| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Windows Explorer schließt sich immerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.05.2015, 19:41
| #1 |
 |  Windows 7 Windows Explorer schließt sich immer Hallo, ich brauche Hilfe. Wenn ich den Windows Explorer öffnen und anschließend den Ordner "Eigene Bilder" auswähle, schließt sich der Explorer. Bis vor ein paar Tagen kam noch die Meldung, dass dieser nicht mehr funktioniert und deshalb geschlossen wird. Nun schließt er sich einfach nur noch. Über Antivir finde ich keinen Virus. Defogger habe ich ausgeführt, es wurde kein Log von diesem Programm erstellt. Von FRST und GMER füge ich die Logs an. Ich hoffe, dass mir geholfen werden kann. Viele Grüße Tuuli |
|
29.05.2015, 20:08
| #2 |
| /// TB-Ausbilder   | Windows 7 Windows Explorer schließt sich immer Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
|
30.05.2015, 13:45
| #3 |
| | Windows 7 Windows Explorer schließt sich immer Hallo Matthias,
__________________anbei der Report von TDSSKiller. Viele Grüße Stefanie Code:
ATTFilter 14:40:33.0185 0x0314 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
14:40:40.0910 0x0314 ============================================================
14:40:40.0911 0x0314 Current date / time: 2015/05/30 14:40:40.0910
14:40:40.0911 0x0314 SystemInfo:
14:40:40.0911 0x0314
14:40:40.0911 0x0314 OS Version: 6.1.7601 ServicePack: 1.0
14:40:40.0911 0x0314 Product type: Workstation
14:40:40.0911 0x0314 ComputerName: STEFANIE-LAPTOP
14:40:40.0911 0x0314 UserName: Stefanie
14:40:40.0911 0x0314 Windows directory: C:\Windows
14:40:40.0911 0x0314 System windows directory: C:\Windows
14:40:40.0911 0x0314 Processor architecture: Intel x86
14:40:40.0911 0x0314 Number of processors: 2
14:40:40.0911 0x0314 Page size: 0x1000
14:40:40.0911 0x0314 Boot type: Normal boot
14:40:40.0911 0x0314 ============================================================
14:40:44.0135 0x0314 KLMD registered as C:\Windows\system32\drivers\35546876.sys
14:40:45.0314 0x0314 System UUID: {E916B1B8-5A7F-AF59-7631-3E5FDF9A89F5}
14:40:47.0363 0x0314 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:40:47.0370 0x0314 ============================================================
14:40:47.0370 0x0314 \Device\Harddisk0\DR0:
14:40:47.0370 0x0314 MBR partitions:
14:40:47.0370 0x0314 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x157C800, BlocksNum 0x11C53000
14:40:47.0370 0x0314 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x131CF800, BlocksNum 0x11C5E800
14:40:47.0370 0x0314 ============================================================
14:40:47.0502 0x0314 C: <-> \Device\Harddisk0\DR0\Partition1
14:40:47.0693 0x0314 D: <-> \Device\Harddisk0\DR0\Partition2
14:40:47.0694 0x0314 ============================================================
14:40:47.0694 0x0314 Initialize success
14:40:47.0694 0x0314 ============================================================
14:41:59.0488 0x1414 ============================================================
14:41:59.0488 0x1414 Scan started
14:41:59.0488 0x1414 Mode: Manual; SigCheck; TDLFS;
14:41:59.0488 0x1414 ============================================================
14:41:59.0488 0x1414 KSN ping started
14:42:02.0223 0x1414 KSN ping finished: true
14:42:03.0758 0x1414 ================ Scan system memory ========================
14:42:03.0759 0x1414 System memory - ok
14:42:03.0759 0x1414 ================ Scan services =============================
14:42:03.0993 0x1414 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:42:04.0173 0x1414 1394ohci - ok
14:42:04.0233 0x1414 [ 0A1E97197609F92D2425B67DA0BB0A7F, 818FD957C6EA1869ED13EA8C0681D2850141E22A68A2D982E4AEEA2736F50555 ] ACEDRV05 C:\Windows\system32\drivers\ACEDRV05.sys
14:42:04.0366 0x1414 ACEDRV05 - detected UnsignedFile.Multi.Generic ( 1 )
14:42:07.0106 0x1414 Detect skipped due to KSN trusted
14:42:07.0106 0x1414 ACEDRV05 - ok
14:42:07.0318 0x1414 [ DA115C33158E4ED1CCE74221F320B6B3, B632ABF936A1EFABC8D978D6E8E06FAC54563C7F7FB713A49BD55906D458842D ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
14:42:07.0893 0x1414 acedrv11 - ok
14:42:07.0945 0x1414 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:42:07.0986 0x1414 ACPI - ok
14:42:08.0037 0x1414 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:42:08.0167 0x1414 AcpiPmi - ok
14:42:08.0294 0x1414 [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:42:08.0311 0x1414 AdobeARMservice - ok
14:42:08.0407 0x1414 [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:42:08.0603 0x1414 AdobeFlashPlayerUpdateSvc - ok
14:42:08.0734 0x1414 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:42:08.0899 0x1414 adp94xx - ok
14:42:08.0936 0x1414 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:42:09.0005 0x1414 adpahci - ok
14:42:09.0032 0x1414 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:42:09.0054 0x1414 adpu320 - ok
14:42:09.0092 0x1414 [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:42:09.0252 0x1414 AeLookupSvc - ok
14:42:09.0311 0x1414 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
14:42:09.0384 0x1414 AFD - ok
14:42:09.0414 0x1414 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:42:09.0430 0x1414 agp440 - ok
14:42:09.0481 0x1414 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
14:42:09.0527 0x1414 aic78xx - ok
14:42:09.0613 0x1414 [ 7067AC22EB74C2E3D4C950050CBB1AC0, 2CC18B36FE0059CD0C4745BA698DB322006BED182623D85655A389077DB52A03 ] ALDITALKVerbindungsassistent_Service C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
14:42:09.0634 0x1414 ALDITALKVerbindungsassistent_Service - ok
14:42:09.0727 0x1414 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
14:42:09.0837 0x1414 ALG - ok
14:42:09.0892 0x1414 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
14:42:09.0930 0x1414 aliide - ok
14:42:09.0962 0x1414 [ EB7C2F213A219CA9CF807B6888186070, 710F4F6370984B093CFCE8BC517DC6B9ADBB14E7D123DF89F400FE7D0F2BCBF0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:42:10.0021 0x1414 AMD External Events Utility - ok
14:42:10.0060 0x1414 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:42:10.0103 0x1414 amdagp - ok
14:42:10.0122 0x1414 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
14:42:10.0162 0x1414 amdide - ok
14:42:10.0218 0x1414 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:42:10.0312 0x1414 AmdK8 - ok
14:42:10.0731 0x1414 [ 92D358D9E637F4BF4C2F87CF0B85B494, 3D6CAC4E0B58B2EAA0A7307C3DA4008D67ABA91AA03672197FCDE33148B83241 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:42:11.0487 0x1414 amdkmdag - ok
14:42:11.0558 0x1414 [ 6DC621388E76DC43D8558A20603B5A9E, B9687D90350711127715FA78093BED452D571DFB5C71C28B082AB03AAE75D9E7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:42:11.0633 0x1414 amdkmdap - ok
14:42:11.0718 0x1414 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:42:11.0774 0x1414 AmdPPM - ok
14:42:11.0829 0x1414 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:42:11.0875 0x1414 amdsata - ok
14:42:11.0932 0x1414 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:42:11.0974 0x1414 amdsbs - ok
14:42:12.0000 0x1414 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:42:12.0044 0x1414 amdxata - ok
14:42:12.0176 0x1414 [ D908096B873B940BB438CE63BA35BD1E, F1C79C907E6CDBC2770C16AFFAE0D6F9B9B7DA21F5074D602AC5FE1597975748 ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
14:42:12.0241 0x1414 AntiVirMailService - ok
14:42:12.0338 0x1414 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
14:42:12.0359 0x1414 AntiVirSchedulerService - ok
14:42:12.0429 0x1414 [ EC705D6ED3A7F3D9AE42F6239707D9FE, B50F6BB0FC308E7403B1807DF2AAF87BEDE0B044128C580970A26801CCABC43F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
14:42:12.0449 0x1414 AntiVirService - ok
14:42:12.0575 0x1414 [ 0F3D12E5FAE0082DB3F306095CA6B027, 726D054357031F45B43C87D798E84FA93439ECA6C691EB8C76FE524B50C25B32 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
14:42:12.0679 0x1414 AntiVirWebService - ok
14:42:12.0734 0x1414 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys
14:42:12.0839 0x1414 AppID - ok
14:42:12.0857 0x1414 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:42:12.0908 0x1414 AppIDSvc - ok
14:42:12.0978 0x1414 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
14:42:13.0048 0x1414 Appinfo - ok
14:42:13.0097 0x1414 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
14:42:13.0134 0x1414 arc - ok
14:42:13.0163 0x1414 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:42:13.0200 0x1414 arcsas - ok
14:42:13.0339 0x1414 [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:42:13.0413 0x1414 aspnet_state - ok
14:42:13.0475 0x1414 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:13.0645 0x1414 AsyncMac - ok
14:42:13.0734 0x1414 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
14:42:13.0777 0x1414 atapi - ok
14:42:13.0840 0x1414 [ 434192D027A6A11E32E1C74C7C43E1ED, EA4A981B42EC16C2457D80218E94D7B339E05629A028ED5A011D8C7C1039BFD2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
14:42:13.0885 0x1414 AtiHDAudioService - ok
14:42:14.0280 0x1414 [ 92D358D9E637F4BF4C2F87CF0B85B494, 3D6CAC4E0B58B2EAA0A7307C3DA4008D67ABA91AA03672197FCDE33148B83241 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:42:14.0564 0x1414 atikmdag - ok
14:42:14.0701 0x1414 [ F0D933B42CD0594048E4D5200AE9E417, FF53E843A99948568515964C3C97107FA875BBC3F2906BADEE0B29ACE5532F0D ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
14:42:14.0775 0x1414 atksgt - ok
14:42:14.0851 0x1414 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:42:14.0935 0x1414 AudioEndpointBuilder - ok
14:42:15.0078 0x1414 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:42:15.0195 0x1414 Audiosrv - ok
14:42:15.0323 0x1414 [ EC17E91BC9026C5ED580FB2B13E341AB, 2D9421AE05F3D4A8DBD69D73B4B562EA4F93FBD12AB2F77C52DA8B411626EBF1 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
14:42:15.0379 0x1414 avgntflt - ok
14:42:15.0446 0x1414 [ 7BAA36ED6C6098899D9E1269A61085C3, 2D101F1C6C79B0BD722BDB5939344F65728EC2F5B747B6619640775E6FDEFC0A ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
14:42:15.0529 0x1414 avipbb - ok
14:42:15.0621 0x1414 [ F7C1D09B299B40CBF90A6BF15C0BDC0F, D9E3DBAFE66EE3E44011FD92B4989AE4DB9ED1AA96EA28321D8EC6385EA63FEA ] Avira.OE.ServiceHost C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
14:42:15.0649 0x1414 Avira.OE.ServiceHost - ok
14:42:15.0750 0x1414 [ F80F5DCA8A5D9D93CC5BE933D20CAF05, 2AFBB2D62127FACBCABBB3E78F3568A6BA016ED4A97A1490BAA29A1EFB7A4408 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
14:42:15.0793 0x1414 avkmgr - ok
14:42:15.0863 0x1414 [ 3303FB85532093FC6723632B5947E8C4, F8301069A8EAD7303CAE5B7CAE3F119747E7B7B4402178018EB5254087238A42 ] avnetflt C:\Windows\system32\DRIVERS\avnetflt.sys
14:42:15.0962 0x1414 avnetflt - ok
14:42:16.0182 0x1414 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:42:16.0412 0x1414 AxInstSV - ok
14:42:16.0558 0x1414 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
14:42:16.0687 0x1414 b06bdrv - ok
14:42:16.0743 0x1414 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:42:16.0835 0x1414 b57nd60x - ok
14:42:16.0906 0x1414 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
14:42:16.0995 0x1414 BDESVC - ok
14:42:17.0011 0x1414 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
14:42:17.0091 0x1414 Beep - ok
14:42:17.0165 0x1414 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
14:42:17.0281 0x1414 BFE - ok
14:42:17.0324 0x1414 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
14:42:17.0497 0x1414 BITS - ok
14:42:17.0549 0x1414 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:42:17.0612 0x1414 blbdrive - ok
14:42:17.0695 0x1414 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:42:17.0783 0x1414 bowser - ok
14:42:17.0804 0x1414 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:42:17.0846 0x1414 BrFiltLo - ok
14:42:17.0867 0x1414 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:42:17.0928 0x1414 BrFiltUp - ok
14:42:17.0986 0x1414 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
14:42:18.0081 0x1414 Browser - ok
14:42:18.0113 0x1414 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:42:18.0193 0x1414 Brserid - ok
14:42:18.0210 0x1414 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:42:18.0256 0x1414 BrSerWdm - ok
14:42:18.0272 0x1414 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:42:18.0329 0x1414 BrUsbMdm - ok
14:42:18.0355 0x1414 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:42:18.0392 0x1414 BrUsbSer - ok
14:42:18.0442 0x1414 [ DB99076533FFB38CBEC8AC88E4535850, 632C21EF7A587A6FA27A3604B1F5D4A01F47B46007F7FD4A2A464534288FBE8A ] BthAvrcp C:\Windows\system32\DRIVERS\BthAvrcp.sys
14:42:18.0522 0x1414 BthAvrcp - ok
14:42:18.0594 0x1414 [ 2865A5C8E98C70C605F417908CEBB3A4, B1C5AC228BD7072AF8668C009C6CDC13EE9FCB9481F57524300F37C40BF1E935 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
14:42:18.0705 0x1414 BthEnum - ok
14:42:18.0723 0x1414 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:42:18.0785 0x1414 BTHMODEM - ok
14:42:18.0817 0x1414 [ AD1872E5829E8A2C3B5B4B641C3EAB0E, 8C2DBCAC08DDB41E2B44E257C55FA2D0272959B308EFF9EAF5FF9AE1E4A0AA39 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
14:42:18.0878 0x1414 BthPan - ok
14:42:18.0949 0x1414 [ 1153DE2E4F5941E10C399CB5592F78A1, 2B88AF246D62F72FA9F5B921B0375AE59A0F263672472D5EC9FDB5CA5EF51C31 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
14:42:19.0031 0x1414 BTHPORT - ok
14:42:19.0085 0x1414 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
14:42:19.0174 0x1414 bthserv - ok
14:42:19.0217 0x1414 [ C81E9413A25A439F436B1D4B6A0CF9E9, A4C290163207AED22C70C7F90B28F6FC24892889643D60D915059405AC5A4A72 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
14:42:19.0258 0x1414 BTHUSB - ok
14:42:19.0310 0x1414 [ D517BA16793D76210C963DAB2A88B74F, F2055F09A089273E3A218EAC49299FC7499798B10D10B995D7BA6D8390B7E730 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
14:42:19.0393 0x1414 btmhsf - ok
14:42:19.0459 0x1414 [ 09E6AFFAE6C0E9158BF05C7D08D0107A, 05524526EBD5F42F58404A698F397CD7CBC2CBB5F7211AB6B5C2691A87983A24 ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
14:42:19.0482 0x1414 BUNAgentSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:42:22.0110 0x1414 Detect skipped due to KSN trusted
14:42:22.0110 0x1414 BUNAgentSvc - ok
14:42:22.0167 0x1414 [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS
14:42:22.0236 0x1414 BVRPMPR5 - detected UnsignedFile.Multi.Generic ( 1 )
14:42:25.0202 0x1414 Detect skipped due to KSN trusted
14:42:25.0202 0x1414 BVRPMPR5 - ok
14:42:25.0260 0x1414 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:42:25.0355 0x1414 cdfs - ok
14:42:25.0395 0x1414 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:42:25.0460 0x1414 cdrom - ok
14:42:25.0499 0x1414 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
14:42:25.0553 0x1414 CertPropSvc - ok
14:42:25.0633 0x1414 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:42:25.0697 0x1414 circlass - ok
14:42:25.0812 0x1414 cleanhlp - ok
14:42:25.0849 0x1414 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
14:42:25.0974 0x1414 CLFS - ok
14:42:26.0166 0x1414 [ 8B67044AE0621C005245EF62EEF0746F, 6FF9F96CAB3861AD444596FFF20EBE2BDDD98176392DF98C46C821360B0B1E01 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
14:42:26.0298 0x1414 CLHNService - detected UnsignedFile.Multi.Generic ( 1 )
14:42:29.0176 0x1414 Detect skipped due to KSN trusted
14:42:29.0176 0x1414 CLHNService - ok
14:42:29.0293 0x1414 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:29.0332 0x1414 clr_optimization_v2.0.50727_32 - ok
14:42:29.0408 0x1414 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:42:29.0470 0x1414 clr_optimization_v4.0.30319_32 - ok
14:42:29.0510 0x1414 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:42:29.0567 0x1414 CmBatt - ok
14:42:29.0594 0x1414 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:42:29.0631 0x1414 cmdide - ok
14:42:29.0698 0x1414 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
14:42:29.0776 0x1414 CNG - ok
14:42:29.0805 0x1414 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:42:29.0841 0x1414 Compbatt - ok
14:42:29.0885 0x1414 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:42:29.0950 0x1414 CompositeBus - ok
14:42:29.0972 0x1414 COMSysApp - ok
14:42:29.0993 0x1414 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:42:30.0032 0x1414 crcdisk - ok
14:42:30.0079 0x1414 [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:42:30.0157 0x1414 CryptSvc - ok
14:42:30.0197 0x1414 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
14:42:30.0247 0x1414 DcomLaunch - ok
14:42:30.0295 0x1414 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
14:42:30.0450 0x1414 defragsvc - ok
14:42:30.0494 0x1414 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:42:30.0532 0x1414 DfsC - ok
14:42:30.0607 0x1414 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:42:30.0732 0x1414 Dhcp - ok
14:42:30.0806 0x1414 [ E95DE5B790B2D16706DAC8472E51F31A, 9D7A72742D369B9F0E4ACEC9C1850D0D60E975AEBEFF5BA06B954EA3AB3E9FF6 ] DiagTrack C:\Windows\system32\diagtrack.dll
14:42:30.0987 0x1414 DiagTrack - ok
14:42:31.0062 0x1414 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
14:42:31.0108 0x1414 discache - ok
14:42:31.0192 0x1414 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:42:31.0265 0x1414 Disk - ok
14:42:31.0298 0x1414 [ C701324C9E0C25DD9D60311BD87FBC84, 86BE238FCC60A55C92D303452A9D5DFA838AE560BDC03A5C6F0F9ABE92062B5A ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
14:42:31.0336 0x1414 DKbFltr - ok
14:42:31.0373 0x1414 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:42:31.0442 0x1414 Dnscache - ok
14:42:31.0482 0x1414 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
14:42:31.0607 0x1414 dot3svc - ok
14:42:31.0729 0x1414 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
14:42:31.0793 0x1414 DPS - ok
14:42:31.0836 0x1414 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:42:31.0916 0x1414 drmkaud - ok
14:42:31.0972 0x1414 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:42:32.0097 0x1414 DXGKrnl - ok
14:42:32.0139 0x1414 EagleNT - ok
14:42:32.0188 0x1414 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
14:42:32.0308 0x1414 EapHost - ok
14:42:32.0481 0x1414 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
14:42:32.0764 0x1414 ebdrv - ok
14:42:32.0967 0x1414 [ B1F2503E23425B386DF0F3413B2596F3, 02FB1FA57679DBFF2E13641AB7C24CC28D5A4CFB0C51B7A617D3A3A406B8DF0C ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
14:42:32.0998 0x1414 eDataSecurity Service - ok
14:42:33.0060 0x1414 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] EFS C:\Windows\System32\lsass.exe
14:42:33.0138 0x1414 EFS - ok
14:42:33.0247 0x1414 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:42:33.0419 0x1414 ehRecvr - ok
14:42:33.0450 0x1414 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
14:42:33.0513 0x1414 ehSched - ok
14:42:33.0559 0x1414 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:42:33.0669 0x1414 elxstor - ok
14:42:33.0700 0x1414 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:42:33.0762 0x1414 ErrDev - ok
14:42:33.0793 0x1414 esgiguard - ok
14:42:33.0840 0x1414 [ E23ACF6CB61079AFD90A09519C8C6189, 2482B8855ABC5F1F10F3C338B88E4FC0F8292468B4B16517E7F0281B3D85DBAC ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
14:42:33.0887 0x1414 ETService - detected UnsignedFile.Multi.Generic ( 1 )
14:42:36.0586 0x1414 Detect skipped due to KSN trusted
14:42:36.0586 0x1414 ETService - ok
14:42:36.0742 0x1414 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
14:42:36.0991 0x1414 EventSystem - ok
14:42:37.0303 0x1414 [ 54B6E150BFF4A47EB0D204119D262E46, 0D6215AE7B29859C2301AADD4260534CD47C94E680E649C8CBBEDBE8713BC39D ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
14:42:37.0397 0x1414 EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
14:42:40.0205 0x1414 Detect skipped due to KSN trusted
14:42:40.0205 0x1414 EvtEng - ok
14:42:40.0283 0x1414 [ E1556AF3FB0284C32896B9AC8494D9C2, 9DB34E517F88B8727ABBE2ADDD723714B3AD94A8D13A3A0FD7F05F19F715D37E ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys
14:42:40.0657 0x1414 ewusbnet - ok
14:42:40.0829 0x1414 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
14:42:40.0907 0x1414 ew_hwusbdev - ok
14:42:41.0001 0x1414 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
14:42:41.0749 0x1414 exfat - ok
14:42:41.0890 0x1414 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:42:42.0030 0x1414 fastfat - ok
14:42:42.0124 0x1414 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
14:42:42.0233 0x1414 Fax - ok
14:42:42.0280 0x1414 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:42:42.0717 0x1414 fdc - ok
14:42:42.0763 0x1414 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
14:42:42.0888 0x1414 fdPHost - ok
14:42:42.0904 0x1414 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
14:42:42.0966 0x1414 FDResPub - ok
14:42:42.0997 0x1414 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:42:43.0044 0x1414 FileInfo - ok
14:42:43.0060 0x1414 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:42:43.0138 0x1414 Filetrace - ok
14:42:43.0372 0x1414 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:42:43.0497 0x1414 flpydisk - ok
14:42:43.0528 0x1414 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:42:43.0606 0x1414 FltMgr - ok
14:42:43.0731 0x1414 [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache C:\Windows\system32\FntCache.dll
14:42:43.0933 0x1414 FontCache - ok
14:42:44.0214 0x1414 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:42:44.0323 0x1414 FontCache3.0.0.0 - ok
14:42:44.0433 0x1414 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:42:44.0479 0x1414 FsDepends - ok
14:42:44.0526 0x1414 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:42:44.0557 0x1414 Fs_Rec - ok
14:42:44.0698 0x1414 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:42:44.0713 0x1414 fvevol - ok
14:42:44.0745 0x1414 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:42:44.0791 0x1414 gagp30kx - ok
14:42:44.0854 0x1414 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
14:42:44.0947 0x1414 gpsvc - ok
14:42:45.0057 0x1414 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:42:45.0072 0x1414 gupdate - ok
14:42:45.0103 0x1414 [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:42:45.0119 0x1414 gupdatem - ok
14:42:45.0150 0x1414 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:42:45.0166 0x1414 gusvc - ok
14:42:45.0213 0x1414 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:42:45.0337 0x1414 hcw85cir - ok
14:42:45.0384 0x1414 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:42:45.0400 0x1414 HDAudBus - ok
14:42:45.0696 0x1414 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:42:45.0759 0x1414 HidBatt - ok
14:42:45.0805 0x1414 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:42:45.0852 0x1414 HidBth - ok
14:42:45.0899 0x1414 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:42:45.0993 0x1414 HidIr - ok
14:42:46.0024 0x1414 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
14:42:46.0071 0x1414 hidserv - ok
14:42:46.0227 0x1414 [ 7903A9FB9FC7102AD26B2627FC7934AE, EF8AB24486B0CAFB29AB2ED21A419DB6EB01C8AF0B5815F64E5424B28096E9BE ] hidshim C:\Windows\system32\DRIVERS\hidshim.sys
14:42:46.0429 0x1414 hidshim - ok
14:42:46.0492 0x1414 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:42:46.0601 0x1414 HidUsb - ok
14:42:46.0710 0x1414 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
14:42:46.0757 0x1414 hkmsvc - ok
14:42:46.0819 0x1414 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:42:46.0897 0x1414 HomeGroupListener - ok
14:42:46.0944 0x1414 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:42:47.0022 0x1414 HomeGroupProvider - ok
14:42:47.0053 0x1414 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:42:47.0069 0x1414 HpSAMD - ok
14:42:47.0194 0x1414 [ 7BC42C65B5C6281777C1A7605B253BA8, 71885EB4E8625450ECA4623466FB3D5437DAABE739A5DC3B5F4CF982A65F8A86 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
14:42:47.0443 0x1414 HSF_DPV - ok
14:42:47.0459 0x1414 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E, A11CE324DD8E8BDFFDF513429C32D3C16EC79DC9A7517048587759B26BF38583 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
14:42:47.0506 0x1414 HSXHWAZL - ok
14:42:47.0553 0x1414 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:42:47.0724 0x1414 HTTP - ok
14:42:47.0755 0x1414 [ A89423D0132C8AB69BA621B6CE191714, 6C3DD1B115411014F7B0B33817A53F09CCF4B2956C4C152AD59C4E24636BE79E ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
14:42:47.0849 0x1414 hwdatacard - ok
14:42:47.0896 0x1414 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:42:47.0911 0x1414 hwpolicy - ok
14:42:47.0974 0x1414 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:42:48.0067 0x1414 i8042prt - ok
14:42:48.0099 0x1414 [ D483687EACE0C065EE772481A96E05F5, A22200E90C78DFE73FE0FBEED5331AB43CD7133651FD125595C4DB604AD71B29 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
14:42:48.0130 0x1414 iaStor - ok
14:42:48.0223 0x1414 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:42:48.0379 0x1414 iaStorV - ok
14:42:48.0411 0x1414 [ 61401BA4183BC171BA114FCE4981BB33, 8BBAAEB953447ED5CDE0E6FDA7F61DDF75BDB5BD3247AB8823BFBE9FB9C2FDCC ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys
14:42:48.0489 0x1414 iBtFltCoex - ok
14:42:48.0598 0x1414 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:42:48.0879 0x1414 idsvc - ok
14:42:48.0941 0x1414 IEEtwCollectorService - ok
14:42:49.0050 0x1414 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:42:49.0097 0x1414 iirsp - ok
14:42:49.0159 0x1414 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
14:42:49.0237 0x1414 IKEEXT - ok
14:42:49.0284 0x1414 [ 58FF11C95C3681C9250914521CB9F036, 21249A7F85FCCC5DF56F67C92D3964CFBD3E9855EABDD2148075200A86868372 ] int15 C:\Windows\system32\drivers\int15.sys
14:42:49.0331 0x1414 int15 - ok
14:42:49.0471 0x1414 [ F2BAA4FF548F7F0317F7638951C1CD9C, C5B35FCEE8AC7C3BE4D4F834A49A0B71A17E751AFB02DE84ECB9774AA49B2879 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:42:49.0690 0x1414 IntcAzAudAddService - ok
14:42:49.0815 0x1414 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
14:42:49.0908 0x1414 intelide - ok
14:42:49.0986 0x1414 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:42:50.0002 0x1414 intelppm - ok
14:42:50.0033 0x1414 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:42:50.0127 0x1414 IPBusEnum - ok
14:42:50.0158 0x1414 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:50.0283 0x1414 IpFilterDriver - ok
14:42:50.0376 0x1414 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:42:50.0454 0x1414 iphlpsvc - ok
14:42:50.0485 0x1414 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:42:50.0532 0x1414 IPMIDRV - ok
14:42:50.0641 0x1414 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:42:50.0829 0x1414 IPNAT - ok
14:42:50.0891 0x1414 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:42:51.0063 0x1414 IRENUM - ok
14:42:51.0094 0x1414 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:42:51.0141 0x1414 isapnp - ok
14:42:51.0187 0x1414 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:42:51.0203 0x1414 iScsiPrt - ok
14:42:51.0250 0x1414 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:42:51.0328 0x1414 kbdclass - ok
14:42:51.0359 0x1414 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:42:51.0421 0x1414 kbdhid - ok
14:42:51.0468 0x1414 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] KeyIso C:\Windows\system32\lsass.exe
14:42:51.0484 0x1414 KeyIso - ok
14:42:51.0515 0x1414 [ 6DD2A1064DD8AFBED22E71176E2AF59B, 915F36860DAA72DA89E906A7F6F255A854A2A91EEA536A7C2EDB4A63250F66CC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:42:51.0562 0x1414 KSecDD - ok
14:42:51.0609 0x1414 [ 76C0D35167B1369C68388FEDB56A3048, 2788962AB21DBB0A4D130AE5F822E9FDB96D7FF6320E2798714BF18BCB9CAE4F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:42:51.0733 0x1414 KSecPkg - ok
14:42:51.0796 0x1414 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:42:51.0936 0x1414 KtmRm - ok
14:42:51.0967 0x1414 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
14:42:52.0014 0x1414 LanmanServer - ok
14:42:52.0061 0x1414 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:42:52.0108 0x1414 LanmanWorkstation - ok
14:42:52.0217 0x1414 [ 793FF718477345CD5D232C50BED1E452, 1D39CF9F10742C79FF99B9B4E0361EAEA63B4FC545C58B54B55537D18C802941 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
14:42:52.0233 0x1414 LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
14:42:55.0275 0x1414 Detect skipped due to KSN trusted
14:42:55.0275 0x1414 LightScribeService - ok
14:42:55.0306 0x1414 [ F8A7212D0864EF5E9185FB95E6623F4D, 277EAA06BD3D1CB31E6CD7B9ECD3A4B7D4AB7A369DB5FFF04EC7D749DF26E3D2 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
14:42:55.0337 0x1414 lirsgt - ok
14:42:55.0384 0x1414 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:42:55.0758 0x1414 lltdio - ok
14:42:55.0821 0x1414 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:42:55.0930 0x1414 lltdsvc - ok
14:42:55.0945 0x1414 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:42:56.0039 0x1414 lmhosts - ok
14:42:56.0070 0x1414 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:42:56.0179 0x1414 LSI_FC - ok
14:42:56.0242 0x1414 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:42:56.0289 0x1414 LSI_SAS - ok
14:42:56.0335 0x1414 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:42:56.0382 0x1414 LSI_SAS2 - ok
14:42:56.0413 0x1414 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:42:56.0429 0x1414 LSI_SCSI - ok
14:42:56.0445 0x1414 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
14:42:56.0523 0x1414 luafv - ok
14:42:56.0616 0x1414 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:42:56.0632 0x1414 Mcx2Svc - ok
14:42:56.0694 0x1414 [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
14:42:56.0757 0x1414 mdmxsdk - ok
14:42:56.0803 0x1414 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:42:56.0835 0x1414 megasas - ok
14:42:56.0913 0x1414 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:42:56.0991 0x1414 MegaSR - ok
14:42:57.0115 0x1414 [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
14:42:57.0147 0x1414 Microsoft Office Groove Audit Service - ok
14:42:57.0178 0x1414 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
14:42:57.0256 0x1414 MMCSS - ok
14:42:57.0303 0x1414 MobilityService - ok
14:42:57.0318 0x1414 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
14:42:57.0365 0x1414 Modem - ok
14:42:57.0412 0x1414 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:42:57.0474 0x1414 monitor - ok
14:42:57.0521 0x1414 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:42:57.0568 0x1414 mouclass - ok
14:42:57.0615 0x1414 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:42:57.0677 0x1414 mouhid - ok
14:42:57.0724 0x1414 [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:42:57.0739 0x1414 mountmgr - ok
14:42:57.0833 0x1414 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:42:57.0849 0x1414 MozillaMaintenance - ok
14:42:57.0895 0x1414 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
14:42:57.0958 0x1414 mpio - ok
14:42:58.0020 0x1414 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:42:58.0098 0x1414 mpsdrv - ok
14:42:58.0176 0x1414 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:42:58.0254 0x1414 MpsSvc - ok
14:42:58.0285 0x1414 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:42:58.0363 0x1414 MRxDAV - ok
14:42:58.0395 0x1414 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:58.0426 0x1414 mrxsmb - ok
14:42:58.0473 0x1414 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:58.0551 0x1414 mrxsmb10 - ok
14:42:58.0597 0x1414 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:58.0644 0x1414 mrxsmb20 - ok
14:42:58.0691 0x1414 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
14:42:58.0707 0x1414 msahci - ok
14:42:58.0753 0x1414 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:42:58.0800 0x1414 msdsm - ok
14:42:58.0831 0x1414 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
14:42:58.0925 0x1414 MSDTC - ok
14:42:58.0956 0x1414 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:42:59.0003 0x1414 Msfs - ok
14:42:59.0019 0x1414 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:42:59.0097 0x1414 mshidkmdf - ok
14:42:59.0143 0x1414 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:42:59.0159 0x1414 msisadrv - ok
14:42:59.0206 0x1414 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:42:59.0268 0x1414 MSiSCSI - ok
14:42:59.0284 0x1414 msiserver - ok
14:42:59.0315 0x1414 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:42:59.0393 0x1414 MSKSSRV - ok
14:42:59.0440 0x1414 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:59.0518 0x1414 MSPCLOCK - ok
14:42:59.0533 0x1414 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:42:59.0611 0x1414 MSPQM - ok
14:42:59.0674 0x1414 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:42:59.0721 0x1414 MsRPC - ok
14:42:59.0783 0x1414 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:42:59.0799 0x1414 mssmbios - ok
14:42:59.0830 0x1414 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:42:59.0877 0x1414 MSTEE - ok
14:42:59.0939 0x1414 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:43:00.0001 0x1414 MTConfig - ok
14:43:00.0048 0x1414 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
14:43:00.0095 0x1414 Mup - ok
14:43:00.0173 0x1414 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
14:43:00.0235 0x1414 napagent - ok
14:43:00.0313 0x1414 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:43:00.0391 0x1414 NativeWifiP - ok
14:43:00.0438 0x1414 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:43:00.0501 0x1414 NDIS - ok
14:43:00.0547 0x1414 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:43:00.0735 0x1414 NdisCap - ok
14:43:00.0766 0x1414 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:43:00.0844 0x1414 NdisTapi - ok
14:43:00.0875 0x1414 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:43:00.0937 0x1414 Ndisuio - ok
14:43:00.0984 0x1414 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:43:01.0062 0x1414 NdisWan - ok
14:43:01.0093 0x1414 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:43:01.0156 0x1414 NDProxy - ok
14:43:01.0218 0x1414 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:43:01.0312 0x1414 NetBIOS - ok
14:43:01.0359 0x1414 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:43:01.0421 0x1414 NetBT - ok
14:43:01.0468 0x1414 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] Netlogon C:\Windows\system32\lsass.exe
14:43:01.0483 0x1414 Netlogon - ok
14:43:01.0561 0x1414 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
14:43:01.0639 0x1414 Netman - ok
14:43:01.0702 0x1414 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:43:01.0764 0x1414 NetMsmqActivator - ok
14:43:01.0780 0x1414 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:43:01.0795 0x1414 NetPipeActivator - ok
14:43:01.0842 0x1414 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
14:43:01.0920 0x1414 netprofm - ok
14:43:01.0951 0x1414 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:43:01.0967 0x1414 NetTcpActivator - ok
14:43:01.0983 0x1414 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:43:01.0998 0x1414 NetTcpPortSharing - ok
14:43:02.0201 0x1414 [ 58218EC6B61B1169CF54AAB0D00F5FE2, B76ABB2AD78CE68D30F0F08563B0593D658298CDCF1B138B6E9FB0D64CBCC3C2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
14:43:02.0419 0x1414 netw5v32 - ok
14:43:02.0497 0x1414 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:43:02.0529 0x1414 nfrd960 - ok
14:43:02.0560 0x1414 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:43:02.0685 0x1414 NlaSvc - ok
14:43:02.0716 0x1414 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:43:02.0778 0x1414 Npfs - ok
14:43:02.0825 0x1414 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
14:43:02.0934 0x1414 nsi - ok
14:43:02.0965 0x1414 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:43:03.0012 0x1414 nsiproxy - ok
14:43:03.0106 0x1414 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:43:03.0199 0x1414 Ntfs - ok
14:43:03.0402 0x1414 [ A2B6583A5652A385DFF5E4F49AD48761, 7214F722DE8EAEE9F33FF3AAE32AF14BEA8D1CE71680B813130D4AA41E8D32C8 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
14:43:03.0418 0x1414 NTIBackupSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:43:06.0101 0x1414 Detect skipped due to KSN trusted
14:43:06.0101 0x1414 NTIBackupSvc - ok
14:43:06.0179 0x1414 [ 2757D2BA59AEE155209E24942AB127C9, 60C8571D548901A68591F1C7C548B40FA1086D21D23B8CB1083A8AE50760FE87 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
14:43:06.0241 0x1414 NTIDrvr - ok
14:43:06.0273 0x1414 [ 40B87FE8A1A9A5AC9E5A91D96F212BCD, 0C0BE4EF2999613B1559F9A709B31DB1E5EBB3336732A24D5C3E705461549E24 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
14:43:06.0273 0x1414 NTISchedulerSvc - detected UnsignedFile.Multi.Generic ( 1 )
14:43:09.0018 0x1414 Detect skipped due to KSN trusted
14:43:09.0018 0x1414 NTISchedulerSvc - ok
14:43:09.0190 0x1414 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
14:43:09.0346 0x1414 Null - ok
14:43:09.0377 0x1414 [ 07CA8C569E8D6231512E7E0C04543C99, B55AA7162C24F46403D82558FD9E58977AFFD209C2C8F9E1F83675D975EE154D ] nuvotonhidgeneric C:\Windows\system32\DRIVERS\nuvotonhidgeneric.sys
14:43:09.0455 0x1414 nuvotonhidgeneric - ok
14:43:09.0502 0x1414 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:43:09.0533 0x1414 nvraid - ok
14:43:09.0564 0x1414 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:43:09.0642 0x1414 nvstor - ok
14:43:09.0673 0x1414 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:43:09.0720 0x1414 nv_agp - ok
14:43:09.0845 0x1414 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:43:09.0954 0x1414 odserv - ok
14:43:09.0985 0x1414 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:43:10.0032 0x1414 ohci1394 - ok
14:43:10.0095 0x1414 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:43:10.0141 0x1414 ose - ok
14:43:10.0204 0x1414 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:43:10.0251 0x1414 p2pimsvc - ok
14:43:10.0313 0x1414 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
14:43:10.0360 0x1414 p2psvc - ok
14:43:10.0407 0x1414 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:43:10.0469 0x1414 Parport - ok
14:43:10.0516 0x1414 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:43:10.0563 0x1414 partmgr - ok
14:43:10.0578 0x1414 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
14:43:10.0641 0x1414 Parvdm - ok
14:43:10.0703 0x1414 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
14:43:10.0812 0x1414 PcaSvc - ok
14:43:10.0843 0x1414 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
14:43:10.0875 0x1414 pci - ok
14:43:10.0921 0x1414 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
14:43:10.0968 0x1414 pciide - ok
14:43:11.0015 0x1414 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:43:11.0062 0x1414 pcmcia - ok
14:43:11.0093 0x1414 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
14:43:11.0140 0x1414 pcw - ok
14:43:11.0249 0x1414 [ 20372BE109FEE1C37E2D5216680DB9EB, 2C3737FB3C6BCF81D0A7293667412DDEA649A8AEA40B7ADCFCB9893E8B3C4AF3 ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe
14:43:11.0343 0x1414 PDF Architect Helper Service - ok
14:43:11.0436 0x1414 [ B90A279073A815A4AA2C45A09EE004FA, 9EA27630C47F5FF99CBBE513C113F3ED01FABA0D59B9D9637764027BCC6EA24A ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe
14:43:11.0483 0x1414 PDF Architect Service - ok
14:43:11.0561 0x1414 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:43:11.0701 0x1414 PEAUTH - ok
14:43:11.0826 0x1414 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
14:43:12.0045 0x1414 pla - ok
14:43:12.0091 0x1414 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:43:12.0154 0x1414 PlugPlay - ok
14:43:12.0185 0x1414 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:43:12.0216 0x1414 PNRPAutoReg - ok
14:43:12.0247 0x1414 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:43:12.0279 0x1414 PNRPsvc - ok
14:43:12.0325 0x1414 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:43:12.0403 0x1414 PolicyAgent - ok
14:43:12.0481 0x1414 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
14:43:12.0528 0x1414 Power - ok
14:43:12.0591 0x1414 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:43:12.0637 0x1414 PptpMiniport - ok
14:43:12.0684 0x1414 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:43:12.0762 0x1414 Processor - ok
14:43:12.0809 0x1414 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
14:43:12.0856 0x1414 ProfSvc - ok
14:43:12.0871 0x1414 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] ProtectedStorage C:\Windows\system32\lsass.exe
14:43:12.0887 0x1414 ProtectedStorage - ok
14:43:12.0934 0x1414 [ F115AF58ABE5605D7D709CBFBD83F418, 4855FCD6E455D6E374CE92E5B37D61E7E6D8A861BA76521E7CC2542621853471 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
14:43:12.0965 0x1414 ProtexisLicensing - ok
14:43:12.0996 0x1414 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:43:13.0043 0x1414 Psched - ok
14:43:13.0074 0x1414 [ 628321C8DD76AD369B362B202E655A68, 751756AB21D5C1885EF74C3878C5625860AF2934920DA015237D614399976C5A ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
14:43:13.0121 0x1414 PSDFilter - ok
14:43:13.0152 0x1414 [ 79D7117E62709C7690CF3DD55ACEAD37, BB05CD9B7B966AD5B26DA8647CCB0FD0786CDD3C7BB22FCEE5005CD4A253FBD9 ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
14:43:13.0215 0x1414 PSDNServ - ok
14:43:13.0246 0x1414 [ CAE5E82827990CF4BD4A49576BDE3A43, 3A8B9CF9A8F50337F164F4996AB05602EEA403054577253FFFFEBB0B70F77208 ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
14:43:13.0293 0x1414 psdvdisk - ok
14:43:13.0339 0x1414 [ 543A4EF0923BF70D126625B034EF25AF, 9CC82C5221F11850419A796D48D5452B3DEE0C8E8E85A818F4AAA869673F9740 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
14:43:13.0355 0x1414 PSI_SVC_2 - ok
14:43:13.0386 0x1414 [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
14:43:13.0402 0x1414 PxHelp20 - ok
14:43:13.0495 0x1414 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:43:13.0683 0x1414 ql2300 - ok
14:43:13.0698 0x1414 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:43:13.0714 0x1414 ql40xx - ok
14:43:13.0761 0x1414 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
14:43:13.0839 0x1414 QWAVE - ok
14:43:13.0870 0x1414 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:43:14.0026 0x1414 QWAVEdrv - ok
14:43:14.0041 0x1414 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:43:14.0104 0x1414 RasAcd - ok
14:43:14.0151 0x1414 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:43:14.0213 0x1414 RasAgileVpn - ok
14:43:14.0260 0x1414 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
14:43:14.0322 0x1414 RasAuto - ok
14:43:14.0338 0x1414 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:14.0400 0x1414 Rasl2tp - ok
14:43:14.0431 0x1414 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
14:43:14.0509 0x1414 RasMan - ok
14:43:14.0525 0x1414 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:14.0603 0x1414 RasPppoe - ok
14:43:14.0697 0x1414 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:43:14.0728 0x1414 RasSstp - ok
14:43:14.0759 0x1414 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:43:14.0899 0x1414 rdbss - ok
14:43:14.0931 0x1414 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:43:15.0009 0x1414 rdpbus - ok
14:43:15.0040 0x1414 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:15.0071 0x1414 RDPCDD - ok
14:43:15.0102 0x1414 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:43:15.0149 0x1414 RDPENCDD - ok
14:43:15.0180 0x1414 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:43:15.0211 0x1414 RDPREFMP - ok
14:43:15.0305 0x1414 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:43:15.0399 0x1414 RdpVideoMiniport - ok
14:43:15.0461 0x1414 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:43:15.0523 0x1414 RDPWD - ok
14:43:15.0570 0x1414 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:43:15.0617 0x1414 rdyboost - ok
14:43:15.0789 0x1414 [ 3FF45B7F17D5837216ABAE652CC61540, 33AF3C99247DD5779CF02AC7C2E170C31CCFAB0282D68AAB606CD6A3279B99E7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
14:43:15.0820 0x1414 RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
14:43:18.0612 0x1414 Detect skipped due to KSN trusted
14:43:18.0612 0x1414 RegSrvc - ok
14:43:18.0675 0x1414 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:43:18.0737 0x1414 RemoteAccess - ok
14:43:18.0784 0x1414 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:43:18.0877 0x1414 RemoteRegistry - ok
14:43:18.0940 0x1414 [ CB928D9E6DAF51879DD6BA8D02F01321, DFD263B67DDF98AE09AF6D6986CBC7BE3206BCE8403AAC51BCF9459E78233D12 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
14:43:18.0987 0x1414 RFCOMM - ok
14:43:19.0018 0x1414 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:43:19.0049 0x1414 RpcEptMapper - ok
14:43:19.0111 0x1414 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
14:43:19.0127 0x1414 RpcLocator - ok
14:43:19.0205 0x1414 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
14:43:19.0314 0x1414 RpcSs - ok
14:43:19.0408 0x1414 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:43:19.0533 0x1414 rspndr - ok
14:43:19.0611 0x1414 [ 247B0A8164069CD4FE6F3094C581B13B, D1B91FBBFCF51B60E8515F12C611EE86DB6D016F445E91A74DD25F3E1BBD5ADA ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
14:43:19.0673 0x1414 RSUSBSTOR - ok
14:43:19.0704 0x1414 [ 87407B31EA6FF0DC4765258164B98BEA, 44C606DB6A404B06417762CB60F2B6ED5EC662F0F4312F54A4FF5BC3D5AEF3F8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
14:43:19.0720 0x1414 RTHDMIAzAudService - ok
14:43:19.0735 0x1414 RTSTOR - ok
14:43:19.0767 0x1414 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] SamSs C:\Windows\system32\lsass.exe
14:43:19.0782 0x1414 SamSs - ok
14:43:19.0813 0x1414 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:43:19.0829 0x1414 sbp2port - ok
14:43:19.0860 0x1414 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:43:19.0969 0x1414 SCardSvr - ok
14:43:20.0047 0x1414 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:43:20.0094 0x1414 scfilter - ok
14:43:20.0172 0x1414 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
14:43:20.0281 0x1414 Schedule - ok
14:43:20.0297 0x1414 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:43:20.0344 0x1414 SCPolicySvc - ok
14:43:20.0422 0x1414 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:43:20.0500 0x1414 SDRSVC - ok
14:43:20.0625 0x1414 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
14:43:20.0765 0x1414 SDScannerService - ok
14:43:20.0874 0x1414 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
14:43:20.0999 0x1414 SDUpdateService - ok
14:43:21.0030 0x1414 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
14:43:21.0046 0x1414 SDWSCService - ok
14:43:21.0093 0x1414 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:43:21.0139 0x1414 secdrv - ok
14:43:21.0171 0x1414 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
14:43:21.0280 0x1414 seclogon - ok
14:43:21.0295 0x1414 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
14:43:21.0327 0x1414 SENS - ok
14:43:21.0373 0x1414 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:43:21.0451 0x1414 SensrSvc - ok
14:43:21.0467 0x1414 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:43:21.0483 0x1414 Serenum - ok
14:43:21.0529 0x1414 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:43:21.0607 0x1414 Serial - ok
14:43:21.0670 0x1414 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:43:21.0717 0x1414 sermouse - ok
14:43:21.0779 0x1414 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
14:43:21.0888 0x1414 SessionEnv - ok
14:43:21.0919 0x1414 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:43:21.0966 0x1414 sffdisk - ok
14:43:21.0982 0x1414 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:43:22.0044 0x1414 sffp_mmc - ok
14:43:22.0075 0x1414 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:43:22.0216 0x1414 sffp_sd - ok
14:43:22.0247 0x1414 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:43:22.0294 0x1414 sfloppy - ok
14:43:22.0356 0x1414 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:43:22.0403 0x1414 SharedAccess - ok
14:43:22.0465 0x1414 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:43:22.0512 0x1414 ShellHWDetection - ok
14:43:22.0543 0x1414 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:43:22.0606 0x1414 sisagp - ok
14:43:22.0684 0x1414 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:43:22.0699 0x1414 SiSRaid2 - ok
14:43:22.0715 0x1414 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:43:22.0809 0x1414 SiSRaid4 - ok
14:43:22.0887 0x1414 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:43:22.0918 0x1414 SkypeUpdate - ok
14:43:22.0933 0x1414 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:43:23.0011 0x1414 Smb - ok
14:43:23.0058 0x1414 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:43:23.0121 0x1414 SNMPTRAP - ok
14:43:23.0152 0x1414 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
14:43:23.0214 0x1414 spldr - ok
14:43:23.0261 0x1414 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
14:43:23.0370 0x1414 Spooler - ok
14:43:23.0511 0x1414 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
14:43:23.0667 0x1414 sppsvc - ok
14:43:23.0713 0x1414 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:43:23.0760 0x1414 sppuinotify - ok
14:43:23.0791 0x1414 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:43:23.0963 0x1414 srv - ok
14:43:23.0994 0x1414 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:43:24.0072 0x1414 srv2 - ok
14:43:24.0088 0x1414 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:43:24.0150 0x1414 srvnet - ok
14:43:24.0197 0x1414 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:43:24.0259 0x1414 SSDPSRV - ok
14:43:24.0322 0x1414 [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
14:43:24.0353 0x1414 ssmdrv - ok
14:43:24.0400 0x1414 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:43:24.0462 0x1414 SstpSvc - ok
14:43:24.0556 0x1414 [ 5FFDA96330357A914A69D79BE1988A38, E2A03A8D108C210B1111E2466E3DD381F0FA440B95B5013DC728EAD9CFE448AF ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
14:43:24.0634 0x1414 Steam Client Service - ok
14:43:24.0727 0x1414 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:43:24.0774 0x1414 stexstor - ok
14:43:24.0821 0x1414 [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:43:24.0852 0x1414 StillCam - ok
14:43:24.0915 0x1414 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
14:43:25.0008 0x1414 StiSvc - ok
14:43:25.0024 0x1414 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
14:43:25.0071 0x1414 swenum - ok
14:43:25.0117 0x1414 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
14:43:25.0211 0x1414 swprv - ok
14:43:25.0258 0x1414 [ 4C9BB4B3B9EAC26211484C30B914C6DC, 2F90146A72E666B5D990B8B7C66F56EAC540565AC7C57F6905714AE65B597C40 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:43:25.0351 0x1414 SynTP - ok
14:43:25.0476 0x1414 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
14:43:25.0585 0x1414 SysMain - ok
14:43:25.0617 0x1414 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
14:43:25.0695 0x1414 TabletInputService - ok
14:43:25.0726 0x1414 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
14:43:25.0819 0x1414 TapiSrv - ok
14:43:25.0851 0x1414 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
14:43:25.0882 0x1414 TBS - ok
14:43:25.0944 0x1414 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:43:26.0022 0x1414 Tcpip - ok
14:43:26.0147 0x1414 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:43:26.0178 0x1414 TCPIP6 - ok
14:43:26.0256 0x1414 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:43:26.0287 0x1414 tcpipreg - ok
14:43:26.0319 0x1414 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:43:26.0397 0x1414 TDPIPE - ok
14:43:26.0412 0x1414 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:43:26.0475 0x1414 TDTCP - ok
14:43:26.0506 0x1414 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:43:26.0568 0x1414 tdx - ok
14:43:26.0584 0x1414 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:43:26.0631 0x1414 TermDD - ok
14:43:26.0709 0x1414 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
14:43:26.0771 0x1414 TermService - ok
14:43:26.0818 0x1414 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
14:43:26.0833 0x1414 Themes - ok
14:43:26.0865 0x1414 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
14:43:26.0896 0x1414 THREADORDER - ok
14:43:26.0927 0x1414 [ 90AFA1A4451BBBEE87C9F18A665D8121, 592AE754F117018E8777C541437544E1BC7FD93F460F3EE5DDBBC150448BFBD7 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
14:43:26.0927 0x1414 tosporte - ok
14:43:26.0974 0x1414 [ 51D7F024A66814F8BEE33E4BE394A03E, E8C4A9DE8AA0C17CC940B57DAD0BEF27CCB688DF4FEB879B801295D5A4B5A4A9 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
14:43:27.0005 0x1414 tosrfbd - ok
14:43:27.0036 0x1414 [ 74392BAB3F0D4810DA8436EC79D6955D, 8BF02D67CE1B1C4F2E3624FF6EFEA798F8735F3D8B8AF82D0754B0A63BDCCA38 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
14:43:27.0083 0x1414 tosrfbnp - ok
14:43:27.0114 0x1414 [ 1AD9EB1B5ABD0AEEE4084C8153476F1E, 8B527DDB38710B5A19956DDF56AE8CDDD9590ADD4731CACB7086A8626CF4A29B ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
14:43:27.0145 0x1414 Tosrfcom - ok
14:43:27.0208 0x1414 [ A72A3473180F378CC07D342803FFD580, A3CCF5CD9A3EE8B8FF9E9175BEB51783F9378B22562D90A8D901FD8BE901CCD3 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
14:43:27.0270 0x1414 Tosrfhid - ok
14:43:27.0286 0x1414 [ B2A1A6538245FD69578224BBF2FD4677, 0393ECF2541A269169BA23D007266750958CD35E05FA7FCBEE1CF9727E07D9C4 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
14:43:27.0317 0x1414 tosrfnds - ok
14:43:27.0364 0x1414 [ F1CA74CCA8241D8B8A024AECC643C547, 4787DCFCFDEEE9642D5681FE9DEB9B22C4E51790A7BA9CC32156EEE713C0D02B ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
14:43:27.0379 0x1414 TosRfSnd - ok
14:43:27.0411 0x1414 [ CAB2AB2916DCB86DF6AE034F319C0238, 5B42CDE023EE3D87D52745157B4BD546E56983310903011E1EB93AF601DDB46D ] tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
14:43:27.0442 0x1414 tosrfusb - ok
14:43:27.0504 0x1414 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
14:43:27.0551 0x1414 TrkWks - ok
14:43:27.0613 0x1414 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:43:27.0660 0x1414 TrustedInstaller - ok
14:43:27.0691 0x1414 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:27.0723 0x1414 tssecsrv - ok
14:43:27.0785 0x1414 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:43:27.0816 0x1414 TsUsbFlt - ok
14:43:27.0847 0x1414 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:43:27.0894 0x1414 tunnel - ok
14:43:27.0941 0x1414 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:43:27.0957 0x1414 uagp35 - ok
14:43:27.0988 0x1414 [ F763E070843EE2803DE1395002B42938, 0060F5D7AD091D7F0CC25C98AB9DD8258A9837958AFE845971CD04E29A6A8658 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
14:43:28.0019 0x1414 UBHelper - ok
14:43:28.0066 0x1414 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:43:28.0128 0x1414 udfs - ok
14:43:28.0175 0x1414 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:43:28.0222 0x1414 UI0Detect - ok
14:43:28.0237 0x1414 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:43:28.0269 0x1414 uliagpkx - ok
14:43:28.0315 0x1414 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\drivers\umbus.sys
14:43:28.0378 0x1414 umbus - ok
14:43:28.0409 0x1414 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:43:28.0456 0x1414 UmPass - ok
14:43:28.0487 0x1414 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
14:43:28.0565 0x1414 upnphost - ok
14:43:28.0612 0x1414 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:43:28.0659 0x1414 usbccgp - ok
14:43:28.0705 0x1414 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:43:28.0768 0x1414 usbcir - ok
14:43:28.0846 0x1414 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:43:28.0893 0x1414 usbehci - ok
14:43:28.0955 0x1414 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:43:29.0002 0x1414 usbhub - ok
14:43:29.0033 0x1414 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:43:29.0080 0x1414 usbohci - ok
14:43:29.0111 0x1414 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:43:29.0158 0x1414 usbprint - ok
14:43:29.0189 0x1414 [ 20158F032EEA4FC501118F1992FDF57D, CD81F7501432D5FBBEF4FA9DBAE16E5D080EFE49B5441949E373C6CBFBAB6035 ] usbrndis6 C:\Windows\system32\DRIVERS\usb80236.sys
14:43:29.0251 0x1414 usbrndis6 - ok
14:43:29.0283 0x1414 [ 576096CCBC07E7C4EA4F5E6686D6888F, 8C643F43BD0017979548389C4DB36A1EE872CCF19C86FAE3752A4989173E28ED ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:43:29.0314 0x1414 usbscan - ok
14:43:29.0361 0x1414 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:43:29.0423 0x1414 USBSTOR - ok
14:43:29.0454 0x1414 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:43:29.0470 0x1414 usbuhci - ok
14:43:29.0532 0x1414 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:43:29.0579 0x1414 usbvideo - ok
14:43:29.0610 0x1414 [ D82F43D15FDAA666856C0190CB73E7C9, A998F5F0535ADCFE0E6F37E4B222262F59D4E43CB596D62E785EF8E0D7E296F6 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
14:43:29.0626 0x1414 usb_rndisx - ok
14:43:29.0688 0x1414 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
14:43:29.0735 0x1414 UxSms - ok
14:43:29.0766 0x1414 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] VaultSvc C:\Windows\system32\lsass.exe
14:43:29.0782 0x1414 VaultSvc - ok
14:43:29.0829 0x1414 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:43:29.0844 0x1414 vdrvroot - ok
14:43:29.0891 0x1414 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
14:43:29.0985 0x1414 vds - ok
14:43:30.0016 0x1414 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:30.0078 0x1414 vga - ok
14:43:30.0109 0x1414 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:43:30.0156 0x1414 VgaSave - ok
14:43:30.0203 0x1414 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:43:30.0234 0x1414 vhdmp - ok
14:43:30.0265 0x1414 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:43:30.0281 0x1414 viaagp - ok
14:43:30.0312 0x1414 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
14:43:30.0359 0x1414 ViaC7 - ok
14:43:30.0390 0x1414 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
14:43:30.0406 0x1414 viaide - ok
14:43:30.0437 0x1414 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:43:30.0468 0x1414 volmgr - ok
14:43:30.0499 0x1414 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:43:30.0531 0x1414 volmgrx - ok
14:43:30.0577 0x1414 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:43:30.0671 0x1414 volsnap - ok
14:43:30.0718 0x1414 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:43:30.0733 0x1414 vsmraid - ok
14:43:30.0796 0x1414 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
14:43:30.0936 0x1414 VSS - ok
14:43:30.0967 0x1414 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
14:43:30.0999 0x1414 vwifibus - ok
14:43:31.0077 0x1414 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
14:43:31.0139 0x1414 W32Time - ok
14:43:31.0155 0x1414 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:43:31.0201 0x1414 WacomPen - ok
14:43:31.0248 0x1414 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:43:31.0311 0x1414 WANARP - ok
14:43:31.0311 0x1414 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:43:31.0342 0x1414 Wanarpv6 - ok
14:43:31.0404 0x1414 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
14:43:31.0576 0x1414 wbengine - ok
14:43:31.0654 0x1414 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:43:31.0701 0x1414 WbioSrvc - ok
14:43:31.0747 0x1414 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:43:31.0794 0x1414 wcncsvc - ok
14:43:31.0825 0x1414 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:43:31.0888 0x1414 WcsPlugInService - ok
14:43:31.0919 0x1414 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:43:31.0950 0x1414 Wd - ok
14:43:32.0013 0x1414 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:43:32.0091 0x1414 Wdf01000 - ok
14:43:32.0122 0x1414 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:43:32.0153 0x1414 WdiServiceHost - ok
14:43:32.0153 0x1414 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:43:32.0169 0x1414 WdiSystemHost - ok
14:43:32.0215 0x1414 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
14:43:32.0262 0x1414 WebClient - ok
14:43:32.0309 0x1414 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:43:32.0356 0x1414 Wecsvc - ok
14:43:32.0387 0x1414 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:43:32.0434 0x1414 wercplsupport - ok
14:43:32.0543 0x1414 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
14:43:32.0574 0x1414 WerSvc - ok
14:43:32.0605 0x1414 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:43:32.0668 0x1414 WfpLwf - ok
14:43:32.0699 0x1414 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:43:32.0715 0x1414 WIMMount - ok
14:43:32.0793 0x1414 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA, 711DD957AF98F1B835ECE0FEBCCF8FCC7763F1DAA232F1C9E80DE6DA123C7F33 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
14:43:32.0855 0x1414 winachsf - ok
14:43:32.0917 0x1414 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:43:33.0073 0x1414 WinDefend - ok
14:43:33.0073 0x1414 WinHttpAutoProxySvc - ok
14:43:33.0151 0x1414 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:43:33.0214 0x1414 Winmgmt - ok
14:43:33.0292 0x1414 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
14:43:33.0432 0x1414 WinRM - ok
14:43:33.0463 0x1414 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
14:43:33.0510 0x1414 WinUsb - ok
14:43:33.0557 0x1414 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:43:33.0635 0x1414 Wlansvc - ok
14:43:33.0713 0x1414 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:43:33.0729 0x1414 WmiAcpi - ok
14:43:33.0775 0x1414 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:43:33.0822 0x1414 wmiApSrv - ok
14:43:33.0947 0x1414 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:43:34.0072 0x1414 WMPNetworkSvc - ok
14:43:34.0103 0x1414 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:43:34.0181 0x1414 WPCSvc - ok
14:43:34.0212 0x1414 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:43:34.0290 0x1414 WPDBusEnum - ok
14:43:34.0337 0x1414 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:43:34.0431 0x1414 ws2ifsl - ok
14:43:34.0462 0x1414 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
14:43:34.0477 0x1414 wscsvc - ok
14:43:34.0493 0x1414 WSearch - ok
14:43:34.0587 0x1414 [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv C:\Windows\system32\wuaueng.dll
14:43:34.0727 0x1414 wuauserv - ok
14:43:34.0774 0x1414 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:43:34.0821 0x1414 WudfPf - ok
14:43:34.0852 0x1414 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
14:43:34.0914 0x1414 WUDFRd - ok
14:43:34.0945 0x1414 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:43:34.0992 0x1414 wudfsvc - ok
14:43:35.0039 0x1414 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
14:43:35.0133 0x1414 WwanSvc - ok
14:43:35.0179 0x1414 [ 88AF537264F2B818DA15479CEEAF5D7C, E0F95D6448FFB77351BB63ED444238F891B16748FD09F8BCCA23BEC4E341A96B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
14:43:35.0179 0x1414 XAudio - ok
14:43:35.0211 0x1414 [ 15A317674A08DF26BE65164D959E9203, 6EEE0D1711F37936D157651E265A65137BCBFBDA17F066C844BAA0D53558F86A ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
14:43:35.0242 0x1414 XAudioService - ok
14:43:35.0351 0x1414 [ 74EC37B9EAF9FCA015B933A526825C7A, E75D73422B4383210F912B424377D5F2DBBF0E9418A2F450636B689572B1B9F6 ] {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
14:43:35.0382 0x1414 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
14:43:35.0538 0x1414 [ 556B5CFE8D21B256ADD7F87D7F4B4123, 7D3CC5C0DAC1CC418E9692CCCBBBC61AB0124E0280DA366B2A7F207F61CE9BAD ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
14:43:35.0569 0x1414 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
14:43:35.0694 0x1414 ================ Scan global ===============================
14:43:35.0757 0x1414 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
14:43:35.0788 0x1414 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:43:35.0819 0x1414 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
14:43:35.0866 0x1414 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
14:43:35.0897 0x1414 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
14:43:35.0975 0x1414 [ Global ] - ok
14:43:35.0975 0x1414 ================ Scan MBR ==================================
14:43:36.0006 0x1414 [ BB9D3A6A13C5010348DA7C900BB6AF50 ] \Device\Harddisk0\DR0
14:43:36.0771 0x1414 \Device\Harddisk0\DR0 - ok
14:43:36.0771 0x1414 ================ Scan VBR ==================================
14:43:36.0771 0x1414 [ 6B3BB12230BFC00805D4B40CA5836595 ] \Device\Harddisk0\DR0\Partition1
14:43:36.0771 0x1414 \Device\Harddisk0\DR0\Partition1 - ok
14:43:36.0771 0x1414 [ B65689E123D0D332D93E2C2B001BF690 ] \Device\Harddisk0\DR0\Partition2
14:43:36.0802 0x1414 \Device\Harddisk0\DR0\Partition2 - ok
14:43:36.0802 0x1414 ================ Scan generic autorun ======================
14:43:36.0911 0x1414 [ 66177D4C99FD8B578C7C56DE445E4D5D, 003D0254D7C693A72DE84CB76858F8D67D9FD62206F1B56DF7F5D0FA834C3BA7 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
14:43:36.0942 0x1414 avgnt - ok
14:43:37.0098 0x1414 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
14:43:37.0270 0x1414 SDTray - ok
14:43:37.0317 0x1414 [ 260E2DB7DF95FCE6D6FABA8A1D5885FF, 143F326F6CA8FA56E3807D8FDF0B9675750321F4C3B7184B0D2FC754DCC34159 ] C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
14:43:37.0348 0x1414 Avira Systray - ok
14:43:37.0426 0x1414 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
14:43:37.0597 0x1414 Sidebar - ok
14:43:37.0629 0x1414 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
14:43:37.0707 0x1414 mctadmin - ok
14:43:37.0753 0x1414 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
14:43:37.0800 0x1414 Sidebar - ok
14:43:37.0800 0x1414 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
14:43:37.0831 0x1414 mctadmin - ok
14:43:37.0894 0x1414 [ 43D083268A0919F3527A2837390BAF63, 58B62697B01B8C9396271A64424178691FA85D4625DAF2AC8DE7F06A64F64C2A ] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
14:43:37.0909 0x1414 ISUSPM - ok
14:43:38.0097 0x1414 [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
14:43:38.0424 0x1414 Spybot-S&D Cleaning - ok
14:43:38.0424 0x1414 Waiting for KSN requests completion. In queue: 163
14:43:39.0438 0x1414 Waiting for KSN requests completion. In queue: 163
14:43:40.0452 0x1414 Waiting for KSN requests completion. In queue: 163
14:43:41.0575 0x1414 AV detected via SS2: Avira Antivirus, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 15.0.10.414 ), 0x41000 ( enabled : updated )
14:43:41.0575 0x1414 Win FW state via NFP2: enabled
14:43:44.0305 0x1414 ============================================================
14:43:44.0305 0x1414 Scan finished
14:43:44.0305 0x1414 ============================================================
14:43:44.0305 0x0ac8 Detected object count: 0
14:43:44.0305 0x0ac8 Actual detected object count: 0
|
|
30.05.2015, 13:51
| #4 |
| | Windows 7 Windows Explorer schließt sich immer Hier noch das Logfile von GMER als Code-Tag Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-05-29 20:29:46
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Stefanie\AppData\Local\Temp\fglyruog.sys
---- System - GMER 2.1 ----
SSDT 91C88586 ZwCreateSection
SSDT 91C8855E ZwCreateSymbolicLinkObject
SSDT 91C88563 ZwLoadDriver
SSDT 91C88559 ZwOpenSection
SSDT 91C88590 ZwRequestWaitReplyPort
SSDT 91C8858B ZwSetContextThread
SSDT 91C88595 ZwSetSecurityObject
SSDT 91C88568 ZwSetSystemInformation
SSDT 91C8859A ZwSystemDebugControl
SSDT 91C88527 ZwTerminateProcess
SSDT 91C88522 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestPort + 14AD 8348FBB5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C9B92 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 834D10BC 4 Bytes [86, 85, C8, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 834D10C4 4 Bytes [5E, 85, C8, 91] {POP ESI; TEST EAX, ECX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1313 834D11D8 4 Bytes [63, 85, C8, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 13AF 834D1274 4 Bytes [59, 85, C8, 91] {POP ECX; TEST EAX, ECX; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 834D1418 4 Bytes [90, 85, C8, 91] {NOP ; TEST EAX, ECX; XCHG ECX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E07000, 0x2BFBF0, 0xE8000020]
.text C:\Windows\system32\drivers\ACEDRV05.sys section is writeable [0x91001000, 0x30A4A, 0xE8000020]
.pklstb C:\Windows\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0x91043000]
.relo2 C:\Windows\system32\drivers\ACEDRV05.sys unknown last section [0x9105E000, 0x8E, 0x42000040]
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xA162F580, 0x29E04, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA165A300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA16B1300, 0x1BEE, 0xE8000020]
.text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xA17AE000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xA17D1050]
.text C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl section is writeable [0xA17AE000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl entry point in ".vmp2" section [0xA17D1050]
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Acer\Empowering Technology\Service\ETService.exe 0xDC 0x7A 0xBC 0x5B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Acer\Mobility Center\MobilityService.exe 0x41 0x33 0x69 0x6A ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0xEF 0x0F 0xBD 0x59 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\System32\sdiagnhost.exe 0xF9 0x21 0x97 0xB8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe 0xA5 0xF4 0xCB 0xA9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\Temp\RunBoot-Temp_.f2bcf8ad-06d3-42ac-bbae-daf440e4a738\MatsBoot.exe 0x1D 0xB9 0xA7 0x21 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\System32\mmc.exe 0x83 0xF2 0xA8 0xC1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Program Files\Windows Sidebar\sidebar.exe 0x75 0xBB 0x12 0xD9 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\ehome\ehshell.exe 0x55 0x8F 0x61 0x13 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\ehome\ehrec.exe 0xA7 0x83 0xC5 0x22 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\ehome\mcupdate.exe 0xD1 0x57 0x11 0xD8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Windows\ehome\mcGlidHost.exe 0xF4 0xDB 0x1E 0x27 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v2.0.50727/mscorwks.dll@\Device\HarddiskVolume2\Users\Stefanie\Downloads\FRST.exe 0x45 0x1A 0x64 0x73 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 0x70 0x95 0xC6 0x59 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\CompatTel\wicainventory.exe 0x63 0x9F 0xDF 0x8A ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\rundll32.exe 0xC5 0xEA 0xBA 0x95 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Users\Stefanie\AppData\Local\Temp\DMR\dmr_72.exe 0xBF 0x50 0x05 0xBD ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Avira\Launcher\Avira.ServiceHost.exe 0x47 0xDD 0x25 0x7F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Program Files\Avira\Launcher\Avira.OE.Systray.exe 0x50 0x9D 0x18 0xA1 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe 0x59 0x6C 0x18 0x94 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Windows\System32\msiexec.exe 0x38 0x24 0x8C 0xE2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Users\Stefanie\Downloads\OTL.exe 0xB2 0x0F 0x49 0xE8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\Module\Microsoft.NET/Framework/v4.0.30319/clr.dll@\Device\HarddiskVolume2\Users\Stefanie\Downloads\FRST.exe 0x47 0x8A 0x06 0x7D ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@6DDADBEF 3653
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{DB3C0A5E-8B65-11DE-9BCC-806E6F6E6963} 8417330160
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by Stefanie (administrator) on STEFANIE-LAPTOP on 29-05-2015 20:07:12
Running from C:\Users\Stefanie\Downloads
Loaded Profiles: Stefanie (Available Profiles: Stefanie)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
() C:\Program Files\Re-markit Corp\Re-markit_wd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Acer Incorporated) C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
() C:\Windows\System32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [127792 2015-04-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\MountPoints2: G - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\MountPoints2: {069be16b-caaf-11e1-9596-001060d01ead} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\MountPoints2: {069be17b-caaf-11e1-9596-001060d01ead} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\MountPoints2: {1d2cec57-102f-11e4-b19f-001060d01ead} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\MountPoints2: {ae7cdf7f-f617-11e2-8390-001060d01ead} - G:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\MountPoints2: {f7ca3e6d-e1e0-11de-a333-806e6f6e6963} - E:\AUTORUN.EXE
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-07-29] (Egis Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1396716744&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX10E690422704227
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1396716744&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX10E690422704227&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396716744&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX10E690422704227
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1396716744&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX10E690422704227&q={searchTerms}
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1396716744&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX10E690422704227
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE346
SearchScopes: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE346
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-31] (RealPlayer)
BHO: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO: No Name -> {4bf43efd-34be-a3c0-61c8-9ad4974fc954} -> No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-07-29] (Egis)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29] (Egis Incorporated.)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396716744&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX10E690422704227
FireFox:
========
FF ProfilePath: C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default
FF DefaultSearchUrl: hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: webssearches
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @digitalpublishing.de/dpLaunch -> C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll [2012-03-13] (digital publishing AG)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-05-31] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1929016561-3404761482-1178114853-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-23] (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012-05-31] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npstrlnk.dll [2010-07-20] ( )
FF SearchPlugin: C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\searchplugins\avira-safesearch.xml [2014-04-06]
FF SearchPlugin: C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\searchplugins\google-images.xml [2015-05-01]
FF SearchPlugin: C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\searchplugins\google-maps.xml [2015-05-01]
FF Extension: Avira Browser Safety - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-03]
FF Extension: PAYBACK Toolbar - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\Extensions\toolbar-ff@payback.de.xpi [2011-06-22]
FF Extension: Adblock Plus - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files\Mozilla Firefox\extensions\{b5b17ab4-6e99-e194-e8a3-d864469fbc46} [2010-01-24]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-26]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-31]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-08-06]
FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\extensions\quick_start@gmail.com
FF HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\Firefox\Extensions: [{c1f9049a-3290-4967-9a3d-448f242ce94c}] - C:\Program Files\Re-markit Corp\158.xpi
Chrome:
=======
CHR Profile: C:\Users\Stefanie\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [205616 2015-04-21] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-13] () [File not signed]
R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [122880 2009-06-16] (Acer Incorporated) [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACEDRV05; C:\Windows\system32\drivers\ACEDRV05.sys [97792 2010-01-26] (Protect Software GmbH) [File not signed]
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [295432 2010-01-20] (Protect Software GmbH)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2008-09-09] (Avanquest Software) [File not signed]
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2009-07-21] (Windows (R) Win 7 DDK provider)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-25] ()
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2009-07-21] (Nuvoton Technology Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2009-07-14] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2008-10-17] (CyberLink Corp.)
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 14:16 - 2015-05-29 14:19 - 00070121 _____ () C:\Users\Stefanie\Downloads\Addition.txt
2015-05-29 14:16 - 2015-05-29 14:16 - 00380416 _____ () C:\Users\Stefanie\Downloads\Gmer-19357.exe
2015-05-29 14:15 - 2015-05-29 20:07 - 00024178 _____ () C:\Users\Stefanie\Downloads\FRST.txt
2015-05-29 14:15 - 2015-05-29 20:07 - 00000000 ____D () C:\FRST
2015-05-29 14:15 - 2015-05-29 14:15 - 01147392 _____ (Farbar) C:\Users\Stefanie\Downloads\FRST.exe
2015-05-29 14:14 - 2015-05-29 20:05 - 00000478 _____ () C:\Users\Stefanie\Downloads\defogger_disable.log
2015-05-29 14:14 - 2015-05-29 14:14 - 00000000 _____ () C:\Users\Stefanie\defogger_reenable
2015-05-29 14:13 - 2015-05-29 14:13 - 00050477 _____ () C:\Users\Stefanie\Downloads\Defogger.exe
2015-05-29 13:58 - 2015-05-29 13:58 - 00602112 _____ (OldTimer Tools) C:\Users\Stefanie\Downloads\OTL.exe
2015-05-25 10:37 - 2015-05-25 10:41 - 00000000 ____D () C:\Users\Stefanie\AppData\Local\elfopatch
2015-05-23 17:30 - 2015-05-29 20:00 - 00116952 _____ () C:\Windows\setupact.log
2015-05-23 17:30 - 2015-05-23 17:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-23 17:29 - 2015-05-29 20:00 - 00001822 _____ () C:\Windows\PFRO.log
2015-05-22 16:14 - 2015-05-22 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt
2015-05-22 16:11 - 2015-05-22 16:11 - 00000000 ____D () C:\Program Files\dm
2015-05-22 16:10 - 2015-05-22 16:11 - 01627112 _____ () C:\Users\Stefanie\Downloads\setup_dm_Fotowelt.exe
2015-05-22 15:31 - 2015-05-22 15:31 - 00000000 ____D () C:\Users\Stefanie\restore
2015-05-20 12:05 - 2015-05-20 12:05 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Stefanie\Downloads\flashplayer17au_ha_install.exe
2015-05-19 11:01 - 2015-05-19 11:17 - 00000000 ____D () C:\Users\Stefanie\Opel-Zoo
2015-05-15 19:24 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 19:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 19:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-15 19:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-15 19:01 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-15 19:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-15 19:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-15 19:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-15 19:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-15 19:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-15 19:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-15 19:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-15 19:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-15 19:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-15 19:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-15 19:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-15 19:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-15 19:01 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-15 19:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-15 19:01 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-15 19:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-15 19:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-15 19:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-15 19:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-15 19:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-15 19:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-15 19:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-15 19:01 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-15 19:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-15 19:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-15 19:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-15 19:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-15 19:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-15 19:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-15 19:01 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 19:01 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 19:01 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 19:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-15 19:01 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 19:01 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 19:01 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-15 19:01 - 2014-12-11 19:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-15 19:01 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-05-10 11:02 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-05-10 11:01 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-05-10 11:01 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-05-10 11:01 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-05-10 11:01 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-05-10 11:01 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-05-10 11:01 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-05-10 11:01 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-05-10 11:01 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-05-10 11:01 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-05-10 10:59 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-10 10:59 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-10 10:59 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-10 10:59 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-10 10:59 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-10 10:59 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-10 10:59 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-10 10:59 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-10 10:59 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-10 10:59 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-10 10:59 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-10 10:59 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-10 10:59 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-10 10:59 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-10 10:59 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-10 10:59 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-10 10:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-10 10:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-10 10:59 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-10 10:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-10 10:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-10 10:58 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-10 10:58 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-10 10:58 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-10 10:58 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-10 10:58 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-10 10:58 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-10 10:58 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-10 10:58 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-10 10:58 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-10 10:58 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-10 10:57 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-10 10:28 - 2015-05-10 10:28 - 00001173 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-10 10:27 - 2015-05-10 10:27 - 00347816 _____ (Microsoft Corporation) C:\Users\Stefanie\Downloads\MicrosoftFixit.wu.Run.exe
2015-05-10 10:26 - 2015-05-25 10:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-10 10:26 - 2015-05-10 10:26 - 04734040 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie\Downloads\avira_de_av_554f160a47658__ws.exe
2015-05-04 11:13 - 2006-09-18 23:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150504-111313.backup
2015-05-01 19:16 - 2006-09-18 23:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150501-191623.backup
2015-05-01 19:14 - 2006-09-18 23:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150501-191453.backup
2015-05-01 16:28 - 2015-05-01 16:28 - 44167360 _____ (Microsoft Corporation) C:\Users\Stefanie\Downloads\Windows-KB890830-V5.23.exe
2015-05-01 16:06 - 2015-05-01 19:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-01 16:06 - 2015-05-01 16:09 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-01 16:06 - 2015-05-01 16:06 - 00002139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-05-01 16:06 - 2015-05-01 16:06 - 00002127 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-05-01 16:06 - 2015-05-01 16:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-05-01 16:06 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-05-01 16:05 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2015-05-01 16:05 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2015-05-01 16:04 - 2015-05-01 16:04 - 01203488 _____ () C:\Users\Stefanie\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-05-01 15:52 - 2015-05-29 20:00 - 00000476 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-05-01 15:52 - 2015-05-24 18:00 - 00000450 _____ () C:\Windows\Tasks\ParetoLogic Registration3.job
2015-05-01 15:52 - 2015-05-04 11:07 - 00000424 _____ () C:\Windows\Tasks\ParetoLogic Update Version3.job
2015-05-01 15:52 - 2015-05-01 15:52 - 00000000 ____D () C:\Users\Stefanie\AppData\Roaming\ParetoLogic
2015-05-01 15:52 - 2015-05-01 15:52 - 00000000 ____D () C:\Users\Stefanie\AppData\Roaming\DriverCure
2015-05-01 15:51 - 2015-05-01 16:02 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-05-01 15:51 - 2015-05-01 15:51 - 05813872 _____ (ParetoLogic Inc.) C:\Users\Stefanie\Downloads\ParetoLogic PC Health Advisor_de.exe
2015-05-01 15:51 - 2015-05-01 15:51 - 00000000 ____D () C:\Program Files\Common Files\ParetoLogic
2015-05-01 15:48 - 2015-05-01 15:48 - 00000000 ____D () C:\Users\Stefanie\Thorsten Handy
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-29 20:00 - 2014-04-05 18:52 - 00002764 _____ () C:\Windows\Tasks\74d52b3c-be80-4a90-bd6c-4b7266540f32-3.job
2015-05-29 20:00 - 2014-04-05 18:52 - 00002328 _____ () C:\Windows\Tasks\74d52b3c-be80-4a90-bd6c-4b7266540f32-4.job
2015-05-29 20:00 - 2014-04-05 18:52 - 00001424 _____ () C:\Windows\Tasks\74d52b3c-be80-4a90-bd6c-4b7266540f32-5.job
2015-05-29 20:00 - 2014-04-05 18:52 - 00001322 _____ () C:\Windows\Tasks\74d52b3c-be80-4a90-bd6c-4b7266540f32-1.job
2015-05-29 20:00 - 2014-04-05 18:52 - 00001320 _____ () C:\Windows\Tasks\74d52b3c-be80-4a90-bd6c-4b7266540f32-2.job
2015-05-29 20:00 - 2014-04-05 18:52 - 00000374 _____ () C:\Windows\Tasks\Re-markit Update.job
2015-05-29 20:00 - 2014-04-05 18:52 - 00000372 _____ () C:\Windows\Tasks\Re-markit_wd.job
2015-05-29 20:00 - 2010-02-16 19:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-29 20:00 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 20:00 - 2009-01-22 20:14 - 00000147 _____ () C:\Windows\system32\agent.log
2015-05-29 14:19 - 2009-12-05 23:35 - 01152735 _____ () C:\Windows\WindowsUpdate.log
2015-05-29 14:15 - 2013-10-10 07:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-29 14:14 - 2009-12-05 23:02 - 00000000 ____D () C:\Users\Stefanie
2015-05-29 13:54 - 2010-02-16 19:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-29 13:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-29 12:56 - 2009-12-05 23:01 - 00019440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-29 12:56 - 2009-12-05 23:01 - 00019440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 18:56 - 2012-05-28 19:26 - 00000000 ____D () C:\Users\Stefanie\Steuererklärung
2015-05-26 18:37 - 2012-05-05 21:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-25 12:39 - 2009-11-26 10:46 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-25 12:17 - 2012-05-05 21:49 - 00000000 ____D () C:\Users\Stefanie\PV-Anlage
2015-05-25 10:45 - 2012-06-09 09:24 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-05-25 10:42 - 2012-06-09 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-05-22 17:24 - 2009-12-05 23:43 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 16:19 - 2014-04-05 17:52 - 00000000 ____D () C:\Users\Stefanie\AppData\Local\CrashDumps
2015-05-22 16:19 - 2012-08-10 16:17 - 00000000 ____D () C:\ProgramData\tmp
2015-05-22 15:57 - 2012-08-10 16:17 - 00000000 ____D () C:\ProgramData\hps
2015-05-22 15:14 - 2009-10-10 22:04 - 00000000 ____D () C:\Users\Stefanie\AppData\Local\Corel
2015-05-22 15:13 - 2009-10-04 14:20 - 00000000 ____D () C:\Users\Stefanie\Documents\My PSP Files
2015-05-20 20:30 - 2013-05-19 19:56 - 00000000 ____D () C:\Windows\rescache
2015-05-20 12:54 - 2015-04-05 20:18 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 12:06 - 2014-10-17 12:56 - 00000000 ____D () C:\Users\Stefanie\AppData\Local\Adobe
2015-05-20 12:05 - 2012-03-30 17:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-20 12:05 - 2011-05-18 08:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-19 11:20 - 2009-11-26 11:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-16 10:57 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-16 10:24 - 2009-07-14 06:33 - 00433448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 10:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-16 10:22 - 2012-10-28 11:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 19:24 - 2009-01-22 20:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 19:23 - 2013-07-26 19:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 19:16 - 2009-12-17 20:41 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 19:14 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 19:13 - 2012-10-28 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-10 11:10 - 2014-04-11 13:46 - 00000000 ____D () C:\Program Files\Alien Skin
2015-05-10 11:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-10 11:03 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2015-05-10 11:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-10 10:33 - 2014-05-09 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-10 10:26 - 2012-10-17 08:41 - 00000000 ____D () C:\ProgramData\Avira
2015-05-10 10:26 - 2012-10-17 08:41 - 00000000 ____D () C:\Program Files\Avira
2015-05-04 11:12 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-01 17:49 - 2013-11-30 20:57 - 00000000 ____D () C:\Users\Stefanie\AppData\Roaming\GlarySoft
==================== Files in the root of some directories =======
2011-11-12 14:23 - 2011-11-12 14:52 - 0000391 _____ () C:\Users\Stefanie\AppData\Roaming\prefsdb.dat
2009-12-08 13:59 - 2009-12-08 13:59 - 0000000 _____ () C:\Users\Stefanie\AppData\Roaming\wklnhst.dat
2011-12-20 20:47 - 2013-03-24 19:35 - 0015360 _____ () C:\Users\Stefanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-26 19:09 - 2009-12-26 19:09 - 0000096 _____ () C:\Users\Stefanie\AppData\Local\fusioncache.dat
2014-04-05 19:54 - 2014-04-05 19:54 - 1176896 _____ (AnyProtect.com) C:\Users\Stefanie\AppData\Local\nso625F.tmp
2010-10-09 19:47 - 2010-10-09 19:47 - 0007605 _____ () C:\Users\Stefanie\AppData\Local\Resmon.ResmonCfg
2010-03-21 12:24 - 2010-03-21 12:35 - 0000168 __RSH () C:\ProgramData\3FFED20C6C.sys
2012-04-13 18:26 - 2012-04-13 18:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-09-05 22:00 - 2010-09-05 22:00 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-03-21 12:24 - 2010-03-21 12:35 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys
Files to move or delete:
====================
C:\Users\Stefanie\Powador-monitorSetup.exe
Some files in TEMP:
====================
C:\Users\Stefanie\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 20:43
==================== End of log ============================
|
|
30.05.2015, 16:07
| #5 |
| /// TB-Ausbilder | Windows 7 Windows Explorer schließt sich immer Servus, Scan mit Combofix
|
|
30.05.2015, 19:47
| #6 |
| | Windows 7 Windows Explorer schließt sich immer Hallo Matthias, nachdem Combofix den Scan ausgeführt hat bekomme ich folgenden Warnhinweis: Unable to create a backup of the current registry file C:\ Windows\ System32\config\SOFTWARE ! Continue restoration of this file? Ja oder nein? Viele Grüße Tuuli |
|
31.05.2015, 08:28
| #7 |
| /// TB-Ausbilder | Windows 7 Windows Explorer schließt sich immer Servus, klicke ja. Poste bitte die Logdatei von ComboFix. |
|
31.05.2015, 09:12
| #8 |
| | Windows 7 Windows Explorer schließt sich immer Guten Morgen, hier die Logdatei von Combofix: Code:
ATTFilter ComboFix 15-05-28.01 - Stefanie 30.05.2015 20:27:10.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3067.1988 [GMT 2:00]
ausgeführt von:: c:\users\Stefanie\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3FFED20C6C.sys
c:\programdata\Roaming
c:\users\Stefanie\AppData\Local\assembly\tmp
c:\users\Stefanie\AppData\Local\nso625F.tmp
c:\users\Stefanie\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Stefanie\AppData\Roaming\.#
c:\windows\system32\PEukzY6G5ZwT-3.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-04-28 bis 2015-05-31 ))))))))))))))))))))))))))))))
.
.
2015-05-30 18:38 . 2015-05-31 08:02 -------- d-----w- c:\users\Stefanie\AppData\Local\temp
2015-05-29 12:15 . 2015-05-29 18:33 -------- d-----w- C:\FRST
2015-05-29 10:57 . 2015-05-03 03:42 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5BDC41E-A6B6-4E71-820C-C78C8F147468}\mpengine.dll
2015-05-25 08:37 . 2015-05-25 08:41 -------- d-----w- c:\users\Stefanie\AppData\Local\elfopatch
2015-05-22 14:11 . 2015-05-22 14:11 -------- d-----w- c:\program files\dm
2015-05-22 13:31 . 2015-05-22 13:31 -------- d-----w- c:\users\Stefanie\restore
2015-05-19 09:01 . 2015-05-19 09:17 -------- d-----w- c:\users\Stefanie\Opel-Zoo
2015-05-15 17:24 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-10 09:02 . 2013-10-01 23:45 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2015-05-10 09:01 . 2013-10-02 00:32 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-05-10 09:01 . 2013-10-02 00:42 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2015-05-10 09:01 . 2013-10-02 00:30 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-05-10 09:01 . 2013-10-02 00:14 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2015-05-10 09:01 . 2013-10-02 00:14 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2015-05-10 09:01 . 2013-10-01 23:58 53248 ----a-w- c:\windows\system32\tsgqec.dll
2015-05-10 09:01 . 2013-10-01 23:08 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2015-05-10 09:01 . 2013-10-01 22:53 350208 ----a-w- c:\windows\system32\wksprt.exe
2015-05-10 09:01 . 2013-10-01 22:34 1068544 ----a-w- c:\windows\system32\mstsc.exe
2015-05-10 08:58 . 2015-04-27 19:05 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-05-10 08:57 . 2015-02-18 07:06 123904 ----a-w- c:\windows\system32\poqexec.exe
2015-05-10 08:26 . 2015-05-25 08:38 -------- d-----w- c:\programdata\Package Cache
2015-05-01 14:06 . 2015-05-30 18:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-05-01 14:06 . 2015-05-30 18:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-05-01 14:05 . 2011-05-13 10:16 493056 ----a-w- c:\windows\system32\dhRichClient3.dll
2015-05-01 14:05 . 2011-03-25 18:42 338432 ----a-w- c:\windows\system32\sqlite36_engine.dll
2015-05-01 13:52 . 2015-05-01 13:52 -------- d-----w- c:\users\Stefanie\AppData\Roaming\ParetoLogic
2015-05-01 13:52 . 2015-05-01 13:52 -------- d-----w- c:\users\Stefanie\AppData\Roaming\DriverCure
2015-05-01 13:51 . 2015-05-01 13:51 -------- d-----w- c:\program files\Common Files\ParetoLogic
2015-05-01 13:51 . 2015-05-01 14:02 -------- d-----w- c:\programdata\ParetoLogic
2015-05-01 13:48 . 2015-05-01 13:48 -------- d-----w- c:\users\Stefanie\Thorsten Handy
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-20 10:05 . 2012-03-30 15:07 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-20 10:05 . 2011-05-18 06:11 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-05-10 09:17 . 2013-10-03 15:29 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-05-10 09:17 . 2013-10-03 15:29 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-04-16 13:23 . 2012-10-17 06:41 37896 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2015-04-16 13:23 . 2012-10-17 06:41 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-04-16 13:23 . 2012-10-17 06:41 107400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-03-25 03:00 . 2015-04-15 17:08 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-15 17:08 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-15 17:08 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-15 17:08 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-15 17:08 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-15 17:08 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-15 17:08 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 17:08 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-15 17:08 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-15 17:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-15 17:08 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-15 17:10 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-15 17:10 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-15 17:10 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-15 17:10 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-15 17:10 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-15 17:10 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:06 . 2015-04-15 17:10 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 02:59 . 2015-04-15 17:10 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-10 03:08 . 2015-04-15 17:08 1237504 ----a-w- c:\windows\system32\msxml3.dll
2015-03-10 03:05 . 2015-04-15 17:08 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-03-05 04:06 . 2015-04-15 17:09 305152 ----a-w- c:\windows\system32\gdi32.dll
2015-03-04 09:28 . 2013-05-07 19:04 37896 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-04 04:16 . 2015-04-15 17:10 249784 ----a-w- c:\windows\system32\clfs.sys
2015-03-04 04:10 . 2015-04-15 17:10 58880 ----a-w- c:\windows\system32\clfsw32.dll
2015-03-04 04:10 . 2015-05-10 08:59 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-10 08:59 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-10 08:59 2560 ----a-w- c:\windows\apppatch\AcRes.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 15:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2015-04-16 728312]
"Avira Systray"="c:\program files\Avira\Launcher\Avira.OE.Systray.exe" [2015-04-21 127792]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Launcher.lnk
backup=c:\windows\pss\Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AMD AVT]
start AMD Accelerated Video Transcoding device initialization [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-11-20 18:13 1021128 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2014-10-29 22:25 4673432 ----a-w- c:\users\Stefanie\AppData\Local\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\Cyberlink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-25 20:36 28672 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-03-18 09:43 173352 ----a-w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 09:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 09:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-09-11 20:46 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-07-29 15:52 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2009-07-20 16:57 421888 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Deskjet 3050A J611 series (NET)]
2011-06-08 16:15 1804648 ----a-w- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2009-08-27 08:12 1218056 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2010-07-20 16:21 323280 ----a-w- c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2014-06-04 08:08 191528 ----a-w- c:\program files\PDF24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2008-10-17 12:54 167936 ----a-w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2008-07-29 17:29 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\Cyberlink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-06 09:47 7600672 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-07-06 09:48 1833504 ------w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2013-04-29 23:18 642304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-26 01:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 18:08 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" -osboot
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files\Avira\AntiVir Desktop\avmailc7.exe [2015-04-16 827640]
R2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\avwebg7.exe [2015-04-16 1185584]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496]
R3 BthAvrcp;Bluetooth-AVRCP-Profil;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 225280]
R3 cleanhlp;cleanhlp;c:\program files\Emsisoft Anti-Malware\cleanhlp32.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2014-07-20 102784]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2014-07-20 116736]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-19 47104]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2009-07-13 15872]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2015-04-16 37896]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/04/20 09:16];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 87536]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/08/17 22:04];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-10-17 12:49 87536]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\program files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [2011-09-13 342984]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-04-30 217088]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2015-04-16 434424]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files\Avira\Launcher\Avira.ServiceHost.exe [2015-04-21 205616]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys [2015-03-04 37896]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-13 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-05-14 86656]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2009-07-21 5632]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2009-07-21 22528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 10:05]
.
2015-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 08:24]
.
2015-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-16 08:24]
.
2015-05-24 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2014-12-08 18:55]
.
2015-05-31 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55]
.
2015-05-04 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2014-12-08 18:55]
.
2015-05-31 c:\windows\Tasks\Re-markit_wd.job
- c:\program files\Re-markit Corp\Re-markit_wd.exe [2014-04-05 16:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1396716744&from=tugs&uid=WDCXWD3200BEVT-22ZCT0_WD-WX10E690422704227
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - webssearches
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2009-12-05 22:17; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{4bf43efd-34be-a3c0-61c8-9ad4974fc954} - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3240)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\windows\system32\taskhost.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-05-31 10:08:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-05-31 08:08
.
Vor Suchlauf: 18 Verzeichnis(se), 53.862.047.744 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 53.897.867.264 Bytes frei
.
- - End Of File - - 7257E7835C22593E8EAA8408E14023BE
BB9D3A6A13C5010348DA7C900BB6AF50
|
|
31.05.2015, 09:51
| #9 |
| /// TB-Ausbilder | Windows 7 Windows Explorer schließt sich immer Servus, sehr gut gemacht.  So geht es weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Schritt 5
Bitte poste mit deiner nächsten Antwort
|
|
31.05.2015, 12:03
| #10 |
| | Windows 7 Windows Explorer schließt sich immer Hallo Matthias, hier kommt nun die große Ladung an Logdateien: Code:
ATTFilter # AdwCleaner v4.205 - Bericht erstellt 31/05/2015 um 11:55:25
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Stefanie - STEFANIE-LAPTOP
# Gestarted von : C:\Users\Stefanie\Downloads\AdwCleaner_4.205.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ParetoLogic
Ordner Gelöscht : C:\Program Files\DM
Ordner Gelöscht : C:\Program Files\Re-markit Corp
Ordner Gelöscht : C:\Program Files\Common Files\ParetoLogic
Ordner Gelöscht : C:\Users\Stefanie\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\Stefanie\AppData\Roaming\ParetoLogic
Ordner Gelöscht : C:\Users\Stefanie\AppData\Roaming\quickclick
***** [ Geplante Tasks ] *****
Task Gelöscht : paretologic registration3
Task Gelöscht : paretologic update version3
Task Gelöscht : ParetoLogic Update Version3 Startup Task
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{c1f9049a-3290-4967-9a3d-448f242ce94c}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\uus3url-pl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\nuevos-programas.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\ParetoLogic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\ParetoLogic
Schlüssel Gelöscht : HKLM\SOFTWARE\Taronja
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v38.0.1 (x86 de)
[tupo2acu.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[tupo2acu.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaulturl", "hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search=");
[tupo2acu.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[tupo2acu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.crossrider.bic", "1453307cb807316dea031dc25f5d5aaa");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [4057 Bytes] - [31/05/2015 11:49:34]
AdwCleaner[R1].txt - [4116 Bytes] - [31/05/2015 11:54:20]
AdwCleaner[S0].txt - [3869 Bytes] - [31/05/2015 11:55:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3928 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 31.05.2015 Suchlauf-Zeit: 12:06:50 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.30.06 Rootkit Datenbank: v2015.05.24.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Stefanie Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 339211 Verstrichene Zeit: 33 Min, 5 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 11 PUP.Optional.HQVid.A, HKLM\SOFTWARE\HQVid8.1b, In Quarantäne, [6c62d3c601891f17871c6fb0cc38b14f], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47F3FCE7-998C-4D21-9983-6EC20B37D9BA}, In Quarantäne, [10be6c2d107a89adc6a84833669f3fc1], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{831DF4E4-3912-4394-9E31-DAEE9BEE526E}, In Quarantäne, [ffcfaeeb61299e984b21057614f112ee], PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [a529900951392f07c9179d873cc819e7], PUP.Optional.HQVid.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\APPDATALOW\SOFTWARE\HQVid8.1b, In Quarantäne, [c7070693b2d81224c8d9ce514fb5a957], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47F3FCE7-998C-4D21-9983-6EC20B37D9BA}, In Quarantäne, [7a5413869eec35012d3e8af1b35212ee], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D90B8B1-CAEE-4F34-B82E-BC1B90A1EAE1}, In Quarantäne, [00ce0f8a305a51e5df8b8fec49bcfd03], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65D151C4-E9FB-4B8D-AEEE-A179C4579DEE}, In Quarantäne, [fdd19affc8c2ce682d3e83f8ad5858a8], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{69264FF2-B1E5-4B8E-BFE1-BD83D587709F}, In Quarantäne, [5a743267f39781b5e78378033fc66799], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{831DF4E4-3912-4394-9E31-DAEE9BEE526E}, In Quarantäne, [488662379feba294e089e2999075df21], PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DBE44D43-71AB-4A53-916F-3EE735557C21}, In Quarantäne, [5d7136630981c0765813e99210f5ba46], Registrierungswerte: 8 PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47f3fce7-998c-4d21-9983-6ec20b37d9ba}|AppName, HQVid8.1b-codedownloader.exe, In Quarantäne, [10be6c2d107a89adc6a84833669f3fc1] PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{831df4e4-3912-4394-9e31-daee9bee526e}|AppName, HQVid8.1b-bg.exe, In Quarantäne, [ffcfaeeb61299e984b21057614f112ee] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{47f3fce7-998c-4d21-9983-6ec20b37d9ba}|AppName, HQVid8.1b-codedownloader.exe, In Quarantäne, [7a5413869eec35012d3e8af1b35212ee] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5D90B8B1-CAEE-4F34-B82E-BC1B90A1EAE1}|AppName, 74d52b3c-be80-4a90-bd6c-4b7266540f32-2.exe-buttonutil.exe, In Quarantäne, [00ce0f8a305a51e5df8b8fec49bcfd03] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{65D151C4-E9FB-4B8D-AEEE-A179C4579DEE}|AppName, 74d52b3c-be80-4a90-bd6c-4b7266540f32-2.exe-codedownloader.exe, In Quarantäne, [fdd19affc8c2ce682d3e83f8ad5858a8] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{69264FF2-B1E5-4B8E-BFE1-BD83D587709F}|AppName, 74d52b3c-be80-4a90-bd6c-4b7266540f32-2.exe-buttonutil.exe, In Quarantäne, [5a743267f39781b5e78378033fc66799] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{831df4e4-3912-4394-9e31-daee9bee526e}|AppName, HQVid8.1b-bg.exe, In Quarantäne, [488662379feba294e089e2999075df21] PUP.Optional.CrossRider.A, HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{DBE44D43-71AB-4A53-916F-3EE735557C21}|AppName, 74d52b3c-be80-4a90-bd6c-4b7266540f32-2.exe-codedownloader.exe, In Quarantäne, [5d7136630981c0765813e99210f5ba46] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 3 PUP.Optional.ReMarkIt.A, C:\Windows\System32\Tasks\Re-markit_wd, In Quarantäne, [e7e7e0b9becc4de9d05117f8da2afa06], PUP.Optional.ReMarkIt.A, C:\Windows\Tasks\Re-markit_wd.job, In Quarantäne, [d3fb88115c2e10264c2aaa7c6b99748c], PUP.Optional.CrossRider.A, C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.aee5ad154f9094cc0aa51d7e94e3fb0af36204afdf43e49179c718384e2e4d3adcom53172.53172.pluginsurl", "hxxp://js.clientdataservice.com/plugin/apps/53172/plugins/094/ff/plugins.json");), Ersetzt,[2ca2efaaf09a60d6c33c1c5346c05ea2] Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Home Premium x86
Ran by Stefanie on 31.05.2015 at 12:47:22,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544314472}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}
~~~ Files
Successfully deleted: [File] C:\Windows\wininit.ini
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Stefanie\AppData\Roaming\mozilla\firefox\profiles\tupo2acu.default\searchplugins\avira-safesearch.xml
Successfully deleted the following from C:\Users\Stefanie\AppData\Roaming\mozilla\firefox\profiles\tupo2acu.default\prefs.js
user_pref(browser.search.selectedEngine, webssearches);
Emptied folder: C:\Users\Stefanie\AppData\Roaming\mozilla\firefox\profiles\tupo2acu.default\minidumps [425 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2015 at 12:49:34,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 05/31/2015 12:53:04 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Stefanie\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Stefanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Stefanie\Desktop\
Searching C:\Users\Public\Desktop\
0 bad shortcuts found.
Program finished at: 05/31/2015 12:53:05 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-05-2015 01
Ran by Stefanie (administrator) on STEFANIE-LAPTOP on 31-05-2015 12:54:26
Running from C:\Users\Stefanie\Downloads
Loaded Profiles: Stefanie & (Available Profiles: Stefanie)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\Launcher\Avira.OE.Systray.exe [127792 2015-04-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ISUSPM] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll [2008-07-29] (Egis Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE346
SearchScopes: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE346
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-05-31] (RealPlayer)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-08] (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-07-29] (Egis)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-08] (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-07-29] (Egis Incorporated.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Toolbar: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-05] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-20] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @digitalpublishing.de/dpLaunch -> C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll [2012-03-13] (digital publishing AG)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-08] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.4.53 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-05-31] (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1929016561-3404761482-1178114853-1000: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-23] (Ubisoft)
FF Plugin HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-23] (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2012-04-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll [2012-05-31] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012-05-31] (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npstrlnk.dll [2010-07-20] ( )
FF SearchPlugin: C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\searchplugins\google-images.xml [2015-05-01]
FF SearchPlugin: C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\searchplugins\google-maps.xml [2015-05-01]
FF Extension: Avira Browser Safety - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\Extensions\abs@avira.com [2015-05-29]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-03]
FF Extension: PAYBACK Toolbar - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\Extensions\toolbar-ff@payback.de.xpi [2011-06-22]
FF Extension: Adblock Plus - C:\Users\Stefanie\AppData\Roaming\Mozilla\Firefox\Profiles\tupo2acu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-14]
FF Extension: LoudMo Contextual Ad Assistant - C:\Program Files\Mozilla Firefox\extensions\{b5b17ab4-6e99-e194-e8a3-d864469fbc46} [2010-01-24]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-26]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-31]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-08-06]
Chrome:
=======
CHR Profile: C:\Users\Stefanie\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-31]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
S2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [205616 2015-04-21] (Avira Operations GmbH & Co. KG)
S2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
S2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-13] () [File not signed]
S2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [860160 2008-10-16] (Intel(R) Corporation) [File not signed]
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [122880 2009-06-16] (Acer Incorporated) [File not signed]
S2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
S2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
S2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
S2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-10-16] (Intel(R) Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACEDRV05; C:\Windows\system32\drivers\ACEDRV05.sys [97792 2010-01-26] (Protect Software GmbH) [File not signed]
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2010-01-25] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107400 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37896 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [37896 2015-03-04] (Avira Operations GmbH & Co. KG)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)
S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2008-09-09] (Avanquest Software) [File not signed]
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2009-07-21] (Windows (R) Win 7 DDK provider)
S3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-20] (Intel Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-25] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2009-07-21] (Nuvoton Technology Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2009-07-14] (Microsoft Corporation)
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}; C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [87536 2010-03-13] (CyberLink Corp.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2008-10-17] (CyberLink Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Stefanie\AppData\Local\Temp\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files\Emsisoft Anti-Malware\cleanhlp32.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 RTSTOR; system32\drivers\RTSTOR.SYS [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-31 12:53 - 2015-05-31 12:53 - 00001892 _____ () C:\Users\Stefanie\Desktop\sc-cleaner.txt
2015-05-31 12:52 - 2015-05-31 12:52 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Stefanie\Downloads\sc-cleaner.exe
2015-05-31 12:49 - 2015-05-31 12:49 - 00001617 _____ () C:\Users\Stefanie\Desktop\JRT.txt
2015-05-31 12:47 - 2015-05-31 12:47 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-STEFANIE-LAPTOP-Windows-7-Home-Premium-(32-bit).dat
2015-05-31 12:47 - 2015-05-31 12:47 - 00000000 ____D () C:\RegBackup
2015-05-31 12:46 - 2015-05-31 12:46 - 02947635 _____ (Thisisu) C:\Users\Stefanie\Downloads\JRT.exe
2015-05-31 12:43 - 2015-05-31 12:43 - 00006081 _____ () C:\Users\Stefanie\Desktop\mbam.txt
2015-05-31 12:06 - 2015-05-31 12:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-31 12:05 - 2015-05-31 12:05 - 00001068 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-31 12:05 - 2015-05-31 12:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-31 12:05 - 2015-05-31 12:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-31 12:05 - 2015-05-31 12:05 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-05-31 12:05 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-31 12:05 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-31 12:05 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-31 12:03 - 2015-05-31 12:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Stefanie\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-31 12:01 - 2015-05-31 12:01 - 00004008 _____ () C:\Users\Stefanie\Desktop\AdwCleaner[S0].txt
2015-05-31 11:54 - 2015-05-31 11:54 - 00013448 _____ () C:\Users\Stefanie\Desktop\AdwCleaner_4.205.exe - Verknüpfung.lnk
2015-05-31 11:49 - 2015-05-31 11:58 - 00000000 ____D () C:\AdwCleaner
2015-05-31 11:48 - 2015-05-31 11:48 - 02222592 _____ () C:\Users\Stefanie\Downloads\AdwCleaner_4.205.exe
2015-05-31 10:27 - 2015-05-31 10:27 - 00025172 _____ () C:\Users\Stefanie\Desktop\Combofix.txt
2015-05-31 10:08 - 2015-05-31 10:08 - 00025172 _____ () C:\ComboFix.txt
2015-05-30 20:15 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 20:15 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 20:15 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 20:15 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 20:15 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 20:15 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 20:15 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 20:15 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-30 20:14 - 2015-05-31 10:08 - 00000000 ____D () C:\Qoobox
2015-05-30 20:14 - 2015-05-30 20:14 - 00013460 _____ () C:\Users\Stefanie\Desktop\ComboFix.exe - Verknüpfung.lnk
2015-05-30 20:13 - 2015-05-31 10:06 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 20:12 - 2015-05-30 20:12 - 05628678 ____R (Swearware) C:\Users\Stefanie\Downloads\ComboFix.exe
2015-05-30 14:40 - 2015-05-30 14:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Stefanie\Downloads\tdsskiller.exe
2015-05-29 20:29 - 2015-05-29 20:29 - 00017428 _____ () C:\Users\Stefanie\Desktop\gmer.log
2015-05-29 20:08 - 2015-05-29 20:08 - 00047334 _____ () C:\Users\Stefanie\Desktop\FRST.txt
2015-05-29 14:16 - 2015-05-29 14:19 - 00070121 _____ () C:\Users\Stefanie\Downloads\Addition.txt
2015-05-29 14:16 - 2015-05-29 14:16 - 00380416 _____ () C:\Users\Stefanie\Downloads\Gmer-19357.exe
2015-05-29 14:15 - 2015-05-31 12:54 - 00021539 _____ () C:\Users\Stefanie\Downloads\FRST.txt
2015-05-29 14:15 - 2015-05-31 12:54 - 00000000 ____D () C:\FRST
2015-05-29 14:15 - 2015-05-29 14:15 - 01147392 _____ (Farbar) C:\Users\Stefanie\Downloads\FRST.exe
2015-05-29 14:14 - 2015-05-29 20:05 - 00000478 _____ () C:\Users\Stefanie\Downloads\defogger_disable.log
2015-05-29 14:14 - 2015-05-29 14:14 - 00000000 _____ () C:\Users\Stefanie\defogger_reenable
2015-05-29 14:13 - 2015-05-29 14:13 - 00050477 _____ () C:\Users\Stefanie\Downloads\Defogger.exe
2015-05-29 13:58 - 2015-05-29 13:58 - 00602112 _____ (OldTimer Tools) C:\Users\Stefanie\Downloads\OTL.exe
2015-05-25 10:37 - 2015-05-25 10:41 - 00000000 ____D () C:\Users\Stefanie\AppData\Local\elfopatch
2015-05-23 17:30 - 2015-05-31 11:59 - 00233904 _____ () C:\Windows\setupact.log
2015-05-23 17:30 - 2015-05-23 17:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-23 17:29 - 2015-05-31 11:59 - 00009064 _____ () C:\Windows\PFRO.log
2015-05-22 16:14 - 2015-05-22 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm-Fotowelt
2015-05-22 16:10 - 2015-05-22 16:11 - 01627112 _____ () C:\Users\Stefanie\Downloads\setup_dm_Fotowelt.exe
2015-05-22 15:31 - 2015-05-22 15:31 - 00000000 ____D () C:\Users\Stefanie\restore
2015-05-20 12:05 - 2015-05-20 12:05 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\Stefanie\Downloads\flashplayer17au_ha_install.exe
2015-05-19 11:01 - 2015-05-19 11:17 - 00000000 ____D () C:\Users\Stefanie\Opel-Zoo
2015-05-15 19:24 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 19:01 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-15 19:01 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-15 19:01 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-15 19:01 - 2015-04-21 18:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-15 19:01 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-15 19:01 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-15 19:01 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-15 19:01 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-15 19:01 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-15 19:01 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-15 19:01 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-15 19:01 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-15 19:01 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-15 19:01 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-15 19:01 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-15 19:01 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-15 19:01 - 2015-04-21 17:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-15 19:01 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-15 19:01 - 2015-04-21 17:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-15 19:01 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-15 19:01 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-15 19:01 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-15 19:01 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-15 19:01 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-15 19:01 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-15 19:01 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-15 19:01 - 2015-04-21 17:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-15 19:01 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-15 19:01 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-15 19:01 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-15 19:01 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-15 19:01 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-15 19:01 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-15 19:01 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-15 19:01 - 2015-04-20 04:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-15 19:01 - 2015-04-20 04:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-15 19:01 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-15 19:01 - 2015-04-13 05:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-15 19:01 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-15 19:01 - 2015-04-08 05:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-15 19:01 - 2014-12-11 19:47 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-15 19:01 - 2014-09-05 03:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-05-10 11:02 - 2013-10-02 01:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-05-10 11:01 - 2013-10-02 02:42 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-05-10 11:01 - 2013-10-02 02:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-05-10 11:01 - 2013-10-02 02:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-05-10 11:01 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-05-10 11:01 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-05-10 11:01 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-05-10 11:01 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-05-10 11:01 - 2013-10-02 00:53 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-05-10 11:01 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-05-10 10:59 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-05-10 10:59 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-10 10:59 - 2015-04-27 21:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-10 10:59 - 2015-04-27 21:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-10 10:59 - 2015-04-27 21:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-10 10:59 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-10 10:59 - 2015-04-27 21:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-10 10:59 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-10 10:59 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-10 10:59 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-10 10:59 - 2015-04-27 21:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-10 10:59 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-10 10:59 - 2015-04-27 21:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-10 10:59 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-10 10:59 - 2015-04-27 20:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-10 10:59 - 2015-03-14 05:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-10 10:59 - 2015-03-14 05:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-10 10:59 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-10 10:59 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-10 10:59 - 2015-03-04 06:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-10 10:59 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-10 10:59 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-10 10:58 - 2015-04-27 21:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-10 10:58 - 2015-04-27 21:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-10 10:58 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-10 10:58 - 2015-04-27 21:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-10 10:58 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-10 10:58 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-10 10:58 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-10 10:58 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-10 10:58 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-10 10:58 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-10 10:58 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-10 10:57 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-10 10:28 - 2015-05-10 10:28 - 00001173 _____ () C:\Users\Public\Desktop\Avira.lnk
2015-05-10 10:27 - 2015-05-10 10:27 - 00347816 _____ (Microsoft Corporation) C:\Users\Stefanie\Downloads\MicrosoftFixit.wu.Run.exe
2015-05-10 10:26 - 2015-05-25 10:38 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-10 10:26 - 2015-05-10 10:26 - 04734040 _____ (Avira Operations GmbH & Co. KG) C:\Users\Stefanie\Downloads\avira_de_av_554f160a47658__ws.exe
2015-05-04 11:13 - 2006-09-18 23:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150504-111313.backup
2015-05-01 19:16 - 2006-09-18 23:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150501-191623.backup
2015-05-01 19:14 - 2006-09-18 23:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150501-191453.backup
2015-05-01 16:28 - 2015-05-01 16:28 - 44167360 _____ (Microsoft Corporation) C:\Users\Stefanie\Downloads\Windows-KB890830-V5.23.exe
2015-05-01 16:06 - 2015-05-30 20:19 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-05-01 16:06 - 2015-05-30 20:18 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-05-01 16:05 - 2011-05-13 12:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\system32\dhRichClient3.dll
2015-05-01 16:05 - 2011-03-25 20:42 - 00338432 _____ () C:\Windows\system32\sqlite36_engine.dll
2015-05-01 16:04 - 2015-05-01 16:04 - 01203488 _____ () C:\Users\Stefanie\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-05-01 15:51 - 2015-05-01 15:51 - 05813872 _____ (ParetoLogic Inc.) C:\Users\Stefanie\Downloads\ParetoLogic PC Health Advisor_de.exe
2015-05-01 15:48 - 2015-05-01 15:48 - 00000000 ____D () C:\Users\Stefanie\Thorsten Handy
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-31 12:54 - 2010-02-16 19:05 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 12:15 - 2013-10-10 07:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 12:08 - 2009-12-05 23:01 - 00019440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 12:08 - 2009-12-05 23:01 - 00019440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 12:05 - 2009-12-05 23:35 - 01226380 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 12:00 - 2010-02-16 19:05 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-31 11:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 11:59 - 2009-01-22 20:14 - 00000147 _____ () C:\Windows\system32\agent.log
2015-05-31 10:08 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-05-31 10:08 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-05-31 10:02 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-31 09:59 - 2009-07-14 04:03 - 32243712 _____ () C:\Windows\system32\config\COMPON~1.bak
2015-05-31 09:59 - 2009-07-14 04:03 - 05242880 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-05-31 09:59 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-05-31 09:59 - 2009-07-14 04:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-05-30 20:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-29 20:13 - 2014-04-05 17:52 - 00000000 ____D () C:\Users\Stefanie\AppData\Local\CrashDumps
2015-05-29 14:14 - 2009-12-05 23:02 - 00000000 ____D () C:\Users\Stefanie
2015-05-26 18:56 - 2012-05-28 19:26 - 00000000 ____D () C:\Users\Stefanie\Steuererklärung
2015-05-26 18:37 - 2012-05-05 21:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-05-25 12:39 - 2009-11-26 10:46 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-05-25 12:17 - 2012-05-05 21:49 - 00000000 ____D () C:\Users\Stefanie\PV-Anlage
2015-05-25 10:45 - 2012-06-09 09:24 - 00000000 ____D () C:\Program Files\ElsterFormular
2015-05-25 10:42 - 2012-06-09 09:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2015-05-22 17:24 - 2009-12-05 23:43 - 01649492 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-22 16:19 - 2012-08-10 16:17 - 00000000 ____D () C:\ProgramData\tmp
2015-05-22 15:57 - 2012-08-10 16:17 - 00000000 ____D () C:\ProgramData\hps
2015-05-22 15:14 - 2009-10-10 22:04 - 00000000 ____D () C:\Users\Stefanie\AppData\Local\Corel
2015-05-22 15:13 - 2009-10-04 14:20 - 00000000 ____D () C:\Users\Stefanie\Documents\My PSP Files
2015-05-20 20:30 - 2013-05-19 19:56 - 00000000 ____D () C:\Windows\rescache
2015-05-20 12:54 - 2015-04-05 20:18 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 12:06 - 2014-10-17 12:56 - 00000000 ____D () C:\Users\Stefanie\AppData\Local\Adobe
2015-05-20 12:05 - 2012-03-30 17:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-20 12:05 - 2011-05-18 08:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-19 11:20 - 2009-11-26 11:12 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-05-16 10:57 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-16 10:24 - 2009-07-14 06:33 - 00433448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 10:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-05-16 10:22 - 2012-10-28 11:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-15 19:24 - 2009-01-22 20:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 19:23 - 2013-07-26 19:25 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-15 19:16 - 2009-12-17 20:41 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-15 19:14 - 2009-07-14 10:56 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 19:13 - 2012-10-28 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-10 11:10 - 2014-04-11 13:46 - 00000000 ____D () C:\Program Files\Alien Skin
2015-05-10 11:07 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-10 11:03 - 2009-07-14 10:47 - 00000000 ____D () C:\Windows\system32\Drivers\de-DE
2015-05-10 11:03 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-10 10:33 - 2014-05-09 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-10 10:26 - 2012-10-17 08:41 - 00000000 ____D () C:\ProgramData\Avira
2015-05-10 10:26 - 2012-10-17 08:41 - 00000000 ____D () C:\Program Files\Avira
2015-05-01 17:49 - 2013-11-30 20:57 - 00000000 ____D () C:\Users\Stefanie\AppData\Roaming\GlarySoft
==================== Files in the root of some directories =======
2011-11-12 14:23 - 2011-11-12 14:52 - 0000391 _____ () C:\Users\Stefanie\AppData\Roaming\prefsdb.dat
2009-12-08 13:59 - 2009-12-08 13:59 - 0000000 _____ () C:\Users\Stefanie\AppData\Roaming\wklnhst.dat
2011-12-20 20:47 - 2013-03-24 19:35 - 0015360 _____ () C:\Users\Stefanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-26 19:09 - 2009-12-26 19:09 - 0000096 _____ () C:\Users\Stefanie\AppData\Local\fusioncache.dat
2010-10-09 19:47 - 2010-10-09 19:47 - 0007605 _____ () C:\Users\Stefanie\AppData\Local\Resmon.ResmonCfg
2012-04-13 18:26 - 2012-04-13 18:26 - 0000057 _____ () C:\ProgramData\Ament.ini
2010-09-05 22:00 - 2010-09-05 22:00 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-03-21 12:24 - 2010-03-21 12:35 - 0005642 ___SH () C:\ProgramData\KGyGaAvL.sys
Files to move or delete:
====================
C:\Users\Stefanie\Powador-monitorSetup.exe
Some files in TEMP:
====================
C:\Users\Stefanie\AppData\Local\temp\avgnt.exe
C:\Users\Stefanie\AppData\Local\temp\Quarantine.exe
C:\Users\Stefanie\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-24 20:43
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by Stefanie at 2015-05-31 12:55:21
Running from C:\Users\Stefanie\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1929016561-3404761482-1178114853-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1929016561-3404761482-1178114853-1004 - Limited - Enabled)
Gast (S-1-5-21-1929016561-3404761482-1178114853-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1929016561-3404761482-1178114853-1002 - Limited - Enabled)
Stefanie (S-1-5-21-1929016561-3404761482-1178114853-1000 - Administrator - Enabled) => C:\Users\Stefanie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Akamai NetSession Interface (HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Akamai) (Version: - Akamai Technologies, Inc)
ALDI TALK Verbindungsassistent (HKLM\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
AMD Catalyst Install Manager (HKLM\...\{B448BC74-1CB7-7A57-3313-5E075AFB413E}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Avira (HKLM\...\{2d044ded-ae1b-40d3-8d18-97cfda75bd69}) (Version: 1.1.37.14600 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.37.14600 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 6.0.3 - CEWE Stiftung u Co. KGaA)
ElsterFormular (HKLM\...\ElsterFormular 13.2.0.8623k) (Version: 16.1.16483 - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 6.0.3 - CEWE Stiftung u Co. KGaA)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: - )
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: - )
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.7.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.7.0 (x86 de)) (Version: 31.7.0 - Mozilla)
PDF24 Creator 6.5.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1929016561-3404761482-1178114853-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2015-05-30 20:38 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E51480E-EEA2-4904-A34F-12E015A3DDB4} - System32\Tasks\{8A04ABC7-38D2-4319-814B-14A69866BBED} => C:\Program Files\eBay\Turbo Lister2\Tl.exe [2015-01-20] (eBay Inc.)
Task: {1595CA3B-69E0-41F8-B100-B84A06C11577} - System32\Tasks\{25F562C9-884D-4A11-924D-A5222676E39A} => E:\Support\DrvSetup.exe
Task: {15ACCAA3-8B40-47C9-B091-85B7088A83E3} - System32\Tasks\{246E3740-E426-414F-ACC6-4BE63B82CF48} => C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
Task: {16C3933E-14DC-4C03-95AD-22BCEE2FC1B5} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {1F6E818A-FC37-4DAC-9CB6-6A69EA41CDE8} - System32\Tasks\{5778E930-EAD6-48FA-9FC0-39E74168BDA9} => C:\Program Files\eBay\Turbo Lister2\Tl.exe [2015-01-20] (eBay Inc.)
Task: {2FDA2A11-B12A-4247-87D4-05B505A0F6FA} - System32\Tasks\{5B0AB307-9775-4FBF-AA40-7F534627BFA3} => C:\Program Files\Anno 1701\Anno1701.exe
Task: {402507C2-EC45-46F0-8484-83EF3B571E91} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {42F7468F-9647-403E-B036-CE8033AE5BDC} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {437456B3-0BE6-45B3-B7C0-6A06F5C51F23} - System32\Tasks\{ADBCD1E9-BAB9-48D6-A48F-80B410EAE44F} => C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
Task: {468C1FEA-F48E-487C-ADFC-F16B07F5DFE2} - System32\Tasks\{38FFB1EA-52CD-48A0-B109-9AC958E37C8B} => E:\Support\DrvSetup.exe
Task: {4A57A4D2-652E-4340-9F27-72A9FB4C57B6} - System32\Tasks\{AA8412ED-52EF-4E75-AC5E-AB9960560E75} => E:\Support\DrvSetup.exe
Task: {533AFAA9-5BA7-42B4-99CD-1C6A8EEB36A9} - System32\Tasks\{0AEEC940-DC60-4085-BC1F-5294609D5B91} => E:\Support\DrvSetup.exe
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {58042FE0-CD2A-4E38-8314-A7DD7A8328E8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1929016561-3404761482-1178114853-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {5C1DB7E2-F93A-4D5F-BFB4-35691AA61D70} - System32\Tasks\{3E45B8D8-0AF1-4C25-B00C-F59788FA857B} => pcalua.exe -a G:\.\Setup.exe -d G:\ -c AUTORUN=1
Task: {5C31F6D6-145F-4C40-AE87-5B1415F3DE4C} - System32\Tasks\{A97E2386-CAA6-4D99-81BF-6B5BBDCC4831} => C:\Program Files\eBay\Turbo Lister2\Tl.exe [2015-01-20] (eBay Inc.)
Task: {5F83B29B-05D8-43D8-ABDC-2E28CCE71EBC} - System32\Tasks\{F46C8278-F344-4BEC-979D-ECCF82B5FD00} => E:\Support\DrvSetup.exe
Task: {5FD52543-C7DD-4630-83FD-657AA6C7D172} - System32\Tasks\{226D8188-C61B-4A1C-BBD8-5A487ACD79C1} => pcalua.exe -a E:\Support\DrvSetup.exe -d E:\Support
Task: {62B29A63-584D-4AAC-8247-485E2DD69C47} - System32\Tasks\{974212CB-BB83-420B-BB56-3AB2B1E3099F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {63176F42-B0A2-4089-9BD5-1EA4B0A97E9E} - System32\Tasks\{A10EA299-1B02-4FFC-A236-0F59856DBDEC} => C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
Task: {6FE79F09-A412-456D-9068-2E1D35830820} - System32\Tasks\{407BC4AA-C998-4262-BD35-5F1525B89309} => C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
Task: {7254E2F9-E791-4791-9519-3976933F5EE7} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1929016561-3404761482-1178114853-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-04-30] (RealNetworks, Inc.)
Task: {7FFF1E50-18E2-482B-B26D-06C6399359DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {94232C03-8F77-48EE-9951-BFAB7C3087C5} - System32\Tasks\{AA6418A4-6FCA-4C64-BEBA-CFC48C48E27F} => C:\Program Files\Anno 1701\Anno1701.exe
Task: {97B14671-22FE-4268-96D2-68370FAA1AF9} - System32\Tasks\{412D60CC-C6B4-414D-8256-70AA129A8A92} => pcalua.exe -a C:\Users\Stefanie\Downloads\facebook(2).exe -d "C:\Program Files\Mozilla Firefox"
Task: {999973F3-CF50-4394-8AA9-D0F1E4D248F0} - System32\Tasks\{A91F2EDE-9344-4156-9408-47770CC7B774} => E:\Support\DrvSetup.exe
Task: {9A7A5409-C8D6-4D91-92F1-8AFB8BEDB3A9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {A6388779-1D89-487B-9AE5-2099A489C39E} - System32\Tasks\{4F14C284-E9D1-4045-94B6-01C4EB0F41E7} => C:\Program Files\Anno 1701\Anno1701.exe
Task: {AE1F168B-C816-418E-91FA-E916ECA90FE5} - System32\Tasks\{AA39B86F-7C9E-446E-AAB0-6FFF3E9D5E83} => E:\Support\DrvSetup.exe
Task: {AFB563A4-E667-46F2-B477-3B205127FF3D} - System32\Tasks\{CC263A69-AD11-4D89-8C73-1E81708C90A5} => pcalua.exe -a "C:\Program Files\Toshiba\Bluetooth Toshiba Stack\SetupDiU.exe" -d C:\Windows\system32 -c /Unload
Task: {BAF3CAEF-F6B7-41B5-AE60-6AB713B796C9} - System32\Tasks\{E7CCD0F6-70FB-441D-B204-D9F5F73C5E6C} => E:\Support\DrvSetup.exe
Task: {C51B9ED2-7BF3-4880-A8FA-EE94343D8162} - System32\Tasks\{4979FB06-E73A-4034-8B99-461A0B98256B} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -c -runfromtemp -l0x0007 -removeonly
Task: {C8A6064D-80CE-475C-9DBD-6C43B74AC3F0} - System32\Tasks\{C0C8401A-1F42-4924-98BA-F0F9048B26AF} => pcalua.exe -a C:\Users\Stefanie\AppData\Local\Temp\Temp1_anno1404_demo_germany_2009_06_10_16_27.zip\Anno1404_Demo_GER_2009_06_10_16_27\setup.exe
Task: {CD0D9D1C-D46F-47DB-A07C-7F78CD094A0D} - System32\Tasks\hpUrlLauncher.exe_{6D04C35F-256F-444A-AB3B-23C0321A2361} => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\utils\hpUrlLauncher.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {DD0C8DF0-812E-4347-ACF5-0AC73A0C416A} - System32\Tasks\{FDD922F8-61AD-453C-A310-160ED747B1F7} => E:\Support\DrvSetup.exe
Task: {DFB6EF7C-9824-4E28-8B89-70C31DF742EB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {E11D19B9-A288-4F8A-A53E-EE27213E76F6} - System32\Tasks\{26EA5635-73B8-430E-B6B4-671390DDA09A} => C:\Program Files\Anno 1701\Anno1701.exe
Task: {E29ABDC8-70C7-4DDF-AF90-5DD174BE0121} - System32\Tasks\{1EFF5405-E34A-4589-AD2D-ACB53642344A} => C:\Program Files\eBay\Turbo Lister2\Tl.exe [2015-01-20] (eBay Inc.)
Task: {E3902773-9A60-44E2-89E6-1094DF6CD017} - System32\Tasks\{6A9607D0-AAD5-4161-BA88-386804489FDD} => C:\Program Files\eBay\Turbo Lister2\Tl.exe [2015-01-20] (eBay Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E893AD4C-481A-49E8-89EB-1E33D9E07E96} - System32\Tasks\{015BA6AD-5C56-4492-9D0A-C2CE384CF13A} => C:\Program Files\Convar\SmartRecovery\SMR.exe [2004-06-25] (Convar Deutschland GmbH)
Task: {E930D9CB-6DB0-43D0-85A3-017B90C96602} - System32\Tasks\{2A7873A2-C60E-4EED-9EAC-ABEA7972D81D} => C:\Program Files\eBay\Turbo Lister2\Tl.exe [2015-01-20] (eBay Inc.)
Task: {EE382687-3A34-4FF0-A3BB-5D2DF6F0BD39} - System32\Tasks\{75AADDA3-CF34-4659-82A8-BC03113FFADF} => C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
Task: {FD3A420B-7A18-4DD8-A09F-23738218A36F} - System32\Tasks\{D6131228-1437-43DA-AA66-471D0C6B1C12} => C:\Program Files\eBay\Turbo Lister2\Tl.exe [2015-01-20] (eBay Inc.)
Task: {FF3ADAFA-8955-4E89-AF76-3F91C8D61B43} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-20] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2012-07-10 19:03 - 2011-09-13 10:16 - 00342984 ____N () C:\Program Files\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2011-06-08 23:57 - 2011-06-08 23:57 - 01929576 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2007-01-16 13:25 - 2007-01-16 13:25 - 00022723 _____ () C:\Windows\System32\clpa1l3.dll
2012-10-09 12:13 - 2010-06-17 21:56 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2009-01-22 20:28 - 2009-08-13 16:54 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-12-05 23:18 - 2009-12-05 23:18 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3016.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-12-05 23:18 - 2009-12-05 23:18 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3016.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-12-05 23:18 - 2009-12-05 23:18 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3016.0__3036420f80dd6947\Framework.Library.dll
2009-12-05 23:18 - 2009-12-05 23:18 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3016.0__672b450de5a7e94a\Framework.Host.dll
2009-12-05 23:18 - 2009-12-05 23:18 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3016.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2009-08-17 22:02 - 2008-09-11 21:20 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2009-08-17 22:01 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2009-08-17 22:01 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2009-08-17 22:01 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2009-08-17 22:01 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:00811B66
AlternateDataStreams: C:\ProgramData\Temp:03D08225
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:041C0562
AlternateDataStreams: C:\ProgramData\Temp:04A18F36
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:05582920
AlternateDataStreams: C:\ProgramData\Temp:063969F8
AlternateDataStreams: C:\ProgramData\Temp:06C34166
AlternateDataStreams: C:\ProgramData\Temp:06CC3FD3
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5
AlternateDataStreams: C:\ProgramData\Temp:0ADCCF52
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CDF8C3D
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:0EBD727C
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:103E96B0
AlternateDataStreams: C:\ProgramData\Temp:109734F6
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA
AlternateDataStreams: C:\ProgramData\Temp:10CFA7D4
AlternateDataStreams: C:\ProgramData\Temp:10D45FC3
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:115EA582
AlternateDataStreams: C:\ProgramData\Temp:11EFE63D
AlternateDataStreams: C:\ProgramData\Temp:1224B4C3
AlternateDataStreams: C:\ProgramData\Temp:124B94C0
AlternateDataStreams: C:\ProgramData\Temp:12BCD9DC
AlternateDataStreams: C:\ProgramData\Temp:12D21A9A
AlternateDataStreams: C:\ProgramData\Temp:13019F4B
AlternateDataStreams: C:\ProgramData\Temp:1316EAD4
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:152FD00E
AlternateDataStreams: C:\ProgramData\Temp:15734396
AlternateDataStreams: C:\ProgramData\Temp:15752405
AlternateDataStreams: C:\ProgramData\Temp:164561C8
AlternateDataStreams: C:\ProgramData\Temp:1656EE95
AlternateDataStreams: C:\ProgramData\Temp:169E7AC5
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:18A25CF1
AlternateDataStreams: C:\ProgramData\Temp:18A6D2CC
AlternateDataStreams: C:\ProgramData\Temp:19474103
AlternateDataStreams: C:\ProgramData\Temp:19F8EB29
AlternateDataStreams: C:\ProgramData\Temp:1A81EA30
AlternateDataStreams: C:\ProgramData\Temp:1B389835
AlternateDataStreams: C:\ProgramData\Temp:1C6D705B
AlternateDataStreams: C:\ProgramData\Temp:1CD511E5
AlternateDataStreams: C:\ProgramData\Temp:1CDEDE11
AlternateDataStreams: C:\ProgramData\Temp:1D6B18F1
AlternateDataStreams: C:\ProgramData\Temp:1EEF2E2E
AlternateDataStreams: C:\ProgramData\Temp:1F979A92
AlternateDataStreams: C:\ProgramData\Temp:1FA4C06F
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:20ABE827
AlternateDataStreams: C:\ProgramData\Temp:20E1FC41
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:2216A431
AlternateDataStreams: C:\ProgramData\Temp:2339C9FD
AlternateDataStreams: C:\ProgramData\Temp:236FF5C6
AlternateDataStreams: C:\ProgramData\Temp:24391EC1
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:2680DDD5
AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:26A148EB
AlternateDataStreams: C:\ProgramData\Temp:2701988C
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:27F44544
AlternateDataStreams: C:\ProgramData\Temp:282CE153
AlternateDataStreams: C:\ProgramData\Temp:28819F45
AlternateDataStreams: C:\ProgramData\Temp:29629382
AlternateDataStreams: C:\ProgramData\Temp:29F0CA7D
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B5C4773
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8
AlternateDataStreams: C:\ProgramData\Temp:2BFBA0B7
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C84CA43
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D3CB929
AlternateDataStreams: C:\ProgramData\Temp:2DB4FB78
AlternateDataStreams: C:\ProgramData\Temp:2DF54B62
AlternateDataStreams: C:\ProgramData\Temp:2E3F04BC
AlternateDataStreams: C:\ProgramData\Temp:2E928E6E
AlternateDataStreams: C:\ProgramData\Temp:2F0A4DCE
AlternateDataStreams: C:\ProgramData\Temp:2F360FB3
AlternateDataStreams: C:\ProgramData\Temp:2F717FB3
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:30A9192A
AlternateDataStreams: C:\ProgramData\Temp:313F7672
AlternateDataStreams: C:\ProgramData\Temp:3241739E
AlternateDataStreams: C:\ProgramData\Temp:32D2A239
AlternateDataStreams: C:\ProgramData\Temp:3393A1CA
AlternateDataStreams: C:\ProgramData\Temp:353212A0
AlternateDataStreams: C:\ProgramData\Temp:35629AE6
AlternateDataStreams: C:\ProgramData\Temp:3651A580
AlternateDataStreams: C:\ProgramData\Temp:370E4EFB
AlternateDataStreams: C:\ProgramData\Temp:371060CE
AlternateDataStreams: C:\ProgramData\Temp:371A321E
AlternateDataStreams: C:\ProgramData\Temp:37C279BE
AlternateDataStreams: C:\ProgramData\Temp:38534D53
AlternateDataStreams: C:\ProgramData\Temp:38A0E181
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:3969ACF7
AlternateDataStreams: C:\ProgramData\Temp:397D67BA
AlternateDataStreams: C:\ProgramData\Temp:39DC8D60
AlternateDataStreams: C:\ProgramData\Temp:39EDBD33
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7
AlternateDataStreams: C:\ProgramData\Temp:3A7527E8
AlternateDataStreams: C:\ProgramData\Temp:3ABC38E6
AlternateDataStreams: C:\ProgramData\Temp:3AD6342E
AlternateDataStreams: C:\ProgramData\Temp:3B454A5C
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3D3F1635
AlternateDataStreams: C:\ProgramData\Temp:3D507E52
AlternateDataStreams: C:\ProgramData\Temp:3DB6F365
AlternateDataStreams: C:\ProgramData\Temp:3E0674EA
AlternateDataStreams: C:\ProgramData\Temp:3F266659
AlternateDataStreams: C:\ProgramData\Temp:401CAF8F
AlternateDataStreams: C:\ProgramData\Temp:40EE25BB
AlternateDataStreams: C:\ProgramData\Temp:4149A170
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:43D2A298
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:447856CD
AlternateDataStreams: C:\ProgramData\Temp:45912F61
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9
AlternateDataStreams: C:\ProgramData\Temp:48897D41
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:49EB69E2
AlternateDataStreams: C:\ProgramData\Temp:4A2862FF
AlternateDataStreams: C:\ProgramData\Temp:4A906D4A
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B
AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3
AlternateDataStreams: C:\ProgramData\Temp:4C8FA829
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4D6B6072
AlternateDataStreams: C:\ProgramData\Temp:4D729D61
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4F49DA66
AlternateDataStreams: C:\ProgramData\Temp:4F7FE589
AlternateDataStreams: C:\ProgramData\Temp:506698B2
AlternateDataStreams: C:\ProgramData\Temp:5106F19A
AlternateDataStreams: C:\ProgramData\Temp:512E1728
AlternateDataStreams: C:\ProgramData\Temp:52329B88
AlternateDataStreams: C:\ProgramData\Temp:52641FBE
AlternateDataStreams: C:\ProgramData\Temp:52C24010
AlternateDataStreams: C:\ProgramData\Temp:52E5A75A
AlternateDataStreams: C:\ProgramData\Temp:53F09A92
AlternateDataStreams: C:\ProgramData\Temp:56699AAF
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:569CEE83
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57231008
AlternateDataStreams: C:\ProgramData\Temp:574F975B
AlternateDataStreams: C:\ProgramData\Temp:58306E4C
AlternateDataStreams: C:\ProgramData\Temp:59465B40
AlternateDataStreams: C:\ProgramData\Temp:59A6876B
AlternateDataStreams: C:\ProgramData\Temp:5AE33054
AlternateDataStreams: C:\ProgramData\Temp:5C02B7AF
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:5CBA5665
AlternateDataStreams: C:\ProgramData\Temp:5CE91C67
AlternateDataStreams: C:\ProgramData\Temp:5DB36C47
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B
AlternateDataStreams: C:\ProgramData\Temp:5E481579
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:600F6768
AlternateDataStreams: C:\ProgramData\Temp:605645B0
AlternateDataStreams: C:\ProgramData\Temp:609CAC7C
AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
AlternateDataStreams: C:\ProgramData\Temp:611EAF9F
AlternateDataStreams: C:\ProgramData\Temp:612873B2
AlternateDataStreams: C:\ProgramData\Temp:627153F1
AlternateDataStreams: C:\ProgramData\Temp:63210866
AlternateDataStreams: C:\ProgramData\Temp:634EA293
AlternateDataStreams: C:\ProgramData\Temp:63BA523E
AlternateDataStreams: C:\ProgramData\Temp:63FFB7A0
AlternateDataStreams: C:\ProgramData\Temp:6423D635
AlternateDataStreams: C:\ProgramData\Temp:64E05835
AlternateDataStreams: C:\ProgramData\Temp:658DE22A
AlternateDataStreams: C:\ProgramData\Temp:65949863
AlternateDataStreams: C:\ProgramData\Temp:65AB2A58
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:66871744
AlternateDataStreams: C:\ProgramData\Temp:66F19688
AlternateDataStreams: C:\ProgramData\Temp:67A91473
AlternateDataStreams: C:\ProgramData\Temp:67B6E7FA
AlternateDataStreams: C:\ProgramData\Temp:67CF910D
AlternateDataStreams: C:\ProgramData\Temp:68DE552E
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:6A4DFD85
AlternateDataStreams: C:\ProgramData\Temp:6A9EDD31
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4
AlternateDataStreams: C:\ProgramData\Temp:6B8AB6FB
AlternateDataStreams: C:\ProgramData\Temp:6BEADDC0
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6BFA43EB
AlternateDataStreams: C:\ProgramData\Temp:6CB8F7A9
AlternateDataStreams: C:\ProgramData\Temp:6DDBB86B
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E2D80C8
AlternateDataStreams: C:\ProgramData\Temp:6E39144C
AlternateDataStreams: C:\ProgramData\Temp:6E3C585B
AlternateDataStreams: C:\ProgramData\Temp:6EB8C6CD
AlternateDataStreams: C:\ProgramData\Temp:6ECE93A8
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:701FCC18
AlternateDataStreams: C:\ProgramData\Temp:708BB0FA
AlternateDataStreams: C:\ProgramData\Temp:709E81D4
AlternateDataStreams: C:\ProgramData\Temp:71004506
AlternateDataStreams: C:\ProgramData\Temp:71112705
AlternateDataStreams: C:\ProgramData\Temp:716C3D9F
AlternateDataStreams: C:\ProgramData\Temp:71AEFFEB
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96
AlternateDataStreams: C:\ProgramData\Temp:74091520
AlternateDataStreams: C:\ProgramData\Temp:751D6870
AlternateDataStreams: C:\ProgramData\Temp:75CC0165
AlternateDataStreams: C:\ProgramData\Temp:774A0E14
AlternateDataStreams: C:\ProgramData\Temp:7804B508
AlternateDataStreams: C:\ProgramData\Temp:79059537
AlternateDataStreams: C:\ProgramData\Temp:7934407E
AlternateDataStreams: C:\ProgramData\Temp:79875988
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7A032A04
AlternateDataStreams: C:\ProgramData\Temp:7A530D80
AlternateDataStreams: C:\ProgramData\Temp:7ADB695A
AlternateDataStreams: C:\ProgramData\Temp:7AF9CAEB
AlternateDataStreams: C:\ProgramData\Temp:7B9BB187
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7BFAAE70
AlternateDataStreams: C:\ProgramData\Temp:7C3760E2
AlternateDataStreams: C:\ProgramData\Temp:7C8AA9A6
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7D9B1030
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:7E802BFF
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:801ED9DF
AlternateDataStreams: C:\ProgramData\Temp:8118F1F5
AlternateDataStreams: C:\ProgramData\Temp:8318A814
AlternateDataStreams: C:\ProgramData\Temp:84C34762
AlternateDataStreams: C:\ProgramData\Temp:84EBFAE9
AlternateDataStreams: C:\ProgramData\Temp:857BC015
AlternateDataStreams: C:\ProgramData\Temp:864881BF
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:8855A119
AlternateDataStreams: C:\ProgramData\Temp:88AFFAC5
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB
AlternateDataStreams: C:\ProgramData\Temp:8A0EFC75
AlternateDataStreams: C:\ProgramData\Temp:8AC20936
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:8C84E358
AlternateDataStreams: C:\ProgramData\Temp:8C8D234C
AlternateDataStreams: C:\ProgramData\Temp:8D565A9B
AlternateDataStreams: C:\ProgramData\Temp:8F1B55BE
AlternateDataStreams: C:\ProgramData\Temp:91FE43FF
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:92BD9737
AlternateDataStreams: C:\ProgramData\Temp:92FE8A60
AlternateDataStreams: C:\ProgramData\Temp:934CA750
AlternateDataStreams: C:\ProgramData\Temp:95198126
AlternateDataStreams: C:\ProgramData\Temp:9524D821
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:961B84C5
AlternateDataStreams: C:\ProgramData\Temp:9758CFB3
AlternateDataStreams: C:\ProgramData\Temp:97BDBF49
AlternateDataStreams: C:\ProgramData\Temp:98BD93BF
AlternateDataStreams: C:\ProgramData\Temp:98DFF516
AlternateDataStreams: C:\ProgramData\Temp:9968F0E2
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9A24FE7D
AlternateDataStreams: C:\ProgramData\Temp:9A88B65D
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9CD7CD43
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9DB67071
AlternateDataStreams: C:\ProgramData\Temp:9E5EA7A3
AlternateDataStreams: C:\ProgramData\Temp:9EDA68BD
AlternateDataStreams: C:\ProgramData\Temp:9EE6560D
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:9FCF32A8
AlternateDataStreams: C:\ProgramData\Temp:A039EDF9
AlternateDataStreams: C:\ProgramData\Temp:A05F750A
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A10E88DE
AlternateDataStreams: C:\ProgramData\Temp:A26AFC00
AlternateDataStreams: C:\ProgramData\Temp:A291068E
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A4BF246C
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F
AlternateDataStreams: C:\ProgramData\Temp:A6345BDA
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537
AlternateDataStreams: C:\ProgramData\Temp:A6D89509
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:A8DFD30C
AlternateDataStreams: C:\ProgramData\Temp:A900C3A3
AlternateDataStreams: C:\ProgramData\Temp:A9F877BF
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:AABCC5A7
AlternateDataStreams: C:\ProgramData\Temp:AB3339EF
AlternateDataStreams: C:\ProgramData\Temp:AD7A32E9
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE324BE5
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0
AlternateDataStreams: C:\ProgramData\Temp:AECF4772
AlternateDataStreams: C:\ProgramData\Temp:AFB24B00
AlternateDataStreams: C:\ProgramData\Temp:AFB89C92
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA
AlternateDataStreams: C:\ProgramData\Temp:B0EA26E5
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE
AlternateDataStreams: C:\ProgramData\Temp:B3A5945E
AlternateDataStreams: C:\ProgramData\Temp:B60D5127
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71
AlternateDataStreams: C:\ProgramData\Temp:B6DD2C7E
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:B8791731
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BB1102D7
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5
AlternateDataStreams: C:\ProgramData\Temp:BD50071F
AlternateDataStreams: C:\ProgramData\Temp:BD84F7D6
AlternateDataStreams: C:\ProgramData\Temp:BE0654D6
AlternateDataStreams: C:\ProgramData\Temp:BE6B5FC3
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C0BCE04B
AlternateDataStreams: C:\ProgramData\Temp:C2F24DB5
AlternateDataStreams: C:\ProgramData\Temp:C30487EE
AlternateDataStreams: C:\ProgramData\Temp:C36B1175
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3A047E3
AlternateDataStreams: C:\ProgramData\Temp:C48905F4
AlternateDataStreams: C:\ProgramData\Temp:C48A983C
AlternateDataStreams: C:\ProgramData\Temp:C5A156B6
AlternateDataStreams: C:\ProgramData\Temp:C6104C4F
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C7857F06
AlternateDataStreams: C:\ProgramData\Temp:C7F08EA3
AlternateDataStreams: C:\ProgramData\Temp:C82CA1C0
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB08ED9D
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D03C606E
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D3A89E47
AlternateDataStreams: C:\ProgramData\Temp:D434342F
AlternateDataStreams: C:\ProgramData\Temp:D453E38B
AlternateDataStreams: C:\ProgramData\Temp:D46ECFD5
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D5D75FF0
AlternateDataStreams: C:\ProgramData\Temp:D5E3E8C4
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D
AlternateDataStreams: C:\ProgramData\Temp:D621CFB8
AlternateDataStreams: C:\ProgramData\Temp:D6A43EB0
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D882BE37
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DA7655EA
AlternateDataStreams: C:\ProgramData\Temp:DB76C881
AlternateDataStreams: C:\ProgramData\Temp:DBB979D4
AlternateDataStreams: C:\ProgramData\Temp:DC0B1070
AlternateDataStreams: C:\ProgramData\Temp:DC9915D2
AlternateDataStreams: C:\ProgramData\Temp:DD04902E
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:DDF112BD
AlternateDataStreams: C:\ProgramData\Temp:DE875C30
AlternateDataStreams: C:\ProgramData\Temp:E0888117
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E11D90D0
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E1610EDC
AlternateDataStreams: C:\ProgramData\Temp:E1E51784
AlternateDataStreams: C:\ProgramData\Temp:E411AA0D
AlternateDataStreams: C:\ProgramData\Temp:E534B4D1
AlternateDataStreams: C:\ProgramData\Temp:E5496666
AlternateDataStreams: C:\ProgramData\Temp:E5B07840
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E6B6120A
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:E7B4296D
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:E8AEB2BF
AlternateDataStreams: C:\ProgramData\Temp:E8C44CB4
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EA9D8B40
AlternateDataStreams: C:\ProgramData\Temp:EAEE7554
AlternateDataStreams: C:\ProgramData\Temp:EAF954B6
AlternateDataStreams: C:\ProgramData\Temp:EB792F59
AlternateDataStreams: C:\ProgramData\Temp:EB86F355
AlternateDataStreams: C:\ProgramData\Temp:ED4272E5
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:EFECABA9
AlternateDataStreams: C:\ProgramData\Temp:F039D9FE
AlternateDataStreams: C:\ProgramData\Temp:F123F8B9
AlternateDataStreams: C:\ProgramData\Temp:F1381B87
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F28DF4DC
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB
AlternateDataStreams: C:\ProgramData\Temp:F3A185AE
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F7BF538D
AlternateDataStreams: C:\ProgramData\Temp:F7F4DC88
AlternateDataStreams: C:\ProgramData\Temp:F816645E
AlternateDataStreams: C:\ProgramData\Temp:F84EC1E0
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67
AlternateDataStreams: C:\ProgramData\Temp:FAB64002
AlternateDataStreams: C:\ProgramData\Temp:FB647F34
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FC414D14
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A
AlternateDataStreams: C:\ProgramData\Temp:FCBEDCFD
AlternateDataStreams: C:\ProgramData\Temp:FD6D11C9
AlternateDataStreams: C:\ProgramData\Temp:FD6DB82C
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FD8BCF62
AlternateDataStreams: C:\ProgramData\Temp:FDEE14AC
AlternateDataStreams: C:\ProgramData\Temp:FE1665C7
AlternateDataStreams: C:\ProgramData\Temp:FEE00EB9
AlternateDataStreams: C:\ProgramData\Temp:FFC3922F
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7866 more restricted sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Launcher.lnk => C:\Windows\pss\Launcher.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Stefanie\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: AMD AVT => Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
MSCONFIG\startupreg: BDRegion => C:\Program Files\Cyberlink\Shared files\brs.exe
MSCONFIG\startupreg: BkupTray => "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
MSCONFIG\startupreg: CTCheck => C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
MSCONFIG\startupreg: CTSyncU.exe => "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
MSCONFIG\startupreg: eAudio => "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
MSCONFIG\startupreg: eDataSecurity Loader => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
MSCONFIG\startupreg: ePower_DMC => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Deskjet 3050A J611 series (NET) => "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1A6485GC05PJ:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1
MSCONFIG\startupreg: LManager => C:\Program Files\Launch Manager\LManager.exe
MSCONFIG\startupreg: NapsterShell => C:\Program Files\Napster\napster.exe /systray
MSCONFIG\startupreg: PDFPrint => C:\Program Files\PDF24\pdf24.exe
MSCONFIG\startupreg: PlayMovie => "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MSCONFIG\startupreg: Skytel => C:\Program Files\Realtek\Audio\HDA\Skytel.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{A6513A86-5DAE-4221-8143-365620AF1F6E}] => (Allow) C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{8608B8A1-9E74-4D01-8A68-4A9BCB43D11B}] => (Allow) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
FirewallRules: [{D2D98E77-C7DB-4839-BDE6-5E55514AEE1B}] => (Allow) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PlayMovie.exe
FirewallRules: [{69B4423A-1802-4671-B7C3-52735D81AB70}] => (Allow) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{EA35326E-3E14-489D-9BC3-40DA24F4438D}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{00007600-C351-4D0D-887F-438367E21DD4}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
FirewallRules: [{5DB012BB-DF24-4364-8955-39DC01884B89}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{1A2792E7-BF7C-477B-AD5F-60F9CC7AE695}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{727DC909-3A31-4704-9E16-A4466D594F7A}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
FirewallRules: [{AE63E44C-E0D7-489E-96C7-5E8A294D6731}] => (Allow) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
FirewallRules: [{7494DCAD-E537-42D3-B0DE-E94820A1E397}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{30C85D19-42F1-4678-B6C9-0C64AAD6D47E}] => (Allow) svchost.exe
FirewallRules: [{42FC34A1-5051-465F-A937-7359311584DE}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6272C2FD-8887-4476-BE24-2DD4062582E7}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{2E136A42-042F-4BA6-A78C-1A6A9961D996}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{F33ACA44-1BC1-410A-B8AA-73130830F489}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe
FirewallRules: [{36C49910-73D5-4FD2-85A1-E8E407FABC8F}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{7573A174-7C8B-4CE3-8A17-14F31E080752}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe
FirewallRules: [{FD1EABEB-06CE-443F-849D-FCBED28A2E35}] => (Allow) C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{953EC385-6E17-45ED-BED7-E85414B19A7B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E4E0B2A2-5645-4536-A36F-757463B981C2}] => (Allow) C:\Program Files\Steam2\Steam.exe
FirewallRules: [{FF88BA35-10B1-4B87-8279-2B5002109305}] => (Allow) C:\Program Files\Steam2\Steam.exe
FirewallRules: [{5AD2E7B9-A2EF-4689-BBF4-44779FAD03ED}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{43FFDE3F-A392-494D-96ED-40C8E1BD5319}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Addon.exe
FirewallRules: [{E9A3B22A-EFEB-4E30-ADBF-F35C4B563566}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{A3CCFB72-7A97-470C-BBC7-B23F522BEDF4}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\AddonWeb.exe
FirewallRules: [{1CD7E3B9-C14C-4B12-B4AB-2D4429AF6AA4}] => (Allow) C:\Users\Stefanie\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{2D3F9D36-9294-4084-AF59-F2E967C33060}] => (Allow) C:\Users\Stefanie\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{799B6C52-D201-414D-9BD3-A62AEDC4BD95}C:\users\stefanie\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\stefanie\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{4D2B9996-2628-4153-829E-454BFBA21B3C}C:\users\stefanie\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\stefanie\appdata\local\akamai\netsession_win.exe
FirewallRules: [{84962866-6451-46D0-8E7E-F10C938074AE}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{656B2D31-A7B6-4828-B000-A0248FBA6153}] => (Allow) C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{0FADE5B0-F209-4227-BA11-DE2684D94904}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 2070\Anno5.exe
FirewallRules: [{EADD5A70-1BA5-446F-8C9D-314DE9568B31}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 2070\Anno5.exe
FirewallRules: [{E419343E-5E9F-45C4-9DCF-68674D042100}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe
FirewallRules: [{197DA3A3-EAE3-4C56-ADEA-0C97298A647B}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 2070\AutoPatcher.exe
FirewallRules: [{3CA93205-0F4D-4C1A-819F-13F9D2C29EBF}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe
FirewallRules: [{241845BC-3AF9-4266-840B-6226513451DE}] => (Allow) C:\Program Files\Ubisoft\Related Designs\ANNO 2070\InitEngine.exe
FirewallRules: [{EB7CD187-BDC4-4011-9FE2-7593D41A7B33}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\DeviceSetup.exe
FirewallRules: [{4576D6F0-A14B-4F15-9F18-D47D49FB7D07}] => (Allow) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AEC0C475-3B76-4225-9A34-0561111F85D6}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{9FBC6136-F10B-46D4-8AD3-F11451DCBC85}] => (Allow) C:\Program Files\Steam2\steamapps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{5A23530C-F527-48A3-A5FF-111B3A03FA2A}] => (Allow) C:\Program Files\Steam2\steamapps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{116056D6-2095-4496-ADD2-2B5C4019B16F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F83F05C9-A2BC-44C8-B9C6-BEAF62712CA1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service: acedrv11
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/31/2015 11:59:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/31/2015 10:01:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/31/2015 00:52:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/30/2015 09:04:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (05/30/2015 08:20:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 08:08:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 03:06:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/30/2015 02:36:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/29/2015 08:13:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Name des fehlerhaften Moduls: Gmer-19357.exe, Version: 2.1.19357.0, Zeitstempel: 0x52e7ea83
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00012298
ID des fehlerhaften Prozesses: 0x1414
Startzeit der fehlerhaften Anwendung: 0xGmer-19357.exe0
Pfad der fehlerhaften Anwendung: Gmer-19357.exe1
Pfad des fehlerhaften Moduls: Gmer-19357.exe2
Berichtskennung: Gmer-19357.exe3
Error: (05/29/2015 08:01:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/31/2015 00:47:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/31/2015 00:47:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/31/2015 00:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "XAudioService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 00:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel® PROSet/Wireless Registry Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 00:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 00:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ProtexisLicensing" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 00:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI Backup Now 5 Backup Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 00:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 00:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NTI Backup Now 5 Scheduler Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 00:47:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PDF Architect Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (01/27/2015 01:44:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 290 seconds with 240 seconds of active time. This session ended with a crash.
Error: (12/03/2010 00:12:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 43%
Total physical RAM: 3066.88 MB
Available physical RAM: 1726.94 MB
Total Pagefile: 6132.06 MB
Available Pagefile: 4420.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.96 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:142.16 GB) (Free:50 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.18 GB) (Free:101.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 9144B4E2)
Partition 1: (Not Active) - (Size=10.7 GB) - (Type=27)
Partition 2: (Active) - (Size=142.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
==================== End of log ============================
|
|
31.05.2015, 12:33
| #11 |
| /// TB-Ausbilder | Windows 7 Windows Explorer schließt sich immer Servus,
|
|
31.05.2015, 12:47
| #12 |
| | Windows 7 Windows Explorer schließt sich immer Hallo, Code:
ATTFilter Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by Stefanie at 2015-05-31 13:44:59
Running from C:\Users\Stefanie\Downloads
Boot Mode: Normal
================== Search Registry: "ParetoLogic;Re-markit;DriverCure;quickclick" ===========
===================== Search result for "ParetoLogic" ==========
[HKEY_USERS\S-1-5-21-1929016561-3404761482-1178114853-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Stefanie\Downloads\ParetoLogic PC Health Advisor_de.exe"="1"
====== End of Search ======
|
|
31.05.2015, 13:01
| #13 | |
| /// TB-Ausbilder | Windows 7 Windows Explorer schließt sich immerZitat:
Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF NetworkProxy: "type", 0
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
C:\Users\Stefanie\Downloads\ParetoLogic PC Health Advisor_de.exe
C:\Users\Stefanie\Downloads\*CHIP-Installer.exe
AlternateDataStreams: C:\ProgramData\Temp:00811B66
AlternateDataStreams: C:\ProgramData\Temp:03D08225
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:041C0562
AlternateDataStreams: C:\ProgramData\Temp:04A18F36
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:05582920
AlternateDataStreams: C:\ProgramData\Temp:063969F8
AlternateDataStreams: C:\ProgramData\Temp:06C34166
AlternateDataStreams: C:\ProgramData\Temp:06CC3FD3
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5
AlternateDataStreams: C:\ProgramData\Temp:0ADCCF52
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CDF8C3D
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:0EBD727C
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:103E96B0
AlternateDataStreams: C:\ProgramData\Temp:109734F6
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA
AlternateDataStreams: C:\ProgramData\Temp:10CFA7D4
AlternateDataStreams: C:\ProgramData\Temp:10D45FC3
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:115EA582
AlternateDataStreams: C:\ProgramData\Temp:11EFE63D
AlternateDataStreams: C:\ProgramData\Temp:1224B4C3
AlternateDataStreams: C:\ProgramData\Temp:124B94C0
AlternateDataStreams: C:\ProgramData\Temp:12BCD9DC
AlternateDataStreams: C:\ProgramData\Temp:12D21A9A
AlternateDataStreams: C:\ProgramData\Temp:13019F4B
AlternateDataStreams: C:\ProgramData\Temp:1316EAD4
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:152FD00E
AlternateDataStreams: C:\ProgramData\Temp:15734396
AlternateDataStreams: C:\ProgramData\Temp:15752405
AlternateDataStreams: C:\ProgramData\Temp:164561C8
AlternateDataStreams: C:\ProgramData\Temp:1656EE95
AlternateDataStreams: C:\ProgramData\Temp:169E7AC5
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:18A25CF1
AlternateDataStreams: C:\ProgramData\Temp:18A6D2CC
AlternateDataStreams: C:\ProgramData\Temp:19474103
AlternateDataStreams: C:\ProgramData\Temp:19F8EB29
AlternateDataStreams: C:\ProgramData\Temp:1A81EA30
AlternateDataStreams: C:\ProgramData\Temp:1B389835
AlternateDataStreams: C:\ProgramData\Temp:1C6D705B
AlternateDataStreams: C:\ProgramData\Temp:1CD511E5
AlternateDataStreams: C:\ProgramData\Temp:1CDEDE11
AlternateDataStreams: C:\ProgramData\Temp:1D6B18F1
AlternateDataStreams: C:\ProgramData\Temp:1EEF2E2E
AlternateDataStreams: C:\ProgramData\Temp:1F979A92
AlternateDataStreams: C:\ProgramData\Temp:1FA4C06F
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:20ABE827
AlternateDataStreams: C:\ProgramData\Temp:20E1FC41
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:2216A431
AlternateDataStreams: C:\ProgramData\Temp:2339C9FD
AlternateDataStreams: C:\ProgramData\Temp:236FF5C6
AlternateDataStreams: C:\ProgramData\Temp:24391EC1
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:2680DDD5
AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:26A148EB
AlternateDataStreams: C:\ProgramData\Temp:2701988C
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:27F44544
AlternateDataStreams: C:\ProgramData\Temp:282CE153
AlternateDataStreams: C:\ProgramData\Temp:28819F45
AlternateDataStreams: C:\ProgramData\Temp:29629382
AlternateDataStreams: C:\ProgramData\Temp:29F0CA7D
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B5C4773
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8
AlternateDataStreams: C:\ProgramData\Temp:2BFBA0B7
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C84CA43
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D3CB929
AlternateDataStreams: C:\ProgramData\Temp:2DB4FB78
AlternateDataStreams: C:\ProgramData\Temp:2DF54B62
AlternateDataStreams: C:\ProgramData\Temp:2E3F04BC
AlternateDataStreams: C:\ProgramData\Temp:2E928E6E
AlternateDataStreams: C:\ProgramData\Temp:2F0A4DCE
AlternateDataStreams: C:\ProgramData\Temp:2F360FB3
AlternateDataStreams: C:\ProgramData\Temp:2F717FB3
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:30A9192A
AlternateDataStreams: C:\ProgramData\Temp:313F7672
AlternateDataStreams: C:\ProgramData\Temp:3241739E
AlternateDataStreams: C:\ProgramData\Temp:32D2A239
AlternateDataStreams: C:\ProgramData\Temp:3393A1CA
AlternateDataStreams: C:\ProgramData\Temp:353212A0
AlternateDataStreams: C:\ProgramData\Temp:35629AE6
AlternateDataStreams: C:\ProgramData\Temp:3651A580
AlternateDataStreams: C:\ProgramData\Temp:370E4EFB
AlternateDataStreams: C:\ProgramData\Temp:371060CE
AlternateDataStreams: C:\ProgramData\Temp:371A321E
AlternateDataStreams: C:\ProgramData\Temp:37C279BE
AlternateDataStreams: C:\ProgramData\Temp:38534D53
AlternateDataStreams: C:\ProgramData\Temp:38A0E181
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:3969ACF7
AlternateDataStreams: C:\ProgramData\Temp:397D67BA
AlternateDataStreams: C:\ProgramData\Temp:39DC8D60
AlternateDataStreams: C:\ProgramData\Temp:39EDBD33
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7
AlternateDataStreams: C:\ProgramData\Temp:3A7527E8
AlternateDataStreams: C:\ProgramData\Temp:3ABC38E6
AlternateDataStreams: C:\ProgramData\Temp:3AD6342E
AlternateDataStreams: C:\ProgramData\Temp:3B454A5C
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3D3F1635
AlternateDataStreams: C:\ProgramData\Temp:3D507E52
AlternateDataStreams: C:\ProgramData\Temp:3DB6F365
AlternateDataStreams: C:\ProgramData\Temp:3E0674EA
AlternateDataStreams: C:\ProgramData\Temp:3F266659
AlternateDataStreams: C:\ProgramData\Temp:401CAF8F
AlternateDataStreams: C:\ProgramData\Temp:40EE25BB
AlternateDataStreams: C:\ProgramData\Temp:4149A170
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:43D2A298
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:447856CD
AlternateDataStreams: C:\ProgramData\Temp:45912F61
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9
AlternateDataStreams: C:\ProgramData\Temp:48897D41
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:49EB69E2
AlternateDataStreams: C:\ProgramData\Temp:4A2862FF
AlternateDataStreams: C:\ProgramData\Temp:4A906D4A
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B
AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3
AlternateDataStreams: C:\ProgramData\Temp:4C8FA829
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4D6B6072
AlternateDataStreams: C:\ProgramData\Temp:4D729D61
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4F49DA66
AlternateDataStreams: C:\ProgramData\Temp:4F7FE589
AlternateDataStreams: C:\ProgramData\Temp:506698B2
AlternateDataStreams: C:\ProgramData\Temp:5106F19A
AlternateDataStreams: C:\ProgramData\Temp:512E1728
AlternateDataStreams: C:\ProgramData\Temp:52329B88
AlternateDataStreams: C:\ProgramData\Temp:52641FBE
AlternateDataStreams: C:\ProgramData\Temp:52C24010
AlternateDataStreams: C:\ProgramData\Temp:52E5A75A
AlternateDataStreams: C:\ProgramData\Temp:53F09A92
AlternateDataStreams: C:\ProgramData\Temp:56699AAF
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:569CEE83
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57231008
AlternateDataStreams: C:\ProgramData\Temp:574F975B
AlternateDataStreams: C:\ProgramData\Temp:58306E4C
AlternateDataStreams: C:\ProgramData\Temp:59465B40
AlternateDataStreams: C:\ProgramData\Temp:59A6876B
AlternateDataStreams: C:\ProgramData\Temp:5AE33054
AlternateDataStreams: C:\ProgramData\Temp:5C02B7AF
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:5CBA5665
AlternateDataStreams: C:\ProgramData\Temp:5CE91C67
AlternateDataStreams: C:\ProgramData\Temp:5DB36C47
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B
AlternateDataStreams: C:\ProgramData\Temp:5E481579
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:600F6768
AlternateDataStreams: C:\ProgramData\Temp:605645B0
AlternateDataStreams: C:\ProgramData\Temp:609CAC7C
AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
AlternateDataStreams: C:\ProgramData\Temp:611EAF9F
AlternateDataStreams: C:\ProgramData\Temp:612873B2
AlternateDataStreams: C:\ProgramData\Temp:627153F1
AlternateDataStreams: C:\ProgramData\Temp:63210866
AlternateDataStreams: C:\ProgramData\Temp:634EA293
AlternateDataStreams: C:\ProgramData\Temp:63BA523E
AlternateDataStreams: C:\ProgramData\Temp:63FFB7A0
AlternateDataStreams: C:\ProgramData\Temp:6423D635
AlternateDataStreams: C:\ProgramData\Temp:64E05835
AlternateDataStreams: C:\ProgramData\Temp:658DE22A
AlternateDataStreams: C:\ProgramData\Temp:65949863
AlternateDataStreams: C:\ProgramData\Temp:65AB2A58
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:66871744
AlternateDataStreams: C:\ProgramData\Temp:66F19688
AlternateDataStreams: C:\ProgramData\Temp:67A91473
AlternateDataStreams: C:\ProgramData\Temp:67B6E7FA
AlternateDataStreams: C:\ProgramData\Temp:67CF910D
AlternateDataStreams: C:\ProgramData\Temp:68DE552E
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:6A4DFD85
AlternateDataStreams: C:\ProgramData\Temp:6A9EDD31
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4
AlternateDataStreams: C:\ProgramData\Temp:6B8AB6FB
AlternateDataStreams: C:\ProgramData\Temp:6BEADDC0
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6BFA43EB
AlternateDataStreams: C:\ProgramData\Temp:6CB8F7A9
AlternateDataStreams: C:\ProgramData\Temp:6DDBB86B
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E2D80C8
AlternateDataStreams: C:\ProgramData\Temp:6E39144C
AlternateDataStreams: C:\ProgramData\Temp:6E3C585B
AlternateDataStreams: C:\ProgramData\Temp:6EB8C6CD
AlternateDataStreams: C:\ProgramData\Temp:6ECE93A8
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:701FCC18
AlternateDataStreams: C:\ProgramData\Temp:708BB0FA
AlternateDataStreams: C:\ProgramData\Temp:709E81D4
AlternateDataStreams: C:\ProgramData\Temp:71004506
AlternateDataStreams: C:\ProgramData\Temp:71112705
AlternateDataStreams: C:\ProgramData\Temp:716C3D9F
AlternateDataStreams: C:\ProgramData\Temp:71AEFFEB
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96
AlternateDataStreams: C:\ProgramData\Temp:74091520
AlternateDataStreams: C:\ProgramData\Temp:751D6870
AlternateDataStreams: C:\ProgramData\Temp:75CC0165
AlternateDataStreams: C:\ProgramData\Temp:774A0E14
AlternateDataStreams: C:\ProgramData\Temp:7804B508
AlternateDataStreams: C:\ProgramData\Temp:79059537
AlternateDataStreams: C:\ProgramData\Temp:7934407E
AlternateDataStreams: C:\ProgramData\Temp:79875988
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7A032A04
AlternateDataStreams: C:\ProgramData\Temp:7A530D80
AlternateDataStreams: C:\ProgramData\Temp:7ADB695A
AlternateDataStreams: C:\ProgramData\Temp:7AF9CAEB
AlternateDataStreams: C:\ProgramData\Temp:7B9BB187
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7BFAAE70
AlternateDataStreams: C:\ProgramData\Temp:7C3760E2
AlternateDataStreams: C:\ProgramData\Temp:7C8AA9A6
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7D9B1030
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:7E802BFF
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:801ED9DF
AlternateDataStreams: C:\ProgramData\Temp:8118F1F5
AlternateDataStreams: C:\ProgramData\Temp:8318A814
AlternateDataStreams: C:\ProgramData\Temp:84C34762
AlternateDataStreams: C:\ProgramData\Temp:84EBFAE9
AlternateDataStreams: C:\ProgramData\Temp:857BC015
AlternateDataStreams: C:\ProgramData\Temp:864881BF
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:8855A119
AlternateDataStreams: C:\ProgramData\Temp:88AFFAC5
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB
AlternateDataStreams: C:\ProgramData\Temp:8A0EFC75
AlternateDataStreams: C:\ProgramData\Temp:8AC20936
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:8C84E358
AlternateDataStreams: C:\ProgramData\Temp:8C8D234C
AlternateDataStreams: C:\ProgramData\Temp:8D565A9B
AlternateDataStreams: C:\ProgramData\Temp:8F1B55BE
AlternateDataStreams: C:\ProgramData\Temp:91FE43FF
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:92BD9737
AlternateDataStreams: C:\ProgramData\Temp:92FE8A60
AlternateDataStreams: C:\ProgramData\Temp:934CA750
AlternateDataStreams: C:\ProgramData\Temp:95198126
AlternateDataStreams: C:\ProgramData\Temp:9524D821
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:961B84C5
AlternateDataStreams: C:\ProgramData\Temp:9758CFB3
AlternateDataStreams: C:\ProgramData\Temp:97BDBF49
AlternateDataStreams: C:\ProgramData\Temp:98BD93BF
AlternateDataStreams: C:\ProgramData\Temp:98DFF516
AlternateDataStreams: C:\ProgramData\Temp:9968F0E2
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9A24FE7D
AlternateDataStreams: C:\ProgramData\Temp:9A88B65D
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9CD7CD43
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9DB67071
AlternateDataStreams: C:\ProgramData\Temp:9E5EA7A3
AlternateDataStreams: C:\ProgramData\Temp:9EDA68BD
AlternateDataStreams: C:\ProgramData\Temp:9EE6560D
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:9FCF32A8
AlternateDataStreams: C:\ProgramData\Temp:A039EDF9
AlternateDataStreams: C:\ProgramData\Temp:A05F750A
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A10E88DE
AlternateDataStreams: C:\ProgramData\Temp:A26AFC00
AlternateDataStreams: C:\ProgramData\Temp:A291068E
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A4BF246C
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F
AlternateDataStreams: C:\ProgramData\Temp:A6345BDA
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537
AlternateDataStreams: C:\ProgramData\Temp:A6D89509
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:A8DFD30C
AlternateDataStreams: C:\ProgramData\Temp:A900C3A3
AlternateDataStreams: C:\ProgramData\Temp:A9F877BF
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:AABCC5A7
AlternateDataStreams: C:\ProgramData\Temp:AB3339EF
AlternateDataStreams: C:\ProgramData\Temp:AD7A32E9
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE324BE5
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0
AlternateDataStreams: C:\ProgramData\Temp:AECF4772
AlternateDataStreams: C:\ProgramData\Temp:AFB24B00
AlternateDataStreams: C:\ProgramData\Temp:AFB89C92
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA
AlternateDataStreams: C:\ProgramData\Temp:B0EA26E5
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE
AlternateDataStreams: C:\ProgramData\Temp:B3A5945E
AlternateDataStreams: C:\ProgramData\Temp:B60D5127
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71
AlternateDataStreams: C:\ProgramData\Temp:B6DD2C7E
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:B8791731
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BB1102D7
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5
AlternateDataStreams: C:\ProgramData\Temp:BD50071F
AlternateDataStreams: C:\ProgramData\Temp:BD84F7D6
AlternateDataStreams: C:\ProgramData\Temp:BE0654D6
AlternateDataStreams: C:\ProgramData\Temp:BE6B5FC3
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C0BCE04B
AlternateDataStreams: C:\ProgramData\Temp:C2F24DB5
AlternateDataStreams: C:\ProgramData\Temp:C30487EE
AlternateDataStreams: C:\ProgramData\Temp:C36B1175
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3A047E3
AlternateDataStreams: C:\ProgramData\Temp:C48905F4
AlternateDataStreams: C:\ProgramData\Temp:C48A983C
AlternateDataStreams: C:\ProgramData\Temp:C5A156B6
AlternateDataStreams: C:\ProgramData\Temp:C6104C4F
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C7857F06
AlternateDataStreams: C:\ProgramData\Temp:C7F08EA3
AlternateDataStreams: C:\ProgramData\Temp:C82CA1C0
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB08ED9D
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D03C606E
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D3A89E47
AlternateDataStreams: C:\ProgramData\Temp:D434342F
AlternateDataStreams: C:\ProgramData\Temp:D453E38B
AlternateDataStreams: C:\ProgramData\Temp:D46ECFD5
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D5D75FF0
AlternateDataStreams: C:\ProgramData\Temp:D5E3E8C4
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D
AlternateDataStreams: C:\ProgramData\Temp:D621CFB8
AlternateDataStreams: C:\ProgramData\Temp:D6A43EB0
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D882BE37
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DA7655EA
AlternateDataStreams: C:\ProgramData\Temp:DB76C881
AlternateDataStreams: C:\ProgramData\Temp:DBB979D4
AlternateDataStreams: C:\ProgramData\Temp:DC0B1070
AlternateDataStreams: C:\ProgramData\Temp:DC9915D2
AlternateDataStreams: C:\ProgramData\Temp:DD04902E
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:DDF112BD
AlternateDataStreams: C:\ProgramData\Temp:DE875C30
AlternateDataStreams: C:\ProgramData\Temp:E0888117
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E11D90D0
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E1610EDC
AlternateDataStreams: C:\ProgramData\Temp:E1E51784
AlternateDataStreams: C:\ProgramData\Temp:E411AA0D
AlternateDataStreams: C:\ProgramData\Temp:E534B4D1
AlternateDataStreams: C:\ProgramData\Temp:E5496666
AlternateDataStreams: C:\ProgramData\Temp:E5B07840
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E6B6120A
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:E7B4296D
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:E8AEB2BF
AlternateDataStreams: C:\ProgramData\Temp:E8C44CB4
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EA9D8B40
AlternateDataStreams: C:\ProgramData\Temp:EAEE7554
AlternateDataStreams: C:\ProgramData\Temp:EAF954B6
AlternateDataStreams: C:\ProgramData\Temp:EB792F59
AlternateDataStreams: C:\ProgramData\Temp:EB86F355
AlternateDataStreams: C:\ProgramData\Temp:ED4272E5
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:EFECABA9
AlternateDataStreams: C:\ProgramData\Temp:F039D9FE
AlternateDataStreams: C:\ProgramData\Temp:F123F8B9
AlternateDataStreams: C:\ProgramData\Temp:F1381B87
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F28DF4DC
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB
AlternateDataStreams: C:\ProgramData\Temp:F3A185AE
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F7BF538D
AlternateDataStreams: C:\ProgramData\Temp:F7F4DC88
AlternateDataStreams: C:\ProgramData\Temp:F816645E
AlternateDataStreams: C:\ProgramData\Temp:F84EC1E0
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67
AlternateDataStreams: C:\ProgramData\Temp:FAB64002
AlternateDataStreams: C:\ProgramData\Temp:FB647F34
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FC414D14
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A
AlternateDataStreams: C:\ProgramData\Temp:FCBEDCFD
AlternateDataStreams: C:\ProgramData\Temp:FD6D11C9
AlternateDataStreams: C:\ProgramData\Temp:FD6DB82C
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FD8BCF62
AlternateDataStreams: C:\ProgramData\Temp:FDEE14AC
AlternateDataStreams: C:\ProgramData\Temp:FE1665C7
AlternateDataStreams: C:\ProgramData\Temp:FEE00EB9
AlternateDataStreams: C:\ProgramData\Temp:FFC3922F
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
31.05.2015, 22:43
| #14 |
| | Windows 7 Windows Explorer schließt sich immer Servus, Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x86) Version: 27-05-2015 01
Ran by Stefanie at 2015-05-31 18:50:01 Run:1
Running from C:\Users\Stefanie\Downloads
Loaded Profiles: Stefanie (Available Profiles: Stefanie)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
FF NetworkProxy: "type", 0
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
C:\Program Files\Enigma Software Group
C:\Users\Stefanie\Downloads\ParetoLogic PC Health Advisor_de.exe
C:\Users\Stefanie\Downloads\*CHIP-Installer.exe
AlternateDataStreams: C:\ProgramData\Temp:00811B66
AlternateDataStreams: C:\ProgramData\Temp:03D08225
AlternateDataStreams: C:\ProgramData\Temp:0410A323
AlternateDataStreams: C:\ProgramData\Temp:041C0562
AlternateDataStreams: C:\ProgramData\Temp:04A18F36
AlternateDataStreams: C:\ProgramData\Temp:04ADB7A6
AlternateDataStreams: C:\ProgramData\Temp:05582920
AlternateDataStreams: C:\ProgramData\Temp:063969F8
AlternateDataStreams: C:\ProgramData\Temp:06C34166
AlternateDataStreams: C:\ProgramData\Temp:06CC3FD3
AlternateDataStreams: C:\ProgramData\Temp:0915A718
AlternateDataStreams: C:\ProgramData\Temp:0ACF1AF5
AlternateDataStreams: C:\ProgramData\Temp:0ADCCF52
AlternateDataStreams: C:\ProgramData\Temp:0C2F9CC7
AlternateDataStreams: C:\ProgramData\Temp:0CDF8C3D
AlternateDataStreams: C:\ProgramData\Temp:0E5CFA74
AlternateDataStreams: C:\ProgramData\Temp:0EBD727C
AlternateDataStreams: C:\ProgramData\Temp:0F3F6B1E
AlternateDataStreams: C:\ProgramData\Temp:103E96B0
AlternateDataStreams: C:\ProgramData\Temp:109734F6
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA
AlternateDataStreams: C:\ProgramData\Temp:10CFA7D4
AlternateDataStreams: C:\ProgramData\Temp:10D45FC3
AlternateDataStreams: C:\ProgramData\Temp:11590865
AlternateDataStreams: C:\ProgramData\Temp:115EA582
AlternateDataStreams: C:\ProgramData\Temp:11EFE63D
AlternateDataStreams: C:\ProgramData\Temp:1224B4C3
AlternateDataStreams: C:\ProgramData\Temp:124B94C0
AlternateDataStreams: C:\ProgramData\Temp:12BCD9DC
AlternateDataStreams: C:\ProgramData\Temp:12D21A9A
AlternateDataStreams: C:\ProgramData\Temp:13019F4B
AlternateDataStreams: C:\ProgramData\Temp:1316EAD4
AlternateDataStreams: C:\ProgramData\Temp:14A1BBE3
AlternateDataStreams: C:\ProgramData\Temp:152FD00E
AlternateDataStreams: C:\ProgramData\Temp:15734396
AlternateDataStreams: C:\ProgramData\Temp:15752405
AlternateDataStreams: C:\ProgramData\Temp:164561C8
AlternateDataStreams: C:\ProgramData\Temp:1656EE95
AlternateDataStreams: C:\ProgramData\Temp:169E7AC5
AlternateDataStreams: C:\ProgramData\Temp:178093AE
AlternateDataStreams: C:\ProgramData\Temp:18A25CF1
AlternateDataStreams: C:\ProgramData\Temp:18A6D2CC
AlternateDataStreams: C:\ProgramData\Temp:19474103
AlternateDataStreams: C:\ProgramData\Temp:19F8EB29
AlternateDataStreams: C:\ProgramData\Temp:1A81EA30
AlternateDataStreams: C:\ProgramData\Temp:1B389835
AlternateDataStreams: C:\ProgramData\Temp:1C6D705B
AlternateDataStreams: C:\ProgramData\Temp:1CD511E5
AlternateDataStreams: C:\ProgramData\Temp:1CDEDE11
AlternateDataStreams: C:\ProgramData\Temp:1D6B18F1
AlternateDataStreams: C:\ProgramData\Temp:1EEF2E2E
AlternateDataStreams: C:\ProgramData\Temp:1F979A92
AlternateDataStreams: C:\ProgramData\Temp:1FA4C06F
AlternateDataStreams: C:\ProgramData\Temp:206470A5
AlternateDataStreams: C:\ProgramData\Temp:20ABE827
AlternateDataStreams: C:\ProgramData\Temp:20E1FC41
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0
AlternateDataStreams: C:\ProgramData\Temp:2216A431
AlternateDataStreams: C:\ProgramData\Temp:2339C9FD
AlternateDataStreams: C:\ProgramData\Temp:236FF5C6
AlternateDataStreams: C:\ProgramData\Temp:24391EC1
AlternateDataStreams: C:\ProgramData\Temp:258D2F8B
AlternateDataStreams: C:\ProgramData\Temp:26499772
AlternateDataStreams: C:\ProgramData\Temp:2680DDD5
AlternateDataStreams: C:\ProgramData\Temp:268A5068
AlternateDataStreams: C:\ProgramData\Temp:26A148EB
AlternateDataStreams: C:\ProgramData\Temp:2701988C
AlternateDataStreams: C:\ProgramData\Temp:27A88EF2
AlternateDataStreams: C:\ProgramData\Temp:27F44544
AlternateDataStreams: C:\ProgramData\Temp:282CE153
AlternateDataStreams: C:\ProgramData\Temp:28819F45
AlternateDataStreams: C:\ProgramData\Temp:29629382
AlternateDataStreams: C:\ProgramData\Temp:29F0CA7D
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2B5C4773
AlternateDataStreams: C:\ProgramData\Temp:2B9555D8
AlternateDataStreams: C:\ProgramData\Temp:2BFBA0B7
AlternateDataStreams: C:\ProgramData\Temp:2C678471
AlternateDataStreams: C:\ProgramData\Temp:2C84CA43
AlternateDataStreams: C:\ProgramData\Temp:2CA4B471
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2D3CB929
AlternateDataStreams: C:\ProgramData\Temp:2DB4FB78
AlternateDataStreams: C:\ProgramData\Temp:2DF54B62
AlternateDataStreams: C:\ProgramData\Temp:2E3F04BC
AlternateDataStreams: C:\ProgramData\Temp:2E928E6E
AlternateDataStreams: C:\ProgramData\Temp:2F0A4DCE
AlternateDataStreams: C:\ProgramData\Temp:2F360FB3
AlternateDataStreams: C:\ProgramData\Temp:2F717FB3
AlternateDataStreams: C:\ProgramData\Temp:3086B95F
AlternateDataStreams: C:\ProgramData\Temp:30A9192A
AlternateDataStreams: C:\ProgramData\Temp:313F7672
AlternateDataStreams: C:\ProgramData\Temp:3241739E
AlternateDataStreams: C:\ProgramData\Temp:32D2A239
AlternateDataStreams: C:\ProgramData\Temp:3393A1CA
AlternateDataStreams: C:\ProgramData\Temp:353212A0
AlternateDataStreams: C:\ProgramData\Temp:35629AE6
AlternateDataStreams: C:\ProgramData\Temp:3651A580
AlternateDataStreams: C:\ProgramData\Temp:370E4EFB
AlternateDataStreams: C:\ProgramData\Temp:371060CE
AlternateDataStreams: C:\ProgramData\Temp:371A321E
AlternateDataStreams: C:\ProgramData\Temp:37C279BE
AlternateDataStreams: C:\ProgramData\Temp:38534D53
AlternateDataStreams: C:\ProgramData\Temp:38A0E181
AlternateDataStreams: C:\ProgramData\Temp:38FF076E
AlternateDataStreams: C:\ProgramData\Temp:3969ACF7
AlternateDataStreams: C:\ProgramData\Temp:397D67BA
AlternateDataStreams: C:\ProgramData\Temp:39DC8D60
AlternateDataStreams: C:\ProgramData\Temp:39EDBD33
AlternateDataStreams: C:\ProgramData\Temp:3A4676D7
AlternateDataStreams: C:\ProgramData\Temp:3A7527E8
AlternateDataStreams: C:\ProgramData\Temp:3ABC38E6
AlternateDataStreams: C:\ProgramData\Temp:3AD6342E
AlternateDataStreams: C:\ProgramData\Temp:3B454A5C
AlternateDataStreams: C:\ProgramData\Temp:3C0887BF
AlternateDataStreams: C:\ProgramData\Temp:3D3F1635
AlternateDataStreams: C:\ProgramData\Temp:3D507E52
AlternateDataStreams: C:\ProgramData\Temp:3DB6F365
AlternateDataStreams: C:\ProgramData\Temp:3E0674EA
AlternateDataStreams: C:\ProgramData\Temp:3F266659
AlternateDataStreams: C:\ProgramData\Temp:401CAF8F
AlternateDataStreams: C:\ProgramData\Temp:40EE25BB
AlternateDataStreams: C:\ProgramData\Temp:4149A170
AlternateDataStreams: C:\ProgramData\Temp:432EC713
AlternateDataStreams: C:\ProgramData\Temp:43D2A298
AlternateDataStreams: C:\ProgramData\Temp:43F5FA9D
AlternateDataStreams: C:\ProgramData\Temp:447856CD
AlternateDataStreams: C:\ProgramData\Temp:45912F61
AlternateDataStreams: C:\ProgramData\Temp:46A2F27B
AlternateDataStreams: C:\ProgramData\Temp:479B1CF9
AlternateDataStreams: C:\ProgramData\Temp:48897D41
AlternateDataStreams: C:\ProgramData\Temp:491270B8
AlternateDataStreams: C:\ProgramData\Temp:49EB69E2
AlternateDataStreams: C:\ProgramData\Temp:4A2862FF
AlternateDataStreams: C:\ProgramData\Temp:4A906D4A
AlternateDataStreams: C:\ProgramData\Temp:4C3504B5
AlternateDataStreams: C:\ProgramData\Temp:4C3D5A8B
AlternateDataStreams: C:\ProgramData\Temp:4C5C1DD3
AlternateDataStreams: C:\ProgramData\Temp:4C8FA829
AlternateDataStreams: C:\ProgramData\Temp:4C9782FB
AlternateDataStreams: C:\ProgramData\Temp:4D6B6072
AlternateDataStreams: C:\ProgramData\Temp:4D729D61
AlternateDataStreams: C:\ProgramData\Temp:4DDE401B
AlternateDataStreams: C:\ProgramData\Temp:4F49DA66
AlternateDataStreams: C:\ProgramData\Temp:4F7FE589
AlternateDataStreams: C:\ProgramData\Temp:506698B2
AlternateDataStreams: C:\ProgramData\Temp:5106F19A
AlternateDataStreams: C:\ProgramData\Temp:512E1728
AlternateDataStreams: C:\ProgramData\Temp:52329B88
AlternateDataStreams: C:\ProgramData\Temp:52641FBE
AlternateDataStreams: C:\ProgramData\Temp:52C24010
AlternateDataStreams: C:\ProgramData\Temp:52E5A75A
AlternateDataStreams: C:\ProgramData\Temp:53F09A92
AlternateDataStreams: C:\ProgramData\Temp:56699AAF
AlternateDataStreams: C:\ProgramData\Temp:566B9179
AlternateDataStreams: C:\ProgramData\Temp:569CEE83
AlternateDataStreams: C:\ProgramData\Temp:56C66609
AlternateDataStreams: C:\ProgramData\Temp:57176330
AlternateDataStreams: C:\ProgramData\Temp:57231008
AlternateDataStreams: C:\ProgramData\Temp:574F975B
AlternateDataStreams: C:\ProgramData\Temp:58306E4C
AlternateDataStreams: C:\ProgramData\Temp:59465B40
AlternateDataStreams: C:\ProgramData\Temp:59A6876B
AlternateDataStreams: C:\ProgramData\Temp:5AE33054
AlternateDataStreams: C:\ProgramData\Temp:5C02B7AF
AlternateDataStreams: C:\ProgramData\Temp:5C4A588B
AlternateDataStreams: C:\ProgramData\Temp:5C9A6C78
AlternateDataStreams: C:\ProgramData\Temp:5CBA5665
AlternateDataStreams: C:\ProgramData\Temp:5CE91C67
AlternateDataStreams: C:\ProgramData\Temp:5DB36C47
AlternateDataStreams: C:\ProgramData\Temp:5E05F78B
AlternateDataStreams: C:\ProgramData\Temp:5E481579
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2
AlternateDataStreams: C:\ProgramData\Temp:600F6768
AlternateDataStreams: C:\ProgramData\Temp:605645B0
AlternateDataStreams: C:\ProgramData\Temp:609CAC7C
AlternateDataStreams: C:\ProgramData\Temp:60E0AB2A
AlternateDataStreams: C:\ProgramData\Temp:611EAF9F
AlternateDataStreams: C:\ProgramData\Temp:612873B2
AlternateDataStreams: C:\ProgramData\Temp:627153F1
AlternateDataStreams: C:\ProgramData\Temp:63210866
AlternateDataStreams: C:\ProgramData\Temp:634EA293
AlternateDataStreams: C:\ProgramData\Temp:63BA523E
AlternateDataStreams: C:\ProgramData\Temp:63FFB7A0
AlternateDataStreams: C:\ProgramData\Temp:6423D635
AlternateDataStreams: C:\ProgramData\Temp:64E05835
AlternateDataStreams: C:\ProgramData\Temp:658DE22A
AlternateDataStreams: C:\ProgramData\Temp:65949863
AlternateDataStreams: C:\ProgramData\Temp:65AB2A58
AlternateDataStreams: C:\ProgramData\Temp:663B62CA
AlternateDataStreams: C:\ProgramData\Temp:66871744
AlternateDataStreams: C:\ProgramData\Temp:66F19688
AlternateDataStreams: C:\ProgramData\Temp:67A91473
AlternateDataStreams: C:\ProgramData\Temp:67B6E7FA
AlternateDataStreams: C:\ProgramData\Temp:67CF910D
AlternateDataStreams: C:\ProgramData\Temp:68DE552E
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:6A4DFD85
AlternateDataStreams: C:\ProgramData\Temp:6A9EDD31
AlternateDataStreams: C:\ProgramData\Temp:6B7447D4
AlternateDataStreams: C:\ProgramData\Temp:6B8AB6FB
AlternateDataStreams: C:\ProgramData\Temp:6BEADDC0
AlternateDataStreams: C:\ProgramData\Temp:6BF0805F
AlternateDataStreams: C:\ProgramData\Temp:6BFA43EB
AlternateDataStreams: C:\ProgramData\Temp:6CB8F7A9
AlternateDataStreams: C:\ProgramData\Temp:6DDBB86B
AlternateDataStreams: C:\ProgramData\Temp:6DDFD746
AlternateDataStreams: C:\ProgramData\Temp:6E11933F
AlternateDataStreams: C:\ProgramData\Temp:6E2D80C8
AlternateDataStreams: C:\ProgramData\Temp:6E39144C
AlternateDataStreams: C:\ProgramData\Temp:6E3C585B
AlternateDataStreams: C:\ProgramData\Temp:6EB8C6CD
AlternateDataStreams: C:\ProgramData\Temp:6ECE93A8
AlternateDataStreams: C:\ProgramData\Temp:6EE8565A
AlternateDataStreams: C:\ProgramData\Temp:701FCC18
AlternateDataStreams: C:\ProgramData\Temp:708BB0FA
AlternateDataStreams: C:\ProgramData\Temp:709E81D4
AlternateDataStreams: C:\ProgramData\Temp:71004506
AlternateDataStreams: C:\ProgramData\Temp:71112705
AlternateDataStreams: C:\ProgramData\Temp:716C3D9F
AlternateDataStreams: C:\ProgramData\Temp:71AEFFEB
AlternateDataStreams: C:\ProgramData\Temp:7254CF01
AlternateDataStreams: C:\ProgramData\Temp:72A1B66A
AlternateDataStreams: C:\ProgramData\Temp:73AFBB96
AlternateDataStreams: C:\ProgramData\Temp:74091520
AlternateDataStreams: C:\ProgramData\Temp:751D6870
AlternateDataStreams: C:\ProgramData\Temp:75CC0165
AlternateDataStreams: C:\ProgramData\Temp:774A0E14
AlternateDataStreams: C:\ProgramData\Temp:7804B508
AlternateDataStreams: C:\ProgramData\Temp:79059537
AlternateDataStreams: C:\ProgramData\Temp:7934407E
AlternateDataStreams: C:\ProgramData\Temp:79875988
AlternateDataStreams: C:\ProgramData\Temp:79C6A9CE
AlternateDataStreams: C:\ProgramData\Temp:7A032A04
AlternateDataStreams: C:\ProgramData\Temp:7A530D80
AlternateDataStreams: C:\ProgramData\Temp:7ADB695A
AlternateDataStreams: C:\ProgramData\Temp:7AF9CAEB
AlternateDataStreams: C:\ProgramData\Temp:7B9BB187
AlternateDataStreams: C:\ProgramData\Temp:7BB584AA
AlternateDataStreams: C:\ProgramData\Temp:7BFAAE70
AlternateDataStreams: C:\ProgramData\Temp:7C3760E2
AlternateDataStreams: C:\ProgramData\Temp:7C8AA9A6
AlternateDataStreams: C:\ProgramData\Temp:7D288858
AlternateDataStreams: C:\ProgramData\Temp:7D9B1030
AlternateDataStreams: C:\ProgramData\Temp:7E4E56EA
AlternateDataStreams: C:\ProgramData\Temp:7E802BFF
AlternateDataStreams: C:\ProgramData\Temp:7EC01D6D
AlternateDataStreams: C:\ProgramData\Temp:801ED9DF
AlternateDataStreams: C:\ProgramData\Temp:8118F1F5
AlternateDataStreams: C:\ProgramData\Temp:8318A814
AlternateDataStreams: C:\ProgramData\Temp:84C34762
AlternateDataStreams: C:\ProgramData\Temp:84EBFAE9
AlternateDataStreams: C:\ProgramData\Temp:857BC015
AlternateDataStreams: C:\ProgramData\Temp:864881BF
AlternateDataStreams: C:\ProgramData\Temp:865F21BF
AlternateDataStreams: C:\ProgramData\Temp:8855A119
AlternateDataStreams: C:\ProgramData\Temp:88AFFAC5
AlternateDataStreams: C:\ProgramData\Temp:89FC8EEB
AlternateDataStreams: C:\ProgramData\Temp:8A0EFC75
AlternateDataStreams: C:\ProgramData\Temp:8AC20936
AlternateDataStreams: C:\ProgramData\Temp:8B3C3098
AlternateDataStreams: C:\ProgramData\Temp:8B480195
AlternateDataStreams: C:\ProgramData\Temp:8BE7A048
AlternateDataStreams: C:\ProgramData\Temp:8C12CFCD
AlternateDataStreams: C:\ProgramData\Temp:8C84E358
AlternateDataStreams: C:\ProgramData\Temp:8C8D234C
AlternateDataStreams: C:\ProgramData\Temp:8D565A9B
AlternateDataStreams: C:\ProgramData\Temp:8F1B55BE
AlternateDataStreams: C:\ProgramData\Temp:91FE43FF
AlternateDataStreams: C:\ProgramData\Temp:927EC486
AlternateDataStreams: C:\ProgramData\Temp:92BD9737
AlternateDataStreams: C:\ProgramData\Temp:92FE8A60
AlternateDataStreams: C:\ProgramData\Temp:934CA750
AlternateDataStreams: C:\ProgramData\Temp:95198126
AlternateDataStreams: C:\ProgramData\Temp:9524D821
AlternateDataStreams: C:\ProgramData\Temp:95D421DF
AlternateDataStreams: C:\ProgramData\Temp:961B84C5
AlternateDataStreams: C:\ProgramData\Temp:9758CFB3
AlternateDataStreams: C:\ProgramData\Temp:97BDBF49
AlternateDataStreams: C:\ProgramData\Temp:98BD93BF
AlternateDataStreams: C:\ProgramData\Temp:98DFF516
AlternateDataStreams: C:\ProgramData\Temp:9968F0E2
AlternateDataStreams: C:\ProgramData\Temp:99AC3203
AlternateDataStreams: C:\ProgramData\Temp:9A24FE7D
AlternateDataStreams: C:\ProgramData\Temp:9A88B65D
AlternateDataStreams: C:\ProgramData\Temp:9C7A32BB
AlternateDataStreams: C:\ProgramData\Temp:9CD7CD43
AlternateDataStreams: C:\ProgramData\Temp:9D03192E
AlternateDataStreams: C:\ProgramData\Temp:9DB67071
AlternateDataStreams: C:\ProgramData\Temp:9E5EA7A3
AlternateDataStreams: C:\ProgramData\Temp:9EDA68BD
AlternateDataStreams: C:\ProgramData\Temp:9EE6560D
AlternateDataStreams: C:\ProgramData\Temp:9F3CEEE6
AlternateDataStreams: C:\ProgramData\Temp:9FCF32A8
AlternateDataStreams: C:\ProgramData\Temp:A039EDF9
AlternateDataStreams: C:\ProgramData\Temp:A05F750A
AlternateDataStreams: C:\ProgramData\Temp:A0921B2C
AlternateDataStreams: C:\ProgramData\Temp:A1023D41
AlternateDataStreams: C:\ProgramData\Temp:A10E88DE
AlternateDataStreams: C:\ProgramData\Temp:A26AFC00
AlternateDataStreams: C:\ProgramData\Temp:A291068E
AlternateDataStreams: C:\ProgramData\Temp:A2B3764A
AlternateDataStreams: C:\ProgramData\Temp:A4BF246C
AlternateDataStreams: C:\ProgramData\Temp:A4E7D25F
AlternateDataStreams: C:\ProgramData\Temp:A6345BDA
AlternateDataStreams: C:\ProgramData\Temp:A69FAA24
AlternateDataStreams: C:\ProgramData\Temp:A6A65B80
AlternateDataStreams: C:\ProgramData\Temp:A6D6E537
AlternateDataStreams: C:\ProgramData\Temp:A6D89509
AlternateDataStreams: C:\ProgramData\Temp:A6E01F67
AlternateDataStreams: C:\ProgramData\Temp:A819A132
AlternateDataStreams: C:\ProgramData\Temp:A88BE334
AlternateDataStreams: C:\ProgramData\Temp:A8DFD30C
AlternateDataStreams: C:\ProgramData\Temp:A900C3A3
AlternateDataStreams: C:\ProgramData\Temp:A9F877BF
AlternateDataStreams: C:\ProgramData\Temp:AA0017FD
AlternateDataStreams: C:\ProgramData\Temp:AAA06E15
AlternateDataStreams: C:\ProgramData\Temp:AABCC5A7
AlternateDataStreams: C:\ProgramData\Temp:AB3339EF
AlternateDataStreams: C:\ProgramData\Temp:AD7A32E9
AlternateDataStreams: C:\ProgramData\Temp:ADFAD95A
AlternateDataStreams: C:\ProgramData\Temp:AE289451
AlternateDataStreams: C:\ProgramData\Temp:AE324BE5
AlternateDataStreams: C:\ProgramData\Temp:AE9351E0
AlternateDataStreams: C:\ProgramData\Temp:AECF4772
AlternateDataStreams: C:\ProgramData\Temp:AFB24B00
AlternateDataStreams: C:\ProgramData\Temp:AFB89C92
AlternateDataStreams: C:\ProgramData\Temp:AFEBAACA
AlternateDataStreams: C:\ProgramData\Temp:B0EA26E5
AlternateDataStreams: C:\ProgramData\Temp:B1381B34
AlternateDataStreams: C:\ProgramData\Temp:B139DDF3
AlternateDataStreams: C:\ProgramData\Temp:B1786630
AlternateDataStreams: C:\ProgramData\Temp:B38BEEEE
AlternateDataStreams: C:\ProgramData\Temp:B3A5945E
AlternateDataStreams: C:\ProgramData\Temp:B60D5127
AlternateDataStreams: C:\ProgramData\Temp:B61767F5
AlternateDataStreams: C:\ProgramData\Temp:B6D84F71
AlternateDataStreams: C:\ProgramData\Temp:B6DD2C7E
AlternateDataStreams: C:\ProgramData\Temp:B6E6C4EA
AlternateDataStreams: C:\ProgramData\Temp:B790962B
AlternateDataStreams: C:\ProgramData\Temp:B8791731
AlternateDataStreams: C:\ProgramData\Temp:BA24E689
AlternateDataStreams: C:\ProgramData\Temp:BAFAD1DF
AlternateDataStreams: C:\ProgramData\Temp:BB1102D7
AlternateDataStreams: C:\ProgramData\Temp:BCFEA004
AlternateDataStreams: C:\ProgramData\Temp:BD34FFC5
AlternateDataStreams: C:\ProgramData\Temp:BD50071F
AlternateDataStreams: C:\ProgramData\Temp:BD84F7D6
AlternateDataStreams: C:\ProgramData\Temp:BE0654D6
AlternateDataStreams: C:\ProgramData\Temp:BE6B5FC3
AlternateDataStreams: C:\ProgramData\Temp:BF6A2C54
AlternateDataStreams: C:\ProgramData\Temp:BF6C4AAC
AlternateDataStreams: C:\ProgramData\Temp:C0A9B815
AlternateDataStreams: C:\ProgramData\Temp:C0BCE04B
AlternateDataStreams: C:\ProgramData\Temp:C2F24DB5
AlternateDataStreams: C:\ProgramData\Temp:C30487EE
AlternateDataStreams: C:\ProgramData\Temp:C36B1175
AlternateDataStreams: C:\ProgramData\Temp:C36F1B98
AlternateDataStreams: C:\ProgramData\Temp:C3A047E3
AlternateDataStreams: C:\ProgramData\Temp:C48905F4
AlternateDataStreams: C:\ProgramData\Temp:C48A983C
AlternateDataStreams: C:\ProgramData\Temp:C5A156B6
AlternateDataStreams: C:\ProgramData\Temp:C6104C4F
AlternateDataStreams: C:\ProgramData\Temp:C76CFF82
AlternateDataStreams: C:\ProgramData\Temp:C7857F06
AlternateDataStreams: C:\ProgramData\Temp:C7F08EA3
AlternateDataStreams: C:\ProgramData\Temp:C82CA1C0
AlternateDataStreams: C:\ProgramData\Temp:C9B27A06
AlternateDataStreams: C:\ProgramData\Temp:CAC06C34
AlternateDataStreams: C:\ProgramData\Temp:CB08ED9D
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CD6DF7CC
AlternateDataStreams: C:\ProgramData\Temp:CF1334B0
AlternateDataStreams: C:\ProgramData\Temp:D01ACC06
AlternateDataStreams: C:\ProgramData\Temp:D03C606E
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D3A89E47
AlternateDataStreams: C:\ProgramData\Temp:D434342F
AlternateDataStreams: C:\ProgramData\Temp:D453E38B
AlternateDataStreams: C:\ProgramData\Temp:D46ECFD5
AlternateDataStreams: C:\ProgramData\Temp:D5BF78B4
AlternateDataStreams: C:\ProgramData\Temp:D5D75FF0
AlternateDataStreams: C:\ProgramData\Temp:D5E3E8C4
AlternateDataStreams: C:\ProgramData\Temp:D61EB62D
AlternateDataStreams: C:\ProgramData\Temp:D621CFB8
AlternateDataStreams: C:\ProgramData\Temp:D6A43EB0
AlternateDataStreams: C:\ProgramData\Temp:D6D084A5
AlternateDataStreams: C:\ProgramData\Temp:D882BE37
AlternateDataStreams: C:\ProgramData\Temp:D8A1AC56
AlternateDataStreams: C:\ProgramData\Temp:D987CB43
AlternateDataStreams: C:\ProgramData\Temp:DA55B48C
AlternateDataStreams: C:\ProgramData\Temp:DA7655EA
AlternateDataStreams: C:\ProgramData\Temp:DB76C881
AlternateDataStreams: C:\ProgramData\Temp:DBB979D4
AlternateDataStreams: C:\ProgramData\Temp:DC0B1070
AlternateDataStreams: C:\ProgramData\Temp:DC9915D2
AlternateDataStreams: C:\ProgramData\Temp:DD04902E
AlternateDataStreams: C:\ProgramData\Temp:DD95E6D9
AlternateDataStreams: C:\ProgramData\Temp:DDF112BD
AlternateDataStreams: C:\ProgramData\Temp:DE875C30
AlternateDataStreams: C:\ProgramData\Temp:E0888117
AlternateDataStreams: C:\ProgramData\Temp:E0A09032
AlternateDataStreams: C:\ProgramData\Temp:E11D90D0
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:E1610EDC
AlternateDataStreams: C:\ProgramData\Temp:E1E51784
AlternateDataStreams: C:\ProgramData\Temp:E411AA0D
AlternateDataStreams: C:\ProgramData\Temp:E534B4D1
AlternateDataStreams: C:\ProgramData\Temp:E5496666
AlternateDataStreams: C:\ProgramData\Temp:E5B07840
AlternateDataStreams: C:\ProgramData\Temp:E5BA9ADD
AlternateDataStreams: C:\ProgramData\Temp:E6B6120A
AlternateDataStreams: C:\ProgramData\Temp:E6C6EB3B
AlternateDataStreams: C:\ProgramData\Temp:E7B4296D
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:E8AEB2BF
AlternateDataStreams: C:\ProgramData\Temp:E8C44CB4
AlternateDataStreams: C:\ProgramData\Temp:E99D1D3C
AlternateDataStreams: C:\ProgramData\Temp:EA7D76BE
AlternateDataStreams: C:\ProgramData\Temp:EA9D8B40
AlternateDataStreams: C:\ProgramData\Temp:EAEE7554
AlternateDataStreams: C:\ProgramData\Temp:EAF954B6
AlternateDataStreams: C:\ProgramData\Temp:EB792F59
AlternateDataStreams: C:\ProgramData\Temp:EB86F355
AlternateDataStreams: C:\ProgramData\Temp:ED4272E5
AlternateDataStreams: C:\ProgramData\Temp:ED51D3ED
AlternateDataStreams: C:\ProgramData\Temp:EFECABA9
AlternateDataStreams: C:\ProgramData\Temp:F039D9FE
AlternateDataStreams: C:\ProgramData\Temp:F123F8B9
AlternateDataStreams: C:\ProgramData\Temp:F1381B87
AlternateDataStreams: C:\ProgramData\Temp:F2327E82
AlternateDataStreams: C:\ProgramData\Temp:F28DF4DC
AlternateDataStreams: C:\ProgramData\Temp:F2E878EB
AlternateDataStreams: C:\ProgramData\Temp:F3591DDB
AlternateDataStreams: C:\ProgramData\Temp:F3A185AE
AlternateDataStreams: C:\ProgramData\Temp:F5E30F6A
AlternateDataStreams: C:\ProgramData\Temp:F5FC5DCE
AlternateDataStreams: C:\ProgramData\Temp:F6CDA594
AlternateDataStreams: C:\ProgramData\Temp:F7BF538D
AlternateDataStreams: C:\ProgramData\Temp:F7F4DC88
AlternateDataStreams: C:\ProgramData\Temp:F816645E
AlternateDataStreams: C:\ProgramData\Temp:F84EC1E0
AlternateDataStreams: C:\ProgramData\Temp:F98E6C67
AlternateDataStreams: C:\ProgramData\Temp:FAB64002
AlternateDataStreams: C:\ProgramData\Temp:FB647F34
AlternateDataStreams: C:\ProgramData\Temp:FBA79096
AlternateDataStreams: C:\ProgramData\Temp:FC414D14
AlternateDataStreams: C:\ProgramData\Temp:FC70A22A
AlternateDataStreams: C:\ProgramData\Temp:FCBEDCFD
AlternateDataStreams: C:\ProgramData\Temp:FD6D11C9
AlternateDataStreams: C:\ProgramData\Temp:FD6DB82C
AlternateDataStreams: C:\ProgramData\Temp:FD786DCA
AlternateDataStreams: C:\ProgramData\Temp:FD8BCF62
AlternateDataStreams: C:\ProgramData\Temp:FDEE14AC
AlternateDataStreams: C:\ProgramData\Temp:FE1665C7
AlternateDataStreams: C:\ProgramData\Temp:FEE00EB9
AlternateDataStreams: C:\ProgramData\Temp:FFC3922F
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key Removed successfully.
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
Firefox Proxy settings were reset.
esgiguard => Service Removed successfully.
"C:\Program Files\Enigma Software Group" => File/Folder not found.
C:\Users\Stefanie\Downloads\ParetoLogic PC Health Advisor_de.exe => Moved successfully.
C:\Users\Stefanie\Downloads\*CHIP-Installer.exe => Moved successfully.
C:\ProgramData\Temp => ":00811B66" ADS Removed successfully..
C:\ProgramData\Temp => ":03D08225" ADS Removed successfully..
C:\ProgramData\Temp => ":0410A323" ADS Removed successfully..
C:\ProgramData\Temp => ":041C0562" ADS Removed successfully..
C:\ProgramData\Temp => ":04A18F36" ADS Removed successfully..
C:\ProgramData\Temp => ":04ADB7A6" ADS Removed successfully..
C:\ProgramData\Temp => ":05582920" ADS Removed successfully..
C:\ProgramData\Temp => ":063969F8" ADS Removed successfully..
C:\ProgramData\Temp => ":06C34166" ADS Removed successfully..
C:\ProgramData\Temp => ":06CC3FD3" ADS Removed successfully..
C:\ProgramData\Temp => ":0915A718" ADS Removed successfully..
C:\ProgramData\Temp => ":0ACF1AF5" ADS Removed successfully..
C:\ProgramData\Temp => ":0ADCCF52" ADS Removed successfully..
C:\ProgramData\Temp => ":0C2F9CC7" ADS Removed successfully..
C:\ProgramData\Temp => ":0CDF8C3D" ADS Removed successfully..
C:\ProgramData\Temp => ":0E5CFA74" ADS Removed successfully..
C:\ProgramData\Temp => ":0EBD727C" ADS Removed successfully..
C:\ProgramData\Temp => ":0F3F6B1E" ADS Removed successfully..
C:\ProgramData\Temp => ":103E96B0" ADS Removed successfully..
C:\ProgramData\Temp => ":109734F6" ADS Removed successfully..
C:\ProgramData\Temp => ":10CB85CA" ADS Removed successfully..
C:\ProgramData\Temp => ":10CFA7D4" ADS Removed successfully..
C:\ProgramData\Temp => ":10D45FC3" ADS Removed successfully..
C:\ProgramData\Temp => ":11590865" ADS Removed successfully..
C:\ProgramData\Temp => ":115EA582" ADS Removed successfully..
C:\ProgramData\Temp => ":11EFE63D" ADS Removed successfully..
C:\ProgramData\Temp => ":1224B4C3" ADS Removed successfully..
C:\ProgramData\Temp => ":124B94C0" ADS Removed successfully..
C:\ProgramData\Temp => ":12BCD9DC" ADS Removed successfully..
C:\ProgramData\Temp => ":12D21A9A" ADS Removed successfully..
C:\ProgramData\Temp => ":13019F4B" ADS Removed successfully..
C:\ProgramData\Temp => ":1316EAD4" ADS Removed successfully..
C:\ProgramData\Temp => ":14A1BBE3" ADS Removed successfully..
C:\ProgramData\Temp => ":152FD00E" ADS Removed successfully..
C:\ProgramData\Temp => ":15734396" ADS Removed successfully..
C:\ProgramData\Temp => ":15752405" ADS Removed successfully..
C:\ProgramData\Temp => ":164561C8" ADS Removed successfully..
C:\ProgramData\Temp => ":1656EE95" ADS Removed successfully..
C:\ProgramData\Temp => ":169E7AC5" ADS Removed successfully..
C:\ProgramData\Temp => ":178093AE" ADS Removed successfully..
C:\ProgramData\Temp => ":18A25CF1" ADS Removed successfully..
C:\ProgramData\Temp => ":18A6D2CC" ADS Removed successfully..
C:\ProgramData\Temp => ":19474103" ADS Removed successfully..
C:\ProgramData\Temp => ":19F8EB29" ADS Removed successfully..
C:\ProgramData\Temp => ":1A81EA30" ADS Removed successfully..
C:\ProgramData\Temp => ":1B389835" ADS Removed successfully..
C:\ProgramData\Temp => ":1C6D705B" ADS Removed successfully..
C:\ProgramData\Temp => ":1CD511E5" ADS Removed successfully..
C:\ProgramData\Temp => ":1CDEDE11" ADS Removed successfully..
C:\ProgramData\Temp => ":1D6B18F1" ADS Removed successfully..
C:\ProgramData\Temp => ":1EEF2E2E" ADS Removed successfully..
C:\ProgramData\Temp => ":1F979A92" ADS Removed successfully..
C:\ProgramData\Temp => ":1FA4C06F" ADS Removed successfully..
C:\ProgramData\Temp => ":206470A5" ADS Removed successfully..
C:\ProgramData\Temp => ":20ABE827" ADS Removed successfully..
C:\ProgramData\Temp => ":20E1FC41" ADS Removed successfully..
C:\ProgramData\Temp => ":2211E7A0" ADS Removed successfully..
C:\ProgramData\Temp => ":2216A431" ADS Removed successfully..
C:\ProgramData\Temp => ":2339C9FD" ADS Removed successfully..
C:\ProgramData\Temp => ":236FF5C6" ADS Removed successfully..
C:\ProgramData\Temp => ":24391EC1" ADS Removed successfully..
C:\ProgramData\Temp => ":258D2F8B" ADS Removed successfully..
C:\ProgramData\Temp => ":26499772" ADS Removed successfully..
C:\ProgramData\Temp => ":2680DDD5" ADS Removed successfully..
C:\ProgramData\Temp => ":268A5068" ADS Removed successfully..
C:\ProgramData\Temp => ":26A148EB" ADS Removed successfully..
C:\ProgramData\Temp => ":2701988C" ADS Removed successfully..
C:\ProgramData\Temp => ":27A88EF2" ADS Removed successfully..
C:\ProgramData\Temp => ":27F44544" ADS Removed successfully..
C:\ProgramData\Temp => ":282CE153" ADS Removed successfully..
C:\ProgramData\Temp => ":28819F45" ADS Removed successfully..
C:\ProgramData\Temp => ":29629382" ADS Removed successfully..
C:\ProgramData\Temp => ":29F0CA7D" ADS Removed successfully..
C:\ProgramData\Temp => ":2AE74FF9" ADS Removed successfully..
C:\ProgramData\Temp => ":2B5C4773" ADS Removed successfully..
C:\ProgramData\Temp => ":2B9555D8" ADS Removed successfully..
C:\ProgramData\Temp => ":2BFBA0B7" ADS Removed successfully..
C:\ProgramData\Temp => ":2C678471" ADS Removed successfully..
C:\ProgramData\Temp => ":2C84CA43" ADS Removed successfully..
C:\ProgramData\Temp => ":2CA4B471" ADS Removed successfully..
C:\ProgramData\Temp => ":2CB9631F" ADS Removed successfully..
C:\ProgramData\Temp => ":2D3CB929" ADS Removed successfully..
C:\ProgramData\Temp => ":2DB4FB78" ADS Removed successfully..
C:\ProgramData\Temp => ":2DF54B62" ADS Removed successfully..
C:\ProgramData\Temp => ":2E3F04BC" ADS Removed successfully..
C:\ProgramData\Temp => ":2E928E6E" ADS Removed successfully..
C:\ProgramData\Temp => ":2F0A4DCE" ADS Removed successfully..
C:\ProgramData\Temp => ":2F360FB3" ADS Removed successfully..
C:\ProgramData\Temp => ":2F717FB3" ADS Removed successfully..
C:\ProgramData\Temp => ":3086B95F" ADS Removed successfully..
C:\ProgramData\Temp => ":30A9192A" ADS Removed successfully..
C:\ProgramData\Temp => ":313F7672" ADS Removed successfully..
C:\ProgramData\Temp => ":3241739E" ADS Removed successfully..
C:\ProgramData\Temp => ":32D2A239" ADS Removed successfully..
C:\ProgramData\Temp => ":3393A1CA" ADS Removed successfully..
C:\ProgramData\Temp => ":353212A0" ADS Removed successfully..
C:\ProgramData\Temp => ":35629AE6" ADS Removed successfully..
C:\ProgramData\Temp => ":3651A580" ADS Removed successfully..
C:\ProgramData\Temp => ":370E4EFB" ADS Removed successfully..
C:\ProgramData\Temp => ":371060CE" ADS Removed successfully..
C:\ProgramData\Temp => ":371A321E" ADS Removed successfully..
C:\ProgramData\Temp => ":37C279BE" ADS Removed successfully..
C:\ProgramData\Temp => ":38534D53" ADS Removed successfully..
C:\ProgramData\Temp => ":38A0E181" ADS Removed successfully..
C:\ProgramData\Temp => ":38FF076E" ADS Removed successfully..
C:\ProgramData\Temp => ":3969ACF7" ADS Removed successfully..
C:\ProgramData\Temp => ":397D67BA" ADS Removed successfully..
C:\ProgramData\Temp => ":39DC8D60" ADS Removed successfully..
C:\ProgramData\Temp => ":39EDBD33" ADS Removed successfully..
C:\ProgramData\Temp => ":3A4676D7" ADS Removed successfully..
C:\ProgramData\Temp => ":3A7527E8" ADS Removed successfully..
C:\ProgramData\Temp => ":3ABC38E6" ADS Removed successfully..
C:\ProgramData\Temp => ":3AD6342E" ADS Removed successfully..
C:\ProgramData\Temp => ":3B454A5C" ADS Removed successfully..
C:\ProgramData\Temp => ":3C0887BF" ADS Removed successfully..
C:\ProgramData\Temp => ":3D3F1635" ADS Removed successfully..
C:\ProgramData\Temp => ":3D507E52" ADS Removed successfully..
C:\ProgramData\Temp => ":3DB6F365" ADS Removed successfully..
C:\ProgramData\Temp => ":3E0674EA" ADS Removed successfully..
C:\ProgramData\Temp => ":3F266659" ADS Removed successfully..
C:\ProgramData\Temp => ":401CAF8F" ADS Removed successfully..
C:\ProgramData\Temp => ":40EE25BB" ADS Removed successfully..
C:\ProgramData\Temp => ":4149A170" ADS Removed successfully..
C:\ProgramData\Temp => ":432EC713" ADS Removed successfully..
C:\ProgramData\Temp => ":43D2A298" ADS Removed successfully..
C:\ProgramData\Temp => ":43F5FA9D" ADS Removed successfully..
C:\ProgramData\Temp => ":447856CD" ADS Removed successfully..
C:\ProgramData\Temp => ":45912F61" ADS Removed successfully..
C:\ProgramData\Temp => ":46A2F27B" ADS Removed successfully..
C:\ProgramData\Temp => ":479B1CF9" ADS Removed successfully..
C:\ProgramData\Temp => ":48897D41" ADS Removed successfully..
C:\ProgramData\Temp => ":491270B8" ADS Removed successfully..
C:\ProgramData\Temp => ":49EB69E2" ADS Removed successfully..
C:\ProgramData\Temp => ":4A2862FF" ADS Removed successfully..
C:\ProgramData\Temp => ":4A906D4A" ADS Removed successfully..
C:\ProgramData\Temp => ":4C3504B5" ADS Removed successfully..
C:\ProgramData\Temp => ":4C3D5A8B" ADS Removed successfully..
C:\ProgramData\Temp => ":4C5C1DD3" ADS Removed successfully..
C:\ProgramData\Temp => ":4C8FA829" ADS Removed successfully..
C:\ProgramData\Temp => ":4C9782FB" ADS Removed successfully..
C:\ProgramData\Temp => ":4D6B6072" ADS Removed successfully..
C:\ProgramData\Temp => ":4D729D61" ADS Removed successfully..
C:\ProgramData\Temp => ":4DDE401B" ADS Removed successfully..
C:\ProgramData\Temp => ":4F49DA66" ADS Removed successfully..
C:\ProgramData\Temp => ":4F7FE589" ADS Removed successfully..
C:\ProgramData\Temp => ":506698B2" ADS Removed successfully..
C:\ProgramData\Temp => ":5106F19A" ADS Removed successfully..
C:\ProgramData\Temp => ":512E1728" ADS Removed successfully..
C:\ProgramData\Temp => ":52329B88" ADS Removed successfully..
C:\ProgramData\Temp => ":52641FBE" ADS Removed successfully..
C:\ProgramData\Temp => ":52C24010" ADS Removed successfully..
C:\ProgramData\Temp => ":52E5A75A" ADS Removed successfully..
C:\ProgramData\Temp => ":53F09A92" ADS Removed successfully..
C:\ProgramData\Temp => ":56699AAF" ADS Removed successfully..
C:\ProgramData\Temp => ":566B9179" ADS Removed successfully..
C:\ProgramData\Temp => ":569CEE83" ADS Removed successfully..
C:\ProgramData\Temp => ":56C66609" ADS Removed successfully..
C:\ProgramData\Temp => ":57176330" ADS Removed successfully..
C:\ProgramData\Temp => ":57231008" ADS Removed successfully..
C:\ProgramData\Temp => ":574F975B" ADS Removed successfully..
C:\ProgramData\Temp => ":58306E4C" ADS Removed successfully..
C:\ProgramData\Temp => ":59465B40" ADS Removed successfully..
C:\ProgramData\Temp => ":59A6876B" ADS Removed successfully..
C:\ProgramData\Temp => ":5AE33054" ADS Removed successfully..
C:\ProgramData\Temp => ":5C02B7AF" ADS Removed successfully..
C:\ProgramData\Temp => ":5C4A588B" ADS Removed successfully..
C:\ProgramData\Temp => ":5C9A6C78" ADS Removed successfully..
C:\ProgramData\Temp => ":5CBA5665" ADS Removed successfully..
C:\ProgramData\Temp => ":5CE91C67" ADS Removed successfully..
C:\ProgramData\Temp => ":5DB36C47" ADS Removed successfully..
C:\ProgramData\Temp => ":5E05F78B" ADS Removed successfully..
C:\ProgramData\Temp => ":5E481579" ADS Removed successfully..
C:\ProgramData\Temp => ":5E73E1C2" ADS Removed successfully..
C:\ProgramData\Temp => ":600F6768" ADS Removed successfully..
C:\ProgramData\Temp => ":605645B0" ADS Removed successfully..
C:\ProgramData\Temp => ":609CAC7C" ADS Removed successfully..
C:\ProgramData\Temp => ":60E0AB2A" ADS Removed successfully..
C:\ProgramData\Temp => ":611EAF9F" ADS Removed successfully..
C:\ProgramData\Temp => ":612873B2" ADS Removed successfully..
C:\ProgramData\Temp => ":627153F1" ADS Removed successfully..
C:\ProgramData\Temp => ":63210866" ADS Removed successfully..
C:\ProgramData\Temp => ":634EA293" ADS Removed successfully..
C:\ProgramData\Temp => ":63BA523E" ADS Removed successfully..
C:\ProgramData\Temp => ":63FFB7A0" ADS Removed successfully..
C:\ProgramData\Temp => ":6423D635" ADS Removed successfully..
C:\ProgramData\Temp => ":64E05835" ADS Removed successfully..
C:\ProgramData\Temp => ":658DE22A" ADS Removed successfully..
C:\ProgramData\Temp => ":65949863" ADS Removed successfully..
C:\ProgramData\Temp => ":65AB2A58" ADS Removed successfully..
C:\ProgramData\Temp => ":663B62CA" ADS Removed successfully..
C:\ProgramData\Temp => ":66871744" ADS Removed successfully..
C:\ProgramData\Temp => ":66F19688" ADS Removed successfully..
C:\ProgramData\Temp => ":67A91473" ADS Removed successfully..
C:\ProgramData\Temp => ":67B6E7FA" ADS Removed successfully..
C:\ProgramData\Temp => ":67CF910D" ADS Removed successfully..
C:\ProgramData\Temp => ":68DE552E" ADS Removed successfully..
C:\ProgramData\Temp => ":69F562A6" ADS Removed successfully..
C:\ProgramData\Temp => ":6A4DFD85" ADS Removed successfully..
C:\ProgramData\Temp => ":6A9EDD31" ADS Removed successfully..
C:\ProgramData\Temp => ":6B7447D4" ADS Removed successfully..
C:\ProgramData\Temp => ":6B8AB6FB" ADS Removed successfully..
C:\ProgramData\Temp => ":6BEADDC0" ADS Removed successfully..
C:\ProgramData\Temp => ":6BF0805F" ADS Removed successfully..
C:\ProgramData\Temp => ":6BFA43EB" ADS Removed successfully..
C:\ProgramData\Temp => ":6CB8F7A9" ADS Removed successfully..
C:\ProgramData\Temp => ":6DDBB86B" ADS Removed successfully..
C:\ProgramData\Temp => ":6DDFD746" ADS Removed successfully..
C:\ProgramData\Temp => ":6E11933F" ADS Removed successfully..
C:\ProgramData\Temp => ":6E2D80C8" ADS Removed successfully..
C:\ProgramData\Temp => ":6E39144C" ADS Removed successfully..
C:\ProgramData\Temp => ":6E3C585B" ADS Removed successfully..
C:\ProgramData\Temp => ":6EB8C6CD" ADS Removed successfully..
C:\ProgramData\Temp => ":6ECE93A8" ADS Removed successfully..
C:\ProgramData\Temp => ":6EE8565A" ADS Removed successfully..
C:\ProgramData\Temp => ":701FCC18" ADS Removed successfully..
C:\ProgramData\Temp => ":708BB0FA" ADS Removed successfully..
C:\ProgramData\Temp => ":709E81D4" ADS Removed successfully..
C:\ProgramData\Temp => ":71004506" ADS Removed successfully..
C:\ProgramData\Temp => ":71112705" ADS Removed successfully..
C:\ProgramData\Temp => ":716C3D9F" ADS Removed successfully..
C:\ProgramData\Temp => ":71AEFFEB" ADS Removed successfully..
C:\ProgramData\Temp => ":7254CF01" ADS Removed successfully..
C:\ProgramData\Temp => ":72A1B66A" ADS Removed successfully..
C:\ProgramData\Temp => ":73AFBB96" ADS Removed successfully..
C:\ProgramData\Temp => ":74091520" ADS Removed successfully..
C:\ProgramData\Temp => ":751D6870" ADS Removed successfully..
C:\ProgramData\Temp => ":75CC0165" ADS Removed successfully..
C:\ProgramData\Temp => ":774A0E14" ADS Removed successfully..
C:\ProgramData\Temp => ":7804B508" ADS Removed successfully..
C:\ProgramData\Temp => ":79059537" ADS Removed successfully..
C:\ProgramData\Temp => ":7934407E" ADS Removed successfully..
C:\ProgramData\Temp => ":79875988" ADS Removed successfully..
C:\ProgramData\Temp => ":79C6A9CE" ADS Removed successfully..
C:\ProgramData\Temp => ":7A032A04" ADS Removed successfully..
C:\ProgramData\Temp => ":7A530D80" ADS Removed successfully..
C:\ProgramData\Temp => ":7ADB695A" ADS Removed successfully..
C:\ProgramData\Temp => ":7AF9CAEB" ADS Removed successfully..
C:\ProgramData\Temp => ":7B9BB187" ADS Removed successfully..
C:\ProgramData\Temp => ":7BB584AA" ADS Removed successfully..
C:\ProgramData\Temp => ":7BFAAE70" ADS Removed successfully..
C:\ProgramData\Temp => ":7C3760E2" ADS Removed successfully..
C:\ProgramData\Temp => ":7C8AA9A6" ADS Removed successfully..
C:\ProgramData\Temp => ":7D288858" ADS Removed successfully..
C:\ProgramData\Temp => ":7D9B1030" ADS Removed successfully..
C:\ProgramData\Temp => ":7E4E56EA" ADS Removed successfully..
C:\ProgramData\Temp => ":7E802BFF" ADS Removed successfully..
C:\ProgramData\Temp => ":7EC01D6D" ADS Removed successfully..
C:\ProgramData\Temp => ":801ED9DF" ADS Removed successfully..
C:\ProgramData\Temp => ":8118F1F5" ADS Removed successfully..
C:\ProgramData\Temp => ":8318A814" ADS Removed successfully..
C:\ProgramData\Temp => ":84C34762" ADS Removed successfully..
C:\ProgramData\Temp => ":84EBFAE9" ADS Removed successfully..
C:\ProgramData\Temp => ":857BC015" ADS Removed successfully..
C:\ProgramData\Temp => ":864881BF" ADS Removed successfully..
C:\ProgramData\Temp => ":865F21BF" ADS Removed successfully..
C:\ProgramData\Temp => ":8855A119" ADS Removed successfully..
C:\ProgramData\Temp => ":88AFFAC5" ADS Removed successfully..
C:\ProgramData\Temp => ":89FC8EEB" ADS Removed successfully..
C:\ProgramData\Temp => ":8A0EFC75" ADS Removed successfully..
C:\ProgramData\Temp => ":8AC20936" ADS Removed successfully..
C:\ProgramData\Temp => ":8B3C3098" ADS Removed successfully..
C:\ProgramData\Temp => ":8B480195" ADS Removed successfully..
C:\ProgramData\Temp => ":8BE7A048" ADS Removed successfully..
C:\ProgramData\Temp => ":8C12CFCD" ADS Removed successfully..
C:\ProgramData\Temp => ":8C84E358" ADS Removed successfully..
C:\ProgramData\Temp => ":8C8D234C" ADS Removed successfully..
C:\ProgramData\Temp => ":8D565A9B" ADS Removed successfully..
C:\ProgramData\Temp => ":8F1B55BE" ADS Removed successfully..
C:\ProgramData\Temp => ":91FE43FF" ADS Removed successfully..
C:\ProgramData\Temp => ":927EC486" ADS Removed successfully..
C:\ProgramData\Temp => ":92BD9737" ADS Removed successfully..
C:\ProgramData\Temp => ":92FE8A60" ADS Removed successfully..
C:\ProgramData\Temp => ":934CA750" ADS Removed successfully..
C:\ProgramData\Temp => ":95198126" ADS Removed successfully..
C:\ProgramData\Temp => ":9524D821" ADS Removed successfully..
C:\ProgramData\Temp => ":95D421DF" ADS Removed successfully..
C:\ProgramData\Temp => ":961B84C5" ADS Removed successfully..
C:\ProgramData\Temp => ":9758CFB3" ADS Removed successfully..
C:\ProgramData\Temp => ":97BDBF49" ADS Removed successfully..
C:\ProgramData\Temp => ":98BD93BF" ADS Removed successfully..
C:\ProgramData\Temp => ":98DFF516" ADS Removed successfully..
C:\ProgramData\Temp => ":9968F0E2" ADS Removed successfully..
C:\ProgramData\Temp => ":99AC3203" ADS Removed successfully..
C:\ProgramData\Temp => ":9A24FE7D" ADS Removed successfully..
C:\ProgramData\Temp => ":9A88B65D" ADS Removed successfully..
C:\ProgramData\Temp => ":9C7A32BB" ADS Removed successfully..
C:\ProgramData\Temp => ":9CD7CD43" ADS Removed successfully..
C:\ProgramData\Temp => ":9D03192E" ADS Removed successfully..
C:\ProgramData\Temp => ":9DB67071" ADS Removed successfully..
C:\ProgramData\Temp => ":9E5EA7A3" ADS Removed successfully..
C:\ProgramData\Temp => ":9EDA68BD" ADS Removed successfully..
C:\ProgramData\Temp => ":9EE6560D" ADS Removed successfully..
C:\ProgramData\Temp => ":9F3CEEE6" ADS Removed successfully..
C:\ProgramData\Temp => ":9FCF32A8" ADS Removed successfully..
C:\ProgramData\Temp => ":A039EDF9" ADS Removed successfully..
C:\ProgramData\Temp => ":A05F750A" ADS Removed successfully..
C:\ProgramData\Temp => ":A0921B2C" ADS Removed successfully..
C:\ProgramData\Temp => ":A1023D41" ADS Removed successfully..
C:\ProgramData\Temp => ":A10E88DE" ADS Removed successfully..
C:\ProgramData\Temp => ":A26AFC00" ADS Removed successfully..
C:\ProgramData\Temp => ":A291068E" ADS Removed successfully..
C:\ProgramData\Temp => ":A2B3764A" ADS Removed successfully..
C:\ProgramData\Temp => ":A4BF246C" ADS Removed successfully..
C:\ProgramData\Temp => ":A4E7D25F" ADS Removed successfully..
C:\ProgramData\Temp => ":A6345BDA" ADS Removed successfully..
C:\ProgramData\Temp => ":A69FAA24" ADS Removed successfully..
C:\ProgramData\Temp => ":A6A65B80" ADS Removed successfully..
C:\ProgramData\Temp => ":A6D6E537" ADS Removed successfully..
C:\ProgramData\Temp => ":A6D89509" ADS Removed successfully..
C:\ProgramData\Temp => ":A6E01F67" ADS Removed successfully..
C:\ProgramData\Temp => ":A819A132" ADS Removed successfully..
C:\ProgramData\Temp => ":A88BE334" ADS Removed successfully..
C:\ProgramData\Temp => ":A8DFD30C" ADS Removed successfully..
C:\ProgramData\Temp => ":A900C3A3" ADS Removed successfully..
C:\ProgramData\Temp => ":A9F877BF" ADS Removed successfully..
C:\ProgramData\Temp => ":AA0017FD" ADS Removed successfully..
C:\ProgramData\Temp => ":AAA06E15" ADS Removed successfully..
C:\ProgramData\Temp => ":AABCC5A7" ADS Removed successfully..
C:\ProgramData\Temp => ":AB3339EF" ADS Removed successfully..
C:\ProgramData\Temp => ":AD7A32E9" ADS Removed successfully..
C:\ProgramData\Temp => ":ADFAD95A" ADS Removed successfully..
C:\ProgramData\Temp => ":AE289451" ADS Removed successfully..
C:\ProgramData\Temp => ":AE324BE5" ADS Removed successfully..
C:\ProgramData\Temp => ":AE9351E0" ADS Removed successfully..
C:\ProgramData\Temp => ":AECF4772" ADS Removed successfully..
C:\ProgramData\Temp => ":AFB24B00" ADS Removed successfully..
C:\ProgramData\Temp => ":AFB89C92" ADS Removed successfully..
C:\ProgramData\Temp => ":AFEBAACA" ADS Removed successfully..
C:\ProgramData\Temp => ":B0EA26E5" ADS Removed successfully..
C:\ProgramData\Temp => ":B1381B34" ADS Removed successfully..
C:\ProgramData\Temp => ":B139DDF3" ADS Removed successfully..
C:\ProgramData\Temp => ":B1786630" ADS Removed successfully..
C:\ProgramData\Temp => ":B38BEEEE" ADS Removed successfully..
C:\ProgramData\Temp => ":B3A5945E" ADS Removed successfully..
C:\ProgramData\Temp => ":B60D5127" ADS Removed successfully..
C:\ProgramData\Temp => ":B61767F5" ADS Removed successfully..
C:\ProgramData\Temp => ":B6D84F71" ADS Removed successfully..
C:\ProgramData\Temp => ":B6DD2C7E" ADS Removed successfully..
C:\ProgramData\Temp => ":B6E6C4EA" ADS Removed successfully..
C:\ProgramData\Temp => ":B790962B" ADS Removed successfully..
C:\ProgramData\Temp => ":B8791731" ADS Removed successfully..
C:\ProgramData\Temp => ":BA24E689" ADS Removed successfully..
C:\ProgramData\Temp => ":BAFAD1DF" ADS Removed successfully..
C:\ProgramData\Temp => ":BB1102D7" ADS Removed successfully..
C:\ProgramData\Temp => ":BCFEA004" ADS Removed successfully..
C:\ProgramData\Temp => ":BD34FFC5" ADS Removed successfully..
C:\ProgramData\Temp => ":BD50071F" ADS Removed successfully..
C:\ProgramData\Temp => ":BD84F7D6" ADS Removed successfully..
C:\ProgramData\Temp => ":BE0654D6" ADS Removed successfully..
C:\ProgramData\Temp => ":BE6B5FC3" ADS Removed successfully..
C:\ProgramData\Temp => ":BF6A2C54" ADS Removed successfully..
C:\ProgramData\Temp => ":BF6C4AAC" ADS Removed successfully..
C:\ProgramData\Temp => ":C0A9B815" ADS Removed successfully..
C:\ProgramData\Temp => ":C0BCE04B" ADS Removed successfully..
C:\ProgramData\Temp => ":C2F24DB5" ADS Removed successfully..
C:\ProgramData\Temp => ":C30487EE" ADS Removed successfully..
C:\ProgramData\Temp => ":C36B1175" ADS Removed successfully..
C:\ProgramData\Temp => ":C36F1B98" ADS Removed successfully..
C:\ProgramData\Temp => ":C3A047E3" ADS Removed successfully..
C:\ProgramData\Temp => ":C48905F4" ADS Removed successfully..
C:\ProgramData\Temp => ":C48A983C" ADS Removed successfully..
C:\ProgramData\Temp => ":C5A156B6" ADS Removed successfully..
C:\ProgramData\Temp => ":C6104C4F" ADS Removed successfully..
C:\ProgramData\Temp => ":C76CFF82" ADS Removed successfully..
C:\ProgramData\Temp => ":C7857F06" ADS Removed successfully..
C:\ProgramData\Temp => ":C7F08EA3" ADS Removed successfully..
C:\ProgramData\Temp => ":C82CA1C0" ADS Removed successfully..
C:\ProgramData\Temp => ":C9B27A06" ADS Removed successfully..
C:\ProgramData\Temp => ":CAC06C34" ADS Removed successfully..
C:\ProgramData\Temp => ":CB08ED9D" ADS Removed successfully..
C:\ProgramData\Temp => ":CBAF0C30" ADS Removed successfully..
C:\ProgramData\Temp => ":CD6DF7CC" ADS Removed successfully..
C:\ProgramData\Temp => ":CF1334B0" ADS Removed successfully..
C:\ProgramData\Temp => ":D01ACC06" ADS Removed successfully..
C:\ProgramData\Temp => ":D03C606E" ADS Removed successfully..
C:\ProgramData\Temp => ":D3331ADB" ADS Removed successfully..
C:\ProgramData\Temp => ":D3A89E47" ADS Removed successfully..
C:\ProgramData\Temp => ":D434342F" ADS Removed successfully..
C:\ProgramData\Temp => ":D453E38B" ADS Removed successfully..
C:\ProgramData\Temp => ":D46ECFD5" ADS Removed successfully..
C:\ProgramData\Temp => ":D5BF78B4" ADS Removed successfully..
C:\ProgramData\Temp => ":D5D75FF0" ADS Removed successfully..
C:\ProgramData\Temp => ":D5E3E8C4" ADS Removed successfully..
C:\ProgramData\Temp => ":D61EB62D" ADS Removed successfully..
C:\ProgramData\Temp => ":D621CFB8" ADS Removed successfully..
C:\ProgramData\Temp => ":D6A43EB0" ADS Removed successfully..
C:\ProgramData\Temp => ":D6D084A5" ADS Removed successfully..
C:\ProgramData\Temp => ":D882BE37" ADS Removed successfully..
C:\ProgramData\Temp => ":D8A1AC56" ADS Removed successfully..
C:\ProgramData\Temp => ":D987CB43" ADS Removed successfully..
C:\ProgramData\Temp => ":DA55B48C" ADS Removed successfully..
C:\ProgramData\Temp => ":DA7655EA" ADS Removed successfully..
C:\ProgramData\Temp => ":DB76C881" ADS Removed successfully..
C:\ProgramData\Temp => ":DBB979D4" ADS Removed successfully..
C:\ProgramData\Temp => ":DC0B1070" ADS Removed successfully..
C:\ProgramData\Temp => ":DC9915D2" ADS Removed successfully..
C:\ProgramData\Temp => ":DD04902E" ADS Removed successfully..
C:\ProgramData\Temp => ":DD95E6D9" ADS Removed successfully..
C:\ProgramData\Temp => ":DDF112BD" ADS Removed successfully..
C:\ProgramData\Temp => ":DE875C30" ADS Removed successfully..
C:\ProgramData\Temp => ":E0888117" ADS Removed successfully..
C:\ProgramData\Temp => ":E0A09032" ADS Removed successfully..
C:\ProgramData\Temp => ":E11D90D0" ADS Removed successfully..
C:\ProgramData\Temp => ":E153075C" ADS Removed successfully..
C:\ProgramData\Temp => ":E1610EDC" ADS Removed successfully..
C:\ProgramData\Temp => ":E1E51784" ADS Removed successfully..
C:\ProgramData\Temp => ":E411AA0D" ADS Removed successfully..
C:\ProgramData\Temp => ":E534B4D1" ADS Removed successfully..
C:\ProgramData\Temp => ":E5496666" ADS Removed successfully..
C:\ProgramData\Temp => ":E5B07840" ADS Removed successfully..
C:\ProgramData\Temp => ":E5BA9ADD" ADS Removed successfully..
C:\ProgramData\Temp => ":E6B6120A" ADS Removed successfully..
C:\ProgramData\Temp => ":E6C6EB3B" ADS Removed successfully..
C:\ProgramData\Temp => ":E7B4296D" ADS Removed successfully..
C:\ProgramData\Temp => ":E81603BC" ADS Removed successfully..
C:\ProgramData\Temp => ":E8AEB2BF" ADS Removed successfully..
C:\ProgramData\Temp => ":E8C44CB4" ADS Removed successfully..
C:\ProgramData\Temp => ":E99D1D3C" ADS Removed successfully..
C:\ProgramData\Temp => ":EA7D76BE" ADS Removed successfully..
C:\ProgramData\Temp => ":EA9D8B40" ADS Removed successfully..
C:\ProgramData\Temp => ":EAEE7554" ADS Removed successfully..
C:\ProgramData\Temp => ":EAF954B6" ADS Removed successfully..
C:\ProgramData\Temp => ":EB792F59" ADS Removed successfully..
C:\ProgramData\Temp => ":EB86F355" ADS Removed successfully..
C:\ProgramData\Temp => ":ED4272E5" ADS Removed successfully..
C:\ProgramData\Temp => ":ED51D3ED" ADS Removed successfully..
C:\ProgramData\Temp => ":EFECABA9" ADS Removed successfully..
C:\ProgramData\Temp => ":F039D9FE" ADS Removed successfully..
C:\ProgramData\Temp => ":F123F8B9" ADS Removed successfully..
C:\ProgramData\Temp => ":F1381B87" ADS Removed successfully..
C:\ProgramData\Temp => ":F2327E82" ADS Removed successfully..
C:\ProgramData\Temp => ":F28DF4DC" ADS Removed successfully..
C:\ProgramData\Temp => ":F2E878EB" ADS Removed successfully..
C:\ProgramData\Temp => ":F3591DDB" ADS Removed successfully..
C:\ProgramData\Temp => ":F3A185AE" ADS Removed successfully..
C:\ProgramData\Temp => ":F5E30F6A" ADS Removed successfully..
C:\ProgramData\Temp => ":F5FC5DCE" ADS Removed successfully..
C:\ProgramData\Temp => ":F6CDA594" ADS Removed successfully..
C:\ProgramData\Temp => ":F7BF538D" ADS Removed successfully..
C:\ProgramData\Temp => ":F7F4DC88" ADS Removed successfully..
C:\ProgramData\Temp => ":F816645E" ADS Removed successfully..
C:\ProgramData\Temp => ":F84EC1E0" ADS Removed successfully..
C:\ProgramData\Temp => ":F98E6C67" ADS Removed successfully..
C:\ProgramData\Temp => ":FAB64002" ADS Removed successfully..
C:\ProgramData\Temp => ":FB647F34" ADS Removed successfully..
C:\ProgramData\Temp => ":FBA79096" ADS Removed successfully..
C:\ProgramData\Temp => ":FC414D14" ADS Removed successfully..
C:\ProgramData\Temp => ":FC70A22A" ADS Removed successfully..
C:\ProgramData\Temp => ":FCBEDCFD" ADS Removed successfully..
C:\ProgramData\Temp => ":FD6D11C9" ADS Removed successfully..
C:\ProgramData\Temp => ":FD6DB82C" ADS Removed successfully..
C:\ProgramData\Temp => ":FD786DCA" ADS Removed successfully..
C:\ProgramData\Temp => ":FD8BCF62" ADS Removed successfully..
C:\ProgramData\Temp => ":FDEE14AC" ADS Removed successfully..
C:\ProgramData\Temp => ":FE1665C7" ADS Removed successfully..
C:\ProgramData\Temp => ":FEE00EB9" ADS Removed successfully..
C:\ProgramData\Temp => ":FFC3922F" ADS Removed successfully..
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
HKU\S-1-5-21-1929016561-3404761482-1178114853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
========= End of RemoveProxy: =========
EmptyTemp: => Removed 367.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 18:50:38 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d92f8199328dba478335d1c7d4df00d5
# engine=24110
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-05-31 09:38:03
# local_time=2015-05-31 11:38:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 41973 184739474 0 0
# scanned=252183
# found=7
# cleaned=0
# scan_time=6766
sh=88298E45951890997CD7FF44CCF147A01BD54CFE ft=1 fh=1f862fe9b87c1ee2 vn="Variante von Win32/AdWare.AddLyrics.BA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Re-markit Corp\Re-markit158.dll.vir"
sh=AA026AF5E5180919D5BF1C73FEBE776053C817E7 ft=1 fh=29286da39440377f vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Re-markit Corp\Re-markit_wd.exe.vir"
sh=39DDC9FB5ED2AB87865D5F097E618F7300C209EC ft=1 fh=9a16e3709eb97e57 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Stefanie\Downloads\SpyBot Search Destroy - CHIP-InstallerCHIP-Installer.exe.xBAD"
sh=F3AC96D68C2DBF10829ADEC639382DD25D6D6057 ft=1 fh=abbd31e397996c13 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Stefanie\AppData\Local\nso625F.tmp.vir"
sh=BE875FB661049B0F39E12F8D6CC572E5F3DF40E4 ft=1 fh=c71c0011e48792bc vn="Win32/InstallCore.MF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Stefanie\Downloads\COMPUTER_BILD-Download-Manager_fuer_xero_xl.exe"
sh=6CF8A9F031B45F70BE3E66E7ACC7449CDA15FA34 ft=1 fh=2de4b6f517306153 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Stefanie\Downloads\PDFCreator-1_2_3_setup.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Stefanie\Downloads\PDFCreator-1_7_1_setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 17.0.0.188
Adobe Reader XI
Mozilla Firefox (38.0.1)
Mozilla Thunderbird (31.7.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
01.06.2015, 16:20
| #15 | ||||||||||
| /// TB-Ausbilder | Windows 7 Windows Explorer schließt sich immer Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Users\Stefanie\Downloads\PDFCreator*.exe
C:\Users\Stefanie\Downloads\COMPUTER_BILD-Download-Manager_fuer_xero_xl.exe
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
| Themen zu Windows 7 Windows Explorer schließt sich immer |
| antivir, ausgeführt, bilder, brauche, einfach, erstell, explorer, funktionier, funktioniert, geholfen, geschlossen, gmer, hoffe, log, meldung, nicht mehr, ordner, programm, schließe, schließt, tagen, windows, windows 7, windows explorer, öffnen |
+ R Taste und schreibe Combofix /Uninstall in das 
Linear-Darstellung
