Trojaner-Board - DHL Trojaner - zib heruntergeladen und geöffnet

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - DHL Trojaner - zib heruntergeladen und geöffnet - Datei ist verschwunden (https://www.trojaner-board.de/165235-dhl-trojaner-zib-heruntergeladen-geoeffnet-datei-verschwunden.html)

DHL Trojaner - zib heruntergeladen und geöffnet - Datei ist verschwunden

Hallo,

Ich habe folgendes Problem, das hier wohl schn öfter aufgetaucht ist...

Da ich von der Firma DHL dringend ein Paket erwartet habe und etwas unter Zeitdruck stand, habe ich ein Spam Mail geöffnet und die Sendungsnummer angeklickt, das zib heruntergeladen, entpackt, aber es hat sich nichts geöffnet!

Stutzig wurde ich aber erst als ich im Radio von diesen Spam Mails hörte - erst dann habe ich das betreffende Mail näher unter die Lupe genommen und gesehen, dass der Absender eigentlich ja nicht zu einem DHL-Mail passt.

Folgende Dinge habe ich dann unternommen:
Ein Avira Scan hat nichts gefunden
Malware Bytes hat etwas Verdächtiges gefunden (Logs anbei)

Bin ziemlich verunsichert und hätte gern Tipps bevor ich den Rechner wieder für Überweisungen etc. verwende!

Danke und liebe Grüße
Eva

defogger

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:07 on 17/03/2015 (Eva)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

addition

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015

Ran by Eva at 2015-03-17 20:11:38

Running from C:\Users\Eva\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.68 - NewTech Infosystems)

Acer Crystal Eye webcam Ver:1.1.192.810 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.192.810 - Chicony Electronics Co.,Ltd.)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)

Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen (HKLM-x32\...\Adobe_061850775b1c6d22bf2a145678e05e0) (Version: 1.0 - Adobe Systems Incorporated)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden

Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{DD89CE29-BC88-40C6-A845-E2548682C5D6}) (Version: 1.9.17.06019 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 1.9.17.06019 - Alcor Micro Corp.) Hidden

ATI Catalyst Install Manager (HKLM\...\{75FDB05A-C1C2-CD17-35CE-3C1A454CC79F}) (Version: 3.0.778.0 - ATI Technologies, Inc.)

Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)

AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)

Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)

Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)

Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)

Backup Manager Basic (x32 Version: 2.0.0.68 - NewTech Infosystems) Hidden

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)

CANON IMAGE GATEWAY Registrierungsanleitung (HKLM-x32\...\DV CIG Guide) (Version: 1.0.0.2 - Canon Inc.)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)

Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)

Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)

Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)

Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)

Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)

Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.4.0.7 - Canon Inc.)

Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC8) (Version: 8.1.0.11 - Canon Inc.)

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)

Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.3.0.5 - Canon Inc.)

Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)

Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)

Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)

ccc-core-static (x32 Version: 2010.0825.2205.37769 - Ihr Firmenname) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3216.50 - CyberLink Corp.)

Dropbox (HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

Dropbox (HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)

FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )

Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{AF37F9DE-0726-439E-BC10-43D9195394D0}) (Version: 2.1.26.0 - MAGIX AG)

GlobeTrotter Connect  (HKLM\...\{727E94E5-584F-4463-B4F5-93D3779C610B}_x) (Version: 3.1.0.1162 - Option NV)

GlobeTrotter Connect (Version: 3.1.0.1162 - Option NV) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

ImageMixer 3 SE Ver.3 (HKLM-x32\...\{3A95D49D-0076-4DB7-A91E-0E685DC6D6AD}) (Version: 3.01.012 - PIXELA)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Java(TM) 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)

MAGIX 3D Maker (embeded) (HKLM-x32\...\MAGIX 3D Maker D) (Version: 6.0.0.8 - MAGIX AG)

MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)

MAGIX Speed burnR (HKLM-x32\...\MAGIX Speed burnR D) (Version: 6.0.1.4 - MAGIX AG)

MAGIX Video deluxe 16 Plus 9.0.0.54 (D) (HKLM-x32\...\MAGIX Video deluxe 16 Plus D) (Version: 9.0.0.54 - MAGIX AG)

MAGIX Xtreme Foto Designer 6 (HKLM-x32\...\MAGIX Xtreme Foto Designer 6 D) (Version: 6.0.29.0 - MAGIX AG)

Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

Mozilla Thunderbird 31.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden

OpenMG Limited Patch 4.4-06-13-19-01 (HKLM-x32\...\OpenMG HotFix4.4-05-12-06-01) (Version:  - )

OpenMG Secure Module 4.4.00 (HKLM-x32\...\InstallShield_{CFB17307-B244-4EAD-AE8E-CDAF440477C2}) (Version: 4.4.00.11241 - Sony Corporation)

OpenMG Secure Module 4.4.00 (x32 Version: 4.4.00.11241 - Sony Corporation) Hidden

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden

QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6167 - Realtek Semiconductor Corp.)

Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden

Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.6.0 - Synaptics Incorporated)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

Winamp (HKLM-x32\...\Winamp) (Version: 5.601  - Nullsoft, Inc)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)

Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

XMedia Recode Version 3.1.0.0 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.0.0 - XMedia Recode)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
 

==================== Restore Points  =========================
 

30-01-2015 17:19:48 Windows Update

03-02-2015 12:32:12 Windows Update

11-02-2015 11:12:39 Windows Update

11-02-2015 16:23:23 Windows Update

12-02-2015 11:50:46 Windows Update

17-02-2015 17:30:18 Windows Update

24-02-2015 10:44:44 Windows Update

25-02-2015 14:05:54 Windows Update

28-02-2015 17:23:17 Windows Update

03-03-2015 21:50:17 Windows Update

10-03-2015 19:40:02 Windows Update

10-03-2015 21:58:21 Removed Apple Application Support

10-03-2015 21:59:46 Removed Apple Software Update

10-03-2015 22:25:09 Windows Update

17-03-2015 19:23:55 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {00562950-1AB6-4787-9F95-698353A45364} - System32\Tasks\{DE304A37-6FB1-41F0-8679-054C5B215EE8} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {09481721-841B-4847-BAA9-BDF49F577DD6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {1AB2E2A3-DCE9-4D8B-ADE1-7A0657FEE0BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {1D6BD7DF-E290-49EE-9B0F-8678ACCCDD96} - System32\Tasks\{02E440DE-39D1-4391-A5E8-D8EA4FE7E56F} => C:\Program Files (x86)\AutoCAD 2007\acad.exe [2006-03-05] (Autodesk, Inc.)

Task: {2032AA0E-E028-44FD-BDDE-9E39CEB9C547} - System32\Tasks\{D928662C-B9D0-4D4B-88F7-A150FEEB27CF} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {427A0850-5215-49BE-B0B2-ED97FAB4200F} - System32\Tasks\{B8E24032-8402-41A0-A29D-C11B03A40DB6} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {54B26425-1566-4207-95BA-A61A4D8F04DB} - System32\Tasks\{3CF7244C-C594-41F8-96E8-462945F35BD8} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {7B61547D-64FF-4925-8A97-559C780BC557} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {8890BEE6-7848-4174-8DDC-6264663515E7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)

Task: {89808874-0AA8-4C65-8D87-A3300D156F71} - System32\Tasks\{27D74033-274F-49DA-BC56-3CA53D9D93A8} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe"

Task: {8A762658-9844-4565-84A7-752806063321} - System32\Tasks\{EE47D7D7-AFC3-4871-9D79-96DDD9E9F1F0} => pcalua.exe -a D:\setupss.exe -d D:\

Task: {9B2A1402-E3B4-4EA1-A52D-F58D772D6944} - System32\Tasks\{4F618811-2D81-45E1-8E14-7697DA7D807C} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {A1B92EFF-F154-46C0-AB53-4101D960242C} - System32\Tasks\{D0E2D886-F6D3-42DF-A512-660D2A0553FB} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {A503CE2F-2ACA-4F3B-9485-51B757303D66} - System32\Tasks\{77112960-90F6-4362-BFCB-8732BC5749AC} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {AEE6F3F3-8A46-49D6-84AE-09FD97296B9C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {B0BA692F-CCBD-494D-987C-6E01247EC244} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {D1B3A538-BAF1-48B1-B886-94FA82C0EF37} - System32\Tasks\{BBA698AC-2097-45BA-9E3E-B778781325AE} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {D7F541A6-33DF-4FFD-BDE3-7E956FDC94E8} - System32\Tasks\{8BA187E8-9B66-481D-B36B-D80889DEEBD7} => C:\Program Files (x86)\telering\tele.ring Mobile Internet\tele.ring Mobile Internet.exe

Task: {E11F8D0A-F548-4952-9FD5-F0B23DF75E93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)

Task: {F1548489-60A9-4E7B-B1BF-BE1138C1C61D} - System32\Tasks\{B9E844AD-AEDB-46FD-A8B0-67411A24813F} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: {F8859A01-F181-4682-BC4E-04525FB9A426} - System32\Tasks\{65CC3295-ADA6-4CD1-A804-7A7C0533ADAA} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\Sony\SonicStage\Omgbkup.exe"

Task: {F9EEAC59-0644-436F-AABB-1726F6F074B4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)

Task: {FAE70F97-5144-44CD-9C93-26D6E0A11F93} - System32\Tasks\{E0B885D1-1B04-44A3-9888-BAB2D21CE131} => C:\Program Files (x86)\Sony\SonicStage\Omgjbox.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) ==============
 

2009-08-23 18:24 - 2009-08-23 18:24 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2011-10-24 10:09 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll

2010-06-28 23:20 - 2010-06-28 23:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-06-28 23:12 - 2010-06-28 23:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2015-03-10 22:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2015-03-10 22:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2015-03-10 22:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2015-02-26 19:22 - 2015-02-26 19:22 - 03348080 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll

2015-02-26 19:22 - 2015-02-26 19:22 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll

2015-02-26 19:22 - 2015-02-26 19:22 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 

==================== EXE Association (whitelisted) ===============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 10.0.0.138
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\Services: Adobe Version Cue CS3 => 3

MSCONFIG\Services: Bonjour Service => 2

MSCONFIG\Services: bthserv => 3

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat - Schnellstart.lnk => C:\Windows\pss\Adobe Acrobat - Schnellstart.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk => C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk => C:\Windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageMixer 3 SE Camera Monitor Ver.3.lnk => C:\Windows\pss\ImageMixer 3 SE Camera Monitor Ver.3.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^tele.ring Mobile Internet.lnk => C:\Windows\pss\tele.ring Mobile Internet.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Eva^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Eva^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GlobeTrotter Connect.lnk => C:\Windows\pss\GlobeTrotter Connect.lnk.Startup

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Acrobat 8.0\Acrobat\Acrotray.exe"

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe_ID0EYTHM => C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"

MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

MSCONFIG\startupreg: LManager => C:\Program Files (x86)\Launch Manager\LManager.exe

MSCONFIG\startupreg: Malwarebytes' Anti-Malware => "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

MSCONFIG\startupreg: PLFSetI => C:\Windows\PLFSetI.exe

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

MSCONFIG\startupreg: SsAAD.exe => C:\PROGRA~2\Sony\SONICS~1\SsAAD.exe

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

MSCONFIG\startupreg: TrayServer => C:\PROGRA~2\MAGIX\VIDEO_~1\TrayServer.exe

MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-3025526197-3098601968-4000957393-500 - Administrator - Disabled)

Eva (S-1-5-21-3025526197-3098601968-4000957393-1000 - Administrator - Enabled) => C:\Users\Eva

Gast (S-1-5-21-3025526197-3098601968-4000957393-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-3025526197-3098601968-4000957393-1002 - Limited - Enabled)
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (03/16/2015 07:08:33 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7

Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6718.5000, Zeitstempel: 0x54e45be7

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00037cc5

ID des fehlerhaften Prozesses: 0x1730

Startzeit der fehlerhaften Anwendung: 0xEXCEL.EXE0

Pfad der fehlerhaften Anwendung: EXCEL.EXE1

Pfad des fehlerhaften Moduls: EXCEL.EXE2

Berichtskennung: EXCEL.EXE3
 

Error: (03/15/2015 10:43:30 AM) (Source: VSS) (EventID: 12298) (User: )

Description: Volumeschattenkopie-Dienstfehler: Die E/A-Schreibvorgänge können während des Schattenkopie-Erstellungszeitraums auf Volume "C:\" nicht gespeichert werden.

Der Volumeindex im Schattenkopiesatz ist 0. Fehlerdetails: Offen[0x00000000, Der Vorgang wurde erfolgreich beendet.

], Leerung[0x00000000, Der Vorgang wurde erfolgreich beendet.

], Freigabe[0x80042314, Der Schattenkopieanbieter hat beim Warten auf den Schreibvorgang auf das Volume, von dem eine Schattenkopie erstellt wird, das Zeitlimit überschritten. Ursache hierfür könnte eine durch eine Anwendung oder einen Systemdienst verursachte hohe Aktivität auf dem Volume sein. Wiederholen Sie den Vorgang später, wenn das Volume nicht so stark ausgelastet ist.

], Ausführung[0x00000000, Der Vorgang wurde erfolgreich beendet.

].
 
 

Vorgang:

   Asynchroner Vorgang wird ausgeführt
 

Kontext:

   Aktueller Status: DoSnapshotSet
 

Error: (03/15/2015 10:43:29 AM) (Source: VSS) (EventID: 12310) (User: )

Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.

Fehlerkontext: DeviceIoControl(\\?\Volume{8727b43d-d0e3-11df-a41b-806e6f6e6963} - 0000000000000100,0x0053c010,00000000003FB830,0,00000000003FC840,4096,[0]).
 
 

Vorgang:

   Schattenkopien werden übertragen
 

Kontext:

   Ausführungskontext: System Provider
 

Error: (03/10/2015 00:54:39 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 

Error: (03/10/2015 00:54:03 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (03/10/2015 00:52:45 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.

Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 

Error: (03/06/2015 02:37:21 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (03/06/2015 02:37:21 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (03/06/2015 02:37:21 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (03/05/2015 09:46:12 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
 

System errors:

=============

Error: (03/17/2015 07:14:29 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0
 

Error: (03/17/2015 07:14:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (03/17/2015 07:14:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
 

Error: (03/17/2015 07:13:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (03/17/2015 07:13:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
 

Error: (03/16/2015 09:43:55 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0
 

Error: (03/16/2015 09:39:32 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0
 

Error: (03/16/2015 09:17:00 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0
 

Error: (03/16/2015 08:44:48 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0
 

Error: (03/16/2015 08:20:57 PM) (Source: ipnathlp) (EventID: 31004) (User: )

Description: 0
 
 

Microsoft Office Sessions:

=========================

Error: (03/16/2015 07:08:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1993 seconds with 840 seconds of active time.  This session ended with a crash.
 

Error: (04/06/2013 11:43:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1658 seconds with 960 seconds of active time.  This session ended with a crash.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz

Percentage of memory in use: 48%

Total physical RAM: 3956.5 MB

Available physical RAM: 2032.78 MB

Total Pagefile: 7911.18 MB

Available Pagefile: 5363.88 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (ACER) (Fixed) (Total:230.54 GB) (Free:92.47 GB) NTFS

Drive e: (Daten) (Fixed) (Total:221.94 GB) (Free:27.72 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 13071307)

Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=230.5 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=221.9 GB) - (Type=OF Extended)
 

==================== End Of Log ============================

FRST

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Eva (administrator) on EVA on 17-03-2015 20:09:57

Running from C:\Users\Eva\Downloads

Loaded Profiles: Eva &  (Available profiles: Eva)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-04] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe [960688 2015-02-05] (Adobe Systems Incorporated)

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\...\MountPoints2: {e21edfe0-03ef-11e0-9e3e-207c8f26ac76} - E:\setup.exe AUTORUN=1

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {e21edfe0-03ef-11e0-9e3e-207c8f26ac76} - E:\setup.exe AUTORUN=1

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-11] (Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-11] (Oracle Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Toolbar: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 

FireFox:

========

FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default

FF Homepage: www.zweintopf.net

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-11] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-11] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-12-15] (Apple Inc.)

FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\searchplugins\flickr.xml [2014-03-04]

FF Extension: Avira Browser Safety - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\abs@avira.com [2015-03-09]

FF Extension: Video DownloadHelper - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]

FF Extension: Adblock Plus - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-04] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-04] (Avira Operations GmbH & Co. KG)

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-13] (Autodesk)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)

S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-12] (Macrovision Europe Ltd.) [File not signed]

S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53337 2005-11-24] (Sony Corporation) [File not signed]

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)

S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53337 2005-11-24] (Sony Corporation) [File not signed]

S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-11-24] (Sony Corporation) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-09] (Emsisoft GmbH)

S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [130048 2009-06-11] (Option N.V.)

S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [86528 2009-06-11] (Option N.V.)

S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10496 2009-06-11] (Option N.V.)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-17] (Malwarebytes Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-17 20:09 - 2015-03-17 20:10 - 00018506 _____ () C:\Users\Eva\Downloads\FRST.txt

2015-03-17 20:09 - 2015-03-17 20:10 - 00000000 ____D () C:\FRST

2015-03-17 20:09 - 2015-03-17 20:09 - 02095616 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe

2015-03-17 20:07 - 2015-03-17 20:07 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log

2015-03-17 20:07 - 2015-03-17 20:07 - 00000000 _____ () C:\Users\Eva\defogger_reenable

2015-03-17 20:05 - 2015-03-17 20:05 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe

2015-03-17 19:12 - 2015-03-17 19:12 - 00000370 _____ () C:\Windows\PFRO.log

2015-03-15 14:34 - 2015-03-15 14:34 - 00000747 _____ () C:\Users\Eva\Desktop\Start Emsisoft Emergency Kit.lnk

2015-03-15 14:33 - 2015-03-15 14:34 - 00000000 ____D () C:\EEK

2015-03-15 14:20 - 2015-03-15 14:20 - 01203488 _____ () C:\Users\Eva\Downloads\Emsisoft Emergency Kit - CHIP-Installer.exe

2015-03-15 13:53 - 2015-03-15 14:16 - 00000000 ____D () C:\AdwCleaner

2015-03-15 13:51 - 2015-03-15 13:52 - 02171392 _____ () C:\Users\Eva\Downloads\adwcleaner_4.112.exe

2015-03-10 22:15 - 2015-03-10 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-03-10 22:14 - 2015-03-15 13:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-03-10 22:14 - 2015-03-10 22:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-03-10 22:14 - 2015-03-10 22:14 - 00001399 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2015-03-10 22:14 - 2015-03-10 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2015-03-10 22:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2015-03-10 22:03 - 2015-03-17 19:12 - 00001469 _____ () C:\Windows\setupact.log

2015-03-10 22:03 - 2015-03-10 22:03 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-10 21:57 - 2015-03-10 21:58 - 00015384 _____ () C:\Users\Eva\Documents\cc_20150310_215748.reg

2015-03-10 20:41 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-10 20:41 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-10 20:41 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-10 20:41 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-10 20:41 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-10 20:41 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-10 20:41 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-10 20:41 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-10 20:41 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-10 20:41 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-10 20:41 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-10 20:41 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-10 20:41 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-10 20:41 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-10 20:41 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-10 20:41 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-10 20:41 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-10 20:41 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-10 20:41 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-10 20:41 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-10 20:41 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-10 20:41 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-03-10 20:41 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-03-10 20:41 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-10 20:41 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-10 20:41 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-10 20:41 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-10 20:41 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-10 20:41 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-10 20:41 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-03-10 20:41 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-10 20:41 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-10 20:40 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-10 20:40 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-10 20:40 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-10 20:40 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-10 20:40 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-10 20:40 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-10 20:40 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-10 20:40 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-03-10 20:40 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-03-10 20:40 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-03-10 20:40 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-03-10 20:40 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-03-10 20:40 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-03-10 20:40 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-10 20:40 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-10 20:40 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-10 20:40 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-10 20:40 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-10 20:39 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-10 20:39 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-10 20:39 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-03-10 20:39 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-10 20:39 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-10 20:39 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-10 20:39 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-10 20:39 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-10 20:39 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-10 20:39 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-10 20:39 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-10 20:39 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-10 20:39 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-10 20:39 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-10 20:39 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-10 20:39 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-10 20:39 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-10 20:39 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-10 20:39 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-10 20:39 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-10 20:39 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-10 20:39 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-10 20:39 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-10 20:39 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-10 20:39 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-10 20:39 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-10 20:39 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-10 20:39 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-10 20:39 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-10 20:39 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-10 20:39 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-03-10 20:39 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-03-10 20:39 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-03-10 20:39 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-10 20:39 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-10 20:39 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-10 20:39 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-03-10 20:39 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-03-10 20:39 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-03-10 20:39 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-03-10 20:39 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-10 20:39 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-10 20:39 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-10 20:39 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-10 20:39 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-10 20:39 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-03-10 20:39 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-03-10 20:39 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-10 20:39 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-10 20:39 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-10 20:39 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-10 20:39 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-03-10 20:39 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-10 20:39 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-10 20:39 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-10 20:39 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-10 20:39 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-03-10 20:39 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-10 20:39 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-10 20:36 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-10 20:36 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-06 20:38 - 2015-03-06 20:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-03 21:14 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll

2015-03-03 21:14 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll

2015-03-03 21:14 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

2015-03-03 21:14 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

2015-02-26 19:22 - 2015-02-27 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2015-02-25 14:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls

2015-02-25 14:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls

2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-17 20:07 - 2010-12-10 19:02 - 00000000 ____D () C:\Users\Eva

2015-03-17 20:00 - 2011-01-03 19:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-17 19:55 - 2012-10-12 09:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-17 19:27 - 2010-10-06 01:54 - 01986860 _____ () C:\Windows\WindowsUpdate.log

2015-03-17 19:21 - 2010-10-06 11:44 - 00703230 _____ () C:\Windows\system32\perfh007.dat

2015-03-17 19:21 - 2010-10-06 11:44 - 00150838 _____ () C:\Windows\system32\perfc007.dat

2015-03-17 19:21 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-17 19:21 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-17 19:21 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-17 19:14 - 2015-01-11 17:17 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-17 19:14 - 2013-11-03 14:15 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-03-17 19:12 - 2011-01-03 19:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-17 19:12 - 2009-10-05 22:35 - 00000000 ____D () C:\Windows\DeployWinRE2

2015-03-17 19:12 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-12 09:25 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-03-12 09:25 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-12 09:24 - 2009-07-14 05:45 - 03533672 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-12 09:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-03-12 09:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism

2015-03-10 22:46 - 2010-12-10 20:05 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-10 22:36 - 2013-07-30 20:07 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-10 22:30 - 2010-12-29 09:58 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-10 22:07 - 2015-01-11 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-10 22:07 - 2015-01-11 17:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-10 22:03 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-10 21:57 - 2013-01-04 09:55 - 00000000 ____D () C:\Windows\pss

2015-03-10 18:23 - 2011-02-05 16:36 - 00000000 ___RD () C:\Users\Eva\Dropbox

2015-03-10 18:23 - 2011-02-05 16:33 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\Dropbox

2015-03-10 13:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-03-09 09:29 - 2012-05-08 19:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-06 12:50 - 2012-06-13 16:34 - 00000000 ____D () C:\Users\Eva\Desktop\ZZZ

2015-03-05 10:19 - 2014-08-07 09:31 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-05 10:18 - 2013-02-28 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-03-05 10:18 - 2013-02-28 17:36 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-03-04 14:29 - 2013-05-07 13:03 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-03-04 14:29 - 2013-03-30 21:55 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-03-04 14:29 - 2013-03-30 21:55 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-03-04 14:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing

2015-02-24 14:21 - 2010-12-10 19:25 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\Adobe

2015-02-24 03:17 - 2010-12-12 17:48 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-02-15 19:06 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-02-15 12:35 - 2012-10-08 09:18 - 00000000 ____D () C:\Users\Eva\Desktop\Zugtickets
 

==================== Files in the root of some directories =======
 

2010-12-12 16:23 - 2010-12-12 17:25 - 0006302 _____ () C:\Users\Eva\AppData\Local\Optimizer.txt

2010-09-16 00:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
 

Some content of TEMP:

====================

C:\Users\Eva\AppData\Local\Temp\avgnt.exe

C:\Users\Eva\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfwtqu9.dll

C:\Users\Eva\AppData\Local\Temp\Quarantine.exe

C:\Users\Eva\AppData\Local\Temp\sqlite3.dll
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-05 21:43
 

==================== End Of Log ============================

GMER

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2015-03-17 20:56:22

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB

Running: Gmer-19357.exe; Driver: C:\Users\Eva\AppData\Local\Temp\ugtdapow.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000077141401 2 bytes JMP 76e8b21b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000077141419 2 bytes JMP 76e8b346 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000077141431 2 bytes JMP 76f08ea9 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007714144a 2 bytes CALL 76e648ad C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                               * 9

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000771414dd 2 bytes JMP 76f087a2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000771414f5 2 bytes JMP 76f08978 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007714150d 2 bytes JMP 76f08698 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000077141525 2 bytes JMP 76f08a62 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007714153d 2 bytes JMP 76e7fca8 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000077141555 2 bytes JMP 76e868ef C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007714156d 2 bytes JMP 76f08f61 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000077141585 2 bytes JMP 76f08ac2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007714159d 2 bytes JMP 76f0865c C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000771415b5 2 bytes JMP 76e7fd41 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000771415cd 2 bytes JMP 76e8b2dc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000771416b2 2 bytes JMP 76f08e24 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000771416bd 2 bytes JMP 76f085f1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                          0000000077141401 2 bytes JMP 76e8b21b C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                            0000000077141419 2 bytes JMP 76e8b346 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                          0000000077141431 2 bytes JMP 76f08ea9 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                          000000007714144a 2 bytes CALL 76e648ad C:\Windows\syswow64\KERNEL32.dll

.text  ...                                                                                                                                               * 9

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                             00000000771414dd 2 bytes JMP 76f087a2 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                      00000000771414f5 2 bytes JMP 76f08978 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                             000000007714150d 2 bytes JMP 76f08698 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                      0000000077141525 2 bytes JMP 76f08a62 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                            000000007714153d 2 bytes JMP 76e7fca8 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                 0000000077141555 2 bytes JMP 76e868ef C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                          000000007714156d 2 bytes JMP 76f08f61 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                            0000000077141585 2 bytes JMP 76f08ac2 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                               000000007714159d 2 bytes JMP 76f0865c C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                            00000000771415b5 2 bytes JMP 76e7fd41 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                          00000000771415cd 2 bytes JMP 76e8b2dc C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                      00000000771416b2 2 bytes JMP 76f08e24 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2468] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                      00000000771416bd 2 bytes JMP 76f085f1 C:\Windows\syswow64\KERNEL32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                       0000000077141401 2 bytes JMP 76e8b21b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                         0000000077141419 2 bytes JMP 76e8b346 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                       0000000077141431 2 bytes JMP 76f08ea9 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                       000000007714144a 2 bytes CALL 76e648ad C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                               * 9

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                          00000000771414dd 2 bytes JMP 76f087a2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                   00000000771414f5 2 bytes JMP 76f08978 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                          000000007714150d 2 bytes JMP 76f08698 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                   0000000077141525 2 bytes JMP 76f08a62 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                         000000007714153d 2 bytes JMP 76e7fca8 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                              0000000077141555 2 bytes JMP 76e868ef C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                       000000007714156d 2 bytes JMP 76f08f61 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                         0000000077141585 2 bytes JMP 76f08ac2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                            000000007714159d 2 bytes JMP 76f0865c C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                         00000000771415b5 2 bytes JMP 76e7fd41 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                       00000000771415cd 2 bytes JMP 76e8b2dc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                   00000000771416b2 2 bytes JMP 76f08e24 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[2480] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                   00000000771416bd 2 bytes JMP 76f085f1 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                      0000000077141401 2 bytes JMP 76e8b21b C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                        0000000077141419 2 bytes JMP 76e8b346 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                      0000000077141431 2 bytes JMP 76f08ea9 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                      000000007714144a 2 bytes CALL 76e648ad C:\Windows\syswow64\kernel32.dll

.text  ...                                                                                                                                               * 9

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                         00000000771414dd 2 bytes JMP 76f087a2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                  00000000771414f5 2 bytes JMP 76f08978 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                         000000007714150d 2 bytes JMP 76f08698 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                  0000000077141525 2 bytes JMP 76f08a62 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                        000000007714153d 2 bytes JMP 76e7fca8 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                             0000000077141555 2 bytes JMP 76e868ef C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                      000000007714156d 2 bytes JMP 76f08f61 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                        0000000077141585 2 bytes JMP 76f08ac2 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                           000000007714159d 2 bytes JMP 76f0865c C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                        00000000771415b5 2 bytes JMP 76e7fd41 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                      00000000771415cd 2 bytes JMP 76e8b2dc C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                  00000000771416b2 2 bytes JMP 76f08e24 C:\Windows\syswow64\kernel32.dll

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3668] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                  00000000771416bd 2 bytes JMP 76f085f1 C:\Windows\syswow64\kernel32.dll
 

---- EOF - GMER 2.1 ----

AVIRA,
Scan angehängt, da sonst zu viele Zeichen

Malware Bytes

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 16.03.2015

Suchlauf-Zeit: 18:34:36

Logdatei: log_malwarebytes.txt

Administrator: Ja
 

Version: 2.00.4.1028

Malware Datenbank: v2015.03.16.03

Rootkit Datenbank: v2015.02.25.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Eva
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 357472

Verstrichene Zeit: 43 Min, 16 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente erkannt)
 

Module: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente erkannt)
 

Registrierungswerte: 0

(Keine schädliche Elemente erkannt)
 

Registrierungsdaten: 0

(Keine schädliche Elemente erkannt)
 

Ordner: 0

(Keine schädliche Elemente erkannt)
 

Dateien: 1

PUP.Optional.OpenCandy, C:\Users\Eva\Downloads\winamp5601_full_emusic-7plus_de-de.exe, In Quarantäne, [3ef5c87ed9b1ab8b9673b16032d4ac54], 
 

Physische Sektoren: 0

(Keine schädliche Elemente erkannt)
 
 

(end)

hi,

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

malwarebytes, tdsskiller

Lieber Schrauber,
vielen lieben Dank für deine/eure Hilfe.
Ich hätte noch eine allgemeine Frage: Ich stelle die Verbindung zum Internet über ein WLAN Netzwerk her, an dem auch noch ein anderer Computer hängt. Ist es möglich das nun auch dieser infiziert wurde?

Anbei die Logfiles:

Malwarebytes:

Code:

Malwarebytes Anti-Rootkit BETA 1.09.1.1004

www.malwarebytes.org
 

Database version:

  main:    v2015.03.18.06

  rootkit: v2015.02.25.01
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.17691

Eva :: EVA [administrator]
 

18.03.2015 20:49:42

mbar-log-2015-03-18 (20-49-42).txt
 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 370346

Time elapsed: 35 minute(s), 11 second(s)
 

Memory Processes Detected: 0

(No malicious items detected)
 

Memory Modules Detected: 0

(No malicious items detected)
 

Registry Keys Detected: 0

(No malicious items detected)
 

Registry Values Detected: 0

(No malicious items detected)
 

Registry Data Items Detected: 0

(No malicious items detected)
 

Folders Detected: 0

(No malicious items detected)
 

Files Detected: 0

(No malicious items detected)
 

Physical Sectors Detected: 0

(No malicious items detected)
 

(end)

TDSSKiller

Code:

21:45:59.0994 0x0a78  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04

21:46:05.0784 0x0a78  ============================================================

21:46:05.0785 0x0a78  Current date / time: 2015/03/18 21:46:05.0784

21:46:05.0785 0x0a78  SystemInfo:

21:46:05.0785 0x0a78  

21:46:05.0785 0x0a78  OS Version: 6.1.7601 ServicePack: 1.0

21:46:05.0785 0x0a78  Product type: Workstation

21:46:05.0785 0x0a78  ComputerName: EVA

21:46:05.0785 0x0a78  UserName: Eva

21:46:05.0785 0x0a78  Windows directory: C:\Windows

21:46:05.0785 0x0a78  System windows directory: C:\Windows

21:46:05.0785 0x0a78  Running under WOW64

21:46:05.0785 0x0a78  Processor architecture: Intel x64

21:46:05.0785 0x0a78  Number of processors: 4

21:46:05.0785 0x0a78  Page size: 0x1000

21:46:05.0785 0x0a78  Boot type: Normal boot

21:46:05.0785 0x0a78  ============================================================

21:46:05.0986 0x0a78  KLMD registered as C:\Windows\system32\drivers\95542209.sys

21:46:06.0632 0x0a78  System UUID: {A51230A8-2BBB-04D7-9DB5-EF18A80B72BD}

21:46:08.0301 0x0a78  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:46:08.0310 0x0a78  ============================================================

21:46:08.0310 0x0a78  \Device\Harddisk0\DR0:

21:46:08.0311 0x0a78  MBR partitions:

21:46:08.0311 0x0a78  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A5E800, BlocksNum 0x32000

21:46:08.0311 0x0a78  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1A90800, BlocksNum 0x1CD13830

21:46:08.0327 0x0a78  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1E7A5000, BlocksNum 0x1BBE0800

21:46:08.0327 0x0a78  ============================================================

21:46:08.0363 0x0a78  C: <-> \Device\Harddisk0\DR0\Partition2

21:46:08.0411 0x0a78  E: <-> \Device\Harddisk0\DR0\Partition3

21:46:08.0411 0x0a78  ============================================================

21:46:08.0411 0x0a78  Initialize success

21:46:08.0412 0x0a78  ============================================================

21:47:06.0883 0x1160  ============================================================

21:47:06.0883 0x1160  Scan started

21:47:06.0883 0x1160  Mode: Manual; SigCheck; TDLFS; 

21:47:06.0883 0x1160  ============================================================

21:47:06.0883 0x1160  KSN ping started

21:47:21.0394 0x1160  KSN ping finished: true

21:47:22.0111 0x1160  ================ Scan system memory ========================

21:47:22.0111 0x1160  System memory - ok

21:47:22.0112 0x1160  ================ Scan services =============================

21:47:22.0330 0x1160  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys

21:47:22.0548 0x1160  1394ohci - ok

21:47:22.0637 0x1160  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys

21:47:22.0689 0x1160  ACPI - ok

21:47:22.0726 0x1160  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys

21:47:22.0834 0x1160  AcpiPmi - ok

21:47:22.0967 0x1160  [ 14C23516C990DCD6052152CF034DDE40, 1EC8AAD6AA6D68A17A9D04AECDB716BD0DD4BFF93641BD96D01855AF1232A5FB ] Adobe Version Cue CS3 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe

21:47:23.0001 0x1160  Adobe Version Cue CS3 - ok

21:47:23.0118 0x1160  [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

21:47:23.0149 0x1160  AdobeARMservice - ok

21:47:23.0289 0x1160  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

21:47:23.0327 0x1160  AdobeFlashPlayerUpdateSvc - ok

21:47:23.0410 0x1160  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys

21:47:23.0491 0x1160  adp94xx - ok

21:47:23.0543 0x1160  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys

21:47:23.0604 0x1160  adpahci - ok

21:47:23.0638 0x1160  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys

21:47:23.0673 0x1160  adpu320 - ok

21:47:23.0708 0x1160  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

21:47:24.0079 0x1160  AeLookupSvc - ok

21:47:24.0159 0x1160  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys

21:47:24.0284 0x1160  AFD - ok

21:47:24.0340 0x1160  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys

21:47:24.0371 0x1160  agp440 - ok

21:47:24.0421 0x1160  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe

21:47:24.0488 0x1160  ALG - ok

21:47:24.0540 0x1160  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys

21:47:24.0566 0x1160  aliide - ok

21:47:24.0622 0x1160  [ FF779F9DE1CDF477033858B7681CEDA8, F190057C680F41BEF49FA7BE26A5827C124EC0BFE19D3E21ED93A3287E732D99 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

21:47:24.0753 0x1160  AMD External Events Utility - ok

21:47:24.0809 0x1160  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys

21:47:24.0837 0x1160  amdide - ok

21:47:24.0888 0x1160  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys

21:47:24.0963 0x1160  AmdK8 - ok

21:47:25.0418 0x1160  [ EF2B99DCEE397B45F50594696D7B5339, 568BD4AFD14C32A1602AE98D00A6C05372C0AE48D17CBC9257272A57F72E69D4 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys

21:47:26.0098 0x1160  amdkmdag - ok

21:47:26.0152 0x1160  [ 239DCE60BEE6E1576C803948AB4D54C5, BC346ACD57E9BDBBC4C659B1C9CB4D696A42B2AB3DBC387A169C89D11D15A673 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys

21:47:26.0229 0x1160  amdkmdap - ok

21:47:26.0280 0x1160  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys

21:47:26.0319 0x1160  AmdPPM - ok

21:47:26.0392 0x1160  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys

21:47:26.0428 0x1160  amdsata - ok

21:47:26.0463 0x1160  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys

21:47:26.0504 0x1160  amdsbs - ok

21:47:26.0523 0x1160  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys

21:47:26.0553 0x1160  amdxata - ok

21:47:26.0598 0x1160  [ 391887990CDAA83DE5C56C3FDE966DA1, BC55E21E03B3FE7BBDBB13D56AADB8FBA74F58521AC73B105AD9788E7AE18F0B ] AmUStor         C:\Windows\system32\drivers\AmUStor.SYS

21:47:26.0666 0x1160  AmUStor - ok

21:47:26.0796 0x1160  [ 963F57EDF1A5C72AC66173F3B7CB329B, 0934361B0A55F4C082D70F264FAB5D36BAC482C135275AE552D442E64B3D5C1D ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

21:47:26.0845 0x1160  AntiVirSchedulerService - ok

21:47:26.0929 0x1160  [ 963F57EDF1A5C72AC66173F3B7CB329B, 0934361B0A55F4C082D70F264FAB5D36BAC482C135275AE552D442E64B3D5C1D ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

21:47:26.0971 0x1160  AntiVirService - ok

21:47:27.0075 0x1160  [ 42C4D3A50A7CCAF716002DD594EEA8B1, 7F61EAE058E89F3039F47EB1B171F0C5D694927BEDCB54093C463A4D6665EDC5 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

21:47:27.0145 0x1160  AntiVirWebService - ok

21:47:27.0189 0x1160  [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID           C:\Windows\system32\drivers\appid.sys

21:47:27.0260 0x1160  AppID - ok

21:47:27.0305 0x1160  [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc        C:\Windows\System32\appidsvc.dll

21:47:27.0344 0x1160  AppIDSvc - ok

21:47:27.0407 0x1160  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll

21:47:27.0477 0x1160  Appinfo - ok

21:47:27.0525 0x1160  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys

21:47:27.0559 0x1160  arc - ok

21:47:27.0583 0x1160  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys

21:47:27.0617 0x1160  arcsas - ok

21:47:27.0736 0x1160  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

21:47:27.0789 0x1160  aspnet_state - ok

21:47:27.0826 0x1160  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

21:47:27.0940 0x1160  AsyncMac - ok

21:47:27.0997 0x1160  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys

21:47:28.0022 0x1160  atapi - ok

21:47:28.0212 0x1160  [ E642491F64E58CD5BC8FB8B347DCF65F, D457175EF3A0552CEA3DA78E7116D54BC2BF157857A8B764597B51FB4E29C033 ] athr            C:\Windows\system32\DRIVERS\athrx.sys

21:47:28.0408 0x1160  athr - ok

21:47:28.0474 0x1160  [ FDA1E117A7E880BFF5540D180C06EA87, 061A0AC1DBCF93D568C740BB18A5D76C7FFB1E86AE9339E046E6372EB8B93426 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

21:47:28.0515 0x1160  AtiHDAudioService - ok

21:47:28.0621 0x1160  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

21:47:28.0729 0x1160  AudioEndpointBuilder - ok

21:47:28.0782 0x1160  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll

21:47:28.0859 0x1160  AudioSrv - ok

21:47:28.0951 0x1160  [ 32A5DEFDDC3562BF89D73586F5915B34, 69C501A39EEBB7FD3BAB0F21184288E585750643A0B7D15CB4CC1FCAA0B6ADC5 ] Autodesk Licensing Service C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe

21:47:28.0977 0x1160  Autodesk Licensing Service - ok

21:47:29.0047 0x1160  [ 00BF66D168E1A7AA7E1C9F458BBA0B34, 3D3C42E87B3649819EED685D93417D61EB84FE39B3F4D4943721AE74026DE11B ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

21:47:29.0079 0x1160  avgntflt - ok

21:47:29.0133 0x1160  [ 055D318220DD4593F2A8C8FF83707D36, 93566931D019D4D4C35C3E2E4E9BAF87BEF863E1B40B2B03ED87EF5C28F908DE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

21:47:29.0164 0x1160  avipbb - ok

21:47:29.0256 0x1160  [ ABDAEBEB09E98D13D765A0C57F3FAF88, F9E5F9A13E983BEAF32FA53736FB188280AAA44740696DFB95B8C10E8FEA466D ] Avira.OE.ServiceHost C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

21:47:29.0283 0x1160  Avira.OE.ServiceHost - ok

21:47:29.0357 0x1160  [ 390184FAD8FCC1B6DA25AEBAE928C3B6, 537B0E0FAE080B55D70E990BBA0F7F22903CA340F6A42039BAD617A8ECF59119 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

21:47:29.0386 0x1160  avkmgr - ok

21:47:29.0438 0x1160  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll

21:47:29.0557 0x1160  AxInstSV - ok

21:47:29.0627 0x1160  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys

21:47:29.0741 0x1160  b06bdrv - ok

21:47:29.0791 0x1160  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys

21:47:29.0871 0x1160  b57nd60a - ok

21:47:29.0977 0x1160  [ 9E84A931DBEE0292E38ED672F6293A99, 2945EAF0AC091709E0C5508B45EC343EDE507AC2B08A2D7D64F286D38424CBC4 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys

21:47:30.0164 0x1160  BCM43XX - ok

21:47:30.0201 0x1160  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll

21:47:30.0302 0x1160  BDESVC - ok

21:47:30.0332 0x1160  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys

21:47:30.0451 0x1160  Beep - ok

21:47:30.0547 0x1160  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll

21:47:30.0683 0x1160  BFE - ok

21:47:30.0766 0x1160  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll

21:47:31.0071 0x1160  BITS - ok

21:47:31.0103 0x1160  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys

21:47:31.0138 0x1160  blbdrive - ok

21:47:31.0190 0x1160  [ 73686FE0B2E0469F89FD2075BE724704, 4BC5BBA7ACB5BDA77251B82B9CF16C6A9EBBCC29760860A0F37ABDDF9288143F ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

21:47:31.0226 0x1160  Bonjour Service - detected UnsignedFile.Multi.Generic ( 1 )

21:47:33.0721 0x1160  Detect skipped due to KSN trusted

21:47:33.0721 0x1160  Bonjour Service - ok

21:47:33.0791 0x1160  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

21:47:33.0944 0x1160  bowser - ok

21:47:34.0060 0x1160  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys

21:47:34.0129 0x1160  BrFiltLo - ok

21:47:34.0164 0x1160  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys

21:47:34.0223 0x1160  BrFiltUp - ok

21:47:34.0278 0x1160  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll

21:47:34.0356 0x1160  Browser - ok

21:47:34.0398 0x1160  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys

21:47:34.0483 0x1160  Brserid - ok

21:47:34.0511 0x1160  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys

21:47:34.0567 0x1160  BrSerWdm - ok

21:47:34.0626 0x1160  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys

21:47:34.0681 0x1160  BrUsbMdm - ok

21:47:34.0691 0x1160  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys

21:47:34.0741 0x1160  BrUsbSer - ok

21:47:34.0785 0x1160  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys

21:47:34.0825 0x1160  BTHMODEM - ok

21:47:34.0879 0x1160  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll

21:47:34.0990 0x1160  bthserv - ok

21:47:35.0022 0x1160  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

21:47:35.0136 0x1160  cdfs - ok

21:47:35.0201 0x1160  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys

21:47:35.0243 0x1160  cdrom - ok

21:47:35.0294 0x1160  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll

21:47:35.0410 0x1160  CertPropSvc - ok

21:47:35.0465 0x1160  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys

21:47:35.0529 0x1160  circlass - ok

21:47:35.0668 0x1160  [ B794DCF38C965FA2F93C45A7C3D582C5, 0E483EAF835B85AA4B6F449F9BB68AF0A3EE4192D29CD72F4B812F1E4D9E9A7C ] cleanhlp        C:\EEK\bin\cleanhlp64.sys

21:47:35.0701 0x1160  cleanhlp - ok

21:47:35.0756 0x1160  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys

21:47:35.0825 0x1160  CLFS - ok

21:47:35.0896 0x1160  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

21:47:35.0927 0x1160  clr_optimization_v2.0.50727_32 - ok

21:47:35.0985 0x1160  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

21:47:36.0020 0x1160  clr_optimization_v2.0.50727_64 - ok

21:47:36.0121 0x1160  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

21:47:36.0163 0x1160  clr_optimization_v4.0.30319_32 - ok

21:47:36.0193 0x1160  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

21:47:36.0233 0x1160  clr_optimization_v4.0.30319_64 - ok

21:47:36.0256 0x1160  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

21:47:36.0298 0x1160  CmBatt - ok

21:47:36.0344 0x1160  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys

21:47:36.0369 0x1160  cmdide - ok

21:47:36.0435 0x1160  [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG             C:\Windows\system32\Drivers\cng.sys

21:47:36.0510 0x1160  CNG - ok

21:47:36.0566 0x1160  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

21:47:36.0595 0x1160  Compbatt - ok

21:47:36.0658 0x1160  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys

21:47:36.0728 0x1160  CompositeBus - ok

21:47:36.0755 0x1160  COMSysApp - ok

21:47:36.0788 0x1160  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys

21:47:36.0816 0x1160  crcdisk - ok

21:47:36.0900 0x1160  [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc        C:\Windows\system32\cryptsvc.dll

21:47:36.0976 0x1160  CryptSvc - ok

21:47:37.0049 0x1160  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll

21:47:37.0198 0x1160  DcomLaunch - ok

21:47:37.0239 0x1160  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll

21:47:37.0366 0x1160  defragsvc - ok

21:47:37.0417 0x1160  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

21:47:37.0523 0x1160  DfsC - ok

21:47:37.0599 0x1160  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll

21:47:37.0693 0x1160  Dhcp - ok

21:47:37.0722 0x1160  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys

21:47:37.0829 0x1160  discache - ok

21:47:37.0856 0x1160  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys

21:47:37.0880 0x1160  Disk - ok

21:47:37.0957 0x1160  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll

21:47:38.0014 0x1160  Dnscache - ok

21:47:38.0063 0x1160  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll

21:47:38.0168 0x1160  dot3svc - ok

21:47:38.0219 0x1160  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll

21:47:38.0337 0x1160  DPS - ok

21:47:38.0405 0x1160  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

21:47:38.0478 0x1160  drmkaud - ok

21:47:38.0574 0x1160  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

21:47:38.0704 0x1160  DXGKrnl - ok

21:47:38.0750 0x1160  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll

21:47:38.0855 0x1160  EapHost - ok

21:47:39.0069 0x1160  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys

21:47:39.0398 0x1160  ebdrv - ok

21:47:39.0444 0x1160  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS             C:\Windows\System32\lsass.exe

21:47:39.0505 0x1160  EFS - ok

21:47:39.0608 0x1160  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

21:47:39.0733 0x1160  ehRecvr - ok

21:47:39.0769 0x1160  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe

21:47:39.0843 0x1160  ehSched - ok

21:47:39.0914 0x1160  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys

21:47:39.0994 0x1160  elxstor - ok

21:47:40.0156 0x1160  [ 3EA2C4F68A782839D97B3C83595575B6, D4C3BFD0B6817B73BE9F2378FA946BD1C213A4FB9EB3F7D2C79E9B6D9F895106 ] ePowerSvc       C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

21:47:40.0231 0x1160  ePowerSvc - ok

21:47:40.0272 0x1160  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

21:47:40.0319 0x1160  ErrDev - ok

21:47:40.0382 0x1160  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll

21:47:40.0513 0x1160  EventSystem - ok

21:47:40.0551 0x1160  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys

21:47:40.0676 0x1160  exfat - ok

21:47:40.0763 0x1160  Fabs - ok

21:47:40.0790 0x1160  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

21:47:40.0908 0x1160  fastfat - ok

21:47:41.0000 0x1160  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe

21:47:41.0118 0x1160  Fax - ok

21:47:41.0171 0x1160  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

21:47:41.0213 0x1160  fdc - ok

21:47:41.0251 0x1160  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll

21:47:41.0374 0x1160  fdPHost - ok

21:47:41.0408 0x1160  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll

21:47:41.0519 0x1160  FDResPub - ok

21:47:41.0547 0x1160  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

21:47:41.0573 0x1160  FileInfo - ok

21:47:41.0611 0x1160  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

21:47:41.0709 0x1160  Filetrace - ok

21:47:41.0968 0x1160  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

21:47:42.0264 0x1160  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )

21:47:44.0770 0x1160  Detect skipped due to KSN trusted

21:47:44.0772 0x1160  FirebirdServerMAGIXInstance - ok

21:47:44.0872 0x1160  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

21:47:44.0945 0x1160  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic ( 1 )

21:47:47.0778 0x1160  Detect skipped due to KSN trusted

21:47:47.0778 0x1160  FLEXnet Licensing Service - ok

21:47:47.0845 0x1160  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

21:47:47.0874 0x1160  flpydisk - ok

21:47:47.0923 0x1160  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

21:47:47.0967 0x1160  FltMgr - ok

21:47:48.0078 0x1160  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll

21:47:48.0233 0x1160  FontCache - ok

21:47:48.0299 0x1160  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

21:47:48.0321 0x1160  FontCache3.0.0.0 - ok

21:47:48.0366 0x1160  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys

21:47:48.0397 0x1160  FsDepends - ok

21:47:48.0439 0x1160  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

21:47:48.0466 0x1160  Fs_Rec - ok

21:47:48.0534 0x1160  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys

21:47:48.0584 0x1160  fvevol - ok

21:47:48.0607 0x1160  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys

21:47:48.0637 0x1160  gagp30kx - ok

21:47:48.0724 0x1160  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll

21:47:48.0889 0x1160  gpsvc - ok

21:47:48.0940 0x1160  [ 0191DEE9B9EB7902AF2CF4F67301095D, 9E2E263E84167E1AD3FFCEA84066AF07CD6A653F5D8266A619E4973BC4B25460 ] GREGService     C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

21:47:48.0959 0x1160  GREGService - ok

21:47:49.0014 0x1160  [ DD57207E4742300CE2727400B21D0230, 02F45C7E3381EF6E6B55752ADE3A68B22FD9E1C47C530B06C4C72F5CB3C0684F ] GT72NDISIPXP    C:\Windows\system32\DRIVERS\Gt51Ip.sys

21:47:49.0065 0x1160  GT72NDISIPXP - ok

21:47:49.0096 0x1160  [ DDD79FDCC5DE474E23F94E95625C79AA, 8D59D5F5FD2290F87C244767B01D89761D1CC1B99613ED7B62353B7B58408032 ] GT72UBUS        C:\Windows\system32\DRIVERS\gt72ubus.sys

21:47:49.0142 0x1160  GT72UBUS - ok

21:47:49.0177 0x1160  [ D1735D174FA4D42978BC0CF1EDCE85D5, D05F22F29B6BDB25B57BC7C735A261DF94224D3797DBC44D8925CE7D099F8977 ] GTPTSER         C:\Windows\system32\DRIVERS\gtptser.sys

21:47:49.0227 0x1160  GTPTSER - ok

21:47:49.0327 0x1160  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:47:49.0355 0x1160  gupdate - ok

21:47:49.0384 0x1160  [ 51508F0C2476177E50C31B0BBFBF1BDB, 3F62A05181D54711180C8727AC66D624AFA7FC816A4ACC4DC0CFCF2D2DBE7F87 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

21:47:49.0408 0x1160  gupdatem - ok

21:47:49.0439 0x1160  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys

21:47:49.0515 0x1160  hcw85cir - ok

21:47:49.0602 0x1160  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

21:47:49.0692 0x1160  HdAudAddService - ok

21:47:49.0719 0x1160  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys

21:47:49.0763 0x1160  HDAudBus - ok

21:47:49.0801 0x1160  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys

21:47:49.0825 0x1160  HECIx64 - ok

21:47:49.0853 0x1160  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys

21:47:49.0896 0x1160  HidBatt - ok

21:47:49.0917 0x1160  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys

21:47:49.0975 0x1160  HidBth - ok

21:47:49.0991 0x1160  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys

21:47:50.0025 0x1160  HidIr - ok

21:47:50.0055 0x1160  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll

21:47:50.0143 0x1160  hidserv - ok

21:47:50.0199 0x1160  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys

21:47:50.0240 0x1160  HidUsb - ok

21:47:50.0278 0x1160  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll

21:47:50.0382 0x1160  hkmsvc - ok

21:47:50.0430 0x1160  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

21:47:50.0513 0x1160  HomeGroupListener - ok

21:47:50.0563 0x1160  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

21:47:50.0614 0x1160  HomeGroupProvider - ok

21:47:50.0653 0x1160  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys

21:47:50.0680 0x1160  HpSAMD - ok

21:47:50.0763 0x1160  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys

21:47:50.0923 0x1160  HTTP - ok

21:47:50.0962 0x1160  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys

21:47:50.0990 0x1160  hwpolicy - ok

21:47:51.0046 0x1160  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys

21:47:51.0080 0x1160  i8042prt - ok

21:47:51.0140 0x1160  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys

21:47:51.0196 0x1160  iaStor - ok

21:47:51.0245 0x1160  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys

21:47:51.0312 0x1160  iaStorV - ok

21:47:51.0416 0x1160  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

21:47:51.0509 0x1160  idsvc - ok

21:47:51.0559 0x1160  IEEtwCollectorService - ok

21:47:51.0987 0x1160  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys

21:47:52.0548 0x1160  igfx - ok

21:47:52.0579 0x1160  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys

21:47:52.0606 0x1160  iirsp - ok

21:47:52.0681 0x1160  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll

21:47:52.0786 0x1160  IKEEXT - ok

21:47:52.0966 0x1160  [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

21:47:53.0160 0x1160  IntcAzAudAddService - ok

21:47:53.0212 0x1160  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys

21:47:53.0238 0x1160  intelide - ok

21:47:53.0284 0x1160  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

21:47:53.0332 0x1160  intelppm - ok

21:47:53.0367 0x1160  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

21:47:53.0485 0x1160  IPBusEnum - ok

21:47:53.0520 0x1160  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:47:53.0635 0x1160  IpFilterDriver - ok

21:47:53.0705 0x1160  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

21:47:53.0817 0x1160  iphlpsvc - ok

21:47:53.0865 0x1160  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys

21:47:53.0919 0x1160  IPMIDRV - ok

21:47:53.0972 0x1160  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys

21:47:54.0076 0x1160  IPNAT - ok

21:47:54.0093 0x1160  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys

21:47:54.0156 0x1160  IRENUM - ok

21:47:54.0188 0x1160  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

21:47:54.0216 0x1160  isapnp - ok

21:47:54.0258 0x1160  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys

21:47:54.0311 0x1160  iScsiPrt - ok

21:47:54.0383 0x1160  [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys

21:47:54.0441 0x1160  k57nd60a - ok

21:47:54.0459 0x1160  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys

21:47:54.0490 0x1160  kbdclass - ok

21:47:54.0541 0x1160  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

21:47:54.0586 0x1160  kbdhid - ok

21:47:54.0621 0x1160  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso          C:\Windows\system32\lsass.exe

21:47:54.0650 0x1160  KeyIso - ok

21:47:54.0710 0x1160  [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

21:47:54.0745 0x1160  KSecDD - ok

21:47:54.0773 0x1160  [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys

21:47:54.0809 0x1160  KSecPkg - ok

21:47:54.0840 0x1160  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys

21:47:54.0947 0x1160  ksthunk - ok

21:47:54.0994 0x1160  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll

21:47:55.0132 0x1160  KtmRm - ok

21:47:55.0184 0x1160  [ 2AC603C3188C704CFCE353659AA7AD71, 0DAC2E8858221145FA35883BAE0D6484E60EB624158DE9F063FF209951CD1CDF ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys

21:47:55.0217 0x1160  L1E - ok

21:47:55.0267 0x1160  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll

21:47:55.0399 0x1160  LanmanServer - ok

21:47:55.0452 0x1160  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

21:47:55.0572 0x1160  LanmanWorkstation - ok

21:47:55.0616 0x1160  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

21:47:55.0731 0x1160  lltdio - ok

21:47:55.0791 0x1160  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

21:47:55.0911 0x1160  lltdsvc - ok

21:47:55.0935 0x1160  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll

21:47:56.0035 0x1160  lmhosts - ok

21:47:56.0123 0x1160  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

21:47:56.0161 0x1160  LMS - ok

21:47:56.0206 0x1160  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys

21:47:56.0241 0x1160  LSI_FC - ok

21:47:56.0253 0x1160  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys

21:47:56.0286 0x1160  LSI_SAS - ok

21:47:56.0311 0x1160  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys

21:47:56.0344 0x1160  LSI_SAS2 - ok

21:47:56.0375 0x1160  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys

21:47:56.0410 0x1160  LSI_SCSI - ok

21:47:56.0443 0x1160  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys

21:47:56.0544 0x1160  luafv - ok

21:47:56.0601 0x1160  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

21:47:56.0638 0x1160  Mcx2Svc - ok

21:47:56.0664 0x1160  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys

21:47:56.0692 0x1160  megasas - ok

21:47:56.0728 0x1160  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys

21:47:56.0777 0x1160  MegaSR - ok

21:47:56.0857 0x1160  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

21:47:56.0883 0x1160  Microsoft Office Groove Audit Service - ok

21:47:56.0916 0x1160  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll

21:47:57.0016 0x1160  MMCSS - ok

21:47:57.0047 0x1160  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys

21:47:57.0142 0x1160  Modem - ok

21:47:57.0163 0x1160  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

21:47:57.0208 0x1160  monitor - ok

21:47:57.0256 0x1160  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

21:47:57.0282 0x1160  mouclass - ok

21:47:57.0318 0x1160  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

21:47:57.0344 0x1160  mouhid - ok

21:47:57.0385 0x1160  [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys

21:47:57.0411 0x1160  mountmgr - ok

21:47:57.0496 0x1160  [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

21:47:57.0523 0x1160  MozillaMaintenance - ok

21:47:57.0561 0x1160  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys

21:47:57.0592 0x1160  mpio - ok

21:47:57.0660 0x1160  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

21:47:57.0757 0x1160  mpsdrv - ok

21:47:57.0844 0x1160  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll

21:47:58.0006 0x1160  MpsSvc - ok

21:47:58.0046 0x1160  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

21:47:58.0118 0x1160  MRxDAV - ok

21:47:58.0164 0x1160  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

21:47:58.0244 0x1160  mrxsmb - ok

21:47:58.0302 0x1160  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:47:58.0372 0x1160  mrxsmb10 - ok

21:47:58.0425 0x1160  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:47:58.0469 0x1160  mrxsmb20 - ok

21:47:58.0503 0x1160  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys

21:47:58.0531 0x1160  msahci - ok

21:47:58.0626 0x1160  [ B490BD0678CB6A4890A86020ED106C75, 7EB16824974F197A7181DDFEC1BD86A220FB6D2AD0217E2D1D1A6101931CCB5C ] MSCSPTISRV      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

21:47:58.0653 0x1160  MSCSPTISRV - detected UnsignedFile.Multi.Generic ( 1 )

21:48:01.0174 0x1160  Detect skipped due to KSN trusted

21:48:01.0174 0x1160  MSCSPTISRV - ok

21:48:01.0227 0x1160  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

21:48:01.0264 0x1160  msdsm - ok

21:48:01.0296 0x1160  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe

21:48:01.0338 0x1160  MSDTC - ok

21:48:01.0381 0x1160  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

21:48:01.0493 0x1160  Msfs - ok

21:48:01.0521 0x1160  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys

21:48:01.0619 0x1160  mshidkmdf - ok

21:48:01.0664 0x1160  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

21:48:01.0688 0x1160  msisadrv - ok

21:48:01.0746 0x1160  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

21:48:01.0855 0x1160  MSiSCSI - ok

21:48:01.0864 0x1160  msiserver - ok

21:48:01.0908 0x1160  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

21:48:01.0992 0x1160  MSKSSRV - ok

21:48:02.0027 0x1160  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

21:48:02.0131 0x1160  MSPCLOCK - ok

21:48:02.0163 0x1160  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

21:48:02.0275 0x1160  MSPQM - ok

21:48:02.0332 0x1160  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

21:48:02.0378 0x1160  MsRPC - ok

21:48:02.0429 0x1160  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys

21:48:02.0451 0x1160  mssmbios - ok

21:48:02.0507 0x1160  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

21:48:02.0582 0x1160  MSTEE - ok

21:48:02.0607 0x1160  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys

21:48:02.0646 0x1160  MTConfig - ok

21:48:02.0662 0x1160  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys

21:48:02.0685 0x1160  Mup - ok

21:48:02.0729 0x1160  [ 6FFECC25B39DC7652A0CEC0ADA9DB589, 927EF066CBBA8353149F8C3B7C4299AC06FED439DA874D25CFB583E5912611A2 ] mwlPSDFilter    C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

21:48:02.0752 0x1160  mwlPSDFilter - ok

21:48:02.0767 0x1160  [ 0BEFE32CA56D6EE89D58175725596A85, E36B9E6159AF7F67D549F7178896CCCB8FC3964531B1DA20CBDD465E632D8FCF ] mwlPSDNServ     C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

21:48:02.0789 0x1160  mwlPSDNServ - ok

21:48:02.0809 0x1160  [ D43BC633B8660463E446E28E14A51262, C55F235B5E08FAC6D70B0FAC737D714E318A93F8E43FF8095B86A76559AF211D ] mwlPSDVDisk     C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

21:48:02.0831 0x1160  mwlPSDVDisk - ok

21:48:02.0904 0x1160  [ 3E5E20817259F7328C8F3BE5421F35B9, 9BF20E1CE75647BF5654AD603BD7D17E36CC0AD15EEAFF4FACE637D235C34190 ] MWLService      C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe

21:48:02.0948 0x1160  MWLService - ok

21:48:03.0018 0x1160  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll

21:48:03.0189 0x1160  napagent - ok

21:48:03.0258 0x1160  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

21:48:03.0338 0x1160  NativeWifiP - ok

21:48:03.0443 0x1160  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys

21:48:03.0521 0x1160  NDIS - ok

21:48:03.0554 0x1160  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys

21:48:03.0645 0x1160  NdisCap - ok

21:48:03.0684 0x1160  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

21:48:03.0768 0x1160  NdisTapi - ok

21:48:03.0822 0x1160  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

21:48:03.0916 0x1160  Ndisuio - ok

21:48:03.0962 0x1160  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

21:48:04.0063 0x1160  NdisWan - ok

21:48:04.0108 0x1160  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

21:48:04.0186 0x1160  NDProxy - ok

21:48:04.0220 0x1160  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

21:48:04.0311 0x1160  NetBIOS - ok

21:48:04.0359 0x1160  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys

21:48:04.0460 0x1160  NetBT - ok

21:48:04.0477 0x1160  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon        C:\Windows\system32\lsass.exe

21:48:04.0500 0x1160  Netlogon - ok

21:48:04.0561 0x1160  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll

21:48:04.0680 0x1160  Netman - ok

21:48:04.0728 0x1160  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:48:04.0767 0x1160  NetMsmqActivator - ok

21:48:04.0795 0x1160  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:48:04.0839 0x1160  NetPipeActivator - ok

21:48:04.0904 0x1160  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll

21:48:05.0035 0x1160  netprofm - ok

21:48:05.0050 0x1160  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:48:05.0091 0x1160  NetTcpActivator - ok

21:48:05.0105 0x1160  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

21:48:05.0145 0x1160  NetTcpPortSharing - ok

21:48:05.0180 0x1160  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys

21:48:05.0210 0x1160  nfrd960 - ok

21:48:05.0257 0x1160  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll

21:48:05.0351 0x1160  NlaSvc - ok

21:48:05.0368 0x1160  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys

21:48:05.0469 0x1160  Npfs - ok

21:48:05.0503 0x1160  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll

21:48:05.0607 0x1160  nsi - ok

21:48:05.0629 0x1160  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

21:48:05.0727 0x1160  nsiproxy - ok

21:48:05.0863 0x1160  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

21:48:06.0010 0x1160  Ntfs - ok

21:48:06.0101 0x1160  [ 9A308FCDCCA98A15B6F62D36A272160E, 3991F70D42C1949067ED48CF4EB815E06360B077F6A2369AC76BF0892C3C33EE ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

21:48:06.0129 0x1160  NTI IScheduleSvc - ok

21:48:06.0173 0x1160  [ 710263B44C1D1AEE07525A53401FBE48, 9E30D956099F42A7F8125664E671AEE49A6EDE0C2B717EC9B4488556A386FA21 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys

21:48:06.0193 0x1160  NTIDrvr - ok

21:48:06.0224 0x1160  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys

21:48:06.0308 0x1160  Null - ok

21:48:06.0351 0x1160  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

21:48:06.0387 0x1160  nvraid - ok

21:48:06.0418 0x1160  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

21:48:06.0458 0x1160  nvstor - ok

21:48:06.0487 0x1160  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

21:48:06.0522 0x1160  nv_agp - ok

21:48:06.0613 0x1160  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

21:48:06.0680 0x1160  odserv - ok

21:48:06.0719 0x1160  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

21:48:06.0762 0x1160  ohci1394 - ok

21:48:06.0826 0x1160  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

21:48:06.0858 0x1160  ose - ok

21:48:06.0905 0x1160  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll

21:48:06.0977 0x1160  p2pimsvc - ok

21:48:07.0027 0x1160  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll

21:48:07.0109 0x1160  p2psvc - ok

21:48:07.0186 0x1160  [ DCACC2FC7DC0A3D7A60BEB81FA233822, 98866D1B93A5EAF2A7B008EACDB56A7CD3E06830F53A86330D5A0319AF8FF938 ] PACSPTISVR      C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

21:48:07.0206 0x1160  PACSPTISVR - detected UnsignedFile.Multi.Generic ( 1 )

21:48:11.0666 0x1160  Detect skipped due to KSN trusted

21:48:11.0666 0x1160  PACSPTISVR - ok

21:48:11.0724 0x1160  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys

21:48:11.0769 0x1160  Parport - ok

21:48:11.0812 0x1160  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

21:48:11.0843 0x1160  partmgr - ok

21:48:11.0886 0x1160  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll

21:48:11.0971 0x1160  PcaSvc - ok

21:48:12.0013 0x1160  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys

21:48:12.0049 0x1160  pci - ok

21:48:12.0078 0x1160  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys

21:48:12.0107 0x1160  pciide - ok

21:48:12.0161 0x1160  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys

21:48:12.0206 0x1160  pcmcia - ok

21:48:12.0237 0x1160  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys

21:48:12.0267 0x1160  pcw - ok

21:48:12.0338 0x1160  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

21:48:12.0424 0x1160  PEAUTH - ok

21:48:12.0510 0x1160  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe

21:48:12.0551 0x1160  PerfHost - ok

21:48:12.0680 0x1160  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll

21:48:12.0897 0x1160  pla - ok

21:48:13.0039 0x1160  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

21:48:13.0146 0x1160  PlugPlay - ok

21:48:13.0168 0x1160  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll

21:48:13.0213 0x1160  PNRPAutoReg - ok

21:48:13.0260 0x1160  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll

21:48:13.0309 0x1160  PNRPsvc - ok

21:48:13.0401 0x1160  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

21:48:13.0538 0x1160  PolicyAgent - ok

21:48:13.0583 0x1160  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll

21:48:13.0696 0x1160  Power - ok

21:48:13.0763 0x1160  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

21:48:13.0877 0x1160  PptpMiniport - ok

21:48:13.0919 0x1160  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys

21:48:13.0970 0x1160  Processor - ok

21:48:14.0016 0x1160  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll

21:48:14.0083 0x1160  ProfSvc - ok

21:48:14.0110 0x1160  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe

21:48:14.0139 0x1160  ProtectedStorage - ok

21:48:14.0194 0x1160  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys

21:48:14.0311 0x1160  Psched - ok

21:48:14.0428 0x1160  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys

21:48:14.0574 0x1160  ql2300 - ok

21:48:14.0625 0x1160  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys

21:48:14.0655 0x1160  ql40xx - ok

21:48:14.0700 0x1160  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll

21:48:14.0765 0x1160  QWAVE - ok

21:48:14.0782 0x1160  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

21:48:14.0840 0x1160  QWAVEdrv - ok

21:48:14.0861 0x1160  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

21:48:14.0982 0x1160  RasAcd - ok

21:48:15.0028 0x1160  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys

21:48:15.0142 0x1160  RasAgileVpn - ok

21:48:15.0178 0x1160  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll

21:48:15.0293 0x1160  RasAuto - ok

21:48:15.0341 0x1160  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

21:48:15.0439 0x1160  Rasl2tp - ok

21:48:15.0485 0x1160  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll

21:48:15.0594 0x1160  RasMan - ok

21:48:15.0628 0x1160  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

21:48:15.0731 0x1160  RasPppoe - ok

21:48:15.0774 0x1160  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

21:48:15.0879 0x1160  RasSstp - ok

21:48:15.0934 0x1160  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

21:48:16.0056 0x1160  rdbss - ok

21:48:16.0092 0x1160  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys

21:48:16.0130 0x1160  rdpbus - ok

21:48:16.0155 0x1160  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

21:48:16.0263 0x1160  RDPCDD - ok

21:48:16.0294 0x1160  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

21:48:16.0405 0x1160  RDPENCDD - ok

21:48:16.0431 0x1160  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys

21:48:16.0528 0x1160  RDPREFMP - ok

21:48:16.0583 0x1160  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

21:48:16.0664 0x1160  RDPWD - ok

21:48:16.0706 0x1160  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys

21:48:16.0743 0x1160  rdyboost - ok

21:48:16.0781 0x1160  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll

21:48:16.0903 0x1160  RemoteAccess - ok

21:48:16.0930 0x1160  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll

21:48:17.0041 0x1160  RemoteRegistry - ok

21:48:17.0069 0x1160  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll

21:48:17.0176 0x1160  RpcEptMapper - ok

21:48:17.0201 0x1160  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe

21:48:17.0251 0x1160  RpcLocator - ok

21:48:17.0324 0x1160  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll

21:48:17.0438 0x1160  RpcSs - ok

21:48:17.0468 0x1160  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

21:48:17.0567 0x1160  rspndr - ok

21:48:17.0588 0x1160  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs           C:\Windows\system32\lsass.exe

21:48:17.0614 0x1160  SamSs - ok

21:48:17.0656 0x1160  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

21:48:17.0686 0x1160  sbp2port - ok

21:48:17.0734 0x1160  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

21:48:17.0861 0x1160  SCardSvr - ok

21:48:17.0901 0x1160  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys

21:48:17.0996 0x1160  scfilter - ok

21:48:18.0098 0x1160  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll

21:48:18.0290 0x1160  Schedule - ok

21:48:18.0337 0x1160  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll

21:48:18.0424 0x1160  SCPolicySvc - ok

21:48:18.0469 0x1160  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

21:48:18.0539 0x1160  SDRSVC - ok

21:48:18.0733 0x1160  [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

21:48:18.0873 0x1160  SDScannerService - ok

21:48:19.0129 0x1160  [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

21:48:19.0287 0x1160  SDUpdateService - ok

21:48:19.0361 0x1160  [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

21:48:19.0393 0x1160  SDWSCService - ok

21:48:19.0429 0x1160  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys

21:48:19.0516 0x1160  secdrv - ok

21:48:19.0548 0x1160  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll

21:48:19.0647 0x1160  seclogon - ok

21:48:19.0685 0x1160  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll

21:48:19.0795 0x1160  SENS - ok

21:48:19.0821 0x1160  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll

21:48:19.0864 0x1160  SensrSvc - ok

21:48:19.0903 0x1160  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

21:48:19.0948 0x1160  Serenum - ok

21:48:19.0975 0x1160  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys

21:48:20.0012 0x1160  Serial - ok

21:48:20.0052 0x1160  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys

21:48:20.0081 0x1160  sermouse - ok

21:48:20.0143 0x1160  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll

21:48:20.0245 0x1160  SessionEnv - ok

21:48:20.0280 0x1160  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

21:48:20.0346 0x1160  sffdisk - ok

21:48:20.0353 0x1160  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

21:48:20.0395 0x1160  sffp_mmc - ok

21:48:20.0402 0x1160  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

21:48:20.0458 0x1160  sffp_sd - ok

21:48:20.0489 0x1160  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys

21:48:20.0534 0x1160  sfloppy - ok

21:48:20.0594 0x1160  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

21:48:20.0701 0x1160  SharedAccess - ok

21:48:20.0763 0x1160  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

21:48:20.0875 0x1160  ShellHWDetection - ok

21:48:20.0897 0x1160  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys

21:48:20.0925 0x1160  SiSRaid2 - ok

21:48:20.0952 0x1160  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys

21:48:20.0979 0x1160  SiSRaid4 - ok

21:48:21.0082 0x1160  [ 050A4112B00BCA2E13314CDE48C1DEEE, 86C679CD494DEEB984372BF954EFBB8982AC7995FBF89FCF83BC228991D1B825 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe

21:48:21.0125 0x1160  SkypeUpdate - ok

21:48:21.0160 0x1160  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

21:48:21.0281 0x1160  Smb - ok

21:48:21.0342 0x1160  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

21:48:21.0394 0x1160  SNMPTRAP - ok

21:48:21.0417 0x1160  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys

21:48:21.0446 0x1160  spldr - ok

21:48:21.0519 0x1160  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe

21:48:21.0627 0x1160  Spooler - ok

21:48:21.0886 0x1160  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe

21:48:22.0273 0x1160  sppsvc - ok

21:48:22.0331 0x1160  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll

21:48:22.0451 0x1160  sppuinotify - ok

21:48:22.0509 0x1160  [ 1B7447278005E38E464B34A7E841D628, CBEF504A8F499753E45FFC34DB25BB7AFCF3F5447A834289626BCFBB2AE4978F ] SPTISRV         C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe

21:48:22.0534 0x1160  SPTISRV - detected UnsignedFile.Multi.Generic ( 1 )

21:48:32.0706 0x1160  SPTISRV ( UnsignedFile.Multi.Generic ) - warning

21:48:36.0227 0x1160  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys

21:48:36.0343 0x1160  srv - ok

21:48:36.0387 0x1160  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

21:48:36.0463 0x1160  srv2 - ok

21:48:36.0494 0x1160  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

21:48:36.0534 0x1160  srvnet - ok

21:48:36.0584 0x1160  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

21:48:36.0686 0x1160  SSDPSRV - ok

21:48:36.0712 0x1160  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll

21:48:36.0801 0x1160  SstpSvc - ok

21:48:36.0835 0x1160  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys

21:48:36.0859 0x1160  stexstor - ok

21:48:36.0924 0x1160  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll

21:48:37.0026 0x1160  stisvc - ok

21:48:37.0062 0x1160  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys

21:48:37.0086 0x1160  swenum - ok

21:48:37.0139 0x1160  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll

21:48:37.0274 0x1160  swprv - ok

21:48:37.0336 0x1160  [ ED6D1424E5B0C21A57B28DD8508D6843, EF3BBBBD376F22520060BC6D637CDF79E2D8B43A95E746FC1463E7CDC407C2D9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys

21:48:37.0394 0x1160  SynTP - ok

21:48:37.0542 0x1160  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll

21:48:37.0742 0x1160  SysMain - ok

21:48:37.0789 0x1160  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

21:48:37.0845 0x1160  TabletInputService - ok

21:48:37.0905 0x1160  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll

21:48:38.0045 0x1160  TapiSrv - ok

21:48:38.0071 0x1160  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll

21:48:38.0184 0x1160  TBS - ok

21:48:38.0334 0x1160  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

21:48:38.0509 0x1160  Tcpip - ok

21:48:38.0639 0x1160  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys

21:48:38.0772 0x1160  TCPIP6 - ok

21:48:38.0859 0x1160  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

21:48:38.0885 0x1160  tcpipreg - ok

21:48:38.0924 0x1160  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

21:48:39.0001 0x1160  TDPIPE - ok

21:48:39.0049 0x1160  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

21:48:39.0077 0x1160  TDTCP - ok

21:48:39.0128 0x1160  [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

21:48:39.0191 0x1160  tdx - ok

21:48:39.0228 0x1160  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys

21:48:39.0258 0x1160  TermDD - ok

21:48:39.0336 0x1160  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll

21:48:39.0469 0x1160  TermService - ok

21:48:39.0508 0x1160  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll

21:48:39.0562 0x1160  Themes - ok

21:48:39.0605 0x1160  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll

21:48:39.0705 0x1160  THREADORDER - ok

21:48:39.0723 0x1160  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll

21:48:39.0849 0x1160  TrkWks - ok

21:48:39.0930 0x1160  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

21:48:40.0023 0x1160  TrustedInstaller - ok

21:48:40.0068 0x1160  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

21:48:40.0107 0x1160  tssecsrv - ok

21:48:40.0168 0x1160  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys

21:48:40.0214 0x1160  TsUsbFlt - ok

21:48:40.0274 0x1160  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

21:48:40.0367 0x1160  tunnel - ok

21:48:40.0400 0x1160  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

21:48:40.0432 0x1160  uagp35 - ok

21:48:40.0465 0x1160  [ 40079B0B801C5432BA435B5AD61CE6E3, 709EFA377470234DE21B03AB50A70C9E9DA8F3D22F026D80340EC69C21595892 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys

21:48:40.0486 0x1160  UBHelper - ok

21:48:40.0540 0x1160  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

21:48:40.0675 0x1160  udfs - ok

21:48:40.0721 0x1160  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe

21:48:40.0755 0x1160  UI0Detect - ok

21:48:40.0776 0x1160  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

21:48:40.0807 0x1160  uliagpkx - ok

21:48:40.0867 0x1160  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys

21:48:40.0900 0x1160  umbus - ok

21:48:40.0930 0x1160  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys

21:48:40.0972 0x1160  UmPass - ok

21:48:41.0199 0x1160  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

21:48:41.0366 0x1160  UNS - ok

21:48:41.0492 0x1160  [ F9EC9ACD504D823D9B9CA98A4F8D3CA2, 58DAD5111C598F14CB199FE6A61FA5918F29513B778A8664FD05EFAB3C665D4F ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe

21:48:41.0522 0x1160  Updater Service - ok

21:48:41.0565 0x1160  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll

21:48:41.0716 0x1160  upnphost - ok

21:48:41.0757 0x1160  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

21:48:41.0812 0x1160  usbccgp - ok

21:48:41.0874 0x1160  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys

21:48:41.0930 0x1160  usbcir - ok

21:48:41.0970 0x1160  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys

21:48:42.0011 0x1160  usbehci - ok

21:48:42.0079 0x1160  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

21:48:42.0140 0x1160  usbhub - ok

21:48:42.0171 0x1160  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys

21:48:42.0216 0x1160  usbohci - ok

21:48:42.0243 0x1160  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

21:48:42.0286 0x1160  usbprint - ok

21:48:42.0329 0x1160  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys

21:48:42.0372 0x1160  usbscan - ok

21:48:42.0407 0x1160  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:48:42.0482 0x1160  USBSTOR - ok

21:48:42.0520 0x1160  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys

21:48:42.0548 0x1160  usbuhci - ok

21:48:42.0621 0x1160  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys

21:48:42.0701 0x1160  usbvideo - ok

21:48:42.0729 0x1160  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll

21:48:42.0831 0x1160  UxSms - ok

21:48:42.0842 0x1160  [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc        C:\Windows\system32\lsass.exe

21:48:42.0872 0x1160  VaultSvc - ok

21:48:42.0905 0x1160  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys

21:48:42.0933 0x1160  vdrvroot - ok

21:48:43.0010 0x1160  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe

21:48:43.0154 0x1160  vds - ok

21:48:43.0191 0x1160  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

21:48:43.0229 0x1160  vga - ok

21:48:43.0244 0x1160  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys

21:48:43.0353 0x1160  VgaSave - ok

21:48:43.0403 0x1160  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys

21:48:43.0439 0x1160  vhdmp - ok

21:48:43.0482 0x1160  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys

21:48:43.0507 0x1160  viaide - ok

21:48:43.0537 0x1160  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

21:48:43.0567 0x1160  volmgr - ok

21:48:43.0633 0x1160  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

21:48:43.0701 0x1160  volmgrx - ok

21:48:43.0738 0x1160  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys

21:48:43.0782 0x1160  volsnap - ok

21:48:43.0817 0x1160  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys

21:48:43.0854 0x1160  vsmraid - ok

21:48:44.0000 0x1160  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe

21:48:44.0239 0x1160  VSS - ok

21:48:44.0263 0x1160  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys

21:48:44.0301 0x1160  vwifibus - ok

21:48:44.0317 0x1160  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys

21:48:44.0372 0x1160  vwififlt - ok

21:48:44.0433 0x1160  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys

21:48:44.0474 0x1160  vwifimp - ok

21:48:44.0526 0x1160  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll

21:48:44.0645 0x1160  W32Time - ok

21:48:44.0676 0x1160  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys

21:48:44.0721 0x1160  WacomPen - ok

21:48:44.0768 0x1160  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys

21:48:44.0854 0x1160  WANARP - ok

21:48:44.0871 0x1160  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

21:48:44.0954 0x1160  Wanarpv6 - ok

21:48:45.0075 0x1160  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe

21:48:45.0193 0x1160  WatAdminSvc - ok

21:48:45.0338 0x1160  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe

21:48:45.0521 0x1160  wbengine - ok

21:48:45.0563 0x1160  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll

21:48:45.0635 0x1160  WbioSrvc - ok

21:48:45.0696 0x1160  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll

21:48:45.0784 0x1160  wcncsvc - ok

21:48:45.0805 0x1160  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

21:48:45.0879 0x1160  WcsPlugInService - ok

21:48:45.0898 0x1160  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys

21:48:45.0923 0x1160  Wd - ok

21:48:46.0005 0x1160  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

21:48:46.0101 0x1160  Wdf01000 - ok

21:48:46.0159 0x1160  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll

21:48:46.0223 0x1160  WdiServiceHost - ok

21:48:46.0233 0x1160  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll

21:48:46.0267 0x1160  WdiSystemHost - ok

21:48:46.0315 0x1160  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll

21:48:46.0416 0x1160  WebClient - ok

21:48:46.0451 0x1160  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll

21:48:46.0587 0x1160  Wecsvc - ok

21:48:46.0618 0x1160  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

21:48:46.0732 0x1160  wercplsupport - ok

21:48:46.0766 0x1160  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll

21:48:46.0857 0x1160  WerSvc - ok

21:48:46.0886 0x1160  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys

21:48:46.0972 0x1160  WfpLwf - ok

21:48:46.0999 0x1160  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys

21:48:47.0025 0x1160  WIMMount - ok

21:48:47.0057 0x1160  WinDefend - ok

21:48:47.0083 0x1160  WinHttpAutoProxySvc - ok

21:48:47.0168 0x1160  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

21:48:47.0286 0x1160  Winmgmt - ok

21:48:47.0448 0x1160  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll

21:48:47.0707 0x1160  WinRM - ok

21:48:47.0787 0x1160  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys

21:48:47.0828 0x1160  WinUsb - ok

21:48:47.0911 0x1160  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll

21:48:48.0033 0x1160  Wlansvc - ok

21:48:48.0078 0x1160  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

21:48:48.0118 0x1160  WmiAcpi - ok

21:48:48.0153 0x1160  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

21:48:48.0212 0x1160  wmiApSrv - ok

21:48:48.0246 0x1160  WMPNetworkSvc - ok

21:48:48.0276 0x1160  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll

21:48:48.0335 0x1160  WPCSvc - ok

21:48:48.0392 0x1160  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

21:48:48.0435 0x1160  WPDBusEnum - ok

21:48:48.0466 0x1160  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

21:48:48.0576 0x1160  ws2ifsl - ok

21:48:48.0610 0x1160  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll

21:48:48.0659 0x1160  wscsvc - ok

21:48:48.0666 0x1160  WSearch - ok

21:48:48.0869 0x1160  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll

21:48:49.0080 0x1160  wuauserv - ok

21:48:49.0188 0x1160  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys

21:48:49.0262 0x1160  WudfPf - ok

21:48:49.0311 0x1160  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

21:48:49.0361 0x1160  WUDFRd - ok

21:48:49.0401 0x1160  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

21:48:49.0432 0x1160  wudfsvc - ok

21:48:49.0487 0x1160  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll

21:48:49.0552 0x1160  WwanSvc - ok

21:48:49.0588 0x1160  ================ Scan global ===============================

21:48:49.0613 0x1160  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

21:48:49.0669 0x1160  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

21:48:49.0701 0x1160  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

21:48:49.0734 0x1160  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

21:48:49.0781 0x1160  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

21:48:49.0802 0x1160  [ Global ] - ok

21:48:49.0803 0x1160  ================ Scan MBR ==================================

21:48:49.0818 0x1160  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

21:48:50.0227 0x1160  \Device\Harddisk0\DR0 - ok

21:48:50.0228 0x1160  ================ Scan VBR ==================================

21:48:50.0233 0x1160  [ 7A346EB23422EDB8E7EEC4A9E19EC375 ] \Device\Harddisk0\DR0\Partition1

21:48:50.0236 0x1160  \Device\Harddisk0\DR0\Partition1 - ok

21:48:50.0241 0x1160  [ 07A908BF05424B152F04D8C75B088014 ] \Device\Harddisk0\DR0\Partition2

21:48:50.0244 0x1160  \Device\Harddisk0\DR0\Partition2 - ok

21:48:50.0291 0x1160  [ 3C58C11AEFD532D9BAB538E7FEA38AB6 ] \Device\Harddisk0\DR0\Partition3

21:48:50.0295 0x1160  \Device\Harddisk0\DR0\Partition3 - ok

21:48:50.0298 0x1160  ================ Scan generic autorun ======================

21:48:50.0298 0x1160  SynTPEnh - ok

21:48:50.0412 0x1160  [ 147B96A5AEA8CEF3A34D8E378EAAA9B2, AC60E8184AC0DF277C26617AAD06F13A315B459AE47D9093161FB3DD652195B1 ] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

21:48:50.0488 0x1160  Acer ePower Management - ok

21:48:51.0215 0x1160  [ 798DF4955D7DE4552706B3ECB65B3C80, C0DD4999D8E5505EBC5ADB2B458339BA1444FE897C8568E872C9F8CCF7C5360B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

21:48:51.0901 0x1160  RtHDVCpl - ok

21:48:52.0044 0x1160  [ 085F30DB0B38903940A4141E675BDC08, 3ABFB79C850D2B1976DB4DEF69AA031C4E18B5E240316908DDD16DEA4050365A ] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

21:48:52.0099 0x1160  avgnt - ok

21:48:52.0171 0x1160  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

21:48:52.0209 0x1160  SunJavaUpdateSched - ok

21:48:52.0268 0x1160  [ 8CB85437667AEDBD8497D2CA85F4A17A, 196F1F3208674944C554624E5DA6A614F8070467E32F0C1BAB9AC409783E5804 ] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

21:48:52.0294 0x1160  Avira Systray - ok

21:48:52.0596 0x1160  [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

21:48:52.0898 0x1160  SDTray - ok

21:48:53.0037 0x1160  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

21:48:53.0197 0x1160  Sidebar - ok

21:48:53.0229 0x1160  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

21:48:53.0279 0x1160  mctadmin - ok

21:48:53.0353 0x1160  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

21:48:53.0458 0x1160  Sidebar - ok

21:48:53.0472 0x1160  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

21:48:53.0518 0x1160  mctadmin - ok

21:48:53.0520 0x1160  Waiting for KSN requests completion. In queue: 107

21:48:54.0520 0x1160  Waiting for KSN requests completion. In queue: 107

21:48:55.0520 0x1160  Waiting for KSN requests completion. In queue: 107

21:48:56.0574 0x1160  AV detected via SS2: Avira Desktop, C:\Program Files (x86)\Avira\AntiVir Desktop\wsctool.exe ( 15.0.8.650 ), 0x40000 ( disabled : updated )

21:48:56.0585 0x1160  Win FW state via NFP2: enabled

21:48:59.0019 0x1160  ============================================================

21:48:59.0019 0x1160  Scan finished

21:48:59.0019 0x1160  ============================================================

21:48:59.0037 0x1564  Detected object count: 1

21:48:59.0037 0x1564  Actual detected object count: 1

21:49:25.0943 0x1564  SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user

21:49:25.0943 0x1564  SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip

Nee da passiert nix :)

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Lieber Schrauber,
nach Deaktiverung von Avira und Spybot habe ich ComboFix gestartet. Das Programm hat behauptet das Spybot noch aktiv ist, habe danach versucht nochmals Spybot zu dekativieren und hoffe das dies gelungen ist. Fehlermeldungen hat es nach dem Neustart des Computers keine gegeben.

Code:

ComboFix 15-03-14.03 - Eva 19.03.2015  19:32:48.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3956.2354 [GMT 1:00]

ausgeführt von:: c:\users\Eva\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Eva\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2015-02-19 bis 2015-03-19  ))))))))))))))))))))))))))))))

.

.

2015-03-18 19:49 . 2015-03-18 20:43        --------        d-----w-        c:\programdata\Malwarebytes' Anti-Malware (portable)

2015-03-17 19:09 . 2015-03-17 19:13        --------        d-----w-        C:\FRST

2015-03-15 13:33 . 2015-03-15 13:34        --------        d-----w-        C:\EEK

2015-03-15 12:53 . 2015-03-15 13:16        --------        d-----w-        C:\AdwCleaner

2015-03-10 21:14 . 2015-03-19 18:28        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2015-03-10 21:14 . 2015-03-19 18:44        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2

2015-03-10 19:40 . 2015-02-03 03:31        215552        ----a-w-        c:\windows\system32\ubpm.dll

2015-03-10 19:39 . 2015-01-17 02:48        1067520        ----a-w-        c:\windows\system32\msctf.dll

2015-03-10 19:36 . 2015-02-04 03:16        465920        ----a-w-        c:\windows\system32\WMPhoto.dll

2015-03-10 19:36 . 2015-02-04 02:54        417792        ----a-w-        c:\windows\SysWow64\WMPhoto.dll

2015-03-03 20:14 . 2015-01-09 03:14        91136        ----a-w-        c:\windows\system32\wdi.dll

2015-03-03 20:14 . 2015-01-09 03:14        950272        ----a-w-        c:\windows\system32\perftrack.dll

2015-03-03 20:14 . 2015-01-09 03:14        29696        ----a-w-        c:\windows\system32\powertracker.dll

2015-03-03 20:14 . 2015-01-09 02:48        76800        ----a-w-        c:\windows\SysWow64\wdi.dll

2015-02-26 18:22 . 2015-02-27 09:51        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird

2015-02-18 08:47 . 2015-02-18 08:47        17323192        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2015-03-18 19:49 . 2015-01-11 16:17        136408        ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys

2015-03-18 19:47 . 2015-01-11 16:16        107736        ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys

2015-03-10 21:30 . 2010-12-29 08:58        122905848        ----a-w-        c:\windows\system32\MRT.exe

2015-03-04 13:29 . 2013-05-07 12:03        44088        ----a-w-        c:\windows\system32\drivers\avnetflt.sys

2015-03-04 13:29 . 2013-03-30 20:55        132120        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2015-03-04 13:29 . 2013-03-30 20:55        128536        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2015-02-24 02:17 . 2010-12-12 16:48        295552        ------w-        c:\windows\system32\MpSigStub.exe

2015-02-17 15:04 . 2015-02-17 15:04        1202848        ----a-w-        c:\windows\SysWow64\FM20.DLL

2015-02-05 09:56 . 2012-10-12 08:05        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2015-02-05 09:56 . 2012-10-12 08:05        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2015-02-04 03:16 . 2015-02-11 10:17        609280        ----a-w-        c:\windows\system32\generaltel.dll

2015-02-04 03:16 . 2015-02-11 10:17        762368        ----a-w-        c:\windows\system32\invagent.dll

2015-02-04 03:16 . 2015-02-11 10:17        414720        ----a-w-        c:\windows\system32\devinv.dll

2015-02-04 03:16 . 2015-02-11 10:17        894976        ----a-w-        c:\windows\system32\appraiser.dll

2015-02-04 03:16 . 2015-02-11 10:17        227328        ----a-w-        c:\windows\system32\aepdu.dll

2015-02-04 03:16 . 2015-02-11 10:17        192000        ----a-w-        c:\windows\system32\aepic.dll

2015-02-04 03:13 . 2015-02-11 10:17        1098752        ----a-w-        c:\windows\system32\aeinv.dll

2015-01-29 09:07 . 2015-03-17 18:25        11910896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F6143E3-A790-4E12-ACAF-DF63DB7388B0}\mpengine.dll

2015-01-27 23:36 . 2015-02-11 10:17        1239720        ----a-w-        c:\windows\system32\aitstatic.exe

2015-01-11 16:45 . 2015-01-11 16:45        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        152544        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:40        120176        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-03-19 704512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]

"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-02-12 127792]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="userinit.exe"

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]

R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]

R3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\DRIVERS\Gt51Ip.sys;c:\windows\SYSNATIVE\DRIVERS\Gt51Ip.sys [x]

R3 GT72UBUS;GT 72 U BUS;c:\windows\system32\DRIVERS\gt72ubus.sys;c:\windows\SYSNATIVE\DRIVERS\gt72ubus.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]

S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2015-03-14 18:02        1061704        ----a-w-        c:\program files (x86)\Google\Chrome\Application\41.0.2272.89\Installer\chrmstp.exe

.

Inhalt des "geplante Tasks" Ordners

.

2015-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-12 09:56]

.

2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03 18:30]

.

2015-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-03 18:30]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        185824        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        185824        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]

@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        185824        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]

@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        185824        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        185824        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]

@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        185824        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        185824        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]

@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]

2015-02-11 01:12        185824        ----a-w-        c:\users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2010-05-27 02:42        137584        ----a-w-        c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = localhost:8080

IE: An vorhandenes PDF anfügen - c:\program files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

TCP: DhcpNameServer = 10.0.0.138

FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\

FF - prefs.js: browser.startup.homepage - www.zweintopf.net

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-Locked - (no file)

SafeBoot-CleanHlp

SafeBoot-CleanHlp.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2015-03-19  19:53:46 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2015-03-19 18:53

.

Vor Suchlauf: 13 Verzeichnis(se), 101.621.833.728 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 101.277.368.320 Bytes frei

.

- - End Of File - - 0FB71CA6DBC693244F19541F3B109E6A

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Lieber schrauber,
wie jeden abend brav gescannt :rofl: - hier die logs:

malware bytes:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 21.03.2015

Suchlauf-Zeit: 20:36:35

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.01.4.1018

Malware Datenbank: v2015.03.21.06

Rootkit Datenbank: v2015.02.25.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Selbstschutz: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: Eva
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 382269

Verstrichene Zeit: 31 Min, 15 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Warnen

PUM: Aktiviert
 

Prozesse: 0

(Keine schädliche Elemente gefunden)
 

Module: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsschlüssel: 0

(Keine schädliche Elemente gefunden)
 

Registrierungswerte: 0

(Keine schädliche Elemente gefunden)
 

Registrierungsdaten: 0

(Keine schädliche Elemente gefunden)
 

Ordner: 0

(Keine schädliche Elemente gefunden)
 

Dateien: 0

(Keine schädliche Elemente gefunden)
 

Physische Sektoren: 0

(Keine schädliche Elemente gefunden)
 
 

(end)

adware cleaner

Code:

# AdwCleaner v4.112 - Bericht erstellt 21/03/2015 um 21:19:03

# Aktualisiert 09/03/2015 von Xplode

# Datenbank : 2015-03-21.2 [Server]

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)

# Benutzername : Eva - EVA

# Gestarted von : C:\Users\Eva\Downloads\adwcleaner_4.112.exe

# Option : Suchlauf
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 
 

***** [ Geplante Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Daten Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080

Schlüssel Gefunden : HKCU\Software\OCS

Schlüssel Gefunden : [x64] HKCU\Software\OCS

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 

***** [ Internetbrowser ] *****
 

-\\ Internet Explorer v11.0.9600.17689
 
 

-\\ Mozilla Firefox v36.0.1 (x86 de)
 

*************************
 

AdwCleaner[R0].txt - [2160 Bytes] - [15/03/2015 13:53:29]

AdwCleaner[R1].txt - [1221 Bytes] - [21/03/2015 21:13:20]

AdwCleaner[R2].txt - [1079 Bytes] - [21/03/2015 21:19:03]

AdwCleaner[S0].txt - [1926 Bytes] - [15/03/2015 14:16:22]
 

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1197 Bytes] ##########

JRT

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.5 (03.17.2015:1)

OS: Windows 7 Home Premium x64

Ran by Eva on 21.03.2015 at 21:27:15,87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 

Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\flexnet"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Eva\AppData\Roaming\mozilla\firefox\profiles\slf41o6j.default\minidumps [344 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21.03.2015 at 21:33:32,27

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Eva (administrator) on EVA on 21-03-2015 21:45:26

Running from C:\Users\Eva\Downloads

Loaded Profiles: Eva &  (Available profiles: Eva)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyServer: [S-1-5-21-3025526197-3098601968-4000957393-1000] => localhost:8080

ProxyServer: [S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0] => localhost:8080

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-11] (Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-11] (Oracle Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Toolbar: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 

FireFox:

========

FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default

FF Homepage: www.zweintopf.net

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-11] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-11] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-12-15] (Apple Inc.)

FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\searchplugins\flickr.xml [2014-03-04]

FF Extension: Avira Browser Safety - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\abs@avira.com [2015-03-09]

FF Extension: Video DownloadHelper - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]

FF Extension: Adblock Plus - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-13] (Autodesk)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)

S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-12] (Macrovision Europe Ltd.) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53337 2005-11-24] (Sony Corporation) [File not signed]

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)

S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53337 2005-11-24] (Sony Corporation) [File not signed]

S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-11-24] (Sony Corporation) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-09] (Emsisoft GmbH)

S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [130048 2009-06-11] (Option N.V.)

S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [86528 2009-06-11] (Option N.V.)

S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10496 2009-06-11] (Option N.V.)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-21 21:33 - 2015-03-21 21:33 - 00000870 _____ () C:\Users\Eva\Desktop\JRT.txt

2015-03-21 21:24 - 2015-03-21 21:24 - 01388672 _____ (Thisisu) C:\Users\Eva\Downloads\JRT.exe

2015-03-21 20:35 - 2015-03-21 20:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-21 20:35 - 2015-03-21 20:35 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-21 20:35 - 2015-03-21 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-21 20:35 - 2015-03-21 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-21 20:35 - 2015-03-21 20:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-21 20:35 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-21 20:35 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-21 20:35 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-21 20:33 - 2015-03-21 20:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-19 19:53 - 2015-03-19 19:53 - 00019274 _____ () C:\ComboFix.txt

2015-03-19 19:29 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-19 19:29 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-19 19:29 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-19 19:29 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-19 19:29 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-19 19:29 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-19 19:29 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-19 19:29 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-19 19:24 - 2015-03-19 19:53 - 00000000 ____D () C:\Qoobox

2015-03-19 19:23 - 2015-03-19 19:50 - 00000000 ____D () C:\Windows\erdnt

2015-03-19 19:20 - 2015-03-19 19:20 - 05615380 ____R (Swearware) C:\Users\Eva\Desktop\ComboFix.exe

2015-03-18 21:45 - 2015-03-18 21:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Eva\Downloads\tdsskiller.exe

2015-03-18 20:49 - 2015-03-18 21:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-03-18 20:47 - 2015-03-18 21:43 - 00000000 ____D () C:\Users\Eva\Desktop\mbar

2015-03-18 20:45 - 2015-03-18 20:46 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Eva\Downloads\mbar-1.09.1.1004.exe

2015-03-17 20:31 - 2015-03-17 20:31 - 527523878 _____ () C:\Windows\MEMORY.DMP

2015-03-17 20:31 - 2015-03-17 20:31 - 00274880 _____ () C:\Windows\Minidump\031715-23181-01.dmp

2015-03-17 20:31 - 2015-03-17 20:31 - 00000000 ____D () C:\Windows\Minidump

2015-03-17 20:14 - 2015-03-17 20:14 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe

2015-03-17 20:11 - 2015-03-17 20:13 - 00039474 _____ () C:\Users\Eva\Downloads\Addition.txt

2015-03-17 20:09 - 2015-03-21 21:45 - 00018047 _____ () C:\Users\Eva\Downloads\FRST.txt

2015-03-17 20:09 - 2015-03-21 21:45 - 00000000 ____D () C:\FRST

2015-03-17 20:09 - 2015-03-17 20:09 - 02095616 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe

2015-03-17 20:07 - 2015-03-17 20:07 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log

2015-03-17 20:07 - 2015-03-17 20:07 - 00000000 _____ () C:\Users\Eva\defogger_reenable

2015-03-17 20:05 - 2015-03-17 20:05 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe

2015-03-17 19:12 - 2015-03-19 19:44 - 00004786 _____ () C:\Windows\PFRO.log

2015-03-15 14:34 - 2015-03-15 14:34 - 00000747 _____ () C:\Users\Eva\Desktop\Start Emsisoft Emergency Kit.lnk

2015-03-15 14:33 - 2015-03-15 14:34 - 00000000 ____D () C:\EEK

2015-03-15 14:20 - 2015-03-15 14:20 - 01203488 _____ () C:\Users\Eva\Downloads\Emsisoft Emergency Kit - CHIP-Installer.exe

2015-03-15 13:53 - 2015-03-21 21:21 - 00000000 ____D () C:\AdwCleaner

2015-03-15 13:51 - 2015-03-21 21:12 - 02171392 _____ () C:\Users\Eva\Downloads\adwcleaner_4.112.exe

2015-03-10 22:15 - 2015-03-10 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-03-10 22:14 - 2015-03-19 19:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-03-10 22:14 - 2015-03-19 19:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-03-10 22:03 - 2015-03-21 20:27 - 00002029 _____ () C:\Windows\setupact.log

2015-03-10 22:03 - 2015-03-10 22:03 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-10 21:57 - 2015-03-10 21:58 - 00015384 _____ () C:\Users\Eva\Documents\cc_20150310_215748.reg

2015-03-10 20:41 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-10 20:41 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-10 20:41 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-10 20:41 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-10 20:41 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-10 20:41 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-10 20:41 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-10 20:41 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-10 20:41 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-10 20:41 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-10 20:41 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-10 20:41 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-10 20:41 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-10 20:41 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-10 20:41 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-10 20:41 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-10 20:41 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-10 20:41 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-10 20:41 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-10 20:41 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-10 20:41 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-10 20:41 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-10 20:41 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-10 20:41 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-10 20:41 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-03-10 20:41 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-03-10 20:41 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-10 20:41 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-10 20:41 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-10 20:41 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-10 20:41 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-10 20:41 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-10 20:41 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-10 20:41 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-03-10 20:41 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-10 20:41 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-10 20:40 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-10 20:40 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-10 20:40 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-10 20:40 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-10 20:40 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-10 20:40 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-10 20:40 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-10 20:40 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-10 20:40 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-03-10 20:40 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-03-10 20:40 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-03-10 20:40 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-03-10 20:40 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-03-10 20:40 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-03-10 20:40 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-03-10 20:40 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-10 20:40 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-10 20:40 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-10 20:40 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-10 20:40 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-10 20:39 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-10 20:39 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-10 20:39 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-03-10 20:39 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-10 20:39 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-10 20:39 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-10 20:39 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-10 20:39 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-10 20:39 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-10 20:39 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-10 20:39 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-10 20:39 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-10 20:39 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-10 20:39 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-10 20:39 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-10 20:39 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-10 20:39 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-10 20:39 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-10 20:39 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-10 20:39 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-10 20:39 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-10 20:39 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-10 20:39 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-10 20:39 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-10 20:39 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-10 20:39 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-10 20:39 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-10 20:39 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-10 20:39 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-10 20:39 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-10 20:39 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-03-10 20:39 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-03-10 20:39 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-03-10 20:39 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-10 20:39 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-10 20:39 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-10 20:39 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-03-10 20:39 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-03-10 20:39 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-03-10 20:39 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-03-10 20:39 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-10 20:39 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-10 20:39 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-10 20:39 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-10 20:39 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-10 20:39 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-03-10 20:39 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-03-10 20:39 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-10 20:39 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-10 20:39 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-10 20:39 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-10 20:39 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-03-10 20:39 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-10 20:39 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-10 20:39 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-10 20:39 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-10 20:39 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-03-10 20:39 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-10 20:39 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-10 20:36 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-10 20:36 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-03 21:14 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll

2015-03-03 21:14 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll

2015-03-03 21:14 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

2015-03-03 21:14 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

2015-02-26 19:22 - 2015-02-27 10:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2015-02-25 14:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls

2015-02-25 14:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-21 21:21 - 2012-05-08 19:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-21 21:10 - 2011-01-03 19:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-21 20:55 - 2012-10-12 09:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-21 20:40 - 2010-10-06 01:54 - 01094160 _____ () C:\Windows\WindowsUpdate.log

2015-03-21 20:35 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-21 20:35 - 2009-07-14 05:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-21 20:28 - 2013-11-03 14:15 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-03-21 20:27 - 2011-01-03 19:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-21 20:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-19 19:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2015-03-19 19:45 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini

2015-03-17 22:14 - 2010-12-10 19:02 - 00000000 ____D () C:\Users\Eva

2015-03-17 21:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2015-03-17 19:21 - 2010-10-06 11:44 - 00703230 _____ () C:\Windows\system32\perfh007.dat

2015-03-17 19:21 - 2010-10-06 11:44 - 00150838 _____ () C:\Windows\system32\perfc007.dat

2015-03-17 19:21 - 2009-07-14 06:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-17 19:12 - 2009-10-05 22:35 - 00000000 ____D () C:\Windows\DeployWinRE2

2015-03-12 09:25 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-03-12 09:25 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-12 09:24 - 2009-07-14 05:45 - 03533672 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-12 09:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-03-12 09:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism

2015-03-10 22:46 - 2010-12-10 20:05 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-10 22:36 - 2013-07-30 20:07 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-10 22:30 - 2010-12-29 09:58 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-10 22:03 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-10 21:57 - 2013-01-04 09:55 - 00000000 ____D () C:\Windows\pss

2015-03-10 18:23 - 2011-02-05 16:36 - 00000000 ___RD () C:\Users\Eva\AppData\Dropbox

2015-03-10 18:23 - 2011-02-05 16:33 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\Dropbox

2015-03-10 13:21 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-03-06 12:50 - 2012-06-13 16:34 - 00000000 ____D () C:\Users\Eva\Desktop\ZZZ

2015-03-05 10:19 - 2014-08-07 09:31 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-05 10:18 - 2013-02-28 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-03-05 10:18 - 2013-02-28 17:36 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-03-04 14:29 - 2013-05-07 13:03 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-03-04 14:29 - 2013-03-30 21:55 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-03-04 14:29 - 2013-03-30 21:55 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-03-04 14:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing

2015-02-24 14:21 - 2010-12-10 19:25 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\Adobe

2015-02-24 03:17 - 2010-12-12 17:48 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 

==================== Files in the root of some directories =======
 

2010-12-12 16:23 - 2010-12-12 17:25 - 0006302 _____ () C:\Users\Eva\AppData\Local\Optimizer.txt

2010-09-16 00:41 - 2010-03-02 23:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
 

Some content of TEMP:

====================

C:\Users\Eva\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-17 21:14
 

==================== End Of Log ============================

--- --- ---

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Lieber Schrauber,
ich war die letzten Tage unterwegs und hatte daher keine Zeit zu scannen. Aber heute bin ich wie folgt vorgegangen:
Firewall deaktiviert, Avira deaktivert, und Onlinescan getätigt. (der hat 4 verschiedene Sachen gefunden)
Firewall wieder aktiviert, Avira aktiviert und Securty Check durchgeführt, anschließend FRST
Liebe Grüße
Eva

ESET:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=80a38c808505464994847f819d95c464

# engine=23166

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2015-03-31 12:00:43

# local_time=2015-03-31 02:00:43 (+0100, Mitteleuropäische Sommerzeit)

# country="Austria"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 147137 179433093 0 0

# scanned=331343

# found=4

# cleaned=0

# scan_time=10599

sh=57246C6EDDC5544FEF807A740794BEE0CCFBA7A9 ft=1 fh=0d66ff4474580c1f vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\Emsisoft Emergency Kit - CHIP-Installer.exe"

sh=5018399BA48E7B58586FB89A90487D8E6A260B45 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="E:\ZWEINTOPF\Hompage\www.play-ground.org\index.php"

sh=21C56251C75D3BD0B10865D799285750EB3A4E6F ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="E:\ZWEINTOPF\Hompage\www.play-ground.org\other\pane\index.htm"

sh=2D2508D35E44CD617C3084E11DED806DB6B29CD9 ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="E:\ZWEINTOPF\Hompage\www.play-ground.org\other\spielraum\index.htm"

Security Check

Code:

 Results of screen317's Security Check version 0.99.99  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

Avira Desktop   

 Antivirus up to date!   
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 71  

 Java(TM) 6 Update 23  

 Java version 32-bit out of Date! 

  Adobe Flash Player 16.0.0.305 Flash Player out of Date!  

 Adobe Reader XI  

 Mozilla Firefox (36.0.4) 

 Mozilla Thunderbird (31.5.0) 

 Google Chrome (41.0.2272.101) 

 Google Chrome (41.0.2272.89) 
 ````````Process Check: objlist.exe by Laurent````````  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Eva (administrator) on EVA on 31-03-2015 20:27:47

Running from C:\Users\Eva\Downloads

Loaded Profiles: Eva (Available profiles: Eva)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

BootExecute: autocheck autochk * sdnclean64.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

ProxyServer: [S-1-5-21-3025526197-3098601968-4000957393-1000] => localhost:8080

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-01-11] (Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-01-11] (Oracle Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 

FireFox:

========

FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default

FF Homepage: www.zweintopf.net

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-01-11] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-01-11] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-12-15] (Apple Inc.)

FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\searchplugins\flickr.xml [2014-03-04]

FF Extension: Avira Browser Safety - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\abs@avira.com [2015-03-09]

FF Extension: Video DownloadHelper - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]

FF Extension: Adblock Plus - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-13] (Autodesk)

R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)

S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-12] (Macrovision Europe Ltd.) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53337 2005-11-24] (Sony Corporation) [File not signed]

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)

S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53337 2005-11-24] (Sony Corporation) [File not signed]

S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-11-24] (Sony Corporation) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-09] (Emsisoft GmbH)

S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [130048 2009-06-11] (Option N.V.)

S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [86528 2009-06-11] (Option N.V.)

S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10496 2009-06-11] (Option N.V.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-31 20:20 - 2015-03-31 20:20 - 00852607 _____ () C:\Users\Eva\Downloads\SecurityCheck.exe

2015-03-31 10:58 - 2015-03-31 10:58 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-03-29 21:37 - 2015-03-31 10:58 - 02347384 _____ (ESET) C:\Users\Eva\Downloads\esetsmartinstaller_deu.exe

2015-03-24 21:52 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-03-24 21:52 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-03-24 21:52 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-03-24 21:52 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-03-24 21:52 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-03-24 21:52 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-03-24 21:52 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-03-24 21:52 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-03-23 14:08 - 2015-03-23 14:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-21 22:33 - 2015-03-21 22:33 - 00000870 _____ () C:\Users\Eva\Desktop\JRT.txt

2015-03-21 22:24 - 2015-03-21 22:24 - 01388672 _____ (Thisisu) C:\Users\Eva\Downloads\JRT.exe

2015-03-21 21:35 - 2015-03-21 21:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-21 21:35 - 2015-03-21 21:35 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-21 21:35 - 2015-03-21 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-21 21:35 - 2015-03-21 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-21 21:35 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-21 21:35 - 2015-03-17 07:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-21 21:35 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-21 21:33 - 2015-03-21 21:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-19 20:53 - 2015-03-19 20:53 - 00019274 _____ () C:\ComboFix.txt

2015-03-19 20:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-19 20:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-19 20:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-19 20:24 - 2015-03-19 20:53 - 00000000 ____D () C:\Qoobox

2015-03-19 20:23 - 2015-03-19 20:50 - 00000000 ____D () C:\Windows\erdnt

2015-03-19 20:20 - 2015-03-19 20:20 - 05615380 ____R (Swearware) C:\Users\Eva\Desktop\ComboFix.exe

2015-03-18 22:45 - 2015-03-18 22:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Eva\Downloads\tdsskiller.exe

2015-03-18 21:49 - 2015-03-18 22:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-03-18 21:47 - 2015-03-18 22:43 - 00000000 ____D () C:\Users\Eva\Desktop\mbar

2015-03-18 21:45 - 2015-03-18 21:46 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Eva\Downloads\mbar-1.09.1.1004.exe

2015-03-17 21:31 - 2015-03-17 21:31 - 527523878 _____ () C:\Windows\MEMORY.DMP

2015-03-17 21:31 - 2015-03-17 21:31 - 00274880 _____ () C:\Windows\Minidump\031715-23181-01.dmp

2015-03-17 21:31 - 2015-03-17 21:31 - 00000000 ____D () C:\Windows\Minidump

2015-03-17 21:14 - 2015-03-17 21:14 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe

2015-03-17 21:11 - 2015-03-17 21:13 - 00039474 _____ () C:\Users\Eva\Downloads\Addition.txt

2015-03-17 21:09 - 2015-03-31 20:28 - 00000000 ____D () C:\FRST

2015-03-17 21:09 - 2015-03-31 20:27 - 00017055 _____ () C:\Users\Eva\Downloads\FRST.txt

2015-03-17 21:09 - 2015-03-17 21:09 - 02095616 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe

2015-03-17 21:07 - 2015-03-17 21:07 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log

2015-03-17 21:07 - 2015-03-17 21:07 - 00000000 _____ () C:\Users\Eva\defogger_reenable

2015-03-17 21:05 - 2015-03-17 21:05 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe

2015-03-17 20:12 - 2015-03-22 20:00 - 00005158 _____ () C:\Windows\PFRO.log

2015-03-15 15:34 - 2015-03-15 15:34 - 00000747 _____ () C:\Users\Eva\Desktop\Start Emsisoft Emergency Kit.lnk

2015-03-15 15:33 - 2015-03-15 15:34 - 00000000 ____D () C:\EEK

2015-03-15 15:20 - 2015-03-15 15:20 - 01203488 _____ () C:\Users\Eva\Downloads\Emsisoft Emergency Kit - CHIP-Installer.exe

2015-03-15 14:53 - 2015-03-21 22:21 - 00000000 ____D () C:\AdwCleaner

2015-03-15 14:51 - 2015-03-21 22:12 - 02171392 _____ () C:\Users\Eva\Downloads\adwcleaner_4.112.exe

2015-03-10 23:15 - 2015-03-10 23:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-03-10 23:14 - 2015-03-19 20:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-03-10 23:14 - 2015-03-19 20:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-03-10 23:03 - 2015-03-31 09:19 - 00002645 _____ () C:\Windows\setupact.log

2015-03-10 23:03 - 2015-03-10 23:03 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-10 22:57 - 2015-03-10 22:58 - 00015384 _____ () C:\Users\Eva\Documents\cc_20150310_215748.reg

2015-03-10 21:41 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-10 21:41 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-10 21:41 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-10 21:41 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-10 21:41 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-10 21:41 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-10 21:41 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-10 21:41 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-10 21:41 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-10 21:41 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-10 21:41 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-10 21:41 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-10 21:41 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-10 21:41 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-10 21:41 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-10 21:41 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-10 21:41 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-10 21:41 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-10 21:41 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-10 21:41 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-10 21:41 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-10 21:41 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-03-10 21:41 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-03-10 21:41 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-10 21:41 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-10 21:41 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-10 21:41 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-10 21:41 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-10 21:41 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-10 21:41 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-03-10 21:41 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-10 21:41 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-10 21:40 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-10 21:40 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-10 21:40 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-10 21:40 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-10 21:40 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-10 21:40 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-10 21:40 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-10 21:40 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-03-10 21:40 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-03-10 21:40 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-03-10 21:40 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-03-10 21:40 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-03-10 21:40 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-03-10 21:40 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-10 21:40 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-10 21:40 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-10 21:40 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-10 21:40 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-10 21:39 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-10 21:39 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-10 21:39 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-03-10 21:39 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-10 21:39 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-10 21:39 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-10 21:39 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-10 21:39 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-10 21:39 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-10 21:39 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-10 21:39 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-10 21:39 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-10 21:39 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-10 21:39 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-10 21:39 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-10 21:39 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-10 21:39 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-10 21:39 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-10 21:39 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-10 21:39 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-10 21:39 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-10 21:39 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-10 21:39 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-10 21:39 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-10 21:39 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-10 21:39 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-10 21:39 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-10 21:39 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-10 21:39 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-10 21:39 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-10 21:39 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-03-10 21:39 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-03-10 21:39 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-03-10 21:39 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-10 21:39 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-10 21:39 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-10 21:39 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-03-10 21:39 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-03-10 21:39 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-03-10 21:39 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-03-10 21:39 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-10 21:39 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-10 21:39 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-10 21:39 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-10 21:39 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-10 21:39 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-03-10 21:39 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-03-10 21:39 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-10 21:39 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-10 21:39 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-10 21:39 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-10 21:39 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-03-10 21:39 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-10 21:39 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-10 21:39 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-10 21:39 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-10 21:39 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-03-10 21:39 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-10 21:39 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-10 21:36 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-10 21:36 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

2015-03-03 22:14 - 2015-01-09 05:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll

2015-03-03 22:14 - 2015-01-09 05:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll

2015-03-03 22:14 - 2015-01-09 05:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll

2015-03-03 22:14 - 2015-01-09 04:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-03-31 20:23 - 2011-01-03 20:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-03-31 20:17 - 2011-01-03 20:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-03-31 20:17 - 2010-10-06 02:54 - 01400349 _____ () C:\Windows\WindowsUpdate.log

2015-03-31 20:16 - 2012-10-12 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-03-31 09:27 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-03-31 09:27 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-03-31 09:25 - 2010-10-06 12:44 - 00703230 _____ () C:\Windows\system32\perfh007.dat

2015-03-31 09:25 - 2010-10-06 12:44 - 00150838 _____ () C:\Windows\system32\perfc007.dat

2015-03-31 09:25 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-03-31 09:19 - 2013-11-03 15:15 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-03-31 09:19 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-03-25 13:32 - 2014-12-12 12:27 - 00000000 ____D () C:\Windows\system32\appraiser

2015-03-25 13:32 - 2014-05-06 14:41 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-03-24 11:53 - 2012-05-08 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-03-19 20:53 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2015-03-19 20:45 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2015-03-17 23:14 - 2010-12-10 20:02 - 00000000 ____D () C:\Users\Eva

2015-03-17 22:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2015-03-17 20:12 - 2009-10-05 23:35 - 00000000 ____D () C:\Windows\DeployWinRE2

2015-03-12 10:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-03-12 10:25 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-12 10:24 - 2009-07-14 06:45 - 03533672 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-12 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-03-12 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism

2015-03-10 23:46 - 2010-12-10 21:05 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-10 23:36 - 2013-07-30 21:07 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-10 23:30 - 2010-12-29 10:58 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-10 23:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-10 22:57 - 2013-01-04 10:55 - 00000000 ____D () C:\Windows\pss

2015-03-10 19:23 - 2011-02-05 17:36 - 00000000 ___RD () C:\Users\Eva\AppData\Dropbox

2015-03-10 19:23 - 2011-02-05 17:33 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\Dropbox

2015-03-10 14:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-03-06 13:50 - 2012-06-13 17:34 - 00000000 ____D () C:\Users\Eva\Desktop\ZZZ

2015-03-05 11:19 - 2014-08-07 10:31 - 00000000 ____D () C:\ProgramData\Package Cache

2015-03-05 11:18 - 2013-02-28 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-03-05 11:18 - 2013-02-28 18:36 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-03-04 15:29 - 2013-05-07 14:03 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2015-03-04 15:29 - 2013-03-30 22:55 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2015-03-04 15:29 - 2013-03-30 22:55 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2015-03-04 15:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
 

==================== Files in the root of some directories =======
 

2010-12-12 17:23 - 2010-12-12 18:25 - 0006302 _____ () C:\Users\Eva\AppData\Local\Optimizer.txt

2010-09-16 01:41 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
 

Some content of TEMP:

====================

C:\Users\Eva\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-30 09:28
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Java und Flash updaten. Check mal die ESET Funde bezüglich der Homepage.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

C:\Users\Eva\Downloads\Emsisoft Emergency Kit - CHIP-Installer.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

RemoveProxy:

Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Frisches FRST log bitte. Und noch was zu lesen:
CHIP-Installer - was ist das? - Anleitungen

Lieber Schrauber,
die infizierten Files der Homepage kann ich einfach löschen. Die Homepage ist schon seit Jahren nicht mehr online und wird auch nicht weiter verwendet. Ansonsten bin ich weiter deinen Anleitungen gefolgt. Java und Flash wurden upgedatet.
Und danke für die Info zur Chip Homepage.
Frohe Ostern
Eva

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015

Ran by Eva at 2015-04-05 20:27:30 Run:1

Running from C:\Users\Eva\Desktop\trojaner_logfiles

Loaded Profiles: Eva (Available profiles: Eva)

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

C:\Users\Eva\Downloads\Emsisoft Emergency Kit - CHIP-Installer.exe

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

RemoveProxy:

Emptytemp:

         

*****************
 

C:\Users\Eva\Downloads\Emsisoft Emergency Kit - CHIP-Installer.exe => Moved successfully.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
 

========= RemoveProxy: =========
 

"HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 

========= End of RemoveProxy: =========
 

EmptyTemp: => Removed 125.2 MB temporary data.
 
 

The system needed a reboot. 
 

==== End of Fixlog 20:27:43 ====

FRST

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015

Ran by Eva (administrator) on EVA on 05-04-2015 20:32:16

Running from C:\Users\Eva\Desktop\trojaner_logfiles

Loaded Profiles: Eva (Available profiles: Eva)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Microsoft Corporation) C:\Windows\System32\prevhost.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1842472 2009-09-18] (Synaptics Incorporated)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG)

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Eva\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll (Autodesk)

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)

BootExecute: autocheck autochk * sdnclean64.exe
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3025526197-3098601968-4000957393-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-3025526197-3098601968-4000957393-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
 

FireFox:

========

FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default

FF Homepage: www.zweintopf.net

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-05] ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-05] ()

FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)

FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-04-05] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\new_plugin\npjp2.dll No File

FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-04-05] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2010-12-15] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2010-12-15] (Apple Inc.)

FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\searchplugins\flickr.xml [2014-03-04]

FF Extension: Avira Browser Safety - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\abs@avira.com [2015-03-31]

FF Extension: Adblock Plus - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\slf41o6j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
 

Chrome: 

=======

CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992504 2015-03-19] (Avira Operations GmbH & Co. KG)

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2010-12-13] (Autodesk)

S4 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1220608 2009-05-06] (MAGIX AG) [File not signed]

S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-12-12] (Macrovision Europe Ltd.) [File not signed]

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)

S3 MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53337 2005-11-24] (Sony Corporation) [File not signed]

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)

S3 PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53337 2005-11-24] (Sony Corporation) [File not signed]

S3 SPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2005-11-24] (Sony Corporation) [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-04] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-02-09] (Emsisoft GmbH)

S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [130048 2009-06-11] (Option N.V.)

S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [86528 2009-06-11] (Option N.V.)

S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [10496 2009-06-11] (Option N.V.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-05 20:13 - 2015-04-05 20:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-04-05 20:04 - 2015-04-05 20:04 - 00001170 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2015-04-03 21:43 - 2015-04-04 14:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

2015-03-31 20:20 - 2015-03-31 20:20 - 00852607 _____ () C:\Users\Eva\Downloads\SecurityCheck.exe

2015-03-29 21:37 - 2015-03-31 10:58 - 02347384 _____ (ESET) C:\Users\Eva\Downloads\esetsmartinstaller_deu.exe

2015-03-24 21:52 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-03-24 21:52 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-03-24 21:52 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-03-24 21:52 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-03-24 21:52 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-03-24 21:52 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2015-03-24 21:52 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-03-24 21:52 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-03-23 14:08 - 2015-04-05 20:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2015-03-21 22:33 - 2015-03-21 22:33 - 00000870 _____ () C:\Users\Eva\Desktop\JRT.txt

2015-03-21 22:24 - 2015-03-21 22:24 - 01388672 _____ (Thisisu) C:\Users\Eva\Downloads\JRT.exe

2015-03-21 21:35 - 2015-03-21 21:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-03-21 21:35 - 2015-03-21 21:35 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-03-21 21:35 - 2015-03-21 21:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-03-21 21:35 - 2015-03-21 21:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-03-21 21:35 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-03-21 21:35 - 2015-03-17 07:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-03-21 21:35 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-03-21 21:33 - 2015-03-21 21:34 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-19 20:53 - 2015-03-19 20:53 - 00019274 _____ () C:\ComboFix.txt

2015-03-19 20:29 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe

2015-03-19 20:29 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe

2015-03-19 20:29 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe

2015-03-19 20:29 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe

2015-03-19 20:24 - 2015-03-19 20:53 - 00000000 ____D () C:\Qoobox

2015-03-19 20:23 - 2015-03-19 20:50 - 00000000 ____D () C:\Windows\erdnt

2015-03-19 20:20 - 2015-03-19 20:20 - 05615380 ____R (Swearware) C:\Users\Eva\Desktop\ComboFix.exe

2015-03-18 22:45 - 2015-03-18 22:45 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Eva\Downloads\tdsskiller.exe

2015-03-18 21:49 - 2015-03-18 22:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2015-03-18 21:47 - 2015-03-18 22:43 - 00000000 ____D () C:\Users\Eva\Desktop\mbar

2015-03-18 21:45 - 2015-03-18 21:46 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Eva\Downloads\mbar-1.09.1.1004.exe

2015-03-17 21:31 - 2015-03-17 21:31 - 527523878 _____ () C:\Windows\MEMORY.DMP

2015-03-17 21:31 - 2015-03-17 21:31 - 00274880 _____ () C:\Windows\Minidump\031715-23181-01.dmp

2015-03-17 21:31 - 2015-03-17 21:31 - 00000000 ____D () C:\Windows\Minidump

2015-03-17 21:14 - 2015-03-17 21:14 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe

2015-03-17 21:11 - 2015-03-17 21:13 - 00039474 _____ () C:\Users\Eva\Downloads\Addition.txt

2015-03-17 21:09 - 2015-04-05 20:32 - 00000000 ____D () C:\FRST

2015-03-17 21:09 - 2015-03-31 21:01 - 00050990 _____ () C:\Users\Eva\Downloads\FRST.txt

2015-03-17 21:09 - 2015-03-17 21:09 - 02095616 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe

2015-03-17 21:07 - 2015-03-17 21:07 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log

2015-03-17 21:07 - 2015-03-17 21:07 - 00000000 _____ () C:\Users\Eva\defogger_reenable

2015-03-17 21:05 - 2015-03-17 21:05 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe

2015-03-17 20:12 - 2015-04-05 20:28 - 00005714 _____ () C:\Windows\PFRO.log

2015-03-15 15:34 - 2015-03-15 15:34 - 00000747 _____ () C:\Users\Eva\Desktop\Start Emsisoft Emergency Kit.lnk

2015-03-15 15:33 - 2015-03-15 15:34 - 00000000 ____D () C:\EEK

2015-03-15 14:53 - 2015-03-21 22:21 - 00000000 ____D () C:\AdwCleaner

2015-03-15 14:51 - 2015-03-21 22:12 - 02171392 _____ () C:\Users\Eva\Downloads\adwcleaner_4.112.exe

2015-03-10 23:15 - 2015-03-10 23:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2015-03-10 23:14 - 2015-03-19 20:44 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2015-03-10 23:14 - 2015-03-19 20:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-03-10 23:03 - 2015-04-05 20:29 - 00002925 _____ () C:\Windows\setupact.log

2015-03-10 23:03 - 2015-03-10 23:03 - 00000000 _____ () C:\Windows\setuperr.log

2015-03-10 22:57 - 2015-03-10 22:58 - 00015384 _____ () C:\Users\Eva\Documents\cc_20150310_215748.reg

2015-03-10 21:41 - 2015-02-20 06:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll

2015-03-10 21:41 - 2015-02-20 06:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll

2015-03-10 21:41 - 2015-02-20 06:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2015-03-10 21:41 - 2015-02-20 06:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll

2015-03-10 21:41 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll

2015-03-10 21:41 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

2015-03-10 21:41 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll

2015-03-10 21:41 - 2015-02-20 06:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll

2015-03-10 21:41 - 2015-02-20 05:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2015-03-10 21:41 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

2015-03-10 21:41 - 2015-02-03 05:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-03-10 21:41 - 2015-02-03 05:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-03-10 21:41 - 2015-02-03 05:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys

2015-03-10 21:41 - 2015-02-03 05:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-03-10 21:41 - 2015-02-03 05:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll

2015-03-10 21:41 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx

2015-03-10 21:41 - 2015-02-03 05:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL

2015-03-10 21:41 - 2015-02-03 05:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2015-03-10 21:41 - 2015-02-03 05:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe

2015-03-10 21:41 - 2015-02-03 05:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe

2015-03-10 21:41 - 2015-02-03 05:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll

2015-03-10 21:41 - 2015-02-03 05:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-03-10 21:41 - 2015-02-03 05:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll

2015-03-10 21:41 - 2015-02-03 05:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys

2015-03-10 21:41 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2015-03-10 21:41 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2015-03-10 21:41 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll

2015-03-10 21:41 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx

2015-03-10 21:41 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll

2015-03-10 21:41 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL

2015-03-10 21:41 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe

2015-03-10 21:41 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe

2015-03-10 21:41 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll

2015-03-10 21:41 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2015-03-10 21:41 - 2015-02-03 04:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2015-03-10 21:41 - 2014-11-01 00:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-03-10 21:40 - 2015-03-06 07:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-03-10 21:40 - 2015-03-06 07:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-03-10 21:40 - 2015-03-06 07:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-03-10 21:40 - 2015-03-06 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-03-10 21:40 - 2015-03-06 07:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-03-10 21:40 - 2015-03-06 07:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-03-10 21:40 - 2015-03-06 07:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-03-10 21:40 - 2015-03-06 07:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-03-10 21:40 - 2015-03-06 07:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2015-03-10 21:40 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2015-03-10 21:40 - 2015-03-06 07:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2015-03-10 21:40 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2015-03-10 21:40 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2015-03-10 21:40 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2015-03-10 21:40 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2015-03-10 21:40 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2015-03-10 21:40 - 2015-02-13 07:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2015-03-10 21:40 - 2015-02-03 05:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll

2015-03-10 21:40 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll

2015-03-10 21:40 - 2015-01-31 01:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-03-10 21:39 - 2015-02-26 05:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-03-10 21:39 - 2015-02-24 05:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-03-10 21:39 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-03-10 21:39 - 2015-02-21 03:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-03-10 21:39 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-03-10 21:39 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2015-03-10 21:39 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-03-10 21:39 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-03-10 21:39 - 2015-02-21 01:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-03-10 21:39 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2015-03-10 21:39 - 2015-02-20 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-03-10 21:39 - 2015-02-20 05:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-03-10 21:39 - 2015-02-20 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-03-10 21:39 - 2015-02-20 04:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-03-10 21:39 - 2015-02-20 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-03-10 21:39 - 2015-02-20 04:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-03-10 21:39 - 2015-02-20 04:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-03-10 21:39 - 2015-02-20 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-03-10 21:39 - 2015-02-20 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-03-10 21:39 - 2015-02-20 04:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-03-10 21:39 - 2015-02-20 04:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-03-10 21:39 - 2015-02-20 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-03-10 21:39 - 2015-02-20 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-03-10 21:39 - 2015-02-20 04:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-03-10 21:39 - 2015-02-20 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-03-10 21:39 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2015-03-10 21:39 - 2015-02-20 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-03-10 21:39 - 2015-02-20 04:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-03-10 21:39 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-03-10 21:39 - 2015-02-20 04:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-03-10 21:39 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2015-03-10 21:39 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2015-03-10 21:39 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-03-10 21:39 - 2015-02-20 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-03-10 21:39 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-03-10 21:39 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2015-03-10 21:39 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2015-03-10 21:39 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-03-10 21:39 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2015-03-10 21:39 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2015-03-10 21:39 - 2015-02-20 03:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-03-10 21:39 - 2015-02-20 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-03-10 21:39 - 2015-02-20 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-03-10 21:39 - 2015-02-20 03:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-03-10 21:39 - 2015-02-20 03:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-03-10 21:39 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2015-03-10 21:39 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2015-03-10 21:39 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-03-10 21:39 - 2015-02-20 03:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-03-10 21:39 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-03-10 21:39 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-03-10 21:39 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2015-03-10 21:39 - 2015-02-20 03:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-03-10 21:39 - 2015-02-20 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-03-10 21:39 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-03-10 21:39 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-03-10 21:39 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-03-10 21:39 - 2015-01-17 04:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-03-10 21:39 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-03-10 21:36 - 2015-02-04 05:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll

2015-03-10 21:36 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2015-04-05 20:32 - 2010-10-06 02:54 - 01566192 _____ () C:\Windows\WindowsUpdate.log

2015-04-05 20:29 - 2013-11-03 15:15 - 00000437 _____ () C:\Windows\system32\Drivers\etc\hosts.ics

2015-04-05 20:29 - 2012-10-12 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-04-05 20:29 - 2011-01-03 20:37 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-05 20:29 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-05 20:14 - 2010-12-29 14:05 - 00000000 ____D () C:\Program Files (x86)\Java

2015-04-05 20:09 - 2015-01-11 19:42 - 00000000 ____D () C:\ProgramData\Oracle

2015-04-05 20:09 - 2015-01-11 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-04-05 20:04 - 2013-02-28 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2015-04-05 20:04 - 2013-02-28 18:36 - 00000000 ____D () C:\ProgramData\Avira

2015-04-05 20:04 - 2013-02-28 18:36 - 00000000 ____D () C:\Program Files (x86)\Avira

2015-04-05 20:01 - 2012-10-12 10:05 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-05 20:01 - 2012-10-12 10:05 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-05 20:01 - 2012-10-12 10:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-04-05 20:01 - 2010-12-10 20:25 - 00000000 ____D () C:\Users\Eva\AppData\Local\Adobe

2015-04-05 20:00 - 2013-07-15 10:29 - 00000000 ____D () C:\Users\Eva\dwhelper

2015-04-05 20:00 - 2011-01-03 20:37 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-05 19:22 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-04-05 19:22 - 2009-07-14 06:45 - 00025840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-04-05 19:21 - 2010-10-06 12:44 - 00703230 _____ () C:\Windows\system32\perfh007.dat

2015-04-05 19:21 - 2010-10-06 12:44 - 00150838 _____ () C:\Windows\system32\perfc007.dat

2015-04-05 19:21 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-05 19:14 - 2012-05-08 20:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2015-04-04 15:00 - 2010-12-10 20:25 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\Adobe

2015-03-25 13:32 - 2014-12-12 12:27 - 00000000 ____D () C:\Windows\system32\appraiser

2015-03-25 13:32 - 2014-05-06 14:41 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-03-19 20:53 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default

2015-03-19 20:45 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2015-03-17 23:14 - 2010-12-10 20:02 - 00000000 ____D () C:\Users\Eva

2015-03-17 22:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2015-03-17 20:12 - 2009-10-05 23:35 - 00000000 ____D () C:\Windows\DeployWinRE2

2015-03-12 10:25 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2015-03-12 10:25 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-03-12 10:24 - 2009-07-14 06:45 - 03533672 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-03-12 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism

2015-03-12 10:20 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism

2015-03-10 23:46 - 2010-12-10 21:05 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-03-10 23:36 - 2013-07-30 21:07 - 00000000 ____D () C:\Windows\system32\MRT

2015-03-10 23:30 - 2010-12-29 10:58 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-03-10 23:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2015-03-10 22:57 - 2013-01-04 10:55 - 00000000 ____D () C:\Windows\pss

2015-03-10 19:23 - 2011-02-05 17:36 - 00000000 ___RD () C:\Users\Eva\AppData\Dropbox

2015-03-10 19:23 - 2011-02-05 17:33 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\Dropbox

2015-03-10 14:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF

2015-03-06 13:50 - 2012-06-13 17:34 - 00000000 ____D () C:\Users\Eva\Desktop\ZZZ
 

==================== Files in the root of some directories =======
 

2010-12-12 17:23 - 2010-12-12 18:25 - 0006302 _____ () C:\Users\Eva\AppData\Local\Optimizer.txt

2010-09-16 01:41 - 2010-03-03 00:59 - 0131984 _____ () C:\ProgramData\FullRemove.exe
 

Some content of TEMP:

====================

C:\Users\Eva\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2015-03-30 09:28
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Lieber Schrauber!

Sorry für meine berufsbedingt längerere "Abwesenheit"...

Nein, es sind eigentlich keine Probleme mehr aufgetreten...
und insofern haben sich auch meine Bedenken zerstreut

Danke jedenfalls für Deine kompetente Hilfestellung! Und ich werde Euch natürlich eine kleine Spende zukommen lassen!

Grüße sendet
Eva

Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

Falls Combofix verwendet wurde:
http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren .

Wichtig: Bitte Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.
Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe Combofix /Uninstall in das Ausführen-Fenster.
Klicke auf OK.
Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert.
Nun die eben deaktivierten Programme wieder aktivieren.

Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

http://deeprybka.trojaner-board.de/b...ast/schild.pngAbsicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:

Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank.
Meine Empfehlung:
http://filepony.de/icon/emsisoft_anti_malware.png
Emsisoft

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.
http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.

Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:
Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.