| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.09.2014, 08:15
| #1 |
 |  Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Guten Tag zusammen, ich habe nun seit einigen Tagen ein Problem und zwar lautet dies "svhost.exe". Auf meinen PC Befinden sich Avast! Free Antivirus, Spybot S&D sowie Malwarebyts Anti-Malware. Die beiden letzten Programme haben mich auf das besagte Problem aufmerksam gemacht, eine Lösung jedoch wurde für lange Dauer nicht gefunden, da diese Programme das Problem zwar entfernt hat, aber schon nach kurzer Zeit wieder erneut auftretet (Entfernt, Neustart, alles ok, nächster Neustart, Problem wieder da). Selbst habe ich nur die oben genannten Programme genutzt um das Problem zu beseitigen, aufgrund dessen, da im Internet recht viele Informationen einen Mitgeteilt werden, sowie Lösung Vorschläge die doch etwas Umfangreich sind, wende ich mich nun mit den besagten Problem lieber an Fachleute, eh ich aufgrund mangelnder Erfahrung unnötige Fehler begehe und es verschlimmere. Hier die Logfiles von Malwarebytes, ich werde ebenfalls Logfiles von Spybot S&D hoch laden, sobald dieser erneut durchgelaufen ist. Falls noch Informationen fehlen sollten, bitte einfach darauf hinweisen, werde sie so schnell es geht nachreichen. Danke schon mal im Voraus! Grüße NyanShu |
|
15.09.2014, 08:33
| #2 |
| /// the machine /// TB-Ausbilder    | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
15.09.2014, 08:57
| #3 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Hier die logs von Malwarebytes sowie die anderen, bis auf Spyware S&D da dies zu groß ist.
__________________Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 15.09.2014 Suchlauf-Zeit: 08:57:12 Logdatei: malwarebytes_logs.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.15.03 Rootkit Datenbank: v2014.09.13.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Shu Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 347166 Verstrichene Zeit: 11 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 3 PUP.BitCoinMiner, C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe, , [f8f7f0fd75064aec2e50bb3006fb649c], PUP.BitCoinMiner, C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe, , [ef00b8357b00f2441f5feffc1be6c43c], Backdoor.Agent, C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe, , [717eb23bfd7ece68b225f8625ba822de], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Shu at 2014-09-15 09:43:28
Running from C:\Users\Shu\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
Action Replay PowerSaves 3DS Version 1.21 (HKLM-x32\...\{CD24B06F-0A4D-410A-AEF2-DFE6A28AB4C0}_is1) (Version: 1.21 - Datel Design & Development)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Age of Wonders III (HKLM-x32\...\Steam App 226840) (Version: - Triumph Studios)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 13.30.100.40709 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0709.1135.19003 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{BB8A7120-9AC6-65D4-C1AA-6331AE69230A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0709.1135.19003 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD OverDrive (HKLM-x32\...\{34D5220A-58D0-473C-90E4-15136C3FB0E3}) (Version: 4.3.1.0690 - Advanced Micro Devices, Inc.)
AMD Steady Video Plug-In (Version: 2.07.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.6.1.603578 - )
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version: - Trion Worlds, Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AutoHotkey 1.1.15.03 (HKLM\...\AutoHotkey) (Version: 1.1.15.03 - Lexikos)
AutoIt v3.3.12.0 (HKLM-x32\...\AutoItv3) (Version: 3.3.12.0 - AutoIt Team)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Battlefield 3™ (HKLM-x32\...\{64BFBE7A-886C-4CA2-A9B4-0C2B5A5942BC}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.5 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.5.1 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
Bruteforce Save Data (HKLM-x32\...\Bruteforce Save Data) (Version: - )
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0709.1135.19003 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0709.1135.19003 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0709.1135.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0709.1134.19003 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0709.1135.19003 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version: - Cheat Engine)
CL NUI Platform (HKLM-x32\...\CL NUI Platform) (Version: 1.0.0.1210 - Code Laboratories, Inc.)
CL-Eye Driver (HKLM-x32\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DarthMod: Shogun II (HKLM-x32\...\DarthMod: Shogun II) (Version: - )
Dawn of War II - Destroyer 40k 2.0 (HKLM-x32\...\Dawn of War II - Destroyer 40k 2.0) (Version: - )
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DmC Devil May Cry (HKLM-x32\...\Steam App 220440) (Version: - Ninja Theory)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
Dungeon of the Endless (HKLM-x32\...\Steam App 249050) (Version: - AMPLITUDE Studios)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios)
Forged Alliance Forever (HKLM-x32\...\{5C134AA0-5CBE-405F-ADEF-61A9E5A08B53}) (Version: 240.10.119 - FAF Community)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}) (Version: 9.13.0725 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Rise of Incarnates (HKLM-x32\...\Steam App 258160) (Version: - Bandai Namco Games)
RPG Maker VX (HKLM-x32\...\RPG Maker VX_is1) (Version: 1.02 - Enterbrain)
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
Samsung New PC Studio (HKLM-x32\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung PC Studio 3 (x32 Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SplitMediaLabs VH Screen Capture Driver (x86) (HKLM-x32\...\{48530DE6-19F9-489D-809E-AFAA8AACC6DF}) (Version: 3.0.0.7 - SplitMediaLabs Ltd.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SqliteBrowser3 (HKLM-x32\...\SqliteBrowser3) (Version: 3.1.0 - oldsch00l)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.40 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{034B4A7C-4481-4C80-99F6-52D7333AB3B9}) (Version: 2.0.0.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM-x32\...\Steam App 20570) (Version: - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WorldPainter 1.9.3 (HKLM\...\4144-4862-0472-7103) (Version: 1.9.3 - pepsoft.org)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2066591825-490448642-3097545973-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Shu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2066591825-490448642-3097545973-1000_Classes\CLSID\{b816bce3-2f38-42c5-b7bc-f517491600f8}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2066591825-490448642-3097545973-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2066591825-490448642-3097545973-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2066591825-490448642-3097545973-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2066591825-490448642-3097545973-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-14 22:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {274B5BC7-3D36-466D-812F-2B27305D7B6B} - \FoxTab No Task File <==== ATTENTION
Task: {2979EF3B-24A6-4B1A-AFDB-FD4A7B768E7C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {4B3C6C87-EC1D-4CAD-A087-19CDAD3071C1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {50C5BA20-B29D-4F18-AF2A-9A11FED1BC73} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {55EA4D0E-AE9F-4B17-A65D-4E0D59AD15A2} - \ParetoLogic Update Version3 No Task File <==== ATTENTION
Task: {77E1BF69-FB2F-4CF5-9BDC-441B27265102} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {88A0C3B3-1643-4636-8406-1F52D12E0124} - System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61} => Firefox.exe hxxp://ui.skype.com/ui/0/6.18.0.106/de/abandoninstall?page=tsProgressBar
Task: {A389234F-7640-426A-9BA9-6F1CAAE7929A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A67181A4-BF53-41D9-9B5F-3456591B288E} - \ParetoLogic Registration3 No Task File <==== ATTENTION
Task: {AA3BC3E2-0799-455A-BF89-393F607C678C} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
Task: {ACF70E99-83E5-468B-B1F4-A6BAF6294764} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-06] (AVAST Software)
Task: {BCC6BE85-5884-4C8F-BDE3-5FD165EBEF3C} - \PC Health Advisor No Task File <==== ATTENTION
Task: {EAE8F2EF-F981-42D9-985B-A886EBB4B019} - \PC Health Advisor Defrag No Task File <==== ATTENTION
Task: {F6F20246-CF08-42F8-A0BB-A0E805751CD7} - \RegClean Pro No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-08-04 13:02 - 2014-08-04 13:02 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2014-07-09 11:35 - 2014-07-09 11:35 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-03-14 11:38 - 2014-03-14 11:38 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-03-14 11:38 - 2014-03-14 11:38 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-14 11:38 - 2014-03-14 11:38 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2013-09-27 14:15 - 2014-08-08 09:18 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-09-27 14:15 - 2014-08-08 09:18 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-14 11:38 - 2014-03-14 11:38 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-14 11:38 - 2014-03-14 11:38 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2013-09-27 14:15 - 2014-08-08 09:18 - 00134088 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\appscanner_plugin.dll
2013-09-27 14:15 - 2014-08-08 09:18 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-09-27 14:15 - 2014-08-08 09:18 - 00579016 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2013-09-27 14:15 - 2014-08-08 09:18 - 00041928 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\ts3g15.dll
2014-03-14 11:38 - 2014-03-14 11:38 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2014-08-06 20:18 - 2014-08-06 20:18 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-14 16:54 - 2014-09-14 16:54 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091401\algo.dll
2014-08-06 20:18 - 2014-08-06 20:18 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-29 08:52 - 2014-08-21 20:15 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 08:52 - 2014-08-21 20:15 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 08:52 - 2014-08-21 20:15 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2013-08-21 14:18 - 2014-08-21 00:38 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-05-22 07:40 - 2014-08-28 13:48 - 02224320 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 08:52 - 2014-08-21 20:15 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 08:52 - 2014-08-21 20:15 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-09-21 10:35 - 2014-08-28 13:48 - 00678080 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 14:20 - 2014-08-21 00:38 - 34589376 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-08-15 07:55 - 2014-08-21 00:38 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-09-13 10:13 - 2014-09-13 10:13 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-15 08:53 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-09-15 08:53 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-09-15 08:53 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-09-15 08:53 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Shu^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk => C:\Windows\pss\GamersFirst LIVE!.lnk.Startup
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: WTFast Tray => "C:\Program Files (x86)\WTFast\WTFast.exe" trayonly
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/06/2014 09:52:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ヒカル戦記RPG.exe, Version: 0.0.0.0, Zeitstempel: 0x473c277a
Name des fehlerhaften Moduls: ヒカル戦記RPG.exe, Version: 0.0.0.0, Zeitstempel: 0x473c277a
Ausnahmecode: 0xc000000d
Fehleroffset: 0x0000930c
ID des fehlerhaften Prozesses: 0x162c
Startzeit der fehlerhaften Anwendung: 0xヒカル戦記RPG.exe0
Pfad der fehlerhaften Anwendung: ヒカル戦記RPG.exe1
Pfad des fehlerhaften Moduls: ヒカル戦記RPG.exe2
Berichtskennung: ヒカル戦記RPG.exe3
Error: (08/21/2014 09:20:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm javaw.exe, Version 7.0.600.19 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1108
Startzeit: 01cfbd74c85604e4
Endzeit: 13
Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe
Berichts-ID: 235d6557-2968-11e4-a1ad-00ac3bbdc34a
Error: (08/21/2014 08:27:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSO2 Tweaker.exe, Version: 2.7.3.1, Zeitstempel: 0x53f36fb7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0xc98
Startzeit der fehlerhaften Anwendung: 0xPSO2 Tweaker.exe0
Pfad der fehlerhaften Anwendung: PSO2 Tweaker.exe1
Pfad des fehlerhaften Moduls: PSO2 Tweaker.exe2
Berichtskennung: PSO2 Tweaker.exe3
Error: (08/21/2014 08:27:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSO2 Tweaker.exe, Version: 2.7.3.1, Zeitstempel: 0x53f36fb7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x5315a05a
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0xc98
Startzeit der fehlerhaften Anwendung: 0xPSO2 Tweaker.exe0
Pfad der fehlerhaften Anwendung: PSO2 Tweaker.exe1
Pfad des fehlerhaften Moduls: PSO2 Tweaker.exe2
Berichtskennung: PSO2 Tweaker.exe3
Error: (08/21/2014 08:27:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PSO2 Tweaker.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.File.InternalDelete(System.String, Boolean)
at ..(System.Object, System.Windows.Forms.FormClosingEventArgs)
at System.Windows.Forms.Form.RaiseFormClosingOnAppExit()
at System.Windows.Forms.Application.ExitInternal()
at System.Windows.Forms.Application.Exit(System.ComponentModel.CancelEventArgs)
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnUnhandledException(Microsoft.VisualBasic.ApplicationServices.UnhandledExceptionEventArgs)
at System.Windows.Forms.Application+ThreadContext.OnThreadException(System.Exception)
at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.NativeWindow.DefWndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.Form.DefWndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.Form.WmSysCommand(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.Form.WndProc(System.Windows.Forms.Message ByRef)
at DevComponents.DotNetBar.Office2007RibbonForm.WndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
at ..(System.Object, System.EventArgs)
at DevComponents.DotNetBar.BaseItem.RaiseClick(DevComponents.DotNetBar.eEventSource)
at DevComponents.DotNetBar.BaseItem.InternalMouseUp(System.Windows.Forms.MouseEventArgs)
at DevComponents.DotNetBar.PopupItem.InternalMouseUp(System.Windows.Forms.MouseEventArgs)
at DevComponents.DotNetBar.ButtonItem.InternalMouseUp(System.Windows.Forms.MouseEventArgs)
at DevComponents.DotNetBar.MenuPanel.OnMouseUp(System.Windows.Forms.MouseEventArgs)
at System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
at System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
at DevComponents.DotNetBar.MenuPanel.WndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
at ..(System.String[])
Error: (08/17/2014 07:35:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/16/2014 08:29:53 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/15/2014 07:52:09 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/14/2014 09:09:15 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (08/13/2014 08:25:51 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Produkt: Adobe Reader XI (11.0.07) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011008}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
System errors:
=============
Error: (09/15/2014 08:28:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (09/15/2014 08:28:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/15/2014 08:28:07 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (09/14/2014 11:53:49 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (09/14/2014 10:57:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error: (09/14/2014 10:57:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/14/2014 10:56:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\StarOpen.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (09/14/2014 10:44:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (09/14/2014 10:44:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (09/14/2014 10:44:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (09/06/2014 09:52:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ヒカル戦記RPG.exe0.0.0.0473c277aヒカル戦記RPG.exe0.0.0.0473c277ac000000d0000930c162c01cfc9a78be25f39C:\Users\Shu\Desktop\Z001382\ヒカル戦記RPG.exeC:\Users\Shu\Desktop\Z001382\ヒカル戦記RPG.execb7d155f-359a-11e4-8d52-00ac3bbdc34a
Error: (08/21/2014 09:20:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.600.19110801cfbd74c85604e413C:\Program Files\Java\jre7\bin\javaw.exe235d6557-2968-11e4-a1ad-00ac3bbdc34a
Error: (08/21/2014 08:27:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSO2 Tweaker.exe2.7.3.153f36fb7KERNELBASE.dll6.1.7601.184095315a05ac000041d000000000000940dc9801cfbd0888a0db2aC:\Users\Shu\Desktop\Neuer Ordner\PSO2 Tweaker.exeC:\Windows\system32\KERNELBASE.dll2eeba1a6-28fc-11e4-a1ad-00ac3bbdc34a
Error: (08/21/2014 08:27:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSO2 Tweaker.exe2.7.3.153f36fb7KERNELBASE.dll6.1.7601.184095315a05ae0434352000000000000940dc9801cfbd0888a0db2aC:\Users\Shu\Desktop\Neuer Ordner\PSO2 Tweaker.exeC:\Windows\system32\KERNELBASE.dll2d95d0a5-28fc-11e4-a1ad-00ac3bbdc34a
Error: (08/21/2014 08:27:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: PSO2 Tweaker.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at System.IO.__Error.WinIOError(Int32, System.String)
at System.IO.File.InternalDelete(System.String, Boolean)
at ..(System.Object, System.Windows.Forms.FormClosingEventArgs)
at System.Windows.Forms.Form.RaiseFormClosingOnAppExit()
at System.Windows.Forms.Application.ExitInternal()
at System.Windows.Forms.Application.Exit(System.ComponentModel.CancelEventArgs)
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnUnhandledException(Microsoft.VisualBasic.ApplicationServices.UnhandledExceptionEventArgs)
at System.Windows.Forms.Application+ThreadContext.OnThreadException(System.Exception)
at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.NativeWindow.DefWndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.Form.DefWndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.Form.WmSysCommand(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.Form.WndProc(System.Windows.Forms.Message ByRef)
at DevComponents.DotNetBar.Office2007RibbonForm.WndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
at ..(System.Object, System.EventArgs)
at DevComponents.DotNetBar.BaseItem.RaiseClick(DevComponents.DotNetBar.eEventSource)
at DevComponents.DotNetBar.BaseItem.InternalMouseUp(System.Windows.Forms.MouseEventArgs)
at DevComponents.DotNetBar.PopupItem.InternalMouseUp(System.Windows.Forms.MouseEventArgs)
at DevComponents.DotNetBar.ButtonItem.InternalMouseUp(System.Windows.Forms.MouseEventArgs)
at DevComponents.DotNetBar.MenuPanel.OnMouseUp(System.Windows.Forms.MouseEventArgs)
at System.Windows.Forms.Control.WmMouseUp(System.Windows.Forms.Message ByRef, System.Windows.Forms.MouseButtons, Int32)
at System.Windows.Forms.Control.WndProc(System.Windows.Forms.Message ByRef)
at DevComponents.DotNetBar.MenuPanel.WndProc(System.Windows.Forms.Message ByRef)
at System.Windows.Forms.NativeWindow.Callback(IntPtr, Int32, IntPtr, IntPtr)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG ByRef)
at System.Windows.Forms.Application+ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr, Int32, Int32)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoopInner(Int32, System.Windows.Forms.ApplicationContext)
at System.Windows.Forms.Application+ThreadContext.RunMessageLoop(Int32, System.Windows.Forms.ApplicationContext)
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.OnRun()
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.DoApplicationModel()
at Microsoft.VisualBasic.ApplicationServices.WindowsFormsApplicationBase.Run(System.String[])
at ..(System.String[])
Error: (08/17/2014 07:35:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/16/2014 08:29:53 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/15/2014 07:52:09 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/14/2014 09:09:15 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
Error: (08/13/2014 08:25:51 AM) (Source: MsiInstaller) (EventID: 1024) (User: Shu-PC)
Description: Adobe Reader XI (11.0.07) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)
CodeIntegrity Errors:
===================================
Date: 2014-09-14 22:44:28.294
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-14 22:44:28.209
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-14 22:44:28.123
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-14 22:44:28.037
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-14 22:34:56.653
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-14 22:34:56.567
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-16 18:07:11.078
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-11-16 18:07:10.922
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-22 10:29:10.359
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-22 10:29:10.312
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X6 1045T Processor
Percentage of memory in use: 15%
Total physical RAM: 24574.05 MB
Available physical RAM: 20822.77 MB
Total Pagefile: 49146.29 MB
Available Pagefile: 45233.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:374.69 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EBA5D4A6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014 Ran by Shu (administrator) on SHU-PC on 15-09-2014 09:51:27 Running from C:\Users\Shu\Downloads Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe (Akamai Technologies, Inc.) C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Windows\System32\PnkBstrA.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2066591825-490448642-3097545973-1000\...\Run: [VSA] => C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [1751552 2013-05-07] (Microsoft Corporation) HKU\S-1-5-21-2066591825-490448642-3097545973-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) Startup: C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEF34FECC14C1CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKLM-x32 - {120030CB-B313-FC48-497F-3CD70E59ACD2} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=72c22c63-a6de-8682-0261-2042e0bb8b86&searchtype=ds&q={searchTerms}&installDate=06/10/2013 SearchScopes: HKLM-x32 - {2AFC9237-C826-7B3E-F3AE-4594A705D46B} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyCzztD0F0CyEtC0E0ByC0DtN0D0Tzu0CyCyCyDtN1L2XzutBtFtBtFyDtFtCtDyBtDtN1L1Czu1L1C1H1B1QtCtDtA&cr=1799217922&ir= BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: EpTec -> {D4F5F5EC-499D-48F5-AFD1-B25723A6E43E} -> C:\Users\Shu\AppData\Roaming\WinRAR\eptec.dll (Space International, Inc.) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File Handler-x32: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File Handler-x32: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default FF SelectedSearchEngine: WEB.DE Suche FF Homepage: https://www.google.de/ FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\Shu\\AppData\\Local\\Temp\\proxtube.pac" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.) FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon) FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: German Dictionary - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08] FF Extension: Разпознаване на устройство Logitech - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\DeviceDetection@logitech.com [2013-10-04] FF Extension: Classic Theme Restorer - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-03] FF Extension: MEGA - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\firefox@mega.co.nz.xpi [2014-01-09] FF Extension: Adblock Plus - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-04] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-04] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-09] (Advanced Micro Devices, Inc.) [File not signed] S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] () S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-08] () [File not signed] S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-09] (BitRaider, LLC) S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5128944 2013-11-19] (INCA Internet Co., Ltd.) [File not signed] R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-13] (Disc Soft Ltd) S3 gouranga; C:\Windows\System32\DRIVERS\gouranga.sys [16384 2014-08-04] (GSPOON CO., LTD.) R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0081.sys [28768 2014-01-23] (SoftEther VPN Project at University of Tsukuba, Japan.) S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-06-03] (SoftEther VPN Project at University of Tsukuba, Japan.) S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] S3 Synth3dVsc; No ImagePath R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) S3 tsusbhub; No ImagePath S3 VGPU; No ImagePath S3 VIAHdAudAddService; No ImagePath S3 X6va015; No ImagePath S3 X6va016; No ImagePath S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X] S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 09:43 - 2014-09-15 09:51 - 00018048 _____ () C:\Users\Shu\Downloads\FRST.txt 2014-09-15 09:43 - 2014-09-15 09:51 - 00000000 ____D () C:\FRST 2014-09-15 09:43 - 2014-09-15 09:44 - 00053678 _____ () C:\Users\Shu\Downloads\Addition.txt 2014-09-15 09:42 - 2014-09-15 09:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt 2014-09-15 09:41 - 2014-09-15 09:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe 2014-09-15 09:29 - 2014-09-15 09:30 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent 2014-09-15 08:53 - 2014-09-15 08:53 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-15 08:53 - 2014-09-15 08:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-15 08:53 - 2014-09-15 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-15 08:53 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe 2014-09-15 08:52 - 2014-09-15 08:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe 2014-09-14 22:46 - 2014-09-14 22:46 - 00028854 _____ () C:\ComboFix.txt 2014-09-14 22:25 - 2014-09-14 22:25 - 00000085 _____ () C:\Windows\wininit.ini 2014-09-14 22:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-09-14 22:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-09-14 22:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-09-14 22:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-09-14 22:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-09-14 22:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-09-14 22:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-09-14 22:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-09-14 22:20 - 2014-09-14 22:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps 2014-09-14 22:12 - 2014-09-14 22:46 - 00000000 ____D () C:\Qoobox 2014-09-14 22:12 - 2014-09-14 22:35 - 00000000 ____D () C:\Windows\erdnt 2014-09-14 22:07 - 2014-09-14 22:11 - 05578360 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe 2014-09-14 22:00 - 2014-09-14 22:56 - 00004276 _____ () C:\Windows\PFRO.log 2014-09-14 21:45 - 2014-09-14 22:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-14 21:45 - 2014-09-14 22:07 - 00000000 ____D () C:\mbar 2014-09-14 21:44 - 2014-09-14 21:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe 2014-09-14 11:39 - 2014-09-14 16:47 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDGi Europe 2014-09-14 10:40 - 2014-09-14 10:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe 2014-09-14 09:04 - 2014-09-15 08:28 - 00000336 _____ () C:\Windows\setupact.log 2014-09-14 09:04 - 2014-09-14 09:04 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-13 12:13 - 2014-09-13 12:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip 2014-09-13 10:53 - 2014-09-13 10:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe 2014-09-13 10:13 - 2014-09-13 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-12 14:52 - 2014-09-12 14:56 - 00000000 ____D () C:\Users\Shu\Desktop\world 2014-09-10 12:28 - 2014-09-10 12:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 10:00 - 2014-09-10 13:33 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft 2014-09-09 12:47 - 2014-09-09 16:43 - 00000000 ____D () C:\Users\Shu\Powersaves3DS 2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS 2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS 2014-09-07 23:19 - 2014-09-07 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawn of War II - Destroyer 40k 2014-09-05 21:02 - 2014-09-05 21:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe 2014-09-02 10:00 - 2014-09-02 10:06 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54 2014-09-01 21:30 - 2014-09-01 21:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61} 2014-09-01 11:32 - 2014-09-01 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldPainter 2014-09-01 11:32 - 2014-09-01 11:33 - 00000000 ____D () C:\Program Files\WorldPainter 2014-08-31 17:06 - 2014-08-31 17:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe 2014-08-22 17:46 - 2014-08-22 17:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content 2014-08-22 17:46 - 2014-08-07 04:45 - 00450560 _____ (seismic) C:\Users\Shu\Downloads\SeismicGame.exe 2014-08-22 17:46 - 2014-05-23 01:11 - 00683008 _____ () C:\Users\Shu\Downloads\MonoGame.Framework.dll 2014-08-22 17:46 - 2014-04-06 05:51 - 03290624 _____ (The Open Toolkit Library) C:\Users\Shu\Downloads\OpenTK.dll 2014-08-22 17:46 - 2014-02-20 17:59 - 00069632 _____ (Tao Framework -- hxxp://www.taoframework.com) C:\Users\Shu\Downloads\Tao.Sdl.dll 2014-08-22 17:46 - 2013-10-29 07:41 - 00445952 _____ (Mark Heath) C:\Users\Shu\Downloads\NAudio.dll 2014-08-22 17:46 - 2009-10-04 20:02 - 00139264 _____ (Osamu TAKEUCHI <osamu@big.jp>) C:\Users\Shu\Downloads\YamlSerializer.dll 2014-08-22 17:15 - 2014-08-22 17:46 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar 2014-08-22 17:14 - 2014-08-22 17:25 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar 2014-08-21 17:51 - 2014-08-21 20:12 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Arc 2014-08-21 17:51 - 2014-08-21 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2014-08-21 17:50 - 2014-08-21 19:19 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment 2014-08-21 08:28 - 2014-08-21 08:28 - 01014036 _____ () C:\Program Files (x86)\translation.bin 2014-08-21 08:28 - 2014-08-21 08:28 - 00044544 _____ () C:\Program Files (x86)\translator.dll 2014-08-20 22:36 - 2014-08-21 08:28 - 01014036 _____ () C:\translation.bin 2014-08-20 22:36 - 2014-08-21 08:28 - 00044544 _____ () C:\translator.dll 2014-08-18 07:44 - 2014-08-18 07:44 - 00000000 ____D () C:\ProgramData\Curse Client 2014-08-17 16:57 - 2014-08-17 16:57 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey 2014-08-17 11:01 - 2014-08-17 11:01 - 00000000 ____D () C:\Users\Shu\AppData\Local\Funcom 2014-08-17 11:01 - 2014-08-17 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom 2014-08-17 11:01 - 2014-08-17 11:01 - 00000000 ____D () C:\Program Files (x86)\Funcom ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-15 09:51 - 2014-09-15 09:43 - 00018048 _____ () C:\Users\Shu\Downloads\FRST.txt 2014-09-15 09:51 - 2014-09-15 09:43 - 00000000 ____D () C:\FRST 2014-09-15 09:44 - 2014-09-15 09:43 - 00053678 _____ () C:\Users\Shu\Downloads\Addition.txt 2014-09-15 09:42 - 2014-09-15 09:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt 2014-09-15 09:41 - 2014-09-15 09:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe 2014-09-15 09:41 - 2014-01-14 00:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\uTorrent 2014-09-15 09:30 - 2014-09-15 09:29 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent 2014-09-15 09:28 - 2013-10-04 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-15 09:24 - 2014-06-27 22:11 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\NexonLauncher 2014-09-15 09:24 - 2014-06-27 22:10 - 00000000 ____D () C:\Program Files (x86)\Nexon 2014-09-15 09:24 - 2013-10-04 20:47 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-09-15 08:58 - 2013-10-28 10:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-09-15 08:57 - 2014-07-10 13:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-15 08:53 - 2014-09-15 08:53 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-09-15 08:53 - 2014-09-15 08:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-09-15 08:53 - 2014-09-15 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-09-15 08:53 - 2013-10-28 10:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-09-15 08:52 - 2014-09-15 08:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe 2014-09-15 08:35 - 2013-10-04 18:09 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\TS3Client 2014-09-15 08:34 - 2009-07-14 06:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-15 08:34 - 2009-07-14 06:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-15 08:31 - 2013-10-04 17:02 - 01480234 _____ () C:\Windows\WindowsUpdate.log 2014-09-15 08:29 - 2014-02-19 03:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Deployment 2014-09-15 08:28 - 2014-09-14 09:04 - 00000336 _____ () C:\Windows\setupact.log 2014-09-15 08:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-14 22:57 - 2014-02-19 03:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Apps\2.0 2014-09-14 22:56 - 2014-09-14 22:00 - 00004276 _____ () C:\Windows\PFRO.log 2014-09-14 22:56 - 2014-09-14 21:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-09-14 22:46 - 2014-09-14 22:46 - 00028854 _____ () C:\ComboFix.txt 2014-09-14 22:46 - 2014-09-14 22:12 - 00000000 ____D () C:\Qoobox 2014-09-14 22:44 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-09-14 22:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-09-14 22:35 - 2014-09-14 22:12 - 00000000 ____D () C:\Windows\erdnt 2014-09-14 22:34 - 2013-10-04 17:04 - 00000000 ____D () C:\Users\Shu 2014-09-14 22:25 - 2014-09-14 22:25 - 00000085 _____ () C:\Windows\wininit.ini 2014-09-14 22:20 - 2014-09-14 22:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps 2014-09-14 22:11 - 2014-09-14 22:07 - 05578360 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe 2014-09-14 22:07 - 2014-09-14 21:45 - 00000000 ____D () C:\mbar 2014-09-14 22:03 - 2014-05-23 08:35 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-14 22:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME 2014-09-14 21:44 - 2014-09-14 21:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe 2014-09-14 18:26 - 2013-10-04 18:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-09-14 18:26 - 2013-10-04 18:48 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-09-14 17:48 - 2013-11-01 00:27 - 00000000 ____D () C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander 2014-09-14 17:48 - 2013-10-04 17:53 - 00000000 ____D () C:\ProgramData\Origin 2014-09-14 17:48 - 2013-10-04 17:53 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-09-14 17:41 - 2013-10-04 21:28 - 00000000 ____D () C:\Users\Shu\Documents\DragonNest 2014-09-14 16:47 - 2014-09-14 11:39 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDGi Europe 2014-09-14 16:47 - 2014-06-14 13:20 - 00000000 ____D () C:\Program Files (x86)\SDGi Europe 2014-09-14 10:40 - 2014-09-14 10:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe 2014-09-14 10:36 - 2014-07-04 20:28 - 00000000 ____D () C:\Users\Shu\AppData\Local\Warframe 2014-09-14 09:12 - 2013-11-06 22:37 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FileZilla 2014-09-14 09:09 - 2014-07-23 18:04 - 00000000 ____D () C:\Users\Shu\AppData\Local\ftblauncher 2014-09-14 09:09 - 2014-02-28 21:04 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FTB 2014-09-14 09:04 - 2014-09-14 09:04 - 00000000 _____ () C:\Windows\setuperr.log 2014-09-14 09:04 - 2013-10-04 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-09-13 17:46 - 2013-11-05 00:02 - 00000132 _____ () C:\Users\Shu\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen 2014-09-13 12:23 - 2013-10-04 20:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Skype 2014-09-13 12:13 - 2014-09-13 12:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip 2014-09-13 10:53 - 2014-09-13 10:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe 2014-09-13 10:13 - 2014-09-13 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-09-12 15:19 - 2014-02-18 18:05 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\.minecraft 2014-09-12 14:56 - 2014-09-12 14:52 - 00000000 ____D () C:\Users\Shu\Desktop\world 2014-09-12 10:10 - 2013-10-04 17:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-09-10 13:33 - 2014-09-10 10:00 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft 2014-09-10 12:28 - 2014-09-10 12:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2014-09-10 12:28 - 2013-10-04 18:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-10 12:28 - 2013-10-04 18:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-10 12:28 - 2013-10-04 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-09-09 16:43 - 2014-09-09 12:47 - 00000000 ____D () C:\Users\Shu\Powersaves3DS 2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS 2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS 2014-09-07 23:19 - 2014-09-07 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawn of War II - Destroyer 40k 2014-09-07 15:07 - 2013-10-09 15:33 - 00000000 ____D () C:\Users\Shu\Documents\My Games 2014-09-07 09:14 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-09-06 08:47 - 2013-10-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-09-05 21:02 - 2014-09-05 21:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe 2014-09-03 08:13 - 2013-10-10 23:58 - 00000000 ____D () C:\Users\Shu\AppData\Local\PMB Files 2014-09-02 23:38 - 2013-10-10 23:58 - 00000000 ____D () C:\ProgramData\PMB Files 2014-09-02 20:55 - 2014-07-09 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph 2014-09-02 19:33 - 2014-07-11 20:50 - 00000000 ____D () C:\Users\Shu\Documents\survarium 2014-09-02 19:32 - 2014-04-10 12:15 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive 2014-09-02 10:06 - 2014-09-02 10:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54 2014-09-01 23:37 - 2014-04-10 12:15 - 00000000 ____D () C:\Users\Shu\Downloads\Gameforge Live 2014-09-01 21:30 - 2014-09-01 21:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61} 2014-09-01 21:29 - 2013-10-04 20:52 - 00000000 ____D () C:\ProgramData\Skype 2014-09-01 11:57 - 2014-01-22 12:40 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\WorldPainter 2014-09-01 11:33 - 2014-09-01 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldPainter 2014-09-01 11:33 - 2014-09-01 11:32 - 00000000 ____D () C:\Program Files\WorldPainter 2014-08-31 17:06 - 2014-08-31 17:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe 2014-08-31 08:06 - 2013-10-24 18:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst 2014-08-29 11:38 - 2014-07-09 14:42 - 00000000 ____D () C:\Program Files (x86)\Glyph 2014-08-27 21:18 - 2014-03-22 21:48 - 00000000 ____D () C:\Users\Shu\Desktop\Bewerbungskram 2014-08-24 18:39 - 2013-10-19 21:11 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-08-22 20:06 - 2013-11-13 13:49 - 00000000 ____D () C:\Users\Shu\AppData\Local\JDownloader v2.0 2014-08-22 17:46 - 2014-08-22 17:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content 2014-08-22 17:46 - 2014-08-22 17:15 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar 2014-08-22 17:25 - 2014-08-22 17:14 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar 2014-08-21 20:12 - 2014-08-21 17:51 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Arc 2014-08-21 19:25 - 2014-05-07 11:43 - 00000000 ____D () C:\ArcTemp 2014-08-21 19:19 - 2014-08-21 17:50 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment 2014-08-21 17:51 - 2014-08-21 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2014-08-21 17:51 - 2013-10-04 17:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-08-21 08:31 - 2013-10-05 13:31 - 00000000 ___HD () C:\Windows\msdownld.tmp 2014-08-21 08:31 - 2013-10-05 13:31 - 00000000 ____D () C:\Windows\SysWOW64\directx 2014-08-21 08:28 - 2014-08-21 08:28 - 01014036 _____ () C:\Program Files (x86)\translation.bin 2014-08-21 08:28 - 2014-08-21 08:28 - 00044544 _____ () C:\Program Files (x86)\translator.dll 2014-08-21 08:28 - 2014-08-20 22:36 - 01014036 _____ () C:\translation.bin 2014-08-21 08:28 - 2014-08-20 22:36 - 00044544 _____ () C:\translator.dll 2014-08-21 08:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-08-18 17:55 - 2013-12-07 22:23 - 00000000 ____D () C:\Users\Shu\Documents\NCSOFT 2014-08-18 17:55 - 2013-12-07 15:40 - 00000000 ____D () C:\Users\Shu\AppData\Local\NCSOFT 2014-08-18 07:44 - 2014-08-18 07:44 - 00000000 ____D () C:\ProgramData\Curse Client 2014-08-17 16:57 - 2014-08-17 16:57 - 00000000 ____D () C:\Program Files (x86)\AutoHotkey 2014-08-17 16:57 - 2014-08-10 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey 2014-08-17 11:01 - 2014-08-17 11:01 - 00000000 ____D () C:\Users\Shu\AppData\Local\Funcom 2014-08-17 11:01 - 2014-08-17 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom 2014-08-17 11:01 - 2014-08-17 11:01 - 00000000 ____D () C:\Program Files (x86)\Funcom Files to move or delete: ==================== C:\Users\Shu\worldpainter_64_1.8.1.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-08 19:07 ==================== End Of Log ============================ Gruß Geändert von NyanShu (15.09.2014 um 09:16 Uhr) |
|
15.09.2014, 18:50
| #4 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner hi, Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.09.2014, 19:24
| #5 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Nichts gefunden. Code:
ATTFilter 20:15:15.0798 0x07b4 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
20:15:20.0326 0x07b4 ============================================================
20:15:20.0326 0x07b4 Current date / time: 2014/09/15 20:15:20.0326
20:15:20.0326 0x07b4 SystemInfo:
20:15:20.0326 0x07b4
20:15:20.0326 0x07b4 OS Version: 6.1.7601 ServicePack: 1.0
20:15:20.0326 0x07b4 Product type: Workstation
20:15:20.0327 0x07b4 ComputerName: SHU-PC
20:15:20.0327 0x07b4 UserName: Shu
20:15:20.0327 0x07b4 Windows directory: C:\Windows
20:15:20.0327 0x07b4 System windows directory: C:\Windows
20:15:20.0327 0x07b4 Running under WOW64
20:15:20.0327 0x07b4 Processor architecture: Intel x64
20:15:20.0327 0x07b4 Number of processors: 6
20:15:20.0327 0x07b4 Page size: 0x1000
20:15:20.0327 0x07b4 Boot type: Normal boot
20:15:20.0327 0x07b4 ============================================================
20:15:22.0110 0x07b4 KLMD registered as C:\Windows\system32\drivers\63825657.sys
20:15:22.0321 0x07b4 System UUID: {04CF0FC9-1751-9752-657E-8D918FB18108}
20:15:22.0757 0x07b4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:15:22.0763 0x07b4 ============================================================
20:15:22.0763 0x07b4 \Device\Harddisk0\DR0:
20:15:22.0763 0x07b4 MBR partitions:
20:15:22.0763 0x07b4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:15:22.0763 0x07b4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
20:15:22.0763 0x07b4 ============================================================
20:15:22.0784 0x07b4 C: <-> \Device\Harddisk0\DR0\Partition2
20:15:22.0784 0x07b4 ============================================================
20:15:22.0785 0x07b4 Initialize success
20:15:22.0785 0x07b4 ============================================================
20:16:44.0468 0x0b1c ============================================================
20:16:44.0469 0x0b1c Scan started
20:16:44.0469 0x0b1c Mode: Manual; SigCheck; TDLFS;
20:16:44.0469 0x0b1c ============================================================
20:16:44.0469 0x0b1c KSN ping started
20:16:58.0238 0x0b1c KSN ping finished: true
20:16:59.0353 0x0b1c ================ Scan system memory ========================
20:16:59.0353 0x0b1c System memory - ok
20:16:59.0354 0x0b1c ================ Scan services =============================
20:16:59.0442 0x0b1c 1394hub - ok
20:16:59.0509 0x0b1c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:16:59.0586 0x0b1c 1394ohci - ok
20:16:59.0622 0x0b1c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:16:59.0639 0x0b1c ACPI - ok
20:16:59.0651 0x0b1c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:16:59.0689 0x0b1c AcpiPmi - ok
20:16:59.0768 0x0b1c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:16:59.0797 0x0b1c AdobeARMservice - ok
20:16:59.0911 0x0b1c [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:16:59.0953 0x0b1c AdobeFlashPlayerUpdateSvc - ok
20:16:59.0994 0x0b1c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:17:00.0018 0x0b1c adp94xx - ok
20:17:00.0034 0x0b1c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:17:00.0052 0x0b1c adpahci - ok
20:17:00.0069 0x0b1c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:17:00.0083 0x0b1c adpu320 - ok
20:17:00.0107 0x0b1c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:17:00.0156 0x0b1c AeLookupSvc - ok
20:17:00.0191 0x0b1c [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\Windows\system32\drivers\afd.sys
20:17:00.0227 0x0b1c AFD - ok
20:17:00.0244 0x0b1c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
20:17:00.0255 0x0b1c agp440 - ok
20:17:00.0265 0x0b1c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
20:17:00.0294 0x0b1c ALG - ok
20:17:00.0315 0x0b1c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
20:17:00.0325 0x0b1c aliide - ok
20:17:00.0362 0x0b1c [ 94724B5F72298C4D407BE77CAA67AE38, 7107C16AFFF21906CEA19F94EEFE9FC76456FFB300B0C3524921692D76B1DDF3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:17:00.0404 0x0b1c AMD External Events Utility - ok
20:17:00.0454 0x0b1c AMD FUEL Service - ok
20:17:00.0469 0x0b1c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
20:17:00.0495 0x0b1c amdide - ok
20:17:00.0524 0x0b1c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:17:00.0554 0x0b1c AmdK8 - ok
20:17:01.0000 0x0b1c [ B9838614675E0ED63411D69AF5349614, 7E5C88745294F60B8614A7D6A5C2C1A452AF4FFBCB44CF6D7A1BC5090D93E701 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:17:01.0383 0x0b1c amdkmdag - ok
20:17:01.0475 0x0b1c [ 1505FFB508FD1538B4EE8C36A1A229FD, FE1D6BB2B0A98785B4565F9324472D9D7305444A9E8BAD3A5B6504F049B3123F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:17:01.0509 0x0b1c amdkmdap - ok
20:17:01.0522 0x0b1c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:17:01.0558 0x0b1c AmdPPM - ok
20:17:01.0577 0x0b1c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:17:01.0589 0x0b1c amdsata - ok
20:17:01.0600 0x0b1c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:17:01.0615 0x0b1c amdsbs - ok
20:17:01.0621 0x0b1c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:17:01.0631 0x0b1c amdxata - ok
20:17:01.0654 0x0b1c [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.2.0 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:17:01.0664 0x0b1c AODDriver4.2.0 - ok
20:17:01.0683 0x0b1c [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:17:01.0693 0x0b1c AODDriver4.3 - ok
20:17:01.0759 0x0b1c [ 1FDE3302A17928B999E6BBA6D346F7DB, 186029C1C62842F1FE21AAD445134A3DEDB978D2E27169D5016C3149FCC42E5C ] AODDriver4.3.0 C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys
20:17:01.0785 0x0b1c AODDriver4.3.0 - ok
20:17:01.0803 0x0b1c [ 24D5D2C9F24B9B7AF63182F5A444C3F9, 02D781C0FFADD355851D37B5401EFD8798F113BB5BC17A994AC5CF548360C3D2 ] AODService C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
20:17:01.0824 0x0b1c AODService - ok
20:17:01.0862 0x0b1c [ C65A3C67630A67A97AD26C21173BA61E, 9C66AF6FC15FEA0B0352540C037AD87B4113CE401C10B6A35DE98901E74152DC ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
20:17:01.0875 0x0b1c Apowersoft_AudioDevice - ok
20:17:01.0896 0x0b1c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
20:17:01.0954 0x0b1c AppID - ok
20:17:01.0973 0x0b1c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:17:02.0008 0x0b1c AppIDSvc - ok
20:17:02.0026 0x0b1c [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
20:17:02.0045 0x0b1c Appinfo - ok
20:17:02.0057 0x0b1c [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
20:17:02.0085 0x0b1c AppMgmt - ok
20:17:02.0102 0x0b1c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:17:02.0115 0x0b1c arc - ok
20:17:02.0125 0x0b1c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:17:02.0138 0x0b1c arcsas - ok
20:17:02.0185 0x0b1c [ 431C68133D43560ACCA0A2042F66562D, D95FA5EEDCC31A712C9C2C9BA746F609364991FE55A93071BA63BDC603974F2C ] ArcService C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe
20:17:02.0195 0x0b1c ArcService - ok
20:17:02.0239 0x0b1c [ A82C01606DC27D05D9D3BFB6BB807E32, CE231637422709D927FB6FA0C4F2215B9C0E3EBBD951FB2FA97B8E64DA479B96 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
20:17:02.0248 0x0b1c AsIO - ok
20:17:02.0315 0x0b1c [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:17:02.0351 0x0b1c aspnet_state - ok
20:17:02.0381 0x0b1c [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
20:17:02.0396 0x0b1c aswHwid - ok
20:17:02.0420 0x0b1c [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
20:17:02.0436 0x0b1c aswMonFlt - ok
20:17:02.0449 0x0b1c [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
20:17:02.0465 0x0b1c aswRdr - ok
20:17:02.0474 0x0b1c [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
20:17:02.0490 0x0b1c aswRvrt - ok
20:17:02.0524 0x0b1c [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
20:17:02.0555 0x0b1c aswSnx - ok
20:17:02.0618 0x0b1c [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP C:\Windows\system32\drivers\aswSP.sys
20:17:02.0645 0x0b1c aswSP - ok
20:17:02.0673 0x0b1c [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm C:\Windows\system32\drivers\aswStm.sys
20:17:02.0684 0x0b1c aswStm - ok
20:17:02.0700 0x0b1c [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
20:17:02.0715 0x0b1c aswVmm - ok
20:17:02.0731 0x0b1c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:17:02.0775 0x0b1c AsyncMac - ok
20:17:02.0789 0x0b1c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
20:17:02.0799 0x0b1c atapi - ok
20:17:02.0813 0x0b1c [ 33497249626E7787AA5CEA99B226CCA6, EF6213B79F83334CD95E4A58A4FE64190AA3FEFF590E41C4BF302FC4A8F6D6D6 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:17:02.0849 0x0b1c AtiHDAudioService - ok
20:17:02.0858 0x0b1c [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:17:02.0867 0x0b1c AtiPcie - ok
20:17:02.0899 0x0b1c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:17:02.0956 0x0b1c AudioEndpointBuilder - ok
20:17:02.0980 0x0b1c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:17:03.0022 0x0b1c AudioSrv - ok
20:17:03.0067 0x0b1c [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:17:03.0098 0x0b1c avast! Antivirus - ok
20:17:03.0120 0x0b1c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:17:03.0162 0x0b1c AxInstSV - ok
20:17:03.0189 0x0b1c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:17:03.0228 0x0b1c b06bdrv - ok
20:17:03.0238 0x0b1c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:17:03.0267 0x0b1c b57nd60a - ok
20:17:03.0291 0x0b1c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
20:17:03.0304 0x0b1c BDESVC - ok
20:17:03.0320 0x0b1c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
20:17:03.0378 0x0b1c Beep - ok
20:17:03.0405 0x0b1c [ B1359701847FF1FF415FA083F1610F48, 991F995B9CF614549F5F7EB5C5B2D47F34EFF0F47B35C4BF4CE716666B9DA1D3 ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
20:17:03.0425 0x0b1c BEService - detected UnsignedFile.Multi.Generic ( 1 )
20:17:06.0271 0x0b1c Detect skipped due to KSN trusted
20:17:06.0271 0x0b1c BEService - ok
20:17:06.0339 0x0b1c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
20:17:06.0378 0x0b1c BFE - ok
20:17:06.0415 0x0b1c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
20:17:06.0474 0x0b1c BITS - ok
20:17:06.0490 0x0b1c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:17:06.0512 0x0b1c blbdrive - ok
20:17:06.0536 0x0b1c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:17:06.0549 0x0b1c bowser - ok
20:17:06.0601 0x0b1c BRDriver64 - ok
20:17:06.0614 0x0b1c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:17:06.0658 0x0b1c BrFiltLo - ok
20:17:06.0666 0x0b1c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:17:06.0692 0x0b1c BrFiltUp - ok
20:17:06.0706 0x0b1c [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:17:06.0746 0x0b1c BridgeMP - ok
20:17:06.0771 0x0b1c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
20:17:06.0786 0x0b1c Browser - ok
20:17:06.0798 0x0b1c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:17:06.0822 0x0b1c Brserid - ok
20:17:06.0827 0x0b1c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:17:06.0848 0x0b1c BrSerWdm - ok
20:17:06.0909 0x0b1c [ 78561B78811A147B99CB47EBBD2D2847, 4EF1ED64CAF0549B43A660FF70D5035DFD59CCD22E7353150E8A13944C936520 ] BRSptSvc C:\ProgramData\BitRaider\BRSptSvc.exe
20:17:06.0938 0x0b1c BRSptSvc - ok
20:17:06.0942 0x0b1c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:17:06.0970 0x0b1c BrUsbMdm - ok
20:17:06.0974 0x0b1c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:17:06.0986 0x0b1c BrUsbSer - ok
20:17:06.0996 0x0b1c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:17:07.0012 0x0b1c BTHMODEM - ok
20:17:07.0018 0x0b1c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
20:17:07.0060 0x0b1c bthserv - ok
20:17:07.0063 0x0b1c catchme - ok
20:17:07.0077 0x0b1c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:17:07.0108 0x0b1c cdfs - ok
20:17:07.0131 0x0b1c [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:17:07.0159 0x0b1c cdrom - ok
20:17:07.0180 0x0b1c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
20:17:07.0209 0x0b1c CertPropSvc - ok
20:17:07.0225 0x0b1c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:17:07.0249 0x0b1c circlass - ok
20:17:07.0267 0x0b1c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
20:17:07.0285 0x0b1c CLFS - ok
20:17:07.0337 0x0b1c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:17:07.0362 0x0b1c clr_optimization_v2.0.50727_32 - ok
20:17:07.0396 0x0b1c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:17:07.0412 0x0b1c clr_optimization_v2.0.50727_64 - ok
20:17:07.0462 0x0b1c [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:17:07.0489 0x0b1c clr_optimization_v4.0.30319_32 - ok
20:17:07.0499 0x0b1c [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:17:07.0515 0x0b1c clr_optimization_v4.0.30319_64 - ok
20:17:07.0518 0x0b1c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:17:07.0529 0x0b1c CmBatt - ok
20:17:07.0542 0x0b1c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:17:07.0552 0x0b1c cmdide - ok
20:17:07.0591 0x0b1c [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys
20:17:07.0615 0x0b1c CNG - ok
20:17:07.0629 0x0b1c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:17:07.0639 0x0b1c Compbatt - ok
20:17:07.0649 0x0b1c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:17:07.0676 0x0b1c CompositeBus - ok
20:17:07.0679 0x0b1c COMSysApp - ok
20:17:07.0688 0x0b1c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:17:07.0688 0x0b1c crcdisk - ok
20:17:07.0719 0x0b1c [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:17:07.0750 0x0b1c CryptSvc - ok
20:17:07.0782 0x0b1c [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
20:17:07.0797 0x0b1c CSC - ok
20:17:07.0844 0x0b1c [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
20:17:07.0860 0x0b1c CscService - ok
20:17:07.0906 0x0b1c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:17:07.0953 0x0b1c DcomLaunch - ok
20:17:07.0969 0x0b1c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
20:17:08.0000 0x0b1c defragsvc - ok
20:17:08.0016 0x0b1c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:17:08.0047 0x0b1c DfsC - ok
20:17:08.0078 0x0b1c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:17:08.0125 0x0b1c Dhcp - ok
20:17:08.0125 0x0b1c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
20:17:08.0172 0x0b1c discache - ok
20:17:08.0187 0x0b1c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:17:08.0203 0x0b1c Disk - ok
20:17:08.0234 0x0b1c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:17:08.0265 0x0b1c Dnscache - ok
20:17:08.0296 0x0b1c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
20:17:08.0328 0x0b1c dot3svc - ok
20:17:08.0343 0x0b1c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
20:17:08.0374 0x0b1c DPS - ok
20:17:08.0390 0x0b1c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:17:08.0421 0x0b1c drmkaud - ok
20:17:08.0530 0x0b1c [ 1ED08A6264C5C92099D6D1DAE5E8F530, 4045AE77859B1DBF13972451972EAAF6F3C97BEA423E9E78F1C2F14330CD47CA ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
20:17:08.0562 0x0b1c DrvAgent64 - ok
20:17:08.0593 0x0b1c [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:17:08.0608 0x0b1c dtsoftbus01 - ok
20:17:08.0640 0x0b1c [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:17:08.0671 0x0b1c DXGKrnl - ok
20:17:08.0686 0x0b1c EagleX64 - ok
20:17:08.0702 0x0b1c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
20:17:08.0733 0x0b1c EapHost - ok
20:17:08.0811 0x0b1c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:17:08.0936 0x0b1c ebdrv - ok
20:17:08.0952 0x0b1c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe
20:17:08.0967 0x0b1c EFS - ok
20:17:09.0045 0x0b1c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:17:09.0108 0x0b1c ehRecvr - ok
20:17:09.0123 0x0b1c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
20:17:09.0139 0x0b1c ehSched - ok
20:17:09.0154 0x0b1c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:17:09.0186 0x0b1c elxstor - ok
20:17:09.0201 0x0b1c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:17:09.0217 0x0b1c ErrDev - ok
20:17:09.0248 0x0b1c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
20:17:09.0279 0x0b1c EventSystem - ok
20:17:09.0295 0x0b1c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
20:17:09.0326 0x0b1c exfat - ok
20:17:09.0342 0x0b1c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:17:09.0388 0x0b1c fastfat - ok
20:17:09.0420 0x0b1c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
20:17:09.0451 0x0b1c Fax - ok
20:17:09.0466 0x0b1c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:17:09.0466 0x0b1c fdc - ok
20:17:09.0482 0x0b1c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
20:17:09.0529 0x0b1c fdPHost - ok
20:17:09.0529 0x0b1c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
20:17:09.0576 0x0b1c FDResPub - ok
20:17:09.0576 0x0b1c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:17:09.0591 0x0b1c FileInfo - ok
20:17:09.0591 0x0b1c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:17:09.0622 0x0b1c Filetrace - ok
20:17:09.0622 0x0b1c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:17:09.0638 0x0b1c flpydisk - ok
20:17:09.0654 0x0b1c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:17:09.0669 0x0b1c FltMgr - ok
20:17:09.0716 0x0b1c [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
20:17:09.0763 0x0b1c FontCache - ok
20:17:09.0794 0x0b1c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:17:09.0794 0x0b1c FontCache3.0.0.0 - ok
20:17:09.0810 0x0b1c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:17:09.0810 0x0b1c FsDepends - ok
20:17:09.0825 0x0b1c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:17:09.0841 0x0b1c Fs_Rec - ok
20:17:09.0856 0x0b1c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:17:09.0872 0x0b1c fvevol - ok
20:17:09.0888 0x0b1c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:17:09.0903 0x0b1c gagp30kx - ok
20:17:09.0919 0x0b1c [ 8CE794B4CE179E0CB061C2BA25E60F34, B7F47BBE8BF0393DFAE11BCBDEB75A98E4BB55C960CD09097B17985F1488837B ] gouranga C:\Windows\system32\DRIVERS\gouranga.sys
20:17:09.0934 0x0b1c gouranga - ok
20:17:09.0966 0x0b1c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
20:17:10.0028 0x0b1c gpsvc - ok
20:17:10.0044 0x0b1c [ 1E6438D4EA6E1174A3B3B1EDC4DE660B, F9995CFEC7BBFE10B06EEE04CA6B49658275C43096E57747BFF9C2C31A0F9011 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
20:17:10.0059 0x0b1c hamachi - ok
20:17:10.0059 0x0b1c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:17:10.0090 0x0b1c hcw85cir - ok
20:17:10.0106 0x0b1c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:17:10.0137 0x0b1c HdAudAddService - ok
20:17:10.0153 0x0b1c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:17:10.0168 0x0b1c HDAudBus - ok
20:17:10.0184 0x0b1c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:17:10.0200 0x0b1c HidBatt - ok
20:17:10.0215 0x0b1c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:17:10.0231 0x0b1c HidBth - ok
20:17:10.0246 0x0b1c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:17:10.0262 0x0b1c HidIr - ok
20:17:10.0278 0x0b1c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
20:17:10.0324 0x0b1c hidserv - ok
20:17:10.0340 0x0b1c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:17:10.0356 0x0b1c HidUsb - ok
20:17:10.0371 0x0b1c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:17:10.0402 0x0b1c hkmsvc - ok
20:17:10.0418 0x0b1c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:17:10.0465 0x0b1c HomeGroupListener - ok
20:17:10.0465 0x0b1c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:17:10.0496 0x0b1c HomeGroupProvider - ok
20:17:10.0512 0x0b1c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:17:10.0527 0x0b1c HpSAMD - ok
20:17:10.0543 0x0b1c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:17:10.0605 0x0b1c HTTP - ok
20:17:10.0621 0x0b1c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:17:10.0636 0x0b1c hwpolicy - ok
20:17:10.0636 0x0b1c hxsyol - ok
20:17:10.0652 0x0b1c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:17:10.0668 0x0b1c i8042prt - ok
20:17:10.0683 0x0b1c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:17:10.0699 0x0b1c iaStorV - ok
20:17:10.0746 0x0b1c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:17:10.0777 0x0b1c idsvc - ok
20:17:10.0777 0x0b1c IEEtwCollectorService - ok
20:17:10.0792 0x0b1c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:17:10.0808 0x0b1c iirsp - ok
20:17:10.0855 0x0b1c [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
20:17:10.0902 0x0b1c IKEEXT - ok
20:17:10.0917 0x0b1c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
20:17:10.0917 0x0b1c intelide - ok
20:17:10.0933 0x0b1c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:17:10.0948 0x0b1c intelppm - ok
20:17:10.0980 0x0b1c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:17:11.0011 0x0b1c IPBusEnum - ok
20:17:11.0011 0x0b1c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:17:11.0042 0x0b1c IpFilterDriver - ok
20:17:11.0104 0x0b1c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:17:11.0151 0x0b1c iphlpsvc - ok
20:17:11.0167 0x0b1c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:17:11.0182 0x0b1c IPMIDRV - ok
20:17:11.0198 0x0b1c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:17:11.0229 0x0b1c IPNAT - ok
20:17:11.0245 0x0b1c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:17:11.0260 0x0b1c IRENUM - ok
20:17:11.0276 0x0b1c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:17:11.0276 0x0b1c isapnp - ok
20:17:11.0307 0x0b1c [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:17:11.0323 0x0b1c iScsiPrt - ok
20:17:11.0323 0x0b1c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:17:11.0338 0x0b1c kbdclass - ok
20:17:11.0354 0x0b1c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:17:11.0354 0x0b1c kbdhid - ok
20:17:11.0370 0x0b1c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe
20:17:11.0370 0x0b1c KeyIso - ok
20:17:11.0401 0x0b1c [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:17:11.0416 0x0b1c KSecDD - ok
20:17:11.0432 0x0b1c [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:17:11.0432 0x0b1c KSecPkg - ok
20:17:11.0448 0x0b1c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:17:11.0479 0x0b1c ksthunk - ok
20:17:11.0494 0x0b1c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
20:17:11.0541 0x0b1c KtmRm - ok
20:17:11.0557 0x0b1c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:17:11.0588 0x0b1c LanmanServer - ok
20:17:11.0604 0x0b1c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:17:11.0635 0x0b1c LanmanWorkstation - ok
20:17:11.0650 0x0b1c [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
20:17:11.0666 0x0b1c LGBusEnum - ok
20:17:11.0682 0x0b1c [ F705A641C18DF31B48B5DBDA94B425E4, 1F47EE43CAFE5458E56467E127EE99B5FDBFF8B810CF92B232094B475DD42B21 ] LGPBTDD C:\Windows\system32\Drivers\LGPBTDD.sys
20:17:11.0682 0x0b1c LGPBTDD - ok
20:17:11.0697 0x0b1c [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
20:17:11.0697 0x0b1c LGSHidFilt - ok
20:17:11.0728 0x0b1c [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
20:17:11.0728 0x0b1c LGVirHid - ok
20:17:11.0744 0x0b1c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:17:11.0775 0x0b1c lltdio - ok
20:17:11.0791 0x0b1c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:17:11.0838 0x0b1c lltdsvc - ok
20:17:11.0869 0x0b1c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:17:11.0900 0x0b1c lmhosts - ok
20:17:11.0931 0x0b1c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:17:11.0931 0x0b1c LSI_FC - ok
20:17:11.0947 0x0b1c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:17:11.0962 0x0b1c LSI_SAS - ok
20:17:11.0978 0x0b1c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:17:11.0994 0x0b1c LSI_SAS2 - ok
20:17:11.0994 0x0b1c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:17:12.0009 0x0b1c LSI_SCSI - ok
20:17:12.0025 0x0b1c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
20:17:12.0072 0x0b1c luafv - ok
20:17:12.0118 0x0b1c [ A401CFF74982D8DF851F20307C806073, 1D7BA90C9E77FAAE59F60AB5310EC41D9C5B98F1F9A89A3CDB9169E6DEF565DA ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
20:17:12.0150 0x0b1c LVRS64 - ok
20:17:12.0306 0x0b1c [ 13384CB5F5813E65F31078D6ABFAAF38, A6E7374C15CAECC273197BF62F8F926BA30E9509270A8470756F4710E1DEA126 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
20:17:12.0399 0x0b1c LVUVC64 - ok
20:17:12.0446 0x0b1c [ 039E4A64A5B6DE525E8CACFF1207B049, C907064F770D28193B8D3F6E1B14E0FF0424DBB7F977894FFEEC04FBB887D0AC ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
20:17:12.0462 0x0b1c ManyCam - ok
20:17:12.0493 0x0b1c [ F1CE49C11A9833A5D2EC32443A142064, 70BFA69B61304F7FD4193205B59019B489FE9CE1D3E961568DCACBE0C68EC7B5 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv_x64.sys
20:17:12.0493 0x0b1c mcaudrv_simple - ok
20:17:12.0508 0x0b1c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:17:12.0540 0x0b1c Mcx2Svc - ok
20:17:12.0555 0x0b1c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:17:12.0571 0x0b1c megasas - ok
20:17:12.0586 0x0b1c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:17:12.0602 0x0b1c MegaSR - ok
20:17:12.0618 0x0b1c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
20:17:12.0649 0x0b1c MMCSS - ok
20:17:12.0664 0x0b1c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
20:17:12.0696 0x0b1c Modem - ok
20:17:12.0711 0x0b1c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:17:12.0727 0x0b1c monitor - ok
20:17:12.0742 0x0b1c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:17:12.0758 0x0b1c mouclass - ok
20:17:12.0758 0x0b1c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:17:12.0774 0x0b1c mouhid - ok
20:17:12.0805 0x0b1c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:17:12.0820 0x0b1c mountmgr - ok
20:17:12.0852 0x0b1c [ 817EFA0406E506784AB734CFB7DBD28E, 301C14DFCFE9AA27E93A5161E3BA74A8139EA8778FC9C4AA16623B673B6DD58F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:17:12.0867 0x0b1c MozillaMaintenance - ok
20:17:12.0883 0x0b1c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
20:17:12.0898 0x0b1c mpio - ok
20:17:12.0914 0x0b1c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:17:12.0945 0x0b1c mpsdrv - ok
20:17:12.0976 0x0b1c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:17:13.0039 0x0b1c MpsSvc - ok
20:17:13.0086 0x0b1c [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:17:13.0101 0x0b1c MRxDAV - ok
20:17:13.0117 0x0b1c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:17:13.0148 0x0b1c mrxsmb - ok
20:17:13.0164 0x0b1c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:17:13.0179 0x0b1c mrxsmb10 - ok
20:17:13.0195 0x0b1c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:17:13.0210 0x0b1c mrxsmb20 - ok
20:17:13.0242 0x0b1c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
20:17:13.0242 0x0b1c msahci - ok
20:17:13.0257 0x0b1c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:17:13.0273 0x0b1c msdsm - ok
20:17:13.0288 0x0b1c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
20:17:13.0304 0x0b1c MSDTC - ok
20:17:13.0304 0x0b1c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:17:13.0335 0x0b1c Msfs - ok
20:17:13.0351 0x0b1c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:17:13.0382 0x0b1c mshidkmdf - ok
20:17:13.0382 0x0b1c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:17:13.0398 0x0b1c msisadrv - ok
20:17:13.0413 0x0b1c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:17:13.0444 0x0b1c MSiSCSI - ok
20:17:13.0460 0x0b1c msiserver - ok
20:17:13.0460 0x0b1c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:17:13.0491 0x0b1c MSKSSRV - ok
20:17:13.0522 0x0b1c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:17:13.0585 0x0b1c MSPCLOCK - ok
20:17:13.0600 0x0b1c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:17:13.0632 0x0b1c MSPQM - ok
20:17:13.0663 0x0b1c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:17:13.0678 0x0b1c MsRPC - ok
20:17:13.0694 0x0b1c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:17:13.0694 0x0b1c mssmbios - ok
20:17:13.0710 0x0b1c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:17:13.0741 0x0b1c MSTEE - ok
20:17:13.0741 0x0b1c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:17:13.0756 0x0b1c MTConfig - ok
20:17:13.0756 0x0b1c [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:17:13.0772 0x0b1c MTsensor - ok
20:17:13.0788 0x0b1c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
20:17:13.0788 0x0b1c Mup - ok
20:17:13.0819 0x0b1c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
20:17:13.0850 0x0b1c napagent - ok
20:17:13.0881 0x0b1c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:17:13.0912 0x0b1c NativeWifiP - ok
20:17:13.0944 0x0b1c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
20:17:13.0990 0x0b1c NDIS - ok
20:17:13.0990 0x0b1c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:17:14.0022 0x0b1c NdisCap - ok
20:17:14.0037 0x0b1c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:17:14.0068 0x0b1c NdisTapi - ok
20:17:14.0084 0x0b1c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:17:14.0115 0x0b1c Ndisuio - ok
20:17:14.0131 0x0b1c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:17:14.0178 0x0b1c NdisWan - ok
20:17:14.0193 0x0b1c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:17:14.0224 0x0b1c NDProxy - ok
20:17:14.0256 0x0b1c [ A641C98AD19D870F4FBC51B9BB83FF81, CD1A7F945FBFA18DE5D697E801657C967C54B9599496A4CAFA5BBFE7097FAB7D ] Neo_VPN C:\Windows\system32\DRIVERS\Neo_0081.sys
20:17:14.0271 0x0b1c Neo_VPN - ok
20:17:14.0271 0x0b1c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:17:14.0318 0x0b1c NetBIOS - ok
20:17:14.0334 0x0b1c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:17:14.0365 0x0b1c NetBT - ok
20:17:14.0365 0x0b1c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe
20:17:14.0380 0x0b1c Netlogon - ok
20:17:14.0396 0x0b1c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
20:17:14.0443 0x0b1c Netman - ok
20:17:14.0490 0x0b1c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:14.0505 0x0b1c NetMsmqActivator - ok
20:17:14.0505 0x0b1c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:14.0521 0x0b1c NetPipeActivator - ok
20:17:14.0552 0x0b1c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
20:17:14.0583 0x0b1c netprofm - ok
20:17:14.0599 0x0b1c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:14.0614 0x0b1c NetTcpActivator - ok
20:17:14.0614 0x0b1c [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:17:14.0630 0x0b1c NetTcpPortSharing - ok
20:17:14.0646 0x0b1c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:17:14.0646 0x0b1c nfrd960 - ok
20:17:14.0677 0x0b1c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:17:14.0708 0x0b1c NlaSvc - ok
20:17:14.0708 0x0b1c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:17:14.0739 0x0b1c Npfs - ok
20:17:14.0739 0x0b1c npggsvc - ok
20:17:14.0755 0x0b1c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
20:17:14.0786 0x0b1c nsi - ok
20:17:14.0786 0x0b1c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:17:14.0833 0x0b1c nsiproxy - ok
20:17:14.0895 0x0b1c [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:17:14.0942 0x0b1c Ntfs - ok
20:17:14.0958 0x0b1c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
20:17:14.0989 0x0b1c Null - ok
20:17:15.0004 0x0b1c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:17:15.0020 0x0b1c nvraid - ok
20:17:15.0036 0x0b1c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:17:15.0051 0x0b1c nvstor - ok
20:17:15.0067 0x0b1c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:17:15.0082 0x0b1c nv_agp - ok
20:17:15.0098 0x0b1c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:17:15.0114 0x0b1c ohci1394 - ok
20:17:15.0145 0x0b1c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:17:15.0176 0x0b1c p2pimsvc - ok
20:17:15.0207 0x0b1c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
20:17:15.0223 0x0b1c p2psvc - ok
20:17:15.0238 0x0b1c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:17:15.0254 0x0b1c Parport - ok
20:17:15.0270 0x0b1c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:17:15.0285 0x0b1c partmgr - ok
20:17:15.0301 0x0b1c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
20:17:15.0332 0x0b1c PcaSvc - ok
20:17:15.0348 0x0b1c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
20:17:15.0363 0x0b1c pci - ok
20:17:15.0379 0x0b1c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
20:17:15.0379 0x0b1c pciide - ok
20:17:15.0394 0x0b1c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:17:15.0410 0x0b1c pcmcia - ok
20:17:15.0426 0x0b1c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
20:17:15.0426 0x0b1c pcw - ok
20:17:15.0457 0x0b1c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:17:15.0519 0x0b1c PEAUTH - ok
20:17:15.0566 0x0b1c [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:17:15.0613 0x0b1c PeerDistSvc - ok
20:17:15.0660 0x0b1c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:17:15.0675 0x0b1c PerfHost - ok
20:17:15.0738 0x0b1c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
20:17:15.0831 0x0b1c pla - ok
20:17:15.0862 0x0b1c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:17:15.0894 0x0b1c PlugPlay - ok
20:17:15.0925 0x0b1c [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
20:17:15.0940 0x0b1c PnkBstrA - ok
20:17:15.0940 0x0b1c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:17:15.0972 0x0b1c PNRPAutoReg - ok
20:17:15.0987 0x0b1c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:17:16.0003 0x0b1c PNRPsvc - ok
20:17:16.0034 0x0b1c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:17:16.0065 0x0b1c PolicyAgent - ok
20:17:16.0096 0x0b1c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
20:17:16.0143 0x0b1c Power - ok
20:17:16.0159 0x0b1c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:17:16.0190 0x0b1c PptpMiniport - ok
20:17:16.0206 0x0b1c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:17:16.0221 0x0b1c Processor - ok
20:17:16.0237 0x0b1c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll
20:17:16.0268 0x0b1c ProfSvc - ok
20:17:16.0284 0x0b1c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:17:16.0299 0x0b1c ProtectedStorage - ok
20:17:16.0315 0x0b1c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:17:16.0346 0x0b1c Psched - ok
20:17:16.0393 0x0b1c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:17:16.0440 0x0b1c ql2300 - ok
20:17:16.0471 0x0b1c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:17:16.0471 0x0b1c ql40xx - ok
20:17:16.0502 0x0b1c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
20:17:16.0533 0x0b1c QWAVE - ok
20:17:16.0533 0x0b1c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:17:16.0549 0x0b1c QWAVEdrv - ok
20:17:16.0564 0x0b1c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:17:16.0596 0x0b1c RasAcd - ok
20:17:16.0596 0x0b1c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:17:16.0627 0x0b1c RasAgileVpn - ok
20:17:16.0642 0x0b1c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
20:17:16.0674 0x0b1c RasAuto - ok
20:17:16.0689 0x0b1c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:17:16.0720 0x0b1c Rasl2tp - ok
20:17:16.0736 0x0b1c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
20:17:16.0767 0x0b1c RasMan - ok
20:17:16.0783 0x0b1c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:17:16.0798 0x0b1c RasPppoe - ok
20:17:16.0814 0x0b1c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:17:16.0845 0x0b1c RasSstp - ok
20:17:16.0861 0x0b1c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:17:16.0908 0x0b1c rdbss - ok
20:17:16.0908 0x0b1c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:17:16.0923 0x0b1c rdpbus - ok
20:17:16.0939 0x0b1c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:17:16.0954 0x0b1c RDPCDD - ok
20:17:16.0986 0x0b1c [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:17:17.0001 0x0b1c RDPDR - ok
20:17:17.0017 0x0b1c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:17:17.0048 0x0b1c RDPENCDD - ok
20:17:17.0064 0x0b1c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:17:17.0095 0x0b1c RDPREFMP - ok
20:17:17.0126 0x0b1c [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:17:17.0142 0x0b1c RdpVideoMiniport - ok
20:17:17.0173 0x0b1c [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:17:17.0188 0x0b1c RDPWD - ok
20:17:17.0220 0x0b1c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:17:17.0235 0x0b1c rdyboost - ok
20:17:17.0251 0x0b1c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:17:17.0298 0x0b1c RemoteAccess - ok
20:17:17.0313 0x0b1c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:17:17.0344 0x0b1c RemoteRegistry - ok
20:17:17.0360 0x0b1c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:17:17.0391 0x0b1c RpcEptMapper - ok
20:17:17.0407 0x0b1c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
20:17:17.0422 0x0b1c RpcLocator - ok
20:17:17.0454 0x0b1c [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
20:17:17.0500 0x0b1c RpcSs - ok
20:17:17.0516 0x0b1c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:17:17.0532 0x0b1c rspndr - ok
20:17:17.0578 0x0b1c [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:17:17.0594 0x0b1c RTL8167 - ok
20:17:17.0610 0x0b1c [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:17:17.0625 0x0b1c s3cap - ok
20:17:17.0625 0x0b1c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe
20:17:17.0641 0x0b1c SamSs - ok
20:17:17.0641 0x0b1c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:17:17.0656 0x0b1c sbp2port - ok
20:17:17.0688 0x0b1c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:17:17.0734 0x0b1c SCardSvr - ok
20:17:17.0750 0x0b1c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:17:17.0781 0x0b1c scfilter - ok
20:17:17.0812 0x0b1c [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
20:17:17.0890 0x0b1c Schedule - ok
20:17:17.0906 0x0b1c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:17:17.0937 0x0b1c SCPolicySvc - ok
20:17:17.0968 0x0b1c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:17:17.0984 0x0b1c SDRSVC - ok
20:17:18.0109 0x0b1c [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:17:18.0140 0x0b1c SDScannerService - ok
20:17:18.0249 0x0b1c [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:17:18.0296 0x0b1c SDUpdateService - ok
20:17:18.0327 0x0b1c [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:17:18.0343 0x0b1c SDWSCService - ok
20:17:18.0358 0x0b1c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:17:18.0390 0x0b1c secdrv - ok
20:17:18.0421 0x0b1c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
20:17:18.0436 0x0b1c seclogon - ok
20:17:18.0468 0x0b1c [ E89DD9A5C2ACAE0A697E77349129C7C1, BC9EE37287F590F72625F959F59E95DB0C09F28CF4DC1D87924F4D34615A9F0C ] SEE C:\Windows\system32\drivers\see.sys
20:17:18.0483 0x0b1c SEE - ok
20:17:18.0499 0x0b1c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
20:17:18.0530 0x0b1c SENS - ok
20:17:18.0561 0x0b1c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:17:18.0561 0x0b1c SensrSvc - ok
20:17:18.0577 0x0b1c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:17:18.0592 0x0b1c Serenum - ok
20:17:18.0592 0x0b1c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:17:18.0608 0x0b1c Serial - ok
20:17:18.0624 0x0b1c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:17:18.0639 0x0b1c sermouse - ok
20:17:18.0655 0x0b1c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
20:17:18.0702 0x0b1c SessionEnv - ok
20:17:18.0717 0x0b1c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:17:18.0748 0x0b1c sffdisk - ok
20:17:18.0748 0x0b1c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:17:18.0764 0x0b1c sffp_mmc - ok
20:17:18.0780 0x0b1c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:17:18.0795 0x0b1c sffp_sd - ok
20:17:18.0795 0x0b1c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:17:18.0811 0x0b1c sfloppy - ok
20:17:18.0842 0x0b1c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:17:18.0889 0x0b1c SharedAccess - ok
20:17:18.0920 0x0b1c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:17:18.0951 0x0b1c ShellHWDetection - ok
20:17:18.0967 0x0b1c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:17:18.0982 0x0b1c SiSRaid2 - ok
20:17:18.0998 0x0b1c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:17:18.0998 0x0b1c SiSRaid4 - ok
20:17:19.0029 0x0b1c [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:17:19.0045 0x0b1c SkypeUpdate - ok
20:17:19.0045 0x0b1c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:17:19.0092 0x0b1c Smb - ok
20:17:19.0123 0x0b1c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:17:19.0138 0x0b1c SNMPTRAP - ok
20:17:19.0138 0x0b1c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
20:17:19.0154 0x0b1c spldr - ok
20:17:19.0201 0x0b1c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
20:17:19.0232 0x0b1c Spooler - ok
20:17:19.0357 0x0b1c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
20:17:19.0497 0x0b1c sppsvc - ok
20:17:19.0513 0x0b1c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:17:19.0544 0x0b1c sppuinotify - ok
20:17:19.0575 0x0b1c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:17:19.0591 0x0b1c srv - ok
20:17:19.0622 0x0b1c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:17:19.0638 0x0b1c srv2 - ok
20:17:19.0653 0x0b1c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:17:19.0669 0x0b1c srvnet - ok
20:17:19.0684 0x0b1c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:17:19.0731 0x0b1c SSDPSRV - ok
20:17:19.0747 0x0b1c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:17:19.0778 0x0b1c SstpSvc - ok
20:17:19.0794 0x0b1c [ EF806D212D34B0E173BAEB3564D53E37, 6EF229A7B7AFF0268CDF47B77F961BD44335C3B35499BB00CBA494A22B2BA39E ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
20:17:19.0809 0x0b1c ss_bbus - ok
20:17:19.0825 0x0b1c [ 08B1B34ABEBEB6AC2DEA06900C56411E, 928EF9B9F194DB07049BA2D7127756B021C2729F562E54F7FECD0F2B2FF5A209 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:17:19.0840 0x0b1c ss_bmdfl - ok
20:17:19.0856 0x0b1c [ 71A9DA6BEAA4CB54DFB827FB78600A5D, 6393CA17CF6A6F30447FF599B2D27CAB44BA1A709D986AC5E14463303094BE5F ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:17:19.0872 0x0b1c ss_bmdm - ok
20:17:19.0872 0x0b1c StarOpen - ok
20:17:19.0918 0x0b1c [ 7E815DDD79CC73A02A33DF11FABE4E1E, A05A85CDB0CB0AA1AAC93AA801C39242BFE59082E2BC580F04EBFA71B5B61F07 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:17:19.0950 0x0b1c Steam Client Service - ok
20:17:19.0965 0x0b1c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:17:19.0965 0x0b1c stexstor - ok
20:17:20.0012 0x0b1c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
20:17:20.0043 0x0b1c stisvc - ok
20:17:20.0074 0x0b1c [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:17:20.0074 0x0b1c storflt - ok
20:17:20.0090 0x0b1c [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:17:20.0106 0x0b1c storvsc - ok
20:17:20.0121 0x0b1c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\drivers\swenum.sys
20:17:20.0121 0x0b1c swenum - ok
20:17:20.0152 0x0b1c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
20:17:20.0199 0x0b1c swprv - ok
20:17:20.0199 0x0b1c Synth3dVsc - ok
20:17:20.0262 0x0b1c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
20:17:20.0355 0x0b1c SysMain - ok
20:17:20.0371 0x0b1c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:17:20.0402 0x0b1c TabletInputService - ok
20:17:20.0433 0x0b1c [ B08740047145B9BCE15BF75CA0F9718A, 3E2A8A5A2A4DC4D0F05E22EA2C0EBD85AA5C7C6854E873D53538D1F54B8F7C63 ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
20:17:20.0464 0x0b1c tap0901t - ok
20:17:20.0496 0x0b1c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
20:17:20.0574 0x0b1c TapiSrv - ok
20:17:20.0589 0x0b1c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
20:17:20.0620 0x0b1c TBS - ok
20:17:20.0683 0x0b1c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:17:20.0745 0x0b1c Tcpip - ok
20:17:20.0792 0x0b1c [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:17:20.0839 0x0b1c TCPIP6 - ok
20:17:20.0870 0x0b1c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:17:20.0886 0x0b1c tcpipreg - ok
20:17:20.0901 0x0b1c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:17:20.0932 0x0b1c TDPIPE - ok
20:17:20.0948 0x0b1c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:17:20.0948 0x0b1c TDTCP - ok
20:17:20.0979 0x0b1c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:17:21.0010 0x0b1c tdx - ok
20:17:21.0010 0x0b1c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\drivers\termdd.sys
20:17:21.0026 0x0b1c TermDD - ok
20:17:21.0057 0x0b1c [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
20:17:21.0151 0x0b1c TermService - ok
20:17:21.0166 0x0b1c [ 48D9D00C2E0E72C3D4F52772C80355F6, 86F281C7F5FA2FCF1A36C69DD6561531E48483CACB8A873B955F7E93D9A1D259 ] TFsExDisk C:\Windows\System32\Drivers\TFsExDisk.sys
20:17:21.0182 0x0b1c TFsExDisk - ok
20:17:21.0198 0x0b1c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
20:17:21.0213 0x0b1c Themes - ok
20:17:21.0244 0x0b1c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
20:17:21.0276 0x0b1c THREADORDER - ok
20:17:21.0276 0x0b1c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
20:17:21.0322 0x0b1c TrkWks - ok
20:17:21.0354 0x0b1c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:17:21.0400 0x0b1c TrustedInstaller - ok
20:17:21.0416 0x0b1c [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:17:21.0432 0x0b1c tssecsrv - ok
20:17:21.0447 0x0b1c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:17:21.0478 0x0b1c TsUsbFlt - ok
20:17:21.0494 0x0b1c tsusbhub - ok
20:17:21.0510 0x0b1c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:17:21.0541 0x0b1c tunnel - ok
20:17:21.0634 0x0b1c [ 9B67EEB5ECCA7E7A57942D967DD59089, 6CD1575BB52A936875DB6E2EA541C7630CF1B0BC4947A5B12356F7C493316324 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
20:17:21.0681 0x0b1c TunngleService - ok
20:17:21.0697 0x0b1c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:17:21.0697 0x0b1c uagp35 - ok
20:17:21.0728 0x0b1c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:17:21.0775 0x0b1c udfs - ok
20:17:21.0790 0x0b1c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:17:21.0822 0x0b1c UI0Detect - ok
20:17:21.0837 0x0b1c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:17:21.0853 0x0b1c uliagpkx - ok
20:17:21.0868 0x0b1c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:17:21.0884 0x0b1c umbus - ok
20:17:21.0900 0x0b1c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:17:21.0915 0x0b1c UmPass - ok
20:17:21.0931 0x0b1c [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
20:17:21.0962 0x0b1c UmRdpService - ok
20:17:22.0009 0x0b1c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
20:17:22.0071 0x0b1c upnphost - ok
20:17:22.0102 0x0b1c [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:17:22.0118 0x0b1c usbaudio - ok
20:17:22.0149 0x0b1c [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:17:22.0165 0x0b1c usbccgp - ok
20:17:22.0165 0x0b1c [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:17:22.0180 0x0b1c usbcir - ok
20:17:22.0212 0x0b1c [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:17:22.0227 0x0b1c usbehci - ok
20:17:22.0274 0x0b1c [ 5A4AC5D05A7C97C68596416C05D6F2B4, 1CDE5172B763D2D65379B9F3ABACC080AF676DB9354EC98A455E620C4CE3E18A ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:17:22.0305 0x0b1c usbfilter - ok
20:17:22.0336 0x0b1c [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:17:22.0368 0x0b1c usbhub - ok
20:17:22.0399 0x0b1c [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:17:22.0399 0x0b1c usbohci - ok
20:17:22.0414 0x0b1c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:17:22.0430 0x0b1c usbprint - ok
20:17:22.0446 0x0b1c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:17:22.0461 0x0b1c USBSTOR - ok
20:17:22.0477 0x0b1c [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:17:22.0492 0x0b1c usbuhci - ok
20:17:22.0524 0x0b1c [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:17:22.0539 0x0b1c usbvideo - ok
20:17:22.0570 0x0b1c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
20:17:22.0586 0x0b1c UxSms - ok
20:17:22.0602 0x0b1c [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe
20:17:22.0617 0x0b1c VaultSvc - ok
20:17:22.0617 0x0b1c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:17:22.0633 0x0b1c vdrvroot - ok
20:17:22.0664 0x0b1c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
20:17:22.0711 0x0b1c vds - ok
20:17:22.0726 0x0b1c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:17:22.0742 0x0b1c vga - ok
20:17:22.0758 0x0b1c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:17:22.0773 0x0b1c VgaSave - ok
20:17:22.0789 0x0b1c VGPU - ok
20:17:22.0804 0x0b1c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:17:22.0820 0x0b1c vhdmp - ok
20:17:22.0820 0x0b1c VIAHdAudAddService - ok
20:17:22.0836 0x0b1c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
20:17:22.0851 0x0b1c viaide - ok
20:17:22.0867 0x0b1c [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:17:22.0882 0x0b1c vmbus - ok
20:17:22.0898 0x0b1c [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:17:22.0898 0x0b1c VMBusHID - ok
20:17:22.0914 0x0b1c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:17:22.0929 0x0b1c volmgr - ok
20:17:22.0945 0x0b1c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:17:22.0976 0x0b1c volmgrx - ok
20:17:22.0992 0x0b1c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:17:23.0007 0x0b1c volsnap - ok
20:17:23.0023 0x0b1c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:17:23.0023 0x0b1c vsmraid - ok
20:17:23.0085 0x0b1c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
20:17:23.0163 0x0b1c VSS - ok
20:17:23.0179 0x0b1c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:17:23.0194 0x0b1c vwifibus - ok
20:17:23.0210 0x0b1c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
20:17:23.0257 0x0b1c W32Time - ok
20:17:23.0272 0x0b1c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:17:23.0288 0x0b1c WacomPen - ok
20:17:23.0304 0x0b1c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:17:23.0350 0x0b1c WANARP - ok
20:17:23.0350 0x0b1c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:17:23.0382 0x0b1c Wanarpv6 - ok
20:17:23.0428 0x0b1c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
20:17:23.0491 0x0b1c wbengine - ok
20:17:23.0506 0x0b1c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:17:23.0538 0x0b1c WbioSrvc - ok
20:17:23.0553 0x0b1c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:17:23.0584 0x0b1c wcncsvc - ok
20:17:23.0600 0x0b1c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:17:23.0616 0x0b1c WcsPlugInService - ok
20:17:23.0631 0x0b1c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:17:23.0631 0x0b1c Wd - ok
20:17:23.0678 0x0b1c [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:17:23.0709 0x0b1c Wdf01000 - ok
20:17:23.0725 0x0b1c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:17:23.0756 0x0b1c WdiServiceHost - ok
20:17:23.0772 0x0b1c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:17:23.0787 0x0b1c WdiSystemHost - ok
20:17:23.0818 0x0b1c [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
20:17:23.0834 0x0b1c WebClient - ok
20:17:23.0850 0x0b1c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:17:23.0896 0x0b1c Wecsvc - ok
20:17:23.0912 0x0b1c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:17:23.0943 0x0b1c wercplsupport - ok
20:17:23.0959 0x0b1c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
20:17:23.0990 0x0b1c WerSvc - ok
20:17:24.0006 0x0b1c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:17:24.0021 0x0b1c WfpLwf - ok
20:17:24.0037 0x0b1c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:17:24.0052 0x0b1c WIMMount - ok
20:17:24.0068 0x0b1c WinDefend - ok
20:17:24.0084 0x0b1c WinHttpAutoProxySvc - ok
20:17:24.0115 0x0b1c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:17:24.0162 0x0b1c Winmgmt - ok
20:17:24.0224 0x0b1c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
20:17:24.0333 0x0b1c WinRM - ok
20:17:24.0380 0x0b1c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:17:24.0396 0x0b1c WinUSB - ok
20:17:24.0427 0x0b1c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:17:24.0474 0x0b1c Wlansvc - ok
20:17:24.0505 0x0b1c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:17:24.0505 0x0b1c WmiAcpi - ok
20:17:24.0536 0x0b1c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:17:24.0567 0x0b1c wmiApSrv - ok
20:17:24.0583 0x0b1c WMPNetworkSvc - ok
20:17:24.0598 0x0b1c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:17:24.0614 0x0b1c WPCSvc - ok
20:17:24.0645 0x0b1c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:17:24.0661 0x0b1c WPDBusEnum - ok
20:17:24.0676 0x0b1c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:17:24.0708 0x0b1c ws2ifsl - ok
20:17:24.0708 0x0b1c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
20:17:24.0739 0x0b1c wscsvc - ok
20:17:24.0754 0x0b1c WSearch - ok
20:17:24.0832 0x0b1c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
20:17:24.0910 0x0b1c wuauserv - ok
20:17:24.0942 0x0b1c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:17:24.0957 0x0b1c WudfPf - ok
20:17:24.0973 0x0b1c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:17:24.0988 0x0b1c WUDFRd - ok
20:17:25.0020 0x0b1c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:17:25.0035 0x0b1c wudfsvc - ok
20:17:25.0066 0x0b1c [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
20:17:25.0082 0x0b1c WwanSvc - ok
20:17:25.0082 0x0b1c X6va015 - ok
20:17:25.0098 0x0b1c X6va016 - ok
20:17:25.0176 0x0b1c X6va021 - ok
20:17:25.0191 0x0b1c xhunter1 - ok
20:17:25.0269 0x0b1c [ 4A5CE13408945E525503B5F73D29B9C5, D58BB31AF17752508EA67931BF170CE46877DC204FC5DA7EED5A078AEB0CA0FD ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys
20:17:25.0332 0x0b1c xnacc - ok
20:17:25.0332 0x0b1c ================ Scan global ===============================
20:17:25.0363 0x0b1c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
20:17:25.0394 0x0b1c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:17:25.0394 0x0b1c [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
20:17:25.0425 0x0b1c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:17:25.0441 0x0b1c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
20:17:25.0456 0x0b1c [ Global ] - ok
20:17:25.0456 0x0b1c ================ Scan MBR ==================================
20:17:25.0456 0x0b1c [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:17:25.0612 0x0b1c \Device\Harddisk0\DR0 - ok
20:17:25.0612 0x0b1c ================ Scan VBR ==================================
20:17:25.0612 0x0b1c [ 0FC71B843A175B83A76BE1AC7318853D ] \Device\Harddisk0\DR0\Partition1
20:17:25.0644 0x0b1c \Device\Harddisk0\DR0\Partition1 - ok
20:17:25.0659 0x0b1c [ B8EA87BC647A083F7493F2AAC2080A93 ] \Device\Harddisk0\DR0\Partition2
20:17:25.0690 0x0b1c \Device\Harddisk0\DR0\Partition2 - ok
20:17:25.0690 0x0b1c ================ Scan generic autorun ======================
20:17:25.0784 0x0b1c [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
20:17:25.0831 0x0b1c Adobe ARM - ok
20:17:25.0987 0x0b1c [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
20:17:26.0112 0x0b1c AvastUI.exe - ok
20:17:26.0205 0x0b1c [ 3D69EBB72BD0314561FC504D2D841FCB, BBCC3D21BFA24EB251C3606173DFDB4DAFB9D501FD382C30E7D3217F66F30829 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:17:26.0268 0x0b1c StartCCC - ok
20:17:26.0439 0x0b1c [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
20:17:26.0517 0x0b1c SDTray - ok
20:17:26.0658 0x0b1c [ B7543825A8D6930B385E5B99C712005A, B6ECDDD5F35506113DE89A4EDF92BD1A239DF9CF08EBBD5E4C292F4CBEA8117B ] C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe
20:17:26.0720 0x0b1c VSA - detected UnsignedFile.Multi.Generic ( 1 )
20:17:29.0622 0x0b1c Detect skipped due to KSN trusted
20:17:29.0622 0x0b1c VSA - ok
20:17:29.0809 0x0b1c [ CC78200C3ECFFA178E78308A0E160D80, 4E02D6827A99401781032A397663770FA7BE56397AA20F6E2FACE0A0004109C5 ] C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe
20:17:29.0980 0x0b1c Akamai NetSession Interface - ok
20:17:29.0980 0x0b1c Waiting for KSN requests completion. In queue: 75
20:17:30.0994 0x0b1c Waiting for KSN requests completion. In queue: 75
20:17:32.0008 0x0b1c Waiting for KSN requests completion. In queue: 75
20:17:33.0069 0x0b1c AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
20:17:33.0069 0x0b1c Win FW state via NFP2: enabled
20:17:35.0846 0x0b1c ============================================================
20:17:35.0846 0x0b1c Scan finished
20:17:35.0846 0x0b1c ============================================================
20:17:35.0862 0x0b8c Detected object count: 0
20:17:35.0862 0x0b8c Actual detected object count: 0
|
|
16.09.2014, 12:20
| #6 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner hi, Scan mit Combofix
__________________ --> Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner |
|
16.09.2014, 15:24
| #7 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerCode:
ATTFilter ComboFix 14-09-16.01 - Shu 16.09.2014 16:00:58.3.6 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.24574.22143 [GMT 2:00]
ausgeführt von:: c:\users\Shu\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Shu\AppData\Roaming\Microsoft\svhost.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-16 bis 2014-09-16 ))))))))))))))))))))))))))))))
.
.
2014-09-16 14:09 . 2014-09-16 14:09 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-09-16 14:09 . 2014-09-16 14:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-14 19:45 . 2014-09-14 20:56 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-10 10:28 . 2014-09-10 10:28 10036224 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-09 10:47 . 2014-09-16 13:53 -------- d-----w- c:\users\Shu\Powersaves3DS
2014-09-09 10:47 . 2014-09-09 10:47 -------- d-----w- c:\program files (x86)\Action Replay PowerSaves 3DS
2014-09-02 08:00 . 2014-09-02 08:06 -------- d-----w- c:\users\Shu\AppData\Local\lab_1_54
2014-09-01 09:32 . 2014-09-01 09:33 -------- d-----w- c:\program files\WorldPainter
2014-08-21 15:51 . 2014-08-21 18:12 -------- d-----w- c:\users\Shu\AppData\Roaming\Arc
2014-08-21 15:50 . 2014-08-21 17:19 -------- d-----w- c:\program files (x86)\Perfect World Entertainment
2014-08-21 06:28 . 2014-08-21 06:28 1014036 ----a-w- c:\program files (x86)\translation.bin
2014-08-21 06:28 . 2014-08-21 06:28 44544 ----a-w- c:\program files (x86)\translator.dll
2014-08-21 06:20 . 2013-04-23 15:03 435712 ----a-w- c:\users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe
2014-08-20 20:36 . 2014-08-21 06:28 1014036 ----a-w- C:\translation.bin
2014-08-20 20:36 . 2014-08-21 06:28 44544 ----a-w- C:\translator.dll
2014-08-18 05:44 . 2014-08-18 05:44 -------- d-----w- c:\programdata\Curse Client
2014-08-17 14:57 . 2014-08-17 14:57 -------- d-----w- c:\program files (x86)\AutoHotkey
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-16 13:15 . 2014-07-11 05:31 587776 ----a-w- c:\users\Shu\AppData\Roaming\Microsoft\IE10\7z.exe
2014-09-15 18:45 . 2013-10-04 16:48 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-09-15 18:35 . 2013-10-04 16:48 215416 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-09-15 06:57 . 2014-07-10 11:39 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-14 20:03 . 2014-05-23 06:35 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-10 10:28 . 2013-10-04 16:14 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 10:28 . 2013-10-04 16:14 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-24 16:39 . 2013-10-19 19:11 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-08-07 05:40 . 2014-08-07 05:40 50063360 ----a-w- c:\program files (x86)\GUT5E75.tmp
2014-08-06 18:18 . 2013-10-04 15:21 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-06 18:18 . 2014-06-11 07:16 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-08-06 18:18 . 2014-06-11 07:15 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-06 18:18 . 2013-10-04 15:21 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-08-06 18:18 . 2013-10-04 15:21 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-08-06 18:18 . 2013-10-04 15:21 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-06 18:18 . 2013-10-04 15:21 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-06 18:18 . 2013-10-04 15:21 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-06 18:18 . 2013-10-04 15:21 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-06 18:18 . 2014-08-06 18:18 43152 ----a-w- c:\windows\avastSS.scr
2014-08-04 11:02 . 2014-08-04 11:02 76152 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-08-04 06:08 . 2014-08-04 06:08 16384 ----a-w- c:\windows\system32\drivers\gouranga.sys
2014-07-24 14:46 . 2014-07-24 14:46 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2014-07-09 15:52 . 2014-07-09 15:52 127872 ----a-w- c:\windows\system32\amdhcp64.dll
2014-07-09 15:52 . 2014-07-09 15:52 117560 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-07-09 15:52 . 2014-07-09 15:52 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-07-09 15:52 . 2014-07-09 15:52 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-07-09 15:52 . 2014-07-09 15:52 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-07-09 15:52 . 2014-07-09 15:52 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-07-09 15:52 . 2013-09-21 09:45 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-07-09 15:52 . 2014-07-09 15:52 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-07-09 15:52 . 2014-07-09 15:52 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-07-09 15:52 . 2014-07-09 15:52 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-07-09 15:52 . 2013-09-21 09:45 1330912 ----a-w- c:\windows\system32\aticfx64.dll
2014-07-09 15:52 . 2014-07-09 15:52 1110992 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-07-09 15:52 . 2013-09-21 09:45 10519584 ----a-w- c:\windows\system32\atidxx64.dll
2014-07-09 15:52 . 2014-07-09 15:52 9016760 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-07-09 15:51 . 2014-07-09 15:51 7102496 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-07-09 15:51 . 2014-07-09 15:51 6879016 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-07-09 15:51 . 2014-07-09 15:51 7892000 ----a-w- c:\windows\system32\atiumd6a.dll
2014-07-09 15:51 . 2014-07-09 15:51 8108312 ----a-w- c:\windows\system32\atiumd64.dll
2014-07-09 15:47 . 2014-07-09 15:47 276192 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-07-09 15:45 . 2014-07-09 15:45 15950848 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-07-09 15:35 . 2014-07-09 15:35 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-07-09 15:35 . 2014-07-09 15:35 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-07-09 15:35 . 2014-07-09 15:35 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-07-09 15:35 . 2014-07-09 15:35 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-07-09 15:35 . 2014-07-09 15:35 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-07-09 15:35 . 2014-07-09 15:35 32876544 ----a-w- c:\windows\system32\amdocl64.dll
2014-07-09 15:34 . 2014-07-09 15:34 27843072 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-07-09 15:34 . 2014-07-09 15:34 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-07-09 15:34 . 2014-07-09 15:34 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-07-09 15:33 . 2013-09-21 08:40 27529216 ----a-w- c:\windows\system32\atio6axx.dll
2014-07-09 15:31 . 2014-07-09 15:31 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-07-09 15:31 . 2014-07-09 15:31 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-07-09 15:31 . 2014-07-09 15:31 5225472 ----a-w- c:\windows\system32\amdmantle64.dll
2014-07-09 15:28 . 2014-07-09 15:28 366592 ----a-w- c:\windows\system32\atiapfxx.exe
2014-07-09 15:28 . 2014-07-09 15:28 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-07-09 15:28 . 2014-07-09 15:28 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-07-09 15:28 . 2014-07-09 15:28 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-07-09 15:28 . 2014-07-09 15:28 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-07-09 15:28 . 2014-07-09 15:28 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-07-09 15:28 . 2014-07-09 15:28 4180992 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-07-09 15:28 . 2014-07-09 15:28 23028224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-07-09 15:27 . 2014-07-09 15:27 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-07-09 15:26 . 2014-07-09 15:26 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-07-09 15:26 . 2014-07-09 15:26 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-07-09 15:25 . 2014-07-09 15:25 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-07-09 15:25 . 2014-07-09 15:25 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-07-09 15:24 . 2014-07-09 15:24 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-07-09 15:24 . 2014-07-09 15:24 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-07-09 15:24 . 2014-07-09 15:24 588800 ----a-w- c:\windows\system32\atieclxx.exe
2014-07-09 15:24 . 2014-07-09 15:24 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-07-09 15:23 . 2014-07-09 15:23 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-07-09 15:21 . 2014-07-09 15:21 826368 ----a-w- c:\windows\system32\coinst_14.20.dll
2014-07-09 15:20 . 2013-09-21 08:07 1207296 ----a-w- c:\windows\system32\atiadlxx.dll
2014-07-09 15:20 . 2014-07-09 15:20 898560 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-07-09 15:19 . 2014-07-09 15:19 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-07-09 15:19 . 2014-07-09 15:19 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-07-09 15:19 . 2013-09-21 08:06 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-07-09 15:19 . 2014-07-09 15:19 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-07-09 15:19 . 2013-09-21 08:06 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-07-09 15:19 . 2014-07-09 15:19 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-07-09 15:19 . 2014-07-09 15:19 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-07-09 15:19 . 2014-07-09 15:19 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-07-09 15:19 . 2014-07-09 15:19 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-07-09 15:19 . 2014-07-09 15:19 557056 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-07-09 15:17 . 2014-07-09 15:17 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-07-09 09:39 . 2014-07-09 09:39 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-07-09 09:37 . 2014-07-09 09:37 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-07-05 15:49 . 2014-07-05 15:49 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-05 15:49 . 2014-07-05 15:49 313256 ----a-w- c:\windows\system32\javaws.exe
2014-07-05 15:49 . 2014-07-05 15:49 189352 ----a-w- c:\windows\system32\javaw.exe
2014-07-05 15:49 . 2014-07-05 15:49 189352 ----a-w- c:\windows\system32\java.exe
2014-06-25 20:26 . 2014-06-25 20:26 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-06-25 20:26 . 2014-06-25 20:26 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-06-25 20:26 . 2014-06-25 20:26 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-06-25 20:26 . 2014-06-25 20:26 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2014-06-21 17:01 . 2014-06-21 17:01 94720 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2014-06-21 16:59 . 2014-06-21 16:59 110080 ----a-w- c:\windows\system32\DelayAPO.dll
2013-08-30 07:47 . 2014-01-11 09:35 6583664 ----a-w- c:\program files\AVAS
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4F5F5EC-499D-48F5-AFD1-B25723A6E43E}]
2014-01-19 18:13 186904 ----a-w- c:\users\Shu\AppData\Roaming\WinRAR\eptec.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VSA"="c:\users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe" [2013-05-07 1751552]
"Akamai NetSession Interface"="c:\users\Shu\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-06 4085896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-07-09 767200]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576]
.
c:\users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-8-10 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 gouranga;Golev Virtual Ethernet Adapter;c:\windows\system32\DRIVERS\gouranga.sys;c:\windows\SYSNATIVE\DRIVERS\gouranga.sys [x]
R3 hxsyol;hxsyol;c:\aeriagames\AuraKingdom\avital\hxsy64.sys;c:\aeriagames\AuraKingdom\avital\hxsy64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SEE;SoftEther Ethernet Layer Driver;c:\windows\system32\drivers\see.sys;c:\windows\SYSNATIVE\drivers\see.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU; [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; [x]
R3 X6va015;X6va015; [x]
R3 X6va016;X6va016; [x]
R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AODDriver4.3.0;AODDriver4.3.0;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0081.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0081.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-04 10:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-06 18:18 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\
FF - prefs.js: browser.search.selectedEngine - WEB.DE Suche
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va021]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-09-16 16:11:18
ComboFix-quarantined-files.txt 2014-09-16 14:11
ComboFix2.txt 2014-09-14 20:46
ComboFix3.txt 2014-09-14 20:36
.
Vor Suchlauf: 24 Verzeichnis(se), 414.304.124.928 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 414.046.961.664 Bytes frei
.
- - End Of File - - 685E0E5A82D5141114F5DA3A88EB7262
A36C5E4F47E84449FF07ED3517B43A31
Falls ich dort ein Fehler gemacht haben sollte, eine kurze Info zum Deaktivieren wäre hilfreich (falls es falsch so war). |
|
17.09.2014, 05:51
| #8 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.09.2014, 10:45
| #9 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 17.09.2014 Suchlauf-Zeit: 11:01:28 Logdatei: mbar.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.17.02 Rootkit Datenbank: v2014.09.15.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Shu Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 347441 Verstrichene Zeit: 12 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 3 PUP.BitCoinMiner, C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe, In Quarantäne, [dbdb836b562570c6ad3294586c95966a], PUP.BitCoinMiner, C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe, In Quarantäne, [08ae5f8f4e2d48ee459afeee53ae9769], Backdoor.Agent, C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe, In Quarantäne, [d8de35b9215afc3a117facb1ec174ab6], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 17/09/2014 um 11:33:14
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Shu - SHU-PC
# Gestartet von : C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\Program Files (x86)\eSupport.com
Ordner Gelöscht : C:\Users\Shu\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\Shu\AppData\Local\Mail.Ru
***** [ Tasks ] *****
Task Gelöscht : FoxTab
Task Gelöscht : paretologic registration3
Task Gelöscht : paretologic update version3
Task Gelöscht : PC Health Advisor Defrag
Task Gelöscht : PC Health Advisor
Task Gelöscht : RegClean Pro
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v32.0.1 (x86 de)
[ Datei : C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\1hljjsn3.default\prefs.js ]
[ Datei : C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [7583 octets] - [26/10/2013 10:34:23]
AdwCleaner[R1].txt - [7741 octets] - [26/10/2013 13:08:21]
AdwCleaner[R2].txt - [6685 octets] - [08/06/2014 14:00:59]
AdwCleaner[R3].txt - [2389 octets] - [17/09/2014 11:31:20]
AdwCleaner[S0].txt - [6965 octets] - [26/10/2013 10:35:35]
AdwCleaner[S1].txt - [6937 octets] - [26/10/2013 13:08:51]
AdwCleaner[S2].txt - [6324 octets] - [08/06/2014 14:01:34]
AdwCleaner[S3].txt - [2197 octets] - [17/09/2014 11:33:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2257 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Shu (administrator) on SHU-PC on 17-09-2014 11:44:16
Running from C:\Users\Shu\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe
(Akamai Technologies, Inc.) C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\System32\PnkBstrA.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2066591825-490448642-3097545973-1000\...\Run: [VSA] => C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [1751552 2013-05-07] (Microsoft Corporation)
HKU\S-1-5-21-2066591825-490448642-3097545973-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEF34FECC14C1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: EpTec -> {D4F5F5EC-499D-48F5-AFD1-B25723A6E43E} -> C:\Users\Shu\AppData\Roaming\WinRAR\eptec.dll (Space International, Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default
FF SelectedSearchEngine: WEB.DE Suche
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\Shu\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: Разпознаване на устройство Logitech - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\DeviceDetection@logitech.com [2013-10-04]
FF Extension: Classic Theme Restorer - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-03]
FF Extension: MEGA - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\firefox@mega.co.nz.xpi [2014-01-09]
FF Extension: Adblock Plus - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-09] (Advanced Micro Devices, Inc.) [File not signed]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-08] () [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-09] (BitRaider, LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5128944 2013-11-19] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-13] (Disc Soft Ltd)
S3 gouranga; C:\Windows\System32\DRIVERS\gouranga.sys [16384 2014-08-04] (GSPOON CO., LTD.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0081.sys [28768 2014-01-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-06-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 Synth3dVsc; No ImagePath
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 VIAHdAudAddService; No ImagePath
S3 X6va015; No ImagePath
S3 X6va016; No ImagePath
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-17 11:44 - 2014-09-17 11:44 - 00016529 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-17 11:43 - 2014-09-17 11:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 11:38 - 2014-09-17 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 11:37 - 2014-09-17 11:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 11:30 - 2014-09-17 11:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 11:01 - 2014-09-17 11:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 11:01 - 2014-09-17 11:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-16 16:11 - 2014-09-16 16:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 15:53 - 2014-09-16 15:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-15 20:14 - 2014-09-15 20:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 19:32 - 2014-09-15 19:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 18:23 - 2014-09-15 18:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 11:27 - 2014-09-15 11:28 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 09:43 - 2014-09-17 11:44 - 00000000 ____D () C:\FRST
2014-09-15 09:43 - 2014-09-15 09:51 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 09:43 - 2014-09-15 09:44 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 09:42 - 2014-09-15 09:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 09:41 - 2014-09-15 09:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 09:29 - 2014-09-15 09:30 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 08:53 - 2014-09-15 08:53 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-15 08:53 - 2014-09-15 08:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 08:53 - 2014-09-15 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-15 08:53 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-15 08:52 - 2014-09-15 08:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-14 22:25 - 2014-09-14 22:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 22:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 22:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 22:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 22:20 - 2014-09-14 22:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 22:12 - 2014-09-16 16:11 - 00000000 ____D () C:\Qoobox
2014-09-14 22:12 - 2014-09-14 22:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 22:07 - 2014-09-16 15:54 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-14 22:00 - 2014-09-17 11:34 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-14 21:45 - 2014-09-14 22:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 21:44 - 2014-09-14 21:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 11:39 - 2014-09-15 18:21 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDGi Europe
2014-09-14 10:40 - 2014-09-14 10:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 09:04 - 2014-09-17 11:34 - 00001008 _____ () C:\Windows\setupact.log
2014-09-14 09:04 - 2014-09-14 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 12:13 - 2014-09-13 12:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 10:53 - 2014-09-13 10:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-13 10:13 - 2014-09-13 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 14:52 - 2014-09-12 14:56 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 12:28 - 2014-09-10 12:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 10:00 - 2014-09-10 13:33 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-09 12:47 - 2014-09-16 15:53 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-07 23:19 - 2014-09-07 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawn of War II - Destroyer 40k
2014-09-05 21:02 - 2014-09-05 21:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-02 10:00 - 2014-09-02 10:06 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 21:30 - 2014-09-01 21:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 11:32 - 2014-09-01 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldPainter
2014-09-01 11:32 - 2014-09-01 11:33 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 17:06 - 2014-08-31 17:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-22 17:46 - 2014-08-22 17:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content
2014-08-22 17:46 - 2014-08-07 04:45 - 00450560 _____ (seismic) C:\Users\Shu\Downloads\SeismicGame.exe
2014-08-22 17:46 - 2014-05-23 01:11 - 00683008 _____ () C:\Users\Shu\Downloads\MonoGame.Framework.dll
2014-08-22 17:46 - 2014-04-06 05:51 - 03290624 _____ (The Open Toolkit Library) C:\Users\Shu\Downloads\OpenTK.dll
2014-08-22 17:46 - 2014-02-20 17:59 - 00069632 _____ (Tao Framework -- hxxp://www.taoframework.com) C:\Users\Shu\Downloads\Tao.Sdl.dll
2014-08-22 17:46 - 2013-10-29 07:41 - 00445952 _____ (Mark Heath) C:\Users\Shu\Downloads\NAudio.dll
2014-08-22 17:46 - 2009-10-04 20:02 - 00139264 _____ (Osamu TAKEUCHI <osamu@big.jp>) C:\Users\Shu\Downloads\YamlSerializer.dll
2014-08-22 17:15 - 2014-08-22 17:46 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar
2014-08-22 17:14 - 2014-08-22 17:25 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar
2014-08-21 17:51 - 2014-08-21 20:12 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Arc
2014-08-21 17:51 - 2014-08-21 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-21 17:50 - 2014-08-21 19:19 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-21 08:28 - 2014-08-21 08:28 - 01014036 _____ () C:\Program Files (x86)\translation.bin
2014-08-21 08:28 - 2014-08-21 08:28 - 00044544 _____ () C:\Program Files (x86)\translator.dll
2014-08-20 22:36 - 2014-08-21 08:28 - 01014036 _____ () C:\translation.bin
2014-08-20 22:36 - 2014-08-21 08:28 - 00044544 _____ () C:\translator.dll
2014-08-18 07:44 - 2014-08-18 07:44 - 00000000 ____D () C:\ProgramData\Curse Client
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-17 11:44 - 2014-09-17 11:44 - 00016529 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-17 11:44 - 2014-09-15 09:43 - 00000000 ____D () C:\FRST
2014-09-17 11:43 - 2014-09-17 11:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 11:42 - 2009-07-14 06:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 11:42 - 2009-07-14 06:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 11:38 - 2014-09-17 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 11:37 - 2014-09-17 11:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 11:34 - 2014-09-14 22:00 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-17 11:34 - 2014-09-14 09:04 - 00001008 _____ () C:\Windows\setupact.log
2014-09-17 11:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 11:33 - 2013-10-26 10:34 - 00000000 ____D () C:\AdwCleaner
2014-09-17 11:33 - 2013-10-04 17:02 - 01509095 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 11:30 - 2014-09-17 11:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 11:29 - 2014-07-10 13:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 11:28 - 2013-10-04 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-17 11:27 - 2013-10-04 17:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-17 11:24 - 2013-10-04 17:55 - 00000000 ____D () C:\Windows\Panther
2014-09-17 11:01 - 2014-09-17 11:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 11:01 - 2014-09-17 11:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-17 11:00 - 2014-02-19 03:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Apps\2.0
2014-09-17 10:58 - 2014-02-25 00:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 20:40 - 2013-10-04 17:53 - 00000000 ____D () C:\ProgramData\Origin
2014-09-16 20:21 - 2013-10-04 17:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-16 20:08 - 2014-07-04 20:28 - 00000000 ____D () C:\Users\Shu\AppData\Local\Warframe
2014-09-16 20:07 - 2013-10-04 20:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-16 16:11 - 2014-09-16 16:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 16:11 - 2014-09-14 22:12 - 00000000 ____D () C:\Qoobox
2014-09-16 16:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-16 15:58 - 2013-10-28 10:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-16 15:54 - 2014-09-14 22:07 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-16 15:53 - 2014-09-16 15:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-16 15:53 - 2014-09-09 12:47 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-15 22:49 - 2013-10-04 18:09 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\TS3Client
2014-09-15 20:45 - 2013-10-04 18:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-15 20:35 - 2013-10-04 18:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-15 20:15 - 2014-09-15 20:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 19:35 - 2013-10-04 21:28 - 00000000 ____D () C:\Users\Shu\Documents\DragonNest
2014-09-15 19:32 - 2014-09-15 19:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 19:11 - 2014-03-22 21:48 - 00000000 ____D () C:\Users\Shu\Desktop\Bewerbungskram
2014-09-15 18:24 - 2013-11-18 13:06 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 18:23 - 2014-09-15 18:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 18:21 - 2014-09-14 11:39 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDGi Europe
2014-09-15 18:21 - 2014-06-14 13:20 - 00000000 ____D () C:\Program Files (x86)\SDGi Europe
2014-09-15 14:29 - 2014-07-23 18:04 - 00000000 ____D () C:\Users\Shu\AppData\Local\ftblauncher
2014-09-15 14:29 - 2014-02-28 21:04 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FTB
2014-09-15 11:28 - 2014-09-15 11:27 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 09:51 - 2014-09-15 09:43 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 09:44 - 2014-09-15 09:43 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 09:42 - 2014-09-15 09:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 09:41 - 2014-09-15 09:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 09:41 - 2014-01-14 00:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\uTorrent
2014-09-15 09:30 - 2014-09-15 09:29 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 09:24 - 2014-06-27 22:11 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\NexonLauncher
2014-09-15 09:24 - 2014-06-27 22:10 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-09-15 08:58 - 2013-10-28 10:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 08:53 - 2014-09-15 08:53 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-15 08:53 - 2014-09-15 08:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 08:53 - 2014-09-15 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-15 08:52 - 2014-09-15 08:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-15 08:29 - 2014-02-19 03:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Deployment
2014-09-14 22:56 - 2014-09-14 21:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 22:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-14 22:35 - 2014-09-14 22:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 22:34 - 2013-10-04 17:04 - 00000000 ____D () C:\Users\Shu
2014-09-14 22:25 - 2014-09-14 22:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 22:20 - 2014-09-14 22:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 22:03 - 2014-05-23 08:35 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 22:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-14 21:44 - 2014-09-14 21:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 17:48 - 2013-11-01 00:27 - 00000000 ____D () C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander
2014-09-14 10:40 - 2014-09-14 10:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 09:12 - 2013-11-06 22:37 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FileZilla
2014-09-14 09:04 - 2014-09-14 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-14 09:04 - 2013-10-04 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 17:46 - 2013-11-05 00:02 - 00000132 _____ () C:\Users\Shu\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-09-13 12:23 - 2013-10-04 20:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Skype
2014-09-13 12:13 - 2014-09-13 12:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 10:53 - 2014-09-13 10:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-13 10:13 - 2014-09-13 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 15:19 - 2014-02-18 18:05 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\.minecraft
2014-09-12 14:56 - 2014-09-12 14:52 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 13:33 - 2014-09-10 10:00 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-10 12:28 - 2014-09-10 12:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 12:28 - 2013-10-04 18:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 12:28 - 2013-10-04 18:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 12:28 - 2013-10-04 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-07 23:19 - 2014-09-07 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawn of War II - Destroyer 40k
2014-09-07 15:07 - 2013-10-09 15:33 - 00000000 ____D () C:\Users\Shu\Documents\My Games
2014-09-07 09:14 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-06 08:47 - 2013-10-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-05 21:02 - 2014-09-05 21:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-03 08:13 - 2013-10-10 23:58 - 00000000 ____D () C:\Users\Shu\AppData\Local\PMB Files
2014-09-02 23:38 - 2013-10-10 23:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-02 20:55 - 2014-07-09 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-02 19:33 - 2014-07-11 20:50 - 00000000 ____D () C:\Users\Shu\Documents\survarium
2014-09-02 19:32 - 2014-04-10 12:15 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-09-02 10:06 - 2014-09-02 10:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 23:37 - 2014-04-10 12:15 - 00000000 ____D () C:\Users\Shu\Downloads\Gameforge Live
2014-09-01 21:30 - 2014-09-01 21:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 21:29 - 2013-10-04 20:52 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 11:57 - 2014-01-22 12:40 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\WorldPainter
2014-09-01 11:33 - 2014-09-01 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldPainter
2014-09-01 11:33 - 2014-09-01 11:32 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 17:06 - 2014-08-31 17:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-31 08:06 - 2013-10-24 18:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-08-29 11:38 - 2014-07-09 14:42 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-08-24 18:39 - 2013-10-19 21:11 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-22 20:06 - 2013-11-13 13:49 - 00000000 ____D () C:\Users\Shu\AppData\Local\JDownloader v2.0
2014-08-22 17:46 - 2014-08-22 17:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content
2014-08-22 17:46 - 2014-08-22 17:15 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar
2014-08-22 17:25 - 2014-08-22 17:14 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar
2014-08-21 20:12 - 2014-08-21 17:51 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Arc
2014-08-21 19:25 - 2014-05-07 11:43 - 00000000 ____D () C:\ArcTemp
2014-08-21 19:19 - 2014-08-21 17:50 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-21 17:51 - 2014-08-21 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-21 17:51 - 2013-10-04 17:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 08:31 - 2013-10-05 13:31 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-21 08:31 - 2013-10-05 13:31 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-08-21 08:28 - 2014-08-21 08:28 - 01014036 _____ () C:\Program Files (x86)\translation.bin
2014-08-21 08:28 - 2014-08-21 08:28 - 00044544 _____ () C:\Program Files (x86)\translator.dll
2014-08-21 08:28 - 2014-08-20 22:36 - 01014036 _____ () C:\translation.bin
2014-08-21 08:28 - 2014-08-20 22:36 - 00044544 _____ () C:\translator.dll
2014-08-21 08:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-18 17:55 - 2013-12-07 22:23 - 00000000 ____D () C:\Users\Shu\Documents\NCSOFT
2014-08-18 17:55 - 2013-12-07 15:40 - 00000000 ____D () C:\Users\Shu\AppData\Local\NCSOFT
2014-08-18 07:44 - 2014-08-18 07:44 - 00000000 ____D () C:\ProgramData\Curse Client
Files to move or delete:
====================
C:\Users\Shu\worldpainter_64_1.8.1.exe
Some content of TEMP:
====================
C:\Users\Shu\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-08 19:07
==================== End Of Log ============================
Gruß |
|
17.09.2014, 20:24
| #10 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2014, 13:33
| #11 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMinerCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=472f01c87d23b3428574946a3934898a
# engine=20208
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-18 09:21:45
# local_time=2014-09-18 11:21:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 169336 175452595 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 6038750 162661955 0 0
# scanned=347562
# found=30
# cleaned=0
# scan_time=9971
sh=F8AE24C814FAFE20AC81E1977F3C31C85511A7A9 ft=1 fh=2179e175c1a25b8b vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\RegCleanPro.exe.vir"
sh=34D5A8EBCD995DC2822E0EFCD9EFC965F3175E9C ft=1 fh=6fa094e4b942fc89 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\RegClean Pro\systweakasp.exe.vir"
sh=5B692FAC0BFEE8DE9CC83E0DC2F5DFA12E15E702 ft=1 fh=9cdbb654185e03c8 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=C1C723067CE078FBB46100ADAFA04EC8B970D33B ft=1 fh=d2071d8e9c6b1de9 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=9780E38EBC2D7EA2AB42A88EDE2B3EBF7107DBD6 ft=1 fh=3a49362a559c1bed vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=665E2E954FAF12608E5DA49B995DA16B6217E368 ft=1 fh=267d83521f8bf79c vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=8F911DFCF81F310515E5AE2F5968ED26BD1CCAC9 ft=1 fh=5ddee106f5661488 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=6A1FAC6D732FE5802025DB2204FAF0BD5BD4C3FA ft=1 fh=5a8314f0d2839b27 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=CA15624240F74C9652E240B151E113407AA50E84 ft=1 fh=7729a057bf52826a vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=B792B413B9472337B782E523D41E4BCDD7727528 ft=1 fh=f18ebbde061c2e28 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=613318D39F4556172DC50E3900EC198CDC10D39B ft=1 fh=a92d16242a1eddb2 vn="Variante von Win64/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=C41BC74ABB38FC9848F05AD411EA817FAC2D68F8 ft=1 fh=de21860bcfc985e3 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=3390532F7C59942D3A88C2044080AD963A2FBB11 ft=1 fh=b8ba1b20fb4912fe vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=B20B0BD8E5CDD280C5DC922FFD896DF50D208CB7 ft=1 fh=59ddf8c2c6946d84 vn="Variante von Win32/HackTool.CheatEngine.AB potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\cheatengine-i386.exe"
sh=860EFD5893E4DD4E820227B7DEAD144F974456AC ft=1 fh=c0b9ed8dfe12ffb8 vn="Variante von Win32/HackTool.CheatEngine.AF potenziell unsichere Anwendung" ac=I fn="C:\Program Files (x86)\Cheat Engine 6.3\standalonephase1.dat"
sh=CA5052C14485A9641412448301045C3F7A26F529 ft=1 fh=5fd31199ba480630 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Elsword\VOID Elsword\data\oggs.dll"
sh=46E7EA870068A38ADABF142D39EAAA5ADCCDC0A3 ft=1 fh=de30a9531f23e40e vn="Win32/Agent.NAN Virus" ac=I fn="C:\Program Files (x86)\Elsword\VOID Elsword\data\x2.exe"
sh=3BC1350D35966417F9E7C1F3C374F46A249569D2 ft=1 fh=ff060da645b635a4 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Funcom\The Secret World\xfire_installer.TheSecretWorld.exe"
sh=9CEE2928374F54B72DB9E7F9F412F3966AAD3ADE ft=1 fh=6dbca4b5c783ac37 vn="Variante von Win32/BitCoinMiner.BY potenziell unsichere Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Shu\AppData\Roaming\Microsoft\svhost.exe.vir"
sh=9CEE2928374F54B72DB9E7F9F412F3966AAD3ADE ft=1 fh=6dbca4b5c783ac37 vn="Variante von Win32/BitCoinMiner.BY potenziell unsichere Anwendung" ac=I fn="C:\Users\Shu\AppData\Roaming\Microsoft\svhost.exe"
sh=9CEE2928374F54B72DB9E7F9F412F3966AAD3ADE ft=1 fh=6dbca4b5c783ac37 vn="Variante von Win32/BitCoinMiner.BY potenziell unsichere Anwendung" ac=I fn="C:\Users\Shu\AppData\Roaming\Microsoft\IE10\svhost.exe"
sh=C5B1637B87B84BA660F4695FFD2D414AC9BE6DCD ft=0 fh=0000000000000000 vn="Variante von Win32/HackTool.Patcher.AD potenziell unsichere Anwendung" ac=I fn="C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander\Paretologic PC Health Advisor (MrXintax).rar"
sh=C5B1637B87B84BA660F4695FFD2D414AC9BE6DCD ft=0 fh=0000000000000000 vn="Variante von Win32/HackTool.Patcher.AD potenziell unsichere Anwendung" ac=I fn="C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander\Paretologic PC Health Advisor (MrXintax)\Paretologic PC Health Advisor (MrXintax).rar"
sh=77469176782D0E5029E9822260BAB4D7806570A2 ft=1 fh=7c93f3d5d1fabb73 vn="Variante von Win32/HackTool.Patcher.AD potenziell unsichere Anwendung" ac=I fn="C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander\Paretologic PC Health Advisor (MrXintax)\Patch\paretologic.pc.health.advisor.3.1.4-patch.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Shu\Downloads\cbsidlm-cbsi188-Hula-SEO-10730120.exe"
sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Shu\Downloads\cbsidlm-cbsi188-PS3_Xploder_PRO_With_Cheats_Editor-ORG-10857618.exe"
sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Shu\Downloads\ccsetup406.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Shu\Downloads\ccsetup412.exe"
sh=34A717327436F7748039C66DEE37A6FFC3C17520 ft=1 fh=80a2f5e23bf4e75f vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Shu\Downloads\OpenOffice - CHIP-Downloader.exe"
sh=266FDF312E5DFED72B19F1ABB8441AD52E1819EC ft=1 fh=802b0b0caeeeeeb0 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Shu\Downloads\PuTTY - CHIP-Downloader.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.1)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Shu (administrator) on SHU-PC on 18-09-2014 14:32:37
Running from C:\Users\Shu\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe
(Akamai Technologies, Inc.) C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-06] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2066591825-490448642-3097545973-1000\...\Run: [VSA] => C:\Users\Shu\AppData\Roaming\Microsoft\VSA\9.0\VSA.exe [1751552 2013-05-07] (Microsoft Corporation)
HKU\S-1-5-21-2066591825-490448642-3097545973-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Shu\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
Startup: C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Shu\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEF34FECC14C1CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: EpTec -> {D4F5F5EC-499D-48F5-AFD1-B25723A6E43E} -> C:\Users\Shu\AppData\Roaming\WinRAR\eptec.dll (Space International, Inc.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: cup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: dup - {A0BE0236-AB5A-45DC-A304-2269CE96708E} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default
FF SelectedSearchEngine: WEB.DE Suche
FF Homepage: https://www.google.de/
FF NetworkProxy: "autoconfig_url", "file:///C:\\Users\\Shu\\AppData\\Local\\Temp\\proxtube.pac"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll No File
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Shu\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-06-08]
FF Extension: Разпознаване на устройство Logitech - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\DeviceDetection@logitech.com [2013-10-04]
FF Extension: Classic Theme Restorer - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-03]
FF Extension: MEGA - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\firefox@mega.co.nz.xpi [2014-01-09]
FF Extension: Adblock Plus - C:\Users\Shu\AppData\Roaming\Mozilla\Firefox\Profiles\vz98gkax.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-06]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-09] (Advanced Micro Devices, Inc.) [File not signed]
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-01-08] ()
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-08-12] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-06] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-10-08] () [File not signed]
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-08-09] (BitRaider, LLC)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5128944 2013-11-19] (INCA Internet Co., Ltd.) [File not signed]
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-08-04] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [59624 2014-01-08] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-06] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-06] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-13] (Disc Soft Ltd)
S3 gouranga; C:\Windows\System32\DRIVERS\gouranga.sys [16384 2014-08-04] (GSPOON CO., LTD.)
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0081.sys [28768 2014-01-23] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SEE; C:\Windows\System32\drivers\see.sys [38240 2014-06-03] (SoftEther VPN Project at University of Tsukuba, Japan.)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 Synth3dVsc; No ImagePath
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
S3 VIAHdAudAddService; No ImagePath
S3 X6va015; No ImagePath
S3 X6va016; No ImagePath
S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 X6va021; \??\C:\Windows\SysWOW64\Drivers\X6va021 [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-18 08:33 - 2014-09-18 08:33 - 00854417 _____ () C:\Users\Shu\Desktop\SecurityCheck.exe
2014-09-18 08:33 - 2014-09-18 08:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 08:32 - 2014-09-18 08:32 - 02347384 _____ (ESET) C:\Users\Shu\Desktop\esetsmartinstaller_deu.exe
2014-09-17 11:44 - 2014-09-18 14:32 - 00016660 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-17 11:43 - 2014-09-17 11:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 11:38 - 2014-09-17 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 11:37 - 2014-09-17 11:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 11:30 - 2014-09-17 11:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 11:01 - 2014-09-17 11:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 11:01 - 2014-09-17 11:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-16 16:11 - 2014-09-16 16:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 15:53 - 2014-09-16 15:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-15 20:14 - 2014-09-15 20:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 19:32 - 2014-09-15 19:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 18:23 - 2014-09-15 18:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 11:27 - 2014-09-15 11:28 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 09:43 - 2014-09-18 14:32 - 00000000 ____D () C:\FRST
2014-09-15 09:43 - 2014-09-15 09:51 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 09:43 - 2014-09-15 09:44 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 09:42 - 2014-09-15 09:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 09:41 - 2014-09-15 09:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 09:29 - 2014-09-15 09:30 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 08:53 - 2014-09-15 08:53 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-15 08:53 - 2014-09-15 08:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 08:53 - 2014-09-15 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-15 08:53 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-09-15 08:52 - 2014-09-15 08:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-14 22:25 - 2014-09-14 22:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 22:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-14 22:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-14 22:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-14 22:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-14 22:20 - 2014-09-14 22:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 22:12 - 2014-09-16 16:11 - 00000000 ____D () C:\Qoobox
2014-09-14 22:12 - 2014-09-14 22:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 22:07 - 2014-09-16 15:54 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-14 22:00 - 2014-09-17 11:34 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-14 21:45 - 2014-09-14 22:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 21:44 - 2014-09-14 21:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 11:39 - 2014-09-15 18:21 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDGi Europe
2014-09-14 10:40 - 2014-09-14 10:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 09:04 - 2014-09-18 14:26 - 00001120 _____ () C:\Windows\setupact.log
2014-09-14 09:04 - 2014-09-14 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-13 12:13 - 2014-09-13 12:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 10:53 - 2014-09-13 10:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-13 10:13 - 2014-09-13 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 14:52 - 2014-09-12 14:56 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 12:28 - 2014-09-10 12:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 10:00 - 2014-09-10 13:33 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-09 12:47 - 2014-09-16 15:53 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-07 23:19 - 2014-09-07 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawn of War II - Destroyer 40k
2014-09-05 21:02 - 2014-09-05 21:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-02 10:00 - 2014-09-02 10:06 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 21:30 - 2014-09-01 21:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 11:32 - 2014-09-01 11:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldPainter
2014-09-01 11:32 - 2014-09-01 11:33 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 17:06 - 2014-08-31 17:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-22 17:46 - 2014-08-22 17:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content
2014-08-22 17:46 - 2014-08-07 04:45 - 00450560 _____ (seismic) C:\Users\Shu\Downloads\SeismicGame.exe
2014-08-22 17:46 - 2014-05-23 01:11 - 00683008 _____ () C:\Users\Shu\Downloads\MonoGame.Framework.dll
2014-08-22 17:46 - 2014-04-06 05:51 - 03290624 _____ (The Open Toolkit Library) C:\Users\Shu\Downloads\OpenTK.dll
2014-08-22 17:46 - 2014-02-20 17:59 - 00069632 _____ (Tao Framework -- hxxp://www.taoframework.com) C:\Users\Shu\Downloads\Tao.Sdl.dll
2014-08-22 17:46 - 2013-10-29 07:41 - 00445952 _____ (Mark Heath) C:\Users\Shu\Downloads\NAudio.dll
2014-08-22 17:46 - 2009-10-04 20:02 - 00139264 _____ (Osamu TAKEUCHI <osamu@big.jp>) C:\Users\Shu\Downloads\YamlSerializer.dll
2014-08-22 17:15 - 2014-08-22 17:46 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar
2014-08-22 17:14 - 2014-08-22 17:25 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar
2014-08-21 17:51 - 2014-08-21 20:12 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Arc
2014-08-21 17:51 - 2014-08-21 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-21 17:50 - 2014-08-21 19:19 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-21 08:28 - 2014-08-21 08:28 - 01014036 _____ () C:\Program Files (x86)\translation.bin
2014-08-21 08:28 - 2014-08-21 08:28 - 00044544 _____ () C:\Program Files (x86)\translator.dll
2014-08-20 22:36 - 2014-08-21 08:28 - 01014036 _____ () C:\translation.bin
2014-08-20 22:36 - 2014-08-21 08:28 - 00044544 _____ () C:\translator.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-18 14:33 - 2014-09-17 11:44 - 00016660 _____ () C:\Users\Shu\Downloads\FRST.txt
2014-09-18 14:32 - 2014-09-15 09:43 - 00000000 ____D () C:\FRST
2014-09-18 14:28 - 2013-10-04 18:14 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 14:26 - 2014-09-14 09:04 - 00001120 _____ () C:\Windows\setupact.log
2014-09-18 14:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 12:53 - 2013-10-04 17:02 - 01517469 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 11:36 - 2014-07-04 20:28 - 00000000 ____D () C:\Users\Shu\AppData\Local\Warframe
2014-09-18 11:34 - 2013-10-04 20:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 08:33 - 2014-09-18 08:33 - 00854417 _____ () C:\Users\Shu\Desktop\SecurityCheck.exe
2014-09-18 08:33 - 2014-09-18 08:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 08:32 - 2014-09-18 08:32 - 02347384 _____ (ESET) C:\Users\Shu\Desktop\esetsmartinstaller_deu.exe
2014-09-18 08:32 - 2009-07-14 06:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 08:32 - 2009-07-14 06:45 - 00020672 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 08:25 - 2013-10-04 17:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-17 11:43 - 2014-09-17 11:43 - 00001460 _____ () C:\Users\Shu\Desktop\JRT.txt
2014-09-17 11:38 - 2014-09-17 11:38 - 00000000 ____D () C:\Windows\ERUNT
2014-09-17 11:37 - 2014-09-17 11:37 - 00002349 _____ () C:\Users\Shu\Desktop\AdwCleaner[S3].txt
2014-09-17 11:34 - 2014-09-14 22:00 - 00006220 _____ () C:\Windows\PFRO.log
2014-09-17 11:33 - 2013-10-26 10:34 - 00000000 ____D () C:\AdwCleaner
2014-09-17 11:30 - 2014-09-17 11:30 - 00001491 _____ () C:\Users\Shu\Desktop\mbar.txt
2014-09-17 11:29 - 2014-07-10 13:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 11:24 - 2013-10-04 17:55 - 00000000 ____D () C:\Windows\Panther
2014-09-17 11:01 - 2014-09-17 11:01 - 01373475 _____ () C:\Users\Shu\Desktop\AdwCleaner_3.310.exe
2014-09-17 11:01 - 2014-09-17 11:01 - 01016035 _____ (Thisisu) C:\Users\Shu\Desktop\JRT.exe
2014-09-17 11:00 - 2014-02-19 03:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Apps\2.0
2014-09-17 10:58 - 2014-02-25 00:41 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 20:40 - 2013-10-04 17:53 - 00000000 ____D () C:\ProgramData\Origin
2014-09-16 20:21 - 2013-10-04 17:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-16 16:11 - 2014-09-16 16:11 - 00029566 _____ () C:\ComboFix.txt
2014-09-16 16:11 - 2014-09-14 22:12 - 00000000 ____D () C:\Qoobox
2014-09-16 16:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-16 15:58 - 2013-10-28 10:13 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-16 15:54 - 2014-09-14 22:07 - 05579386 ____R (Swearware) C:\Users\Shu\Downloads\ComboFix.exe
2014-09-16 15:53 - 2014-09-16 15:53 - 00001130 _____ () C:\Users\Shu\Desktop\ComboFix.exe - Verknüpfung.lnk
2014-09-16 15:53 - 2014-09-09 12:47 - 00000000 ____D () C:\Users\Shu\Powersaves3DS
2014-09-15 22:49 - 2013-10-04 18:09 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\TS3Client
2014-09-15 20:45 - 2013-10-04 18:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-09-15 20:35 - 2013-10-04 18:48 - 00215416 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-09-15 20:15 - 2014-09-15 20:14 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Shu\Downloads\tdsskiller.exe
2014-09-15 19:35 - 2013-10-04 21:28 - 00000000 ____D () C:\Users\Shu\Documents\DragonNest
2014-09-15 19:32 - 2014-09-15 19:32 - 00002165 _____ () C:\Users\Shu\Desktop\Dragon Nest Europe.lnk
2014-09-15 19:11 - 2014-03-22 21:48 - 00000000 ____D () C:\Users\Shu\Desktop\Bewerbungskram
2014-09-15 18:24 - 2013-11-18 13:06 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 18:23 - 2014-09-15 18:23 - 00262144 ____N () C:\Windows\Minidump\091514-23150-01.dmp
2014-09-15 18:21 - 2014-09-14 11:39 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDGi Europe
2014-09-15 18:21 - 2014-06-14 13:20 - 00000000 ____D () C:\Program Files (x86)\SDGi Europe
2014-09-15 14:29 - 2014-07-23 18:04 - 00000000 ____D () C:\Users\Shu\AppData\Local\ftblauncher
2014-09-15 14:29 - 2014-02-28 21:04 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FTB
2014-09-15 11:28 - 2014-09-15 11:27 - 00018397 _____ () C:\Windows\DirectX.log
2014-09-15 09:51 - 2014-09-15 09:43 - 00038153 _____ () C:\Users\Shu\Desktop\FRST.txt
2014-09-15 09:44 - 2014-09-15 09:43 - 00053678 _____ () C:\Users\Shu\Desktop\Addition.txt
2014-09-15 09:42 - 2014-09-15 09:42 - 01102777 _____ () C:\Users\Shu\Desktop\Scan Results.140915-0942.txt
2014-09-15 09:41 - 2014-09-15 09:41 - 02105856 _____ (Farbar) C:\Users\Shu\Downloads\FRST64.exe
2014-09-15 09:41 - 2014-01-14 00:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\uTorrent
2014-09-15 09:30 - 2014-09-15 09:29 - 00000000 ____D () C:\Users\Shu\Downloads\SGN SW Torrent
2014-09-15 09:24 - 2014-06-27 22:11 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\NexonLauncher
2014-09-15 09:24 - 2014-06-27 22:10 - 00000000 ____D () C:\Program Files (x86)\Nexon
2014-09-15 08:58 - 2013-10-28 10:13 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 08:53 - 2014-09-15 08:53 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-09-15 08:53 - 2014-09-15 08:53 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-09-15 08:53 - 2014-09-15 08:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-09-15 08:52 - 2014-09-15 08:52 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Shu\Downloads\spybot-2.4.exe
2014-09-15 08:29 - 2014-02-19 03:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\Deployment
2014-09-14 22:56 - 2014-09-14 21:45 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 22:36 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-14 22:35 - 2014-09-14 22:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-14 22:34 - 2013-10-04 17:04 - 00000000 ____D () C:\Users\Shu
2014-09-14 22:25 - 2014-09-14 22:25 - 00000085 _____ () C:\Windows\wininit.ini
2014-09-14 22:20 - 2014-09-14 22:20 - 00000000 ____D () C:\Users\Shu\Documents\ProcAlyzer Dumps
2014-09-14 22:03 - 2014-05-23 08:35 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 22:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\IME
2014-09-14 21:44 - 2014-09-14 21:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Shu\Downloads\mbar-1.07.0.1012.exe
2014-09-14 17:48 - 2013-11-01 00:27 - 00000000 ____D () C:\Users\Shu\Desktop\PS CS6 Portable By KaelAlexander
2014-09-14 10:40 - 2014-09-14 10:40 - 00692832 _____ ( ) C:\Users\Shu\Downloads\DNDownloader96.exe
2014-09-14 09:12 - 2013-11-06 22:37 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\FileZilla
2014-09-14 09:04 - 2014-09-14 09:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-14 09:04 - 2013-10-04 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 17:46 - 2013-11-05 00:02 - 00000132 _____ () C:\Users\Shu\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
2014-09-13 12:23 - 2013-10-04 20:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Skype
2014-09-13 12:13 - 2014-09-13 12:13 - 01942203 _____ () C:\Users\Shu\Desktop\vitctorian houses.zip
2014-09-13 10:53 - 2014-09-13 10:53 - 06057862 _____ (Tim Kosse) C:\Users\Shu\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-09-13 10:13 - 2014-09-13 10:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 15:19 - 2014-02-18 18:05 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\.minecraft
2014-09-12 14:56 - 2014-09-12 14:52 - 00000000 ____D () C:\Users\Shu\Desktop\world
2014-09-10 13:33 - 2014-09-10 10:00 - 00000000 ____D () C:\Users\Shu\Desktop\Minecraft
2014-09-10 12:28 - 2014-09-10 12:28 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 12:28 - 2013-10-04 18:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 12:28 - 2013-10-04 18:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 12:28 - 2013-10-04 18:14 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Action Replay PowerSaves 3DS
2014-09-09 12:47 - 2014-09-09 12:47 - 00000000 ____D () C:\Program Files (x86)\Action Replay PowerSaves 3DS
2014-09-07 23:19 - 2014-09-07 23:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dawn of War II - Destroyer 40k
2014-09-07 15:07 - 2013-10-09 15:33 - 00000000 ____D () C:\Users\Shu\Documents\My Games
2014-09-07 09:14 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-06 08:47 - 2013-10-04 18:49 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-09-05 21:02 - 2014-09-05 21:02 - 01402920 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.1_149.exe
2014-09-03 08:13 - 2013-10-10 23:58 - 00000000 ____D () C:\Users\Shu\AppData\Local\PMB Files
2014-09-02 23:38 - 2013-10-10 23:58 - 00000000 ____D () C:\ProgramData\PMB Files
2014-09-02 20:55 - 2014-07-09 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-09-02 19:33 - 2014-07-11 20:50 - 00000000 ____D () C:\Users\Shu\Documents\survarium
2014-09-02 19:32 - 2014-04-10 12:15 - 00000000 ____D () C:\Program Files (x86)\GameforgeLive
2014-09-02 10:06 - 2014-09-02 10:00 - 00000000 ____D () C:\Users\Shu\AppData\Local\lab_1_54
2014-09-01 23:37 - 2014-04-10 12:15 - 00000000 ____D () C:\Users\Shu\Downloads\Gameforge Live
2014-09-01 21:30 - 2014-09-01 21:30 - 00003088 _____ () C:\Windows\System32\Tasks\{CA426A73-A1F4-4917-967B-CDAE3FBA6F61}
2014-09-01 21:29 - 2013-10-04 20:52 - 00000000 ____D () C:\ProgramData\Skype
2014-09-01 11:57 - 2014-01-22 12:40 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\WorldPainter
2014-09-01 11:33 - 2014-09-01 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldPainter
2014-09-01 11:33 - 2014-09-01 11:32 - 00000000 ____D () C:\Program Files\WorldPainter
2014-08-31 17:06 - 2014-08-31 17:06 - 01397992 _____ () C:\Users\Shu\Downloads\battlelog-web-plugins_2.5.0_148.exe
2014-08-31 08:06 - 2013-10-24 18:52 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-08-29 11:38 - 2014-07-09 14:42 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-08-24 18:39 - 2013-10-19 21:11 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-08-22 20:06 - 2013-11-13 13:49 - 00000000 ____D () C:\Users\Shu\AppData\Local\JDownloader v2.0
2014-08-22 17:46 - 2014-08-22 17:46 - 00000000 ____D () C:\Users\Shu\Downloads\Content
2014-08-22 17:46 - 2014-08-22 17:15 - 114383892 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part2.rar
2014-08-22 17:25 - 2014-08-22 17:14 - 209715200 _____ () C:\Users\Shu\Downloads\Z001257DEMO.part1.rar
2014-08-21 20:12 - 2014-08-21 17:51 - 00000000 ____D () C:\Users\Shu\AppData\Roaming\Arc
2014-08-21 19:25 - 2014-05-07 11:43 - 00000000 ____D () C:\ArcTemp
2014-08-21 19:19 - 2014-08-21 17:50 - 00000000 ____D () C:\Program Files (x86)\Perfect World Entertainment
2014-08-21 17:51 - 2014-08-21 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-08-21 17:51 - 2013-10-04 17:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-21 08:31 - 2013-10-05 13:31 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-08-21 08:31 - 2013-10-05 13:31 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-08-21 08:28 - 2014-08-21 08:28 - 01014036 _____ () C:\Program Files (x86)\translation.bin
2014-08-21 08:28 - 2014-08-21 08:28 - 00044544 _____ () C:\Program Files (x86)\translator.dll
2014-08-21 08:28 - 2014-08-20 22:36 - 01014036 _____ () C:\translation.bin
2014-08-21 08:28 - 2014-08-20 22:36 - 00044544 _____ () C:\translator.dll
2014-08-21 08:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
Files to move or delete:
====================
C:\Users\Shu\worldpainter_64_1.8.1.exe
Some content of TEMP:
====================
C:\Users\Shu\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-17 12:17
==================== End Of Log ============================
--- --- --- Problem besteht weiterhin. Vergessen, wegen Mittag, sry  |
|
18.09.2014, 18:27
| #12 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner wer findet das aktuell noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.09.2014, 18:39
| #13 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Der PC, schon beim Hochfahren, da kommt eine Meldung das eine Dll fehlt, deshalb konnte svhost.exe nicht richtig ausgeführt werden, sowie Spybot und Malware. War schon am Überlegen PC neu aufzusetzen, aber finde dazu gar keine Zeit wegen Privat. Ich starte PC fix neu und lade ein Screenshot hoch.  Grüße Geändert von NyanShu (18.09.2014 um 18:44 Uhr) |
|
19.09.2014, 09:50
| #14 |
| /// the machine /// TB-Ausbilder | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Screenshot bitte anhängen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2014, 10:22
| #15 |
| | Svhost.exe /Backdoor.Agent + PUP.BitCoinMiner Ok, ist gemacht Gruß |
|
Linear-Darstellung
