A3-0CABFC08B0B4} => C:\Program Files\Skype\\Phone\Skype.exe [2015-04-17] (Skype Technologies S.A.)
Task: {FB578DB4-DD3D-424B-AF4F-5FFA4527E47B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-01] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere.job => C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK C:\ProgramData\Symantec\Norton AntiVirus\Tasks\mycomp.sca

==================== Loaded Modules (Whitelisted) ==============

2007-04-25 17:30 - 2007-04-25 17:30 - 00063488 _____ () C:\Windows\system32\ShowErrMsg.dll
2007-04-25 17:31 - 2007-04-25 17:31 - 00028672 _____ () C:\Windows\system32\BatchCrypto.dll
2006-11-21 06:35 - 2006-11-21 06:35 - 00009384 _____ () C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVShExt.loc
2007-12-26 07:56 - 2006-11-24 13:57 - 00107008 _____ () C:\Acer\Mobility Center\MobilityService.exe
2007-12-26 07:56 - 2006-10-24 11:54 - 00033280 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2007-12-26 07:54 - 2007-01-23 15:48 - 00266343 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2011-05-21 15:34 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2011-05-21 15:34 - 2007-02-13 06:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2007-12-26 07:41 - 2007-12-10 11:23 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2007-12-26 07:41 - 2007-12-10 11:22 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Library.dll
2007-12-26 07:41 - 2007-12-10 11:23 - 00006656 _____ () C:\Acer\Empowering Technology\eSettings\Service\CPUID.dll
2007-12-26 13:29 - 2003-06-07 07:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-09-17 11:54 - 2014-09-06 02:54 - 06281536 _____ () C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-03 14:04 - 2014-10-03 14:04 - 00026488 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2014-10-03 14:04 - 2014-10-03 14:04 - 00087416 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 14:04 - 2014-10-03 14:04 - 00398712 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
2007-12-26 07:45 - 2007-07-24 11:39 - 00208896 _____ () C:\Acer\Empowering Technology\EPOWER\SysHook.dll
2007-12-26 07:39 - 2007-08-29 11:35 - 00057344 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
2007-12-26 07:39 - 2007-09-07 18:23 - 00024576 _____ () C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
2011-05-21 15:28 - 2007-08-31 17:37 - 00106496 ____N () C:\Acer\Empowering Technology\eAudio\eAudioUI.dll
2011-05-21 15:28 - 2007-03-22 11:51 - 00003584 ____N () C:\Acer\Empowering Technology\eAudio\de\eAudioUI.resources.dll
2007-12-26 07:46 - 2007-04-11 17:42 - 00307200 _____ () C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll
2007-12-26 07:46 - 2007-04-11 16:07 - 00077824 _____ () C:\Acer\Empowering Technology\ePresentation\de\ePresentationCTL.resources.dll
2007-12-26 07:48 - 2007-10-01 18:01 - 00679936 _____ () C:\Acer\Empowering Technology\eLock\eLockCTL.dll
2007-12-26 07:48 - 2007-10-01 18:01 - 00106496 _____ () C:\Acer\Empowering Technology\eLock\de\eLockCTL.resources.dll
2007-12-26 07:41 - 2007-12-10 11:23 - 00028672 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 03420160 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00155648 _____ () C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
2007-12-26 07:47 - 2007-08-28 15:21 - 00249856 _____ () C:\Acer\Empowering Technology\eNet\eNetPlugin.dll
2007-12-26 07:41 - 2007-12-10 11:23 - 00003584 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Plugin.resources.dll
2007-12-26 07:41 - 2007-12-10 11:22 - 00010752 _____ () C:\Acer\Empowering Technology\eSettings\de\eSettings.Presenter.resources.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Control Panel\Desktop\\Wallpaper -> D:\Eigene Dateien\Bilder\Kunst\Zeichnung\weißer Hintergrund-40-Prozent.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [{D5502EE8-28FF-44C6-8C25-B32C755E8A23}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{1109A187-1A2D-40E6-9544-FACFCEDB241E}] => (Allow) C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe
FirewallRules: [{3FF3ED83-3584-470C-A079-BF1918320F97}] => (Allow) C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{39508C32-D4AA-48CA-8EC3-0399BB5612A6}] => (Allow) C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe
FirewallRules: [{B3C7FE4B-D00B-4363-AD53-26106AF18422}] => (Allow) C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe
FirewallRules: [{DB914D97-A9BB-404C-BE6F-9DCEC6D80B20}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe
FirewallRules: [{91C9CE29-E1C6-4853-8242-8A51091186AD}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
FirewallRules: [{1C8BE10A-956D-4D85-B214-AEC14868C449}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{839CE49B-5F82-4200-A720-799D28DBFB9A}] => (Allow) LPort=80
FirewallRules: [{029637F0-34D4-4D38-AD9A-8EE86436AFFA}] => (Allow) LPort=80
FirewallRules: [{ADBA2C91-377D-40CB-A05E-91EE025D7A9B}] => (Allow) LPort=80
FirewallRules: [{4C520401-8141-4BCF-8DB2-0D350B4DD791}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FFB284BB-D529-4020-9762-3A658B182DA0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DD3A48B9-F59E-4F31-A1D3-F91F17E106D8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{449FE487-33E5-4ABF-9DF2-D7E8C2CC84BA}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_656
FirewallRules: [{71E8CD53-C672-426D-B920-A8B1329C8FE0}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_600
FirewallRules: [{2BEC8E50-0712-488A-AB87-7F204FD0D359}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_625
FirewallRules: [{E8B0636D-AD65-4B39-A4D3-A7223EB11FD8}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_634
FirewallRules: [{1F7F0461-9FD1-4DBF-93A7-F466C1B66CB2}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_613
FirewallRules: [{528AA44C-FFE7-4461-82C7-845553C56A4C}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_358.decrpt
FirewallRules: [{B625AD4E-B02D-427C-80E2-02EB27290730}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_514
FirewallRules: [{D5DE54C7-61B2-4942-B305-EB355998DBFE}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_518
FirewallRules: [{F77AB3D8-F88A-42C2-9A2F-64F19128FEF7}] => (Allow) C:\Users\SHORLO~1\AppData\Local\Temp\ibtmpd366498\component_519
FirewallRules: [{D2B99ECC-0944-4E06-98A3-FDFA238ECCF1}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{B049E3AC-F698-4A40-822E-F6B67165596A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{44C10925-A183-48DF-A8BB-B76AA22CB8D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0A209E63-5F4D-424C-83AC-9507E40265C6}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{07A6615C-9274-4A6E-B1E0-84BAB6F64BE3}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{FD984B85-8E9D-40A2-B624-78A00624F750}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{01B376CC-AB8C-47E3-88D4-53C1EA394381}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
FirewallRules: [{AAF9CA03-7869-48ED-985F-1858042A2704}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{1259261E-6972-4592-8D2E-453D8D8DF94D}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C3D820B2-E4D2-4D97-A34D-ADA5A5F9C64F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{EE0B0617-DC08-4C82-A1B4-96BC1AE8F29F}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{84A13B13-FF09-4FD4-9563-EDF392030790}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{C164BA87-F55B-4AAB-8A9E-86EF651EC5DB}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
FirewallRules: [{9CB5BC66-8F43-43D4-AC6B-0448C9ED9FA0}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft-ISATAP-Adapter
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft-ISATAP-Adapter #4
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Broadcom NetLink (TM) Gigabit Ethernet
Description: Broadcom NetLink (TM) Gigabit Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60x
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/16/2015 05:46:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED@2X.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED@2X.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\BACK_20X20-INVERTED.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\ARROW_UP_20X20@2X.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\ARROW_UP_20X20@2X.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\ARROW_UP_20X20.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/16/2015 05:46:22 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SHORLOGERE\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK\ARROW_UP_20X20.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (05/16/2015 05:37:09 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT)
Description: 1

Error: (05/16/2015 05:37:09 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 2) (User: NT-AUTORITÄT)
Description: 0

Error: (05/16/2015 05:10:42 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SHORLOGERE-PC" auf Transport "NetBT_Tcpip_{7BF5F6EF-0565-4BF6-8". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (05/16/2015 05:10:34 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "SHORLOGERE-PC" auf Transport "NetBT_Tcpip_{7BF5F6EF-0565-4BF6-8". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (05/16/2015 05:07:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Modules Installer11200001Neustart des Diensts

Error: (05/16/2015 05:07:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player-Netzwerkfreigabedienst1300001Neustart des Diensts

Error: (05/16/2015 05:07:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: NMIndexingService1

Error: (05/16/2015 05:07:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: ePower Service1600001Neustart des Diensts

Error: (05/16/2015 05:07:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: eSettings Service1600001Neustart des Diensts

Error: (05/16/2015 05:07:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: eRecovery Service1


Microsoft Office Sessions:
=========================
Error: (03/28/2013 01:53:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1334 seconds with 1200 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2015-05-16 17:46:52.820
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 17:46:52.612
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 17:46:52.371
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 17:46:52.158
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 17:46:16.868
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 17:46:16.639
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 17:46:16.423
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 17:46:16.213
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 17:39:33.109
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-05-16 16:58:52.962
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 3069.32 MB
Available physical RAM: 1476.71 MB
Total Pagefile: 6345.79 MB
Available Pagefile: 4199.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1904.22 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:69.27 GB) (Free:9.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:149.05 GB) (Free:19.61 GB) NTFS
Drive e: () (Fixed) (Total:69.04 GB) (Free:8.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 664A344C)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27)
Partition 2: (Active) - (Size=69.3 GB) - (Type=06)
Partition 3: (Not Active) - (Size=69 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: C867E6F0)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 17.05.2015, 11:39   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 17.05.2015, 15:57   #10
shorlo
 
Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Eset Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=001db0518d7b4b4f869ddbda33433e0c
# engine=23888
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-17 02:35:37
# local_time=2015-05-17 04:35:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 100 60380 119007321 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 322890 269406065 0 0
# scanned=278825
# found=25
# cleaned=0
# scan_time=8206
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=0A5D594B277E29C9854223A8AC46DD156C7B0E0E ft=1 fh=55550162f6ca8b1a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubeDownload(1).exe"
sh=0985C1A44E8A2EB465575824D68F19599BE5B8C9 ft=1 fh=23d84c1204b4423f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubeDownload.exe"
sh=D1D7AFE3B64904045CF03EFBC95A5D178210BE36 ft=1 fh=401da219930d60bc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\FreeYouTubeToMP3Converter.exe"
sh=92909463BC3C204C39CCFC4FFA25140A0BBF4B0E ft=1 fh=cf2705cc7522ba7f vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\iLividSetupV1.exe"
sh=B49E40E8768743FEA1E781031F80E401202D1E2B ft=1 fh=7080864587886faa vn="Win32/DomaIQ.D evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\photoscape.exe"
sh=198A02625FE33367D220CF0AA982D0231CFD660C ft=1 fh=cbadbb916d31697b vn="Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\rcpsetupdsnr_ds1224308.exe"
sh=50B5536A340F53B628972AE87DF449F9B5C6DE3C ft=1 fh=0cbbd1970ab0126c vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\registrybooster(1).exe"
sh=25C0DB4029BCE313A26654581C394D1D07635172 ft=1 fh=ffcdb6d62719ea72 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\registrybooster.exe"
sh=DEC310B55E65E24AE39BB38CDFE6E73B0C448320 ft=1 fh=43c861bdac8b9e6b vn="Win32/Toolbar.Inbox.C evtl. unerwünschte Anwendung" ac=I fn="D:\Downloads\TVSetup.exe"
sh=1120C377D3A2546145B5AE4B17986220CF07F32E ft=1 fh=7fe94070b4dfae2c vn="Win32/StartPage.OIE Trojaner" ac=I fn="D:\Downloads\vlc-1.1.10-win32.exe"
sh=6F30140EF0909DBDCA5E45C8C2E705E20589DEAB ft=1 fh=1bf3f565be840d1f vn="Variante von Win32/InstallBrain.AV evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\CodecPerformerSetup.exe"
sh=0A5D594B277E29C9854223A8AC46DD156C7B0E0E ft=1 fh=55550162f6ca8b1a vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\FreeYouTubeDownload(1).exe"
sh=0985C1A44E8A2EB465575824D68F19599BE5B8C9 ft=1 fh=23d84c1204b4423f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\FreeYouTubeDownload.exe"
sh=D1D7AFE3B64904045CF03EFBC95A5D178210BE36 ft=1 fh=401da219930d60bc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\FreeYouTubeToMP3Converter.exe"
sh=92909463BC3C204C39CCFC4FFA25140A0BBF4B0E ft=1 fh=cf2705cc7522ba7f vn="Variante von Win32/Toolbar.SearchSuite.Z evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\iLividSetupV1.exe"
sh=7E4F49480A156500B2F6DB24731C905967E88343 ft=1 fh=b7e95672063cf397 vn="Win32/Adware.ToolPlugin Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\install_flash_player.exe"
sh=B49E40E8768743FEA1E781031F80E401202D1E2B ft=1 fh=7080864587886faa vn="Win32/DomaIQ.D evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\photoscape.exe"
sh=198A02625FE33367D220CF0AA982D0231CFD660C ft=1 fh=cbadbb916d31697b vn="Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\rcpsetupdsnr_ds1224308.exe"
sh=50B5536A340F53B628972AE87DF449F9B5C6DE3C ft=1 fh=0cbbd1970ab0126c vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\registrybooster(1).exe"
sh=25C0DB4029BCE313A26654581C394D1D07635172 ft=1 fh=ffcdb6d62719ea72 vn="Win32/RegistryBooster evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\registrybooster.exe"
sh=7542469368418CAF7DF700BF4BD5EF31FDB997E6 ft=1 fh=8f89988d0fe4981c vn="Win32/InstallCore.BL evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\setup.exe"
sh=DEC310B55E65E24AE39BB38CDFE6E73B0C448320 ft=1 fh=43c861bdac8b9e6b vn="Win32/Toolbar.Inbox.C evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-02-2015\Downloads\TVSetup.exe"
sh=1120C377D3A2546145B5AE4B17986220CF07F32E ft=1 fh=7fe94070b4dfae2c vn="Win32/StartPage.OIE Trojaner" ac=I fn="I:\Archiv-D-02-2015\Downloads\vlc-1.1.10-win32.exe"
sh=ADF74C3CA76C8DEEEDB8EC3EC78F7DBD46A673E2 ft=1 fh=dac5f1ca9f774df6 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="I:\Archiv-D-03.2011\Shorlogere\SoftonicDownloader45973.exe"
         
Security Check

Code:
ATTFilter
 Results of screen317's Security Check version 1.001  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2015   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 31  
 Java version 32-bit out of Date! 
 Adobe Flash Player 	17.0.0.169  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (38.0) 
 Google Chrome (42.0.2311.135) 
 Google Chrome (42.0.2311.152) 
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Empowering Technology eSettings Service capuserv.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-05-2015 02
Ran by Shorlogere (administrator) on SHORLOGERE-PC on 17-05-2015 16:54:14
Running from C:\Users\Shorlogere\Desktop
Loaded Profiles: Shorlogere (Available profiles: Shorlogere)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HiTRSUT) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink) C:\Acer\Empowering Technology\eAudio\eAudio.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe
(Nero AG) D:\Programme\Nero 7\Nero 7\InCD\InCD.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Realtek Semiconductor Corp.) C:\Users\Shorlogere\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
() C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNMTray.exe
(Acer Inc.) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Inc.) C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
() C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_17_0_0_169_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4669440 2007-07-06] (Realtek Semiconductor)
HKLM\...\Run: [eDataSecurity Loader] => C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [ccApp] => C:\Program Files\Common Files\Symantec Shared\ccApp.exe [107112 2006-11-21] (Symantec Corporation)
HKLM\...\Run: [osCheck] => C:\Program Files\Norton Internet Security\osCheck.exe [22696 2006-11-21] (Symantec Corporation)
HKLM\...\Run: [PLFSetL] => C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [eAudio] => C:\Acer\Empowering Technology\eAudio\eAudio.exe [1286144 2007-08-31] (CyberLink)
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [768520 2007-10-17] (Dritek System Inc.)
HKLM\...\Run: [WarReg_PopUp] => C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-07] (Synaptics, Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] => C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [570664 2008-05-28] (Nero AG)
HKLM\...\Run: [SecurDisc] => D:\Programme\Nero 7\Nero 7\InCD\NBHGui.exe [1629480 2008-05-06] (Nero AG)
HKLM\...\Run: [InCD] => D:\Programme\Nero 7\Nero 7\InCD\InCD.exe [1057064 2008-05-06] (Nero AG)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2007-06-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-26] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.)
HKLM\...\Run: [NvSvc] => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [DivXMediaServer] => D:\Programme\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2008-01-22] (Nero AG)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [Amazon Music] => C:\Users\Shorlogere\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281536 2014-09-06] ()
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31280256 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\acer.scr [83554304 2007-04-19] ()
HKU\S-1-5-18\...\Run: [Acer Tour Reminder] => C:\Acer\AcerTour\Reminder.exe [151552 2007-08-01] (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk [2007-12-26]
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-01-11]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3128768096-592464525-3037917805-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3128768096-592464525-3037917805-1000\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {3F61328A-CE9B-40CA-A639-5B3771784314} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKU\S-1-5-21-3128768096-592464525-3037917805-1000 -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} -> C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll [2006-11-21] (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programme\java\bin\ssv.dll [2012-03-11] (Sun Microsystems, Inc.)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Windows\system32\ActiveToolBand.dll [2007-04-25] (HiTRUST)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programme\java\bin\jp2ssv.dll [2012-03-11] (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll [2007-04-25] (HiTRUST)
Toolbar: HKLM - Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll [2006-11-21] (Symantec Corporation)
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-07-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Shorlogere\AppData\Roaming\Mozilla\Firefox\Profiles\oj6v75dv.default-1431546951963
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Programme\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Programme\DivX\DivX Web Player\npdivx32.dll [2013-08-28] (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/JavaPlugin -> D:\Programme\java\bin\plugin2\npjp2.dll [2012-03-11] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3128768096-592464525-3037917805-1000: amazon.com/AmazonMP3DownloaderPlugin -> D:\Programme\Amazon\npAmazonMP3DownloaderPlugin1017325.dll [2012-10-04] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012-03-11] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2013-02-16] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-09-08] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-09-08] (Apple Inc.)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-13]
FF Extension: UITBAutoInstaller - C:\Program Files\Mozilla Firefox\distribution\bundles\{edd7fc99-d65c-4979-85c2-ddeed30c50c7} [2015-05-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-24]
FF HKU\S-1-5-21-3128768096-592464525-3037917805-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Automatisches LiveUpdate - Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [554352 2007-09-26] (Symantec Corporation)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
R2 CLTNetCnService; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
S3 comHost; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [49296 2006-11-21] (Symantec Corporation)
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [457512 2007-04-25] (HiTRSUT)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-08-28] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-10] () [File not signed]
R2 InCDsrv; D:\Programme\Nero 7\Nero 7\InCD\InCDsrv.exe [1553192 2008-05-06] (Nero AG)
S3 ISPwdSvc; C:\Program Files\Norton Internet Security\isPwdSvc.exe [80552 2006-11-21] (Symantec Corporation)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-26] (Symantec Corporation)
R2 LiveUpdate Notice Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [107624 2006-11-21] (Symantec Corporation)
S2 LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [583048 2008-01-29] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [107008 2006-11-24] () [File not signed]
S3 NBService; D:\Programme\Nero 7\Nero 7\Nero BackItUp\NBService.exe [800040 2008-04-08] (Nero AG)
R2 PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [266343 2007-01-23] () [File not signed]
R3 Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [1251720 2011-05-21] ()
R2 SymAppCore; C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe [46736 2006-11-21] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-10-30] (acer) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [226784 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [269792 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] (AVG Technologies CZ, s.r.o.)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [105592 2011-07-28] (Symantec Corporation)
R1 IDSvix86; C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20110818.001\IDSvix86.sys [287792 2011-04-27] (Symantec Corporation)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [118952 2008-05-06] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [36648 2008-05-06] (Nero AG)
U1 InCDrec; C:\Windows\System32\drivers\InCDRec.sys [16936 2008-05-06] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [38312 2008-05-06] (Nero AG)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [76584 2006-12-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20110818.003\NAVENG.SYS [86136 2011-08-04] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20110818.003\NAVEX15.SYS [1576312 2011-08-04] (Symantec Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-12-26] (NewTech Infosystems, Inc.) [File not signed]
R0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
R0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
R0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-01-03] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2012-01-03] (RapidSolution Software AG)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749376 2007-08-02] ()
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-11-21] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [245880 2006-11-21] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [275576 2006-11-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [24184 2006-11-21] (Symantec Corporation)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12720 2009-08-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2011-05-21] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2009-08-03] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2009-08-03] (Symantec Corporation)
R3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [38448 2009-08-03] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-08-03] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-08-03] (Symantec Corporation)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2012-01-03] (RapidSolution Software AG)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [41456 2007-12-05] (Cyberlink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; No ImagePath
S3 catchme; \??\C:\Users\SHORLO~1\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; No ImagePath
S3 NwlnkFlt; No ImagePath
S3 NwlnkFwd; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 16:47 - 2015-05-17 16:47 - 00852630 _____ () C:\Users\Shorlogere\Desktop\SecurityCheck.exe
2015-05-17 14:13 - 2015-05-17 14:13 - 02347384 _____ (ESET) C:\Users\Shorlogere\Desktop\esetsmartinstaller_deu.exe
2015-05-16 17:45 - 2015-05-16 17:45 - 01146368 _____ (Farbar) C:\Users\Shorlogere\Desktop\FRST.exe
2015-05-16 17:07 - 2015-05-16 17:07 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SHORLOGERE-PC-Windows-Vista-(TM)-Home-Premium-(32-bit).dat
2015-05-16 17:07 - 2015-05-16 17:07 - 00000000 ____D () C:\RegBackup
2015-05-16 17:05 - 2015-05-16 17:05 - 02719698 _____ (Thisisu) C:\Users\Shorlogere\Desktop\JRT.exe
2015-05-16 16:11 - 2015-05-16 16:25 - 00000000 ____D () C:\AdwCleaner
2015-05-16 16:10 - 2015-05-16 16:10 - 02209792 _____ () C:\Users\Shorlogere\Desktop\AdwCleaner_4.204.exe
2015-05-16 14:35 - 2015-05-16 14:35 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-16 14:35 - 2015-05-16 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-16 14:35 - 2015-05-16 14:35 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-05-16 14:35 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-16 14:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-16 14:30 - 2015-05-16 14:30 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Shorlogere\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-15 20:26 - 2015-05-15 20:26 - 00016638 _____ () C:\ComboFix.txt
2015-05-15 20:06 - 2015-05-15 20:27 - 00000000 ____D () C:\Qoobox
2015-05-15 20:06 - 2015-05-15 20:27 - 00000000 ____D () C:\ComboFix
2015-05-15 20:06 - 2015-05-15 20:25 - 00000000 ____D () C:\Windows\erdnt
2015-05-15 20:06 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-15 20:06 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-15 20:06 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-15 20:06 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-15 19:58 - 2015-05-15 19:58 - 05623645 ____R (Swearware) C:\Users\Shorlogere\Desktop\ComboFix.exe
2015-05-14 22:18 - 2015-05-14 22:18 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Shorlogere\Desktop\tdsskiller.exe
2015-05-14 21:29 - 2015-05-16 14:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-14 21:28 - 2015-05-17 15:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 21:28 - 2015-05-14 22:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-14 21:25 - 2015-05-14 22:16 - 00000000 ____D () C:\Users\Shorlogere\Desktop\mbar
2015-05-14 21:25 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-14 21:23 - 2015-05-14 21:24 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Shorlogere\Desktop\mbar-1.09.1.1004.exe
2015-05-14 18:39 - 2015-05-14 18:39 - 00380416 _____ () C:\Users\Shorlogere\Desktop\Gmer-19357.exe
2015-05-14 18:21 - 2015-05-17 16:54 - 00000000 ____D () C:\FRST
2015-05-14 18:16 - 2015-05-14 18:16 - 00000482 _____ () C:\Users\Shorlogere\Desktop\defogger_disable.log
2015-05-14 18:16 - 2015-05-14 18:16 - 00000000 _____ () C:\Users\Shorlogere\defogger_reenable
2015-05-14 18:14 - 2015-05-14 18:14 - 00050477 _____ () C:\Users\Shorlogere\Desktop\Defogger.exe
2015-05-14 15:08 - 2015-05-14 15:08 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\AVG2015
2015-05-14 15:06 - 2015-05-14 15:06 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-05-14 15:06 - 2015-05-14 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-05-14 15:02 - 2015-05-14 15:07 - 00000000 ____D () C:\ProgramData\AVG2015
2015-05-14 15:02 - 2015-05-14 15:02 - 00000000 ____D () C:\$AVG
2015-05-14 14:58 - 2015-05-14 14:58 - 00000000 ____D () C:\Program Files\AVG
2015-05-14 14:55 - 2015-05-17 11:50 - 00000000 ____D () C:\ProgramData\MFAData
2015-05-14 14:55 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Avg2015
2015-05-14 14:55 - 2015-05-14 14:55 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\MFAData
2015-05-13 21:59 - 2015-05-13 21:59 - 00143352 _____ () C:\Windows\Minidump\Mini051315-04.dmp
2015-05-13 20:54 - 2015-05-13 20:54 - 00143352 _____ () C:\Windows\Minidump\Mini051315-03.dmp
2015-05-13 20:42 - 2015-05-13 20:42 - 00143352 _____ () C:\Windows\Minidump\Mini051315-02.dmp
2015-05-13 20:35 - 2015-05-13 20:35 - 00143352 _____ () C:\Windows\Minidump\Mini051315-01.dmp
2015-05-13 13:17 - 2015-04-30 18:03 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-05-13 13:15 - 2015-04-19 23:24 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-05-13 13:15 - 2015-04-19 22:19 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-13 13:15 - 2015-04-19 22:18 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-05-13 13:15 - 2015-04-19 22:13 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-13 13:15 - 2015-04-19 22:12 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:15 - 2015-04-19 22:12 - 00801792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:15 - 2015-04-19 06:59 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 13:14 - 2015-04-30 15:14 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:03 - 2015-04-11 01:22 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 12:55 - 2015-05-13 12:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-12 21:17 - 2015-04-10 17:30 - 12379136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-12 21:17 - 2015-04-10 17:25 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-12 21:17 - 2015-04-10 17:25 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-12 21:17 - 2015-04-10 17:24 - 09750528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-12 21:17 - 2015-04-10 17:21 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-12 21:17 - 2015-04-10 17:20 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-12 21:17 - 2015-04-10 17:20 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-12 21:17 - 2015-04-10 17:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-12 21:17 - 2015-04-10 17:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-12 21:17 - 2015-04-10 17:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-12 21:17 - 2015-04-10 17:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-12 21:17 - 2015-04-10 17:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-17 16:39 - 2012-04-01 17:53 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-17 16:38 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-17 16:38 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-17 16:33 - 2012-10-07 16:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-17 15:53 - 2011-05-21 16:14 - 01866368 _____ () C:\Windows\WindowsUpdate.log
2015-05-17 14:11 - 2006-11-02 12:33 - 00006626 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-17 14:09 - 2013-06-18 12:58 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\vlc
2015-05-17 11:38 - 2012-04-01 17:52 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-17 10:37 - 2011-07-21 09:01 - 00157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.001
2015-05-17 10:34 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-17 00:11 - 2006-11-02 15:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-16 16:56 - 2011-05-21 16:09 - 00387512 _____ () C:\Windows\PFRO.log
2015-05-16 15:54 - 2011-06-27 18:57 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\Skype
2015-05-16 15:54 - 2011-06-27 18:56 - 00000000 ___RD () C:\Program Files\Skype
2015-05-16 15:54 - 2011-06-27 18:56 - 00000000 ____D () C:\ProgramData\Skype
2015-05-16 15:48 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2015-05-15 20:27 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2015-05-15 20:27 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2015-05-15 20:24 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2015-05-15 20:22 - 2011-05-21 15:27 - 00000000 ____D () C:\Users\Shorlogere
2015-05-15 20:09 - 2013-05-14 12:20 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\CrashDumps
2015-05-15 20:03 - 2011-05-21 17:53 - 00000534 _____ () C:\Windows\Tasks\Norton Internet Security - Vollständige Systemprüfung ausführen - Shorlogere.job
2015-05-15 12:34 - 2014-05-18 20:44 - 00001967 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-14 20:25 - 2011-05-21 22:36 - 00002631 _____ () C:\Users\Shorlogere\Desktop\Microsoft Office Word 2007.lnk
2015-05-14 15:06 - 2013-06-06 10:40 - 00000000 ____D () C:\Users\Shorlogere\AppData\Roaming\TuneUp Software
2015-05-13 21:59 - 2011-11-03 17:40 - 417634770 _____ () C:\Windows\MEMORY.DMP
2015-05-13 21:59 - 2011-11-03 17:40 - 00000000 ____D () C:\Windows\Minidump
2015-05-13 21:38 - 2015-01-11 21:16 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-05-13 21:38 - 2014-12-08 12:05 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-05-13 21:38 - 2014-05-22 09:13 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Mama-Stick
2015-05-13 21:38 - 2013-05-02 10:45 - 00000000 ____D () C:\ProgramData\Protexis
2015-05-13 21:38 - 2012-09-30 11:05 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2015-05-13 21:38 - 2012-05-05 11:27 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-13 21:38 - 2012-01-05 18:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 21:38 - 2012-01-05 18:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 21:38 - 2011-05-21 22:24 - 00000000 ____D () C:\Program Files\Microsoft Works
2015-05-13 21:38 - 2011-05-21 22:21 - 00000000 ____D () C:\Users\Shorlogere\AppData\Local\Microsoft Help
2015-05-13 21:38 - 2011-05-21 15:29 - 00000000 ___HD () C:\Users\Shorlogere\AppData\Local\acer eNM
2015-05-13 21:38 - 2011-05-21 15:27 - 00000000 ___RD () C:\Users\Shorlogere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2011-05-21 15:27 - 00000000 ___RD () C:\Users\Shorlogere\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2007-12-26 08:16 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-13 21:38 - 2007-12-26 08:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 __RHD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\XPSViewer
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\system32\restore
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\ShellNew
2015-05-13 21:38 - 2006-11-02 14:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 __RSD () C:\Windows\Media
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Windows\Offline Web Pages
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extras and Upgrades
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\spool
2015-05-13 21:38 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\registration
2015-05-13 18:24 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-13 18:13 - 2006-11-02 14:47 - 00308168 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 13:13 - 2013-07-19 13:01 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 13:06 - 2006-11-02 12:24 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-05-08 21:12 - 2011-05-21 18:02 - 00000016 _____ () C:\Windows\system32\coh.cache
2015-04-28 12:39 - 2014-03-19 15:39 - 00000000 ____D () C:\Users\Shorlogere\Desktop\Umwandlung
2015-04-27 19:09 - 2011-05-21 18:20 - 00000049 __RSH () C:\Users\Public\Documents\HBEPGUID.TXT
2015-04-23 12:50 - 2011-05-21 22:43 - 00245760 _____ () C:\Users\Shorlogere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2011-07-21 09:01 - 2015-05-17 10:37 - 0157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.001
2011-07-21 08:53 - 2014-08-03 16:40 - 0157226 _____ () C:\Users\Shorlogere\AppData\Roaming\nvModes.dat
2012-01-05 13:46 - 2014-05-17 09:32 - 0000680 _____ () C:\Users\Shorlogere\AppData\Local\d3d9caps.dat
2011-05-21 22:43 - 2015-04-23 12:50 - 0245760 _____ () C:\Users\Shorlogere\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-01-05 14:28 - 2012-01-05 14:29 - 0029347 _____ () C:\Users\Shorlogere\AppData\Local\HWVendorDetection.log

Some content of TEMP:
====================
C:\Users\Shorlogere\AppData\Local\temp\Quarantine.exe
C:\Users\Shorlogere\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Shorlogere\AppData\Local\temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-17 10:49

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---



Firefox habe ich noch nicht wieder verwendet. Sollte ich das jetzt einmal ausprobieren?

Vielen Dank für die Hilfe bis hier hin!

Geändert von shorlo (17.05.2015 um 16:03 Uhr)

Alt 18.05.2015, 09:52   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
D:\Downloads\FreeYouTubeDownload(1).exe

D:\Downloads\FreeYouTubeDownload.exe

D:\Downloads\FreeYouTubeToMP3Converter.exe

D:\Downloads\iLividSetupV1.exe

D:\Downloads\photoscape.exe

D:\Downloads\rcpsetupdsnr_ds1224308.exe

D:\Downloads\registrybooster

D:\Downloads\registrybooster.exe

D:\Downloads\TVSetup.exe

D:\Downloads\vlc-1.1.10-win32.exe

I:\Archiv-D-02-2015\Downloads\CodecPerformerSetup.exe

I:\Archiv-D-02-2015\Downloads\FreeYouTubeDownload(1).exe

I:\Archiv-D-02-2015\Downloads\FreeYouTubeDownload.exe

I:\Archiv-D-02-2015\Downloads\FreeYouTubeToMP3Converter.exe

I:\Archiv-D-02-2015\Downloads\iLividSetupV1.exe

I:\Archiv-D-02-2015\Downloads\install_flash_player.exe

I:\Archiv-D-02-2015\Downloads\photoscape.exe

I:\Archiv-D-02-2015\Downloads\rcpsetupdsnr_ds1224308.exe

I:\Archiv-D-02-2015\Downloads\registrybooster(1).exe

I:\Archiv-D-02-2015\Downloads\registrybooster.exe

I:\Archiv-D-02-2015\Downloads\setup.exe

I:\Archiv-D-02-2015\Downloads\TVSetup.exe

I:\Archiv-D-02-2015\Downloads\vlc-1.1.10-win32.exe

I:\Archiv-D-03.2011\Shorlogere\SoftonicDownloader45973.exe
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
Combofix deinstallieren .
  • Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
  • Drücke bitte die + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
  • Klicke auf OK.
    Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
  • Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:

Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.


Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.05.2015, 11:59   #12
shorlo
 
Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



So, ich habe nun die externe Festplatte wieder mit angeschlossen. Ich hoffe, dass das richitg war.

FixLog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-05-2015 02
Ran by Shorlogere at 2015-05-18 11:57:31 Run:1
Running from C:\Users\Shorlogere\Desktop
Loaded Profiles: Shorlogere (Available profiles: Shorlogere)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
D:\Downloads\FreeYouTubeDownload(1).exe

D:\Downloads\FreeYouTubeDownload.exe

D:\Downloads\FreeYouTubeToMP3Converter.exe

D:\Downloads\iLividSetupV1.exe

D:\Downloads\photoscape.exe

D:\Downloads\rcpsetupdsnr_ds1224308.exe

D:\Downloads\registrybooster

D:\Downloads\registrybooster.exe

D:\Downloads\TVSetup.exe

D:\Downloads\vlc-1.1.10-win32.exe

I:\Archiv-D-02-2015\Downloads\CodecPerformerSetup.exe

I:\Archiv-D-02-2015\Downloads\FreeYouTubeDownload(1).exe

I:\Archiv-D-02-2015\Downloads\FreeYouTubeDownload.exe

I:\Archiv-D-02-2015\Downloads\FreeYouTubeToMP3Converter.exe

I:\Archiv-D-02-2015\Downloads\iLividSetupV1.exe

I:\Archiv-D-02-2015\Downloads\install_flash_player.exe

I:\Archiv-D-02-2015\Downloads\photoscape.exe

I:\Archiv-D-02-2015\Downloads\rcpsetupdsnr_ds1224308.exe

I:\Archiv-D-02-2015\Downloads\registrybooster(1).exe

I:\Archiv-D-02-2015\Downloads\registrybooster.exe

I:\Archiv-D-02-2015\Downloads\setup.exe

I:\Archiv-D-02-2015\Downloads\TVSetup.exe

I:\Archiv-D-02-2015\Downloads\vlc-1.1.10-win32.exe

I:\Archiv-D-03.2011\Shorlogere\SoftonicDownloader45973.exe
Emptytemp:
         
*****************

D:\Downloads\FreeYouTubeDownload(1).exe => Moved successfully.
D:\Downloads\FreeYouTubeDownload.exe => Moved successfully.
D:\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully.
D:\Downloads\iLividSetupV1.exe => Moved successfully.
D:\Downloads\photoscape.exe => Moved successfully.
D:\Downloads\rcpsetupdsnr_ds1224308.exe => Moved successfully.
"D:\Downloads\registrybooster" => File/Directory not found.
D:\Downloads\registrybooster.exe => Moved successfully.
D:\Downloads\TVSetup.exe => Moved successfully.
D:\Downloads\vlc-1.1.10-win32.exe => Moved successfully.
Could not move "I:\Archiv-D-02-2015\Downloads\CodecPerformerSetup.exe" => Scheduled to move on reboot.
I:\Archiv-D-02-2015\Downloads\FreeYouTubeDownload(1).exe => Moved successfully.
I:\Archiv-D-02-2015\Downloads\FreeYouTubeDownload.exe => Moved successfully.
I:\Archiv-D-02-2015\Downloads\FreeYouTubeToMP3Converter.exe => Moved successfully.
I:\Archiv-D-02-2015\Downloads\iLividSetupV1.exe => Moved successfully.
Could not move "I:\Archiv-D-02-2015\Downloads\install_flash_player.exe" => Scheduled to move on reboot.
I:\Archiv-D-02-2015\Downloads\photoscape.exe => Moved successfully.
I:\Archiv-D-02-2015\Downloads\rcpsetupdsnr_ds1224308.exe => Moved successfully.
I:\Archiv-D-02-2015\Downloads\registrybooster(1).exe => Moved successfully.
I:\Archiv-D-02-2015\Downloads\registrybooster.exe => Moved successfully.
Could not move "I:\Archiv-D-02-2015\Downloads\setup.exe" => Scheduled to move on reboot.
I:\Archiv-D-02-2015\Downloads\TVSetup.exe => Moved successfully.
I:\Archiv-D-02-2015\Downloads\vlc-1.1.10-win32.exe => Moved successfully.
I:\Archiv-D-03.2011\Shorlogere\SoftonicDownloader45973.exe => Moved successfully.
EmptyTemp: => Removed 560.8 MB temporary data.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-05-18 12:04:39)<=

"I:\Archiv-D-02-2015\Downloads\CodecPerformerSetup.exe" => Could not move.
"I:\Archiv-D-02-2015\Downloads\install_flash_player.exe" => Could not move.
"I:\Archiv-D-02-2015\Downloads\setup.exe" => Could not move.

==== End of Fixlog 12:04:44 ====
         
Ich hatte gerade wieder einen Bluescreen, nachdem ich Firerfox wieder ausprobiert habe.
Nun benutze ich wieder den Internet Explorer.

Jetzt ist etwas komisches passiert. Als ich die Textdatei von dem Defogger-enable öffnen wollte, ist der Rechner hängengeblieben. Die Maus ließ sich zwar noch bewegen, aber sonst ging nichts mehr. Ich kam nicht einmal in den Taskmanager. Deshalb habe ich den PC wieder manuell ausgeschaltet und wieder hochgefahren.
Beim zweiten Versuch hat es dann geklappt die Datei problemlos zu öffnen. Allerdings weiß ich nicht, ob ich den Defoggervorgang richtig ausgeführt habe. Combofix ist jetzt auch schon deinstalliert.

Defogger-enable:

Code:
ATTFilter
defogger_enable by jpshortstuff (23.02.10.1)
Log created at 12:27 on 18/05/2015 (Shorlogere)

Parsing file...


-=E.O.F=-
         
Kann ich nun bedenkenlos den DelFix-Vorgang starten? Oder stimmt noch etwas nicht?

Die externe Festplatte habe ich jetzt wieder abgetrennt.

Alt 19.05.2015, 07:08   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Jop, zusätzlich noch das :


Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 19.05.2015, 14:16   #14
shorlo
 
Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



So, mein Problem scheint gelöst zu sein. Ich bin nun schon eine Weile mit dem neu installierten Firefox am surfen. Das System scheint stabil zu sein. Toll ist, dass trotz Neuinstallation alle meine Lesezeichen noch da sind.

Du schlägst das Antvirusprogramm Emsisoft vor. Das wäre anstatt des AVG-Virenprogrammes oder?
Reicht da denn die kostenlose Variante aus?

Liebe Grüße,
shorlo

Hallo Schrauber,

ich habe noch einmal meinen Laptop auf Viren gescannt. Leider wird mir immer noch oder wieder eine Bedrohung als ungelöst angezeigt. Es hat sich in der Zahlen- bzw. Buchstabenfolge am Ende der Bedrohungsbezeichnung etwas geändert.

Folgendes Ergebnis ergab der Scan:

Code:
ATTFilter
"Gesamten Computer scannen"
"Mittlerer Schweregrad";"1";"0";"1"
"Gescannt:";"Gesamten Computer scannen"
"Gestartet:";"19.05.2015, 13:13:44"
"Beendet:";"19.05.2015, 14:11:51"
"Anzahl der Elemente:";"143331"
"Gestartet von:";"Shorlogere"

"Name";"Beschreibung";"Status";"Status";"Priorität"
"<unknown>";"Dienstfunktion NtMapViewOfSection-Hook -> 0xFFFFFFFF90FF0C80";"Ungelöst";"Ungelöst";"Mittel"
         

Hoffentlich muss ich die Schritte jetzt nicht alle noch einmal durchführen.

Liebe Grüße,
shorlo

Alt 20.05.2015, 06:42   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Standard

Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260



Wer meldet diesen Fund? Emsisoft statt AVG, ja, aber die kostenlose Version ist kein AV Programm, sondern nur ein Scanner.

Poste auch bitte ein frisches FRST log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260
c:\windows\system32\roboot.exe, device driver, launch, neustart des pcs, newtab, pup.optional.alexatb.a, pup.optional.babylon.a, pup.optional.clientconnect, pup.optional.conduit, pup.optional.conduit.a, pup.optional.datamngr.a, pup.optional.delta.a, pup.optional.dvdvideosofttb.a, pup.optional.ibupdater.a, pup.optional.iminent.a, pup.optional.inboxtoolbar.a, pup.optional.koyote.a, pup.optional.mypcbackup.a, pup.optional.opencandy, pup.optional.pricegong.a, pup.optional.speedanalysis2.a, pup.optional.speedanalysis3.a, pup.optional.speedchecker.a, required, tablet, win32/domaiq.d, win32/startpage.oie, win32/toolbar.conduit, win32/toolbar.conduit.y, win32/toolbar.inbox.c, win32/toolbar.searchsuite.z



Ähnliche Themen: Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260


  1. Alter laptop Windows vista sp2 32bit: (vermutlich)virus blockt Windows services und einige Internet verbindungen
    Log-Analyse und Auswertung - 04.11.2014 (3)
  2. Bundespolizei Virus - Windows Vista
    Log-Analyse und Auswertung - 13.11.2013 (11)
  3. Windows Vista: Bundespolizei-Virus!
    Log-Analyse und Auswertung - 23.10.2013 (5)
  4. GVU-Virus auf meinem Rechner (Windows Vista)
    Log-Analyse und Auswertung - 08.07.2013 (15)
  5. BKA Virus 1.13 Windows Vista
    Log-Analyse und Auswertung - 05.12.2012 (2)
  6. Windows Vista - Polizei Virus
    Log-Analyse und Auswertung - 09.10.2012 (31)
  7. GVU-Virus 2.07 // Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (1)
  8. AKM BMI Virus Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 31.05.2012 (1)
  9. bundespolizei virus windows vista
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (1)
  10. SUISA-Virus auf Windows Vista
    Log-Analyse und Auswertung - 15.05.2012 (10)
  11. AKM Virus Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (4)
  12. Windows System blockiert - Virus Windows Vista
    Log-Analyse und Auswertung - 17.02.2012 (13)
  13. Windows gesperrt - Virus Windows Vista
    Log-Analyse und Auswertung - 15.02.2012 (37)
  14. Bka virus 1.03 windows vista
    Log-Analyse und Auswertung - 19.01.2012 (1)
  15. Virus, 50€ zahlen @ Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 21.12.2011 (7)
  16. Hook.dll Virus?
    Plagegeister aller Art und deren Bekämpfung - 29.06.2010 (29)
  17. RootKit Hook Analyzer zeigt Hook an
    Plagegeister aller Art und deren Bekämpfung - 04.02.2009 (3)

Zum Thema Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 - Hallo Lieber Helfer, seit gestern startet mein Rechner immer nach kurzer Zeit neu, wenn ich versuche mit Mozilla Firefox im Internet zu surfen. Es erscheint dann immer ein blauer Bildschirm, - Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260...
Archiv
Du betrachtest: Windows Vista-Virus: DienstfunktionNtMapViewOfSection-Hook->0xFFFFFFFF911F0260 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.