| |
| |||||||
Log-Analyse und Auswertung: Trojaner durch Fake- Deutsche Post Mail eingefangenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.01.2015, 20:17
| #1 |
 |  Trojaner durch Fake- Deutsche Post Mail eingefangen Sehr geehrte Helferin, sehr geehrter Helfer. Ich habe mir gestern, Sonntag den 04.01, selbstverschuldet etwas auf meinem Computer eingefangen. In einer Spamnachricht, die leider täuschend echt war, habe ich, kurz nicht beisammen, den beigefügten Anhang zur Ansicht/ Download angewählt. Ein Download startete, etwas verzögert, der direkt daraufhin seinen Inhalt in mehreren kleinen schwarzen "Anwendung ausführen"-Fenstern sprichwörtlich "auflöste", denn der Download verschwand daraufhin, war also nicht mehr anwählbar und nach dem Namen suchend auch nicht mehr auffindbar. Ich war nervös, brauchte meinen Laptop aber recht dringend, habe also nur schnell die Standardprogramme AdwCleaner (Löschung einer Toolbar), Junkmail Removal (Löschung einer anderen Toolbar) und aus Sicherheit schonmal den CCleaner angworfen. Dann noch den langandauernden Virensuchlauf meiner Free-Version von Avast. Und ab da an war klar, dass etwas nicht stimmte. Erst wurden so 57 kleine Dinge, die mir nichts sagten, gelöscht. Ab diesem Tag traten dann auch oft Nachrichten auf, gemeldet von Avast selbst, dass eine "bedrohliche Seite" blockiert wurde, auf -meist, aber nicht immer, wenn ich selbst am Internet beschäftigt war (Nur zu Recherchezwecken ein wenig, also kann ich da keinen repräsentanten Langzeitbericht vorlegen). Zumindest scheint es immer eine Malwareseite zu sein, auf die zuzugreifen versucht wird. Am nächsten Tag warf ich den Suchlauf ein erneuten Mal an. Mir wurde recht schnell gemeldet, dass ein paar Dokumente/ Skripte nicht geprüft werden könne, da diese verschlüsselt seien. Ich löschte diese, da diese nichts besonderes waren. Ich hatte noch nie den langandauernden Durchlauf von Avast gestartet, wusste deswegen nicht, ob es eine hochsensible Überreaktion war oder doch etwas "ernstes". Beim nächsten Scan, laufend durch vergangene Nacht dann wohl dieselbe Nachricht, diesmal mit nicht mehr erkennbarem Ursprung. Leider wurde dann beide male auch der Scandurchlauf komplett abgebrochen. Es schadet wohl nicht, die bereits durchgeführten Logs zu posten. Ich danke im voraus und bin für ewig dankbar für Hilfe! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-01-2015
Ran by "MEIN NAME" (administrator) on "MEIN NAME"PC on 06-01-2015 19:09:04
Running from C:\Users\"MEIN NAME"\Downloads
Loaded Profile: "MEIN NAME" (Available profiles: "MEIN NAME" & Administrator)
Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(CrossLoop) C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
() C:\Program Files\TaskmgrPro\TaskmgrPro.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(Dell) C:\Users\"MEIN NAME"\AppData\Local\Apps\2.0\C8ZALKY8.C7R\63MY89XB.YXL\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(phase6) C:\Program Files (x86)\phase6\phase6_19\WinStart\WinStart.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dropbox, Inc.) C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
(Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\browsercleanup.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Farbar) C:\Users\"MEIN NAME"\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5773640 2013-08-22] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [TaskmgrPro] => C:\Program Files\TaskmgrPro\TaskmpStart.exe [92504 2013-09-05] ()
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [35768 2013-12-09] (Overwolf)
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [DellSystemDetect] => C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: E - "E:\Autorun.exe"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {286156db-5ad5-11e4-bf0f-e0db55d136b3} - "E:\SISetup.exe"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {94b87bbb-af70-11e3-bed0-e0db55d136b3} - "E:\Startme.exe"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {e3f38ccb-91dc-11e4-bf1b-6036dda89aa7} - "E:\HTC_Sync_Manager_PC.exe"
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\WinStart.exe (phase6)
Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk
ShortcutTarget: DesktopEarth AutoStart.lnk -> C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe ()
Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk
ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk
ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software)
Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UDPixel.lnk
ShortcutTarget: UDPixel.lnk -> C:\Program Files (x86)\UDPixel\UDPixel.exe (hxxp://sam100.free.fr/UDPixel)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2901914888-2273405363-3910051971-1001] => http=127.0.0.1:49244;https=127.0.0.1:49244
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com/?trackid=sp-006
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\DigitalPersona\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Plugin HKU\S-1-5-21-2901914888-2273405363-3910051971-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default\searchplugins\google-avast.xml
FF Extension: Firefox Old Version Update Hotfix - C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-29]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2013-01-28]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-14]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Media Hint) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2014-04-06]
CHR Extension: (Angry Birds) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-17]
CHR Extension: (Google Docs) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-17]
CHR Extension: (Google Drive) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09]
CHR Extension: (YouTube) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-17]
CHR Extension: (Adblock Plus) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-17]
CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-09-17]
CHR Extension: (Google-Suche) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-17]
CHR Extension: (Avast Online Security) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-17]
CHR Extension: (Google Maps) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-09-17]
CHR Extension: (Google Wallet) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17]
CHR Extension: (Better Pop Up Blocker) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-17]
CHR Extension: (Bungalow) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo [2013-09-20]
CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-07-01]
CHR Extension: (Google Mail) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
R2 CrossLoopService; C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop)
R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-07] (Conexant Systems, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [File not signed]
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [124536 2012-12-25] (HP) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH)
S3 tvnserver; C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2013-12-29] (AVG Technologies)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
S3 intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [8982208 2012-07-25] (Intel Corporation) [File not signed]
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-11-28] (Marvell Semiconductor, Inc.)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
S3 s0017bus; C:\Windows\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mdfl; C:\Windows\system32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation)
S3 s0017mdm; C:\Windows\system32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\system32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017nd5; C:\Windows\system32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\system32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-06 19:05 - 2015-01-06 19:06 - 02123776 _____ (Farbar) C:\Users\"MEIN NAME"\Downloads\FRST64 (1).exe
2015-01-06 18:42 - 2015-01-06 18:42 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-06 18:39 - 2015-01-06 18:40 - 04188536 _____ (Piriform Ltd) C:\Users\"MEIN NAME"\Downloads\ccsetup501_slim.exe
2015-01-06 18:11 - 2015-01-06 18:11 - 00003292 _____ () C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-2901914888-2273405363-3910051971-1001
2015-01-05 04:36 - 2015-01-05 04:36 - 00000197 _____ () C:\WINDOWS\system32\2015-01-05-03-36-40.091-AvastVBoxSVC.exe-3980.log
2015-01-04 21:45 - 2015-01-04 21:45 - 00000827 _____ () C:\Users\"MEIN NAME"\Desktop\JRT.txt
2015-01-04 21:35 - 2015-01-04 21:35 - 01707939 _____ (Thisisu) C:\Users\"MEIN NAME"\Downloads\JRT.exe
2015-01-04 21:01 - 2015-01-04 21:01 - 00000197 _____ () C:\WINDOWS\system32\2015-01-04-20-01-42.003-AvastVBoxSVC.exe-1308.log
2015-01-04 19:57 - 2015-01-04 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-01-04 19:56 - 2015-01-04 19:56 - 00000197 _____ () C:\WINDOWS\system32\2015-01-04-18-56-48.003-AvastVBoxSVC.exe-4104.log
2015-01-04 19:42 - 2015-01-04 19:42 - 02173952 _____ () C:\Users\"MEIN NAME"\Downloads\adwcleaner_4.106.exe
2015-01-04 19:42 - 2015-01-04 19:42 - 02173952 _____ () C:\Users\"MEIN NAME"\Downloads\adwcleaner_4.106 (1).exe
2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\HTC
2015-01-04 19:37 - 2015-01-05 06:32 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\HTC MediaHub
2015-01-04 19:37 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\HTC
2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Apple Computer
2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Apple Computer
2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\.android
2015-01-04 19:36 - 2015-01-04 19:36 - 00002049 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk
2015-01-04 19:34 - 2015-01-04 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2015-01-04 19:34 - 2015-01-04 19:34 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
2015-01-04 19:30 - 2015-01-04 19:36 - 00000000 ____D () C:\Program Files (x86)\HTC
2015-01-04 19:30 - 2015-01-04 19:30 - 00000000 ____D () C:\ProgramData\HTC
2014-12-30 16:13 - 2014-12-30 16:13 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\Meine empfangenen Dateien
2014-12-27 17:45 - 2014-12-27 17:45 - 01344495 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate_2014_11.zip
2014-12-27 17:44 - 2014-12-27 17:44 - 01174352 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate Wallpaper Annetta Negare - CHIP-Installer.exe
2014-12-27 11:18 - 2014-12-27 11:18 - 00000197 _____ () C:\WINDOWS\system32\2014-12-27-10-18-09.025-AvastVBoxSVC.exe-4108.log
2014-12-19 23:22 - 2014-12-19 23:22 - 00000197 _____ () C:\WINDOWS\system32\2014-12-19-22-22-04.069-AvastVBoxSVC.exe-3952.log
2014-12-15 22:09 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-15 22:09 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-15 13:00 - 2014-12-15 13:00 - 00000197 _____ () C:\WINDOWS\system32\2014-12-15-12-00-25.092-AvastVBoxSVC.exe-3880.log
2014-12-15 13:00 - 2014-12-15 13:00 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-12-15 11:31 - 2014-12-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 11:31 - 2014-12-15 11:31 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-12-14 01:41 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-14 01:41 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-14 01:41 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-14 01:41 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-14 01:29 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-14 01:29 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-14 01:29 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-14 01:29 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-14 01:29 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-14 01:29 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-14 01:29 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-14 01:29 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-14 01:29 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-14 01:29 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-14 01:28 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-14 01:28 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-14 01:28 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-14 01:28 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-14 01:28 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-14 01:28 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-14 01:28 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-14 01:28 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-14 01:28 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-14 01:28 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-14 01:28 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-14 01:28 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-14 01:28 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-14 01:28 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-14 01:28 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-14 01:28 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-14 01:28 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-14 01:28 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-14 01:28 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-14 01:28 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-14 01:28 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-14 01:28 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-14 01:28 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-14 01:28 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-14 01:28 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-14 01:28 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-14 01:28 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-14 01:28 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-14 01:28 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-14 01:28 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-14 01:28 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-14 01:28 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-14 01:28 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-14 01:28 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-14 01:28 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-14 01:28 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-14 01:28 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-12-11 23:14 - 2014-12-11 23:49 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\für mama, kindergeldstelle
2014-12-11 01:08 - 2014-12-11 01:10 - 00016753 _____ () C:\Users\"MEIN NAME"\Desktop\Präsentation.odp
2014-12-08 23:53 - 2014-12-08 23:53 - 00007334 _____ () C:\Users\"MEIN NAME"\Desktop\OpenDocument Text (neu) (3).odt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-06 19:09 - 2014-07-10 07:57 - 00036368 _____ () C:\Users\"MEIN NAME"\Downloads\FRST.txt
2015-01-06 19:09 - 2014-07-10 07:13 - 00000000 ____D () C:\FRST
2015-01-06 19:02 - 2014-10-17 19:22 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\TS3Client
2015-01-06 19:02 - 2014-05-17 23:58 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\TeamViewer
2015-01-06 19:02 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\LogMeIn Hamachi
2015-01-06 19:02 - 2013-09-21 01:27 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-06 19:02 - 2013-09-19 12:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2015-01-06 19:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-06 19:01 - 2014-01-10 22:59 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-06 19:01 - 2013-11-12 22:47 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-06 18:57 - 2013-09-17 12:09 - 00001142 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-06 18:47 - 2013-09-17 12:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2901914888-2273405363-3910051971-1001
2015-01-06 18:42 - 2013-09-19 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-06 18:42 - 2013-09-19 13:08 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-06 18:33 - 2013-10-07 11:59 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-06 18:33 - 2013-10-07 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-06 18:31 - 2013-12-16 04:07 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-06 18:11 - 2013-09-20 02:44 - 00000418 _____ () C:\WINDOWS\Tasks\WpsUpdateTask_"MEIN NAME".job
2015-01-06 18:06 - 2013-09-30 05:14 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-06 18:06 - 2013-09-30 04:56 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat
2015-01-06 18:06 - 2013-09-30 04:56 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat
2015-01-06 16:48 - 2013-01-28 17:02 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-01-06 16:44 - 2014-07-07 15:17 - 00003314 _____ () C:\WINDOWS\System32\Tasks\Intel(R) Rapid Start Technology Manager
2015-01-06 16:43 - 2014-08-11 04:05 - 00000000 ___RD () C:\Users\"MEIN NAME"\Dropbox
2015-01-06 16:43 - 2014-08-11 04:02 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox
2015-01-06 16:43 - 2014-02-03 23:33 - 00000000 ___RD () C:\Users\"MEIN NAME"\SkyDrive
2015-01-06 16:43 - 2014-01-07 21:53 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Deployment
2015-01-06 16:43 - 2013-09-20 11:32 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\PasswordSafe
2015-01-06 16:43 - 2013-09-20 00:05 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\stickies
2015-01-06 16:43 - 2013-08-03 02:15 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten
2015-01-06 06:39 - 2014-03-05 01:47 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\Spieleecke, Luxusecke
2015-01-06 00:13 - 2014-05-29 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S4League
2015-01-05 04:34 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-04 23:53 - 2013-09-19 14:32 - 00000000 ____D () C:\AdwCleaner
2015-01-04 23:44 - 2014-04-13 15:41 - 00000000 ____D () C:\Sirius MT2
2015-01-04 21:44 - 2013-10-06 18:30 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\vlc
2015-01-04 20:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-04 20:18 - 2014-11-14 18:18 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-04 19:56 - 2013-08-22 15:44 - 00411856 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-04 19:37 - 2013-11-12 22:53 - 00000000 ____D () C:\Users\"MEIN NAME"
2015-01-04 19:32 - 2013-09-20 03:09 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Downloaded Installations
2015-01-04 19:31 - 2013-01-28 17:03 - 00000000 ____D () C:\Temp
2015-01-04 19:12 - 2014-02-02 12:23 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Skype
2015-01-04 18:27 - 2014-11-04 20:31 - 00000000 ____D () C:\ProgramData\Tunngle
2015-01-04 18:27 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Tunngle
2015-01-04 17:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-01 22:12 - 2014-09-23 20:34 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-01 22:12 - 2014-02-02 12:23 - 00000000 ____D () C:\ProgramData\Skype
2014-12-30 19:53 - 2013-06-09 04:35 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\ManiaPlanet
2014-12-30 18:44 - 2013-09-18 17:32 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-12-18 19:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 01:27 - 2014-08-11 04:30 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\Bewerbung für deutsches rotes kreuz
2014-12-15 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-15 13:00 - 2013-09-19 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-15 11:39 - 2013-09-18 14:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-15 11:33 - 2013-09-18 14:53 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-15 11:31 - 2014-04-23 19:27 - 00000940 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
2014-12-13 21:43 - 2014-02-04 22:41 - 00000000 _____ () C:\WINDOWS\SysWOW64\Access.dat
2014-12-11 23:31 - 2013-12-16 04:07 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-11 23:12 - 2014-08-11 04:05 - 00001086 _____ () C:\Users\"MEIN NAME"\Desktop\Dropbox.lnk
2014-12-11 23:12 - 2014-08-11 04:04 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
Some content of TEMP:
====================
C:\Users\"MEIN NAME"\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcrmdek.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-05 04:45
==================== End Of Log ============================
- - - - -FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-01-2015
Ran by "MEIN NAME" at 2015-01-06 19:10:05
Running from C:\Users\"MEIN NAME"\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
AMD Catalyst Install Manager (HKLM\...\{C7A772A4-73CF-EB06-172F-75C5F6C80AAC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Apowersoft Bildschirmrekorder Pro V1.1.9 (HKLM-x32\...\{BADAA284-1D15-4EBB-B1E5-7C86603CDBBB}_is1) (Version: 1.1.9 - Apowersoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BenVista PhotoZoom Classic 4.1.4 (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\PhotoZoom Classic 4) (Version: 4.1.4 - BenVista Ltd.)
Blackthorne (HKLM-x32\...\{C563EEF9-17FF-4563-8B78-82AF0C4577CE}) (Version: 1.0.0 - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{7E6316CA-5ED0-4EF9-9920-A92115E286B7}) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bontago (HKLM-x32\...\Bontago) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.35 - Abelssoft)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.52.0 - Conexant)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor Pro 1.20 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
Crashday (HKLM-x32\...\{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}) (Version: 0 - ATARI)
CrossLoop 2.82 (HKLM-x32\...\CrossLoop_is1) (Version: 2.82 - CrossLoop, Inc.)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.5.4 - ELAN Microelectronic Corp.)
DesktopEarth (HKLM-x32\...\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}) (Version: 2.1.1 - CodeFromThe70s.org)
DigitalPersona Fingerprint Software 6.2 (HKLM\...\{A59EF3E5-F532-4E13-9FCF-48B2836FE060}) (Version: 6.2.0.300 - DigitalPersona, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dr. Hardware 2013 13.5d (HKLM-x32\...\Dr. Hardware 2013_is1) (Version: - Peter A. Gebhard)
Dropbox (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DxO FilmPack 3 (HKLM\...\{6E98BFB0-55E3-4D3C-8C10-B44F6063535E}) (Version: 3.4.94.0 - DxO Labs)
FILEminimizer Suite (HKLM-x32\...\FILEminimizer Suite_is1) (Version: - balesio AG)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.10.1 - Androxyde)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
GameMaker-Studio 1.2 (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\GameMaker-Studio12) (Version: - YoYo Games Ltd.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HD Video Converter Factory Pro (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\HDVideoConverterFactoryPro) (Version: - WonderFox Soft, Inc. All Rights Reserved.)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP LaserJet Professional CP1020 Series (HKLM\...\HP LaserJet Professional CP1020 Series) (Version: - )
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{56F91CE8-0168-4619-8FEC-13F5087E40F8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppcp1025LaserJetService (HKLM-x32\...\{F31BF057-0D5E-485E-ADFD-560314A27912}) (Version: 1.00.0000 - Hewlett-Packard)
hppLaserJetService (x32 Version: 007.015.00635 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IM-Magic Partition Resizer Professional 2013 (HKLM-x32\...\IM-Magic Partition Resizer Professional) (Version: 2013 - IM Magic Inc.)
Inpaint 5.5 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Interaktive Sprachreise - Vokabeltrainer English (HKLM-x32\...\VTE_16_689501) (Version: - digital publishing AG)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kalenderchen 5 (HKLM-x32\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
kikin Plugin (NO23 Edition) 1.11 (HKLM-x32\...\kikin Plugin (NO23 Edition)) (Version: 1.11 - kikin)
Kingsoft Presentation (8.1.0.2948) (HKLM-x32\...\Kingsoft Presentation) (Version: 8.1.0.2948 - Kingsoft Corp.)
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Kvisoft Data Recovery1.5.2 (HKLM-x32\...\Kvisoft Data Recovery_is1) (Version: 1.5.2 - Kvisoft Co.,Ltd.)
LibreOffice 4.1.1.2 (HKLM-x32\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)
LingoPad 2.5.1 (Build 325) (HKLM-x32\...\LingoPad_is1) (Version: 2.5.1 - Lingo4you GbR)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Macrorit Disk Partition Expert Professional 2013 (HKLM-x32\...\Macrorit Disk Partition Expert Professional) (Version: 2013 - Macrorit Inc.)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Metin2 (HKLM-x32\...\Metin2_is1) (Version: - Gameforge 4D GmbH)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Monitor Calibration Wizard 1.0 (HKLM-x32\...\Monitor Calibration Wizard) (Version: - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 24.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 24.0 (x86 de)) (Version: 24.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.0 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Opera Stable 25.0.1614.71 (HKLM-x32\...\Opera 25.0.1614.71) (Version: 25.0.1614.71 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{030F4BB3-F3C3-4A74-905C-44672D1ECB76}) (Version: 0.47.284 - Overwolf)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Perspective 1.0 (HKLM-x32\...\Perspective) (Version: 1.0 - Widdershins)
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
PhoXo (HKLM-x32\...\PhoXo) (Version: 8.1.0.0 - PhoXo) <==== ATTENTION!
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.026 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.18.621.2013 - Realtek)
Realtek USB 2.0 Card Reader Software (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Microsoft Game Studios)
Rise Of Legends (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Runes of Magic (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 6.0.0.2647 - Gameforge Productions GmbH)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.2.201402071544 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
TaskmgrPro V1.4.5 (HKLM\...\TaskmgrPro_is1) (Version: - GoldGingko Software)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tipard DVD Ripper Platinum 6.2.20 (HKLM-x32\...\{C145A9AD-BD43-4255-B5F9-2803289C2F96}_is1) (Version: 6.2.20 - Tipard Studio)
Torchlight (HKLM-x32\...\Torchlight_is1) (Version: - GOG.com)
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - )
Validity Sensors DDK (HKLM\...\{40BEDF44-88CF-4FF6-8790-882484452003}) (Version: 4.4.231.0 - Validity Sensors, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordMatch (HKLM-x32\...\WordMatch) (Version: - )
WorldofTanks (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\WorldofTanks) (Version: - WorldofTanks) <==== ATTENTION!
XBMC (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\XBMC) (Version: - Team XBMC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-12-2014 19:39:24 Windows Update
27-12-2014 11:35:47 Geplanter Prüfpunkt
05-01-2015 05:01:47 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {008E2B35-337F-4A7B-99A2-A7C06A3F6B5F} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-11-10] (CHIP)
Task: {038E9733-51D5-4E0B-B93D-B6A7BD09BB4E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-11] (Adobe Systems Incorporated)
Task: {091AF685-AF4E-4688-AF4E-3FF77EB65853} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-15] (Microsoft Corporation)
Task: {0990D63D-5A59-42C3-A599-505698A7DA5C} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe [2013-04-24] (Crystal Dew World)
Task: {0F81D5F9-CF65-45FD-84CB-6F1CD4524DED} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit)
Task: {28E5397B-965B-4798-B838-E6A2D681EB6E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4133F9C9-3E24-4103-890C-EB1A45169721} - System32\Tasks\Opera scheduled Autoupdate 1380525839 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-14] (Opera Software)
Task: {4388B81A-3E0B-4F55-8ECE-298F7351E557} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {4E58B058-C5C3-4877-B7D2-0B543D916885} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-08] (Intel)
Task: {6264AB10-3D3C-4101-8E78-6F0BDABA4199} - System32\Tasks\{519BC508-53DB-45C9-84CF-0EF1DAB43713} => pcalua.exe -a "C:\Users\"MEIN NAME"\Desktop\Project M\wit-v2.29a-r5186-cygwin\windows-install.exe" -d "C:\Users\"MEIN NAME"\Desktop\Project M\wit-v2.29a-r5186-cygwin"
Task: {64189BC5-EBDB-457A-8769-E48FE224DE52} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {65A701E7-8C74-410B-9796-A480A9AAF83D} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {696BF4C9-EBE9-44D7-9289-9372E06995CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {74426CC3-4CE0-4119-A348-15D321736929} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {7CE0AA23-0EF9-4F7B-8C56-4390303ABACB} - System32\Tasks\WpsUpdateTask_"MEIN NAME" => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-08-24] (Kingsoft Corp. Ltd.)
Task: {86578881-F4D5-48AE-914F-9C731E650EEE} - System32\Tasks\avastBCLRestartS-1-5-21-2901914888-2273405363-3910051971-1001 => Chrome.exe
Task: {B01CEC4F-A518-49BA-8782-BB1670FE266F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {D6D764C0-089F-479D-A813-6487EAB62BCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17] (Google Inc.)
Task: {F1FA038F-D843-4B90-A076-0814A7168319} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-14] (AVAST Software)
Task: {F2E385FD-11EF-4BE3-9946-0FCC658184A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17] (Google Inc.)
Task: {F66A3B11-DB13-4E1D-844C-C173393DCF3D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-10] (Maxthon International ltd.)
Task: {F6C89968-9838-496F-A35D-DF23407FA82D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FCE1FB10-4193-4735-B5DC-AD94E401FE67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_"MEIN NAME".job => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe
==================== Loaded Modules (whitelisted) =============
2014-10-24 17:58 - 2012-11-28 03:18 - 00129024 ____N () C:\WINDOWS\System32\HPCP1020LM.DLL
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-01-28 16:59 - 2012-04-25 03:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-11-14 18:17 - 2014-11-14 18:17 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-14 18:17 - 2014-11-14 18:17 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-22 13:40 - 2013-09-05 17:42 - 00337752 _____ () C:\Program Files\TaskmgrPro\TaskmgrPro.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-04 19:56 - 2015-01-04 19:56 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010401\algo.dll
2014-11-14 18:17 - 2014-11-14 18:17 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-06 19:06 - 2015-01-06 19:06 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010601\algo.dll
2014-12-18 15:06 - 2014-12-18 15:06 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 15:11 - 2014-12-18 15:11 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 15:14 - 2014-12-18 15:14 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-09-19 14:22 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-19 14:22 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-19 14:22 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-19 14:22 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-19 14:22 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-08 19:30 - 2013-09-12 11:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-01-28 17:03 - 2012-09-12 21:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-01-28 17:03 - 2012-08-06 10:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-01-28 17:03 - 2012-08-06 10:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-01-17 16:30 - 2012-09-05 17:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2013-09-20 00:05 - 2013-09-20 00:05 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2014-11-14 18:18 - 2014-11-14 18:18 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-06 16:43 - 2015-01-06 16:43 - 00098816 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32api.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00110080 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\pywintypes27.dll
2015-01-06 16:43 - 2015-01-06 16:43 - 00364544 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\pythoncom27.dll
2015-01-06 16:43 - 2015-01-06 16:43 - 00045568 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\_socket.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 01160704 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\_ssl.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00320512 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32com.shell.shell.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00713216 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\_hashlib.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 01175040 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\wx._core_.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00805888 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\wx._gdi_.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00811008 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\wx._windows_.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 01062400 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\wx._controls_.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00735232 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\wx._misc_.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00128512 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\_elementtree.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00127488 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\pyexpat.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00557056 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\pysqlite2._sqlite.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00087552 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\_ctypes.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00119808 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32file.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00108544 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32security.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00007168 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\hashobjs_ext.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00167936 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32gui.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00018432 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32event.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00038912 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32inet.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00011264 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32crypt.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00070656 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\wx._html2.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00027136 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\_multiprocessing.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00035840 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32process.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00686080 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\unicodedata.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00122368 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\wx._wizard.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00024064 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32pipe.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00025600 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32pdh.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00525640 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\windows._lib_cacheinvalidation.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00010240 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\select.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00017408 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32profile.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00022528 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\win32ts.pyd
2015-01-06 16:43 - 2015-01-06 16:43 - 00078336 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI26202\wx._animate.pyd
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-06 16:43 - 2015-01-06 16:43 - 00043008 _____ () c:\Users\"MEIN NAME"\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcrmdek.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\WINDOWS\SysWOW64\CN09T110P605JW:NW
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\"MEIN NAME"\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\"MEIN NAME"\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\StartupFolder: => "DesktopEarth AutoStart.lnk"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\StartupFolder: => "Sidebar.lnk"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\StartupFolder: => "UDPixel.lnk"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\Run: => "Sony PC Companion"
========================= Accounts: ==========================
Administrator (S-1-5-21-2901914888-2273405363-3910051971-500 - Administrator - Disabled) => C:\Users\Administrator
"MEIN NAME" (S-1-5-21-2901914888-2273405363-3910051971-1001 - Administrator - Enabled) => C:\Users\"MEIN NAME"
Gast (S-1-5-21-2901914888-2273405363-3910051971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901914888-2273405363-3910051971-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/06/2015 07:08:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005cd54
ID des fehlerhaften Prozesses: 0x2ddc
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5
Error: (01/06/2015 07:08:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0005cd38
ID des fehlerhaften Prozesses: 0x1f98
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5
Error: (01/06/2015 07:24:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.3.9600.17284, Zeitstempel: 0x53f816dc
Name des fehlerhaften Moduls: DVSShellContextMenuExtension64.dll, Version: 1.0.0.1, Zeitstempel: 0x5242ec9b
Ausnahmecode: 0xc000041d
Fehleroffset: 0x000000000000b0f6
ID des fehlerhaften Prozesses: 0x844
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5
Error: (01/06/2015 07:24:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.3.9600.17284, Zeitstempel: 0x53f816dc
Name des fehlerhaften Moduls: DVSShellContextMenuExtension64.dll, Version: 1.0.0.1, Zeitstempel: 0x5242ec9b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000b0f6
ID des fehlerhaften Prozesses: 0x844
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Vollständiger Name des fehlerhaften Pakets: explorer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: explorer.exe5
Error: (01/06/2015 07:12:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2610
Startzeit: 01d029771b8c3051
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: 0974a283-956b-11e4-bf1e-6036dda89aa7
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (01/06/2015 06:04:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "\\?\Volume{bea0919e-bedc-40b3-9a41-441b01c028ab}\" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (01/06/2015 06:04:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "WINRETOOLS" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)
Error: (01/06/2015 00:52:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: launcher.exe_Opera Internet Browser, Version: 25.0.1614.71, Zeitstempel: 0x5465527b
Name des fehlerhaften Moduls: launcher_lib.dll, Version: 0.0.0.0, Zeitstempel: 0x54655251
Ausnahmecode: 0x80000003
Fehleroffset: 0x00015100
ID des fehlerhaften Prozesses: 0x1174
Startzeit der fehlerhaften Anwendung: 0xlauncher.exe_Opera Internet Browser0
Pfad der fehlerhaften Anwendung: launcher.exe_Opera Internet Browser1
Pfad des fehlerhaften Moduls: launcher.exe_Opera Internet Browser2
Berichtskennung: launcher.exe_Opera Internet Browser3
Vollständiger Name des fehlerhaften Pakets: launcher.exe_Opera Internet Browser4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: launcher.exe_Opera Internet Browser5
Error: (01/05/2015 11:38:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 23ec
Startzeit: 01d029378d57392a
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 81458234-952b-11e4-bf1e-6036dda89aa7
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (01/05/2015 11:38:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14b0
Startzeit: 01d029379365b093
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\syswow64\wwahost.exe
Berichts-ID: 81a160d7-952b-11e4-bf1e-6036dda89aa7
Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
System errors:
=============
Error: (01/05/2015 04:34:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/05/2015 04:34:40 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (01/05/2015 04:34:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "BlueStacks Android Service" ist vom Dienst "BlueStacks Hypervisor" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (01/05/2015 04:34:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Hypervisor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/06/2015 07:08:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19ntdll.dll6.3.9600.1727853eeb4a3c00000050005cd542ddc01d029dbcd07e31fC:\windows\ERUNT.exeC:\WINDOWS\SYSTEM32\ntdll.dll0ae3d368-95cf-11e4-bf1e-6036dda89aa7
Error: (01/06/2015 07:08:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19ntdll.dll6.3.9600.1727853eeb4a3c00000050005cd381f9801d029dbcc0d352cC:\windows\ERUNT.exeC:\WINDOWS\SYSTEM32\ntdll.dll0a8af5e0-95cf-11e4-bf1e-6036dda89aa7
Error: (01/06/2015 07:24:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f816dcDVSShellContextMenuExtension64.dll1.0.0.15242ec9bc000041d000000000000b0f684401d029795e982acaC:\WINDOWS\explorer.exeC:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dllb6008f67-956c-11e4-bf1e-6036dda89aa7
Error: (01/06/2015 07:24:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.3.9600.1728453f816dcDVSShellContextMenuExtension64.dll1.0.0.15242ec9bc0000005000000000000b0f684401d029795e982acaC:\WINDOWS\explorer.exeC:\Program Files (x86)\Common Files\DVDVideoSoft\lib\DVSShellContextMenuExtension64.dllb1d2014e-956c-11e4-bf1e-6036dda89aa7
Error: (01/06/2015 07:12:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17031261001d029771b8c30514294967295C:\WINDOWS\syswow64\wwahost.exe0974a283-956b-11e4-bf1e-6036dda89aa7Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
Error: (01/06/2015 06:04:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: \\?\Volume{bea0919e-bedc-40b3-9a41-441b01c028ab}\Falscher Parameter. (0x80070057)
Error: (01/06/2015 06:04:27 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: WINRETOOLSFalscher Parameter. (0x80070057)
Error: (01/06/2015 00:52:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: launcher.exe_Opera Internet Browser25.0.1614.715465527blauncher_lib.dll0.0.0.0546552518000000300015100117401d02942b372b7f2C:\Program Files (x86)\Opera\launcher.exeC:\Program Files (x86)\Opera\25.0.1614.71\launcher_lib.dllf7e4a85b-9535-11e4-bf1e-6036dda89aa7
Error: (01/05/2015 11:38:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2068923ec01d029378d57392a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe81458234-952b-11e4-bf1e-6036dda89aa7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (01/05/2015 11:38:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.1703114b001d029379365b0934294967295C:\WINDOWS\syswow64\wwahost.exe81a160d7-952b-11e4-bf1e-6036dda89aa7Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5cApp
CodeIntegrity Errors:
===================================
Date: 2014-11-14 01:21:10.095
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.990
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.831
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.262
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.055
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 59%
Total physical RAM: 6013.27 MB
Available physical RAM: 2456.99 MB
Total Pagefile: 11133.27 MB
Available Pagefile: 6736.93 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:921.66 GB) (Free:264.41 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:8.37 GB) (Free:0.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7BA981E6)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 28FC915C)
Partition: GPT Partition Type.
==================== End Of Log ============================
Geändert von Corny47 (06.01.2015 um 20:24 Uhr) Grund: Übersicht |
|
06.01.2015, 20:26
| #2 | |
| /// the machine /// TB-Ausbilder    | Trojaner durch Fake- Deutsche Post Mail eingefangen hi,
__________________Zitat:
Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
06.01.2015, 22:25
| #3 |
| | Trojaner durch Fake- Deutsche Post Mail eingefangen Danke für die so fixe Antwort!
__________________Nein! PhoXo sagt mir nichts und wird auf meinem Desktop auch nich angezeigt. Und das "Attention" nehme ich mal als Hinweis. Sieht aber schon so semiseriös aus. Das erste von dir verlinkte Programm bekomme ich jedoch nciht zum DOwnload, werde nur auf eine "Fehler" Seite weitergeleitet. Bei Ihnen auch? Sooo. Da man auch das erste Progrogramm ohne Probleme aktualisieren kann, habe ich hier beide Logfiles. Zweiteres war übrigens gänzlich ohne Fund. 21:13:00.0873 0x1774 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20 21:13:00.0873 0x1774 UEFI system 21:13:09.0209 0x1774 ============================================================ 21:13:09.0209 0x1774 Current date / time: 2015/01/06 21:13:09.0209 21:13:09.0209 0x1774 SystemInfo: 21:13:09.0209 0x1774 21:13:09.0209 0x1774 OS Version: 6.3.9600 ServicePack: 0.0 21:13:09.0209 0x1774 Product type: Workstation 21:13:09.0209 0x1774 ComputerName: "MEIN NAME"PC 21:13:09.0209 0x1774 UserName: "MEIN NAME" 21:13:09.0209 0x1774 Windows directory: C:\WINDOWS 21:13:09.0209 0x1774 System windows directory: C:\WINDOWS 21:13:09.0209 0x1774 Running under WOW64 21:13:09.0209 0x1774 Processor architecture: Intel x64 21:13:09.0209 0x1774 Number of processors: 8 21:13:09.0209 0x1774 Page size: 0x1000 21:13:09.0209 0x1774 Boot type: Normal boot 21:13:09.0209 0x1774 ============================================================ 21:13:09.0661 0x1774 KLMD registered as C:\WINDOWS\system32\drivers\18168416.sys 21:13:09.0989 0x1774 System UUID: {512671AA-B7D6-3247-E403-F07CB16C5F9A} 21:13:10.0817 0x1774 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0B80E00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:13:10.0817 0x1774 Drive \Device\Harddisk1\DR1 - Size: 0x200000000 ( 8.00 Gb ), SectorSize: 0x200, Cylinders: 0x414, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:13:10.0817 0x1774 ============================================================ 21:13:10.0817 0x1774 \Device\Harddisk0\DR0: 21:13:10.0817 0x1774 GPT partitions: 21:13:10.0817 0x1774 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {188F69C4-7AD2-4AD9-BDFD-BA40A8CAC661}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000 21:13:10.0817 0x1774 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {796BADD3-6BBF-4D9F-B631-466EB71A4965}, UniqueGUID: {0CB0FE46-1DEF-4914-B2FC-463FB16983B9}, Name: Basic data partition, StartLBA 0xFA800, BlocksNum 0x14000 21:13:10.0817 0x1774 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {221F0548-7FC7-4AF2-B054-9569074B59C1}, Name: Microsoft reserved partition, StartLBA 0x10E800, BlocksNum 0x40000 21:13:10.0817 0x1774 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FA391AF5-0D41-4998-AFB5-F629B2860583}, Name: Basic data partition, StartLBA 0x14E800, BlocksNum 0xFA000 21:13:10.0817 0x1774 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {0DF6EDFC-05F7-4BD2-B914-88979C9C00DB}, Name: Basic data partition, StartLBA 0x248800, BlocksNum 0x73352800 21:13:10.0817 0x1774 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {BEA0919E-BEDC-40B3-9A41-441B01C028AB}, Name: , StartLBA 0x7359B000, BlocksNum 0xAF000 21:13:10.0817 0x1774 \Device\Harddisk0\DR0\Partition7: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {B7A1AA21-93BA-4315-BADF-92E7E9A61A96}, Name: Microsoft recovery partition, StartLBA 0x7364A000, BlocksNum 0x10BB407 21:13:10.0817 0x1774 MBR partitions: 21:13:10.0817 0x1774 \Device\Harddisk1\DR1: 21:13:10.0817 0x1774 GPT partitions: 21:13:10.0817 0x1774 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {D3BFE2DE-3DAF-11DF-BA40-E3A556D89593}, UniqueGUID: {871990F6-E9E7-4BBE-BC2A-6C9A7FFD66EC}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xFFF000 21:13:10.0817 0x1774 MBR partitions: 21:13:10.0817 0x1774 ============================================================ 21:13:10.0864 0x1774 C: <-> \Device\Harddisk0\DR0\Partition5 21:13:10.0880 0x1774 ============================================================ 21:13:10.0880 0x1774 Initialize success 21:13:10.0880 0x1774 ============================================================ 21:16:41.0969 0x2eb4 ============================================================ 21:16:41.0969 0x2eb4 Scan started 21:16:41.0969 0x2eb4 Mode: Manual; SigCheck; TDLFS; 21:16:41.0969 0x2eb4 ============================================================ 21:16:41.0969 0x2eb4 KSN ping started 21:16:44.0452 0x2eb4 KSN ping finished: true 21:16:47.0020 0x2eb4 ================ Scan system memory ======================== 21:16:47.0020 0x2eb4 System memory - ok 21:16:47.0020 0x2eb4 ================ Scan services ============================= 21:16:47.0145 0x2eb4 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci C:\WINDOWS\System32\drivers\1394ohci.sys 21:16:47.0192 0x2eb4 1394ohci - ok 21:16:47.0207 0x2eb4 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware C:\WINDOWS\system32\drivers\3ware.sys 21:16:47.0239 0x2eb4 3ware - ok 21:16:47.0270 0x2eb4 [ 9539F7917B4B6D92C90F0FAA6B86C605, B4C284E8EECC2E7025053A3320EFDC9F47BCA9828853AD2A805DB826CA4AC27E ] ACPI C:\WINDOWS\system32\drivers\ACPI.sys 21:16:47.0301 0x2eb4 ACPI - ok 21:16:47.0301 0x2eb4 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex C:\WINDOWS\system32\Drivers\acpiex.sys 21:16:47.0332 0x2eb4 acpiex - ok 21:16:47.0332 0x2eb4 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr C:\WINDOWS\System32\drivers\acpipagr.sys 21:16:47.0379 0x2eb4 acpipagr - ok 21:16:47.0379 0x2eb4 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys 21:16:47.0410 0x2eb4 AcpiPmi - ok 21:16:47.0410 0x2eb4 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime C:\WINDOWS\System32\drivers\acpitime.sys 21:16:47.0442 0x2eb4 acpitime - ok 21:16:47.0508 0x2eb4 [ 749F94C424524285DCDA84D695ABC12F, E5AD194AF5B8B4FDB3976D3E3F9EF942DECFEC4EBAA9881A8EF7707BB781E4AD ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:16:47.0555 0x2eb4 AdobeFlashPlayerUpdateSvc - ok 21:16:47.0586 0x2eb4 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX C:\WINDOWS\system32\drivers\ADP80XX.SYS 21:16:47.0617 0x2eb4 ADP80XX - ok 21:16:47.0633 0x2eb4 [ 0F17D49BE041B7EFF1D33BF1414E7AC6, F8B536B60903814DF88DAF535753288537EF0993E42AA4E734EDA8D68B24C7AB ] AeLookupSvc C:\WINDOWS\System32\aelupsvc.dll 21:16:47.0664 0x2eb4 AeLookupSvc - ok 21:16:47.0680 0x2eb4 [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD C:\WINDOWS\system32\drivers\afd.sys 21:16:47.0727 0x2eb4 AFD - ok 21:16:47.0727 0x2eb4 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440 C:\WINDOWS\system32\drivers\agp440.sys 21:16:47.0758 0x2eb4 agp440 - ok 21:16:47.0758 0x2eb4 [ 8E8E34B7BA059050EED827410D0697A2, 85B6684709F24729A6497563812A90A54068AC2DD9EEA03037CB1EEF5C85AAA9 ] ahcache C:\WINDOWS\system32\DRIVERS\ahcache.sys 21:16:47.0773 0x2eb4 ahcache - ok 21:16:47.0789 0x2eb4 [ A91D8E1E433EFB32551BCE69037E1CE7, 41DFDD5B56918D19D09DFB3E4B07460AA85647A8647ABBBB906158D8D6653290 ] ALG C:\WINDOWS\System32\alg.exe 21:16:47.0820 0x2eb4 ALG - ok 21:16:47.0820 0x2eb4 [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe 21:16:47.0867 0x2eb4 AMD External Events Utility - ok 21:16:47.0867 0x2eb4 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8 C:\WINDOWS\System32\drivers\amdk8.sys 21:16:47.0883 0x2eb4 AmdK8 - ok 21:16:48.0164 0x2eb4 [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag C:\WINDOWS\system32\DRIVERS\atikmdag.sys 21:16:48.0539 0x2eb4 amdkmdag - ok 21:16:48.0570 0x2eb4 [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys 21:16:48.0617 0x2eb4 amdkmdap - ok 21:16:48.0633 0x2eb4 [ 8A375CB3B6D1A56A2AEEE72A5F1D0926, 03D6EA77B141675B719E66DA09D1DACC7137B19F9918C303DD6870B3F36ADEBB ] amdkmpfd C:\WINDOWS\system32\drivers\amdkmpfd.sys 21:16:48.0664 0x2eb4 amdkmpfd - ok 21:16:48.0664 0x2eb4 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM C:\WINDOWS\System32\drivers\amdppm.sys 21:16:48.0742 0x2eb4 AmdPPM - ok 21:16:48.0742 0x2eb4 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata C:\WINDOWS\system32\drivers\amdsata.sys 21:16:48.0789 0x2eb4 amdsata - ok 21:16:48.0789 0x2eb4 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs C:\WINDOWS\system32\drivers\amdsbs.sys 21:16:48.0820 0x2eb4 amdsbs - ok 21:16:48.0820 0x2eb4 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata C:\WINDOWS\system32\drivers\amdxata.sys 21:16:48.0836 0x2eb4 amdxata - ok 21:16:48.0852 0x2eb4 [ 0C3D62CB6B8F2B3CC42369BAC0F58AD5, F0121EACB6060DF1F6C5F79C15D5B483F301EF85B3C79F67806520BE9CEE398E ] AMPPAL C:\WINDOWS\System32\drivers\AMPPAL.sys 21:16:48.0867 0x2eb4 AMPPAL - ok 21:16:48.0883 0x2eb4 [ 11DA9AEDEDE229C6BDF6889298E91FDD, BDA9EB3E92CC5D30ABF39DAFF7197C1179E6616A06025093ABD04D0DC3F36740 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 21:16:48.0945 0x2eb4 AMPPALR3 - ok 21:16:48.0961 0x2eb4 [ C65A3C67630A67A97AD26C21173BA61E, 9C66AF6FC15FEA0B0352540C037AD87B4113CE401C10B6A35DE98901E74152DC ] Apowersoft_AudioDevice C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys 21:16:48.0977 0x2eb4 Apowersoft_AudioDevice - ok 21:16:48.0977 0x2eb4 [ 04951A9A937CBE28A2D3FEEA360B6D1F, D8AAF000BE4FE4B203DC2EB2A64F780A542E5238CE3F9952FD03277379B11529 ] AppID C:\WINDOWS\system32\drivers\appid.sys 21:16:49.0008 0x2eb4 AppID - ok 21:16:49.0008 0x2eb4 [ C0DC3F58214A227980AEB091CFD2F973, 0C3E8453C9F65ADA3E74C38C0E3AC3E0CBFD807B827097046265B38839E151E3 ] AppIDSvc C:\WINDOWS\System32\appidsvc.dll 21:16:49.0023 0x2eb4 AppIDSvc - ok 21:16:49.0023 0x2eb4 [ 034ED41F13D9C1845C1E081F05B640DB, E4E17BA0B22C464DE60A6BF68D4D035D1B838DE4F0361029DED1AE00503E135C ] Appinfo C:\WINDOWS\System32\appinfo.dll 21:16:49.0055 0x2eb4 Appinfo - ok 21:16:49.0055 0x2eb4 [ 8176FBA685178FB0F52D46693474FA50, 69FE3692C7FE24289A479ADD74F2C782B59A099B7B07FE5ACFC4DA899E40BFDE ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 21:16:49.0086 0x2eb4 AppMgmt - ok 21:16:49.0102 0x2eb4 [ CB12C47647D8BDAFAA94C0856B14128B, 5590C98095357C92563EF94800107D3611AA6ECA1A70BE463C03B279E618A6C4 ] AppReadiness C:\WINDOWS\system32\AppReadiness.dll 21:16:49.0148 0x2eb4 AppReadiness - ok 21:16:49.0164 0x2eb4 [ F7529BD3FFAC9C33D15F6DE3B7353B03, 8EF0A84C9687A246B60939A326E498121039E9CC617A7ABBA933EDD327F3467E ] AppXSvc C:\WINDOWS\system32\appxdeploymentserver.dll 21:16:49.0242 0x2eb4 AppXSvc - ok 21:16:49.0258 0x2eb4 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas C:\WINDOWS\system32\drivers\arcsas.sys 21:16:49.0305 0x2eb4 arcsas - ok 21:16:49.0305 0x2eb4 [ 9BE9F2B83DE80E2752B1405CC427E2EC, 6015CA66553B3B882083B33F24FB338249A110D9769831C3D3D3C681AAFA9411 ] aswHwid C:\WINDOWS\system32\drivers\aswHwid.sys 21:16:49.0320 0x2eb4 aswHwid - ok 21:16:49.0320 0x2eb4 [ 2DA1C1AEDF454F8E32A863A1AEACDD8C, F02E4D197AE00B9A9507CF6007A7B7BEA54AF0F255B752FBA7174FA2596D1CA9 ] aswMonFlt C:\WINDOWS\system32\drivers\aswMonFlt.sys 21:16:49.0352 0x2eb4 aswMonFlt - ok 21:16:49.0352 0x2eb4 [ 4750016EF9CC1DEC6DA3FE5AF9A7F095, C4CF46246D8A3FF9BD8D2FE899685654ADD45EB9B032F33804D0B8131882BC74 ] aswRdr C:\WINDOWS\system32\drivers\aswRdr2.sys 21:16:49.0383 0x2eb4 aswRdr - ok 21:16:49.0383 0x2eb4 [ 1323269A92645705DEFA053F3596829D, 83EC58E0577A1E45D1FCBC0C0AF182099FB70B9005B9F8161166EBB4E9F58F35 ] aswRvrt C:\WINDOWS\system32\drivers\aswRvrt.sys 21:16:49.0398 0x2eb4 aswRvrt - ok 21:16:49.0430 0x2eb4 [ E74FD717476B30E23F45354B8F3ACB30, 951D1655E1FA4CF0ACB29F2EEDDB3B42522D392F46DD826C63DCA8941E17ABA8 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys 21:16:49.0477 0x2eb4 aswSnx - ok 21:16:49.0492 0x2eb4 [ B1881A01E301990B671694CA1623F1B6, 5299C713EA7CF96F0550943DB37E963CDA09258F65C471CCEEAB44C4736B7A08 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys 21:16:49.0539 0x2eb4 aswSP - ok 21:16:49.0539 0x2eb4 [ 7509F07BA6F84C1E3B2C0D78A1F6F782, A90A36E8E23F58E430DE98B3623688DC09D34B62906EF7796DFC90F581FC385F ] aswStm C:\WINDOWS\system32\drivers\aswStm.sys 21:16:49.0570 0x2eb4 aswStm - ok 21:16:49.0570 0x2eb4 [ 1A5BDDE65B648DC3AD48B6ECAA3AE9C8, 858F674C3B775F9C8C782B7AFAC0B02AE9410C9F3B7F5B3AE1C4AD3BF6448C14 ] aswVmm C:\WINDOWS\system32\drivers\aswVmm.sys 21:16:49.0602 0x2eb4 aswVmm - ok 21:16:49.0607 0x2eb4 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi C:\WINDOWS\system32\drivers\atapi.sys 21:16:49.0627 0x2eb4 atapi - ok 21:16:49.0627 0x2eb4 [ 7F70B1044272982AAEA7C16E83424770, A7694D38DF5A0E1040688017DB811EF0788874FE505ADD572DE4D4647073DC12 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll 21:16:49.0658 0x2eb4 AudioEndpointBuilder - ok 21:16:49.0689 0x2eb4 [ C0484CA5C7F87E38909746B63C7FC868, 65159639E2300AEA886184E9D47D449350DAF69A8AA2F9DBD6BD8A474BA73177 ] Audiosrv C:\WINDOWS\System32\Audiosrv.dll 21:16:49.0736 0x2eb4 Audiosrv - ok 21:16:49.0736 0x2eb4 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 21:16:49.0752 0x2eb4 avast! Antivirus - ok 21:16:49.0877 0x2eb4 [ 4F4EBF6163D3A02D52A66BBD145B0069, 179B2FD2671F6BB8D3F77B39001F546A0DEBE85BFF9782060AF1DC50DFA071EF ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe 21:16:49.0986 0x2eb4 AvastVBoxSvc - ok 21:16:50.0002 0x2eb4 [ A1F53D2A00E64679A1D81B61D2333D06, 41D4F252693A2382A1C1FB85A49DF5AAB5B21620DC09A0E1A7F66A437E3A0B3B ] avgtp C:\WINDOWS\system32\drivers\avgtpx64.sys 21:16:50.0033 0x2eb4 avgtp - ok 21:16:50.0033 0x2eb4 [ 96E8CAF20FC4B6C31CAD7816A801EB78, E4870DB8FFBDCFEE98449338D0BDBF2DD0B5FEC75514E41C11A882BE6EB16833 ] AxInstSV C:\WINDOWS\System32\AxInstSV.dll 21:16:50.0064 0x2eb4 AxInstSV - ok 21:16:50.0064 0x2eb4 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv C:\WINDOWS\system32\drivers\bxvbda.sys 21:16:50.0096 0x2eb4 b06bdrv - ok 21:16:50.0111 0x2eb4 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay C:\WINDOWS\System32\drivers\BasicDisplay.sys 21:16:50.0143 0x2eb4 BasicDisplay - ok 21:16:50.0158 0x2eb4 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender C:\WINDOWS\System32\drivers\BasicRender.sys 21:16:50.0189 0x2eb4 BasicRender - ok 21:16:50.0189 0x2eb4 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys 21:16:50.0205 0x2eb4 bcmfn2 - ok 21:16:50.0221 0x2eb4 [ E07C80468D0C599BFF01D9D4EC7AEDC3, F675F455924DEC3FF69AD816DFEB6E74C804AEC3D3BFF7515953DB9D79C9B2D0 ] BDESVC C:\WINDOWS\System32\bdesvc.dll 21:16:50.0236 0x2eb4 BDESVC - ok 21:16:50.0252 0x2eb4 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep C:\WINDOWS\system32\drivers\Beep.sys 21:16:50.0268 0x2eb4 Beep - ok 21:16:50.0283 0x2eb4 [ 20FB137ADDE1255F15F265A7BD9579BE, 87B4D5C91EFEAD987AAC3491A4360F82824C46AFF958B6F4CAED7C12224EF159 ] BFE C:\WINDOWS\System32\bfe.dll 21:16:50.0330 0x2eb4 BFE - ok 21:16:50.0346 0x2eb4 [ 15225081966C785A9192782401643FD4, E2BA0C8D044556FDD9DD7A25F7F71553DE7A2924E78F9284413C2AC46F0BF4EB ] BITS C:\WINDOWS\System32\qmgr.dll 21:16:50.0408 0x2eb4 BITS - ok 21:16:50.0455 0x2eb4 [ 4D87518BA68C308299441337C55F5427, AE46F847EE605213A3AE9BEFE5EB0B7B8D877340EA1A6CF9EF5683A02ECFE399 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 21:16:50.0502 0x2eb4 Bluetooth Device Monitor - ok 21:16:50.0533 0x2eb4 [ 19786E2114E2FCB4EAA30808E9D4FB9A, FCBD15EA7CB0B22DA9ABFACF95DE877042201C85EBC219F5204E12F76E8DBC09 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 21:16:50.0611 0x2eb4 Bluetooth OBEX Service - ok 21:16:50.0627 0x2eb4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 21:16:50.0674 0x2eb4 Bonjour Service - ok 21:16:50.0689 0x2eb4 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser C:\WINDOWS\system32\DRIVERS\bowser.sys 21:16:50.0750 0x2eb4 bowser - ok 21:16:50.0760 0x2eb4 [ E325BCD68EC0CF2E2EDD0AB7CC17C698, 4DEDEF91F6BD1CC8DBE118AC28CA6BD874449A053B9CDE9FFEB1C7B98501D938 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll 21:16:50.0823 0x2eb4 BrokerInfrastructure - ok 21:16:50.0823 0x2eb4 [ 041A999E4FF9A7CDBE67357751881FB8, 356C52637EA715D6FA2B65BD311C9BF1635A582023434902EC2DE4A2448961F8 ] Browser C:\WINDOWS\System32\browser.dll 21:16:50.0838 0x2eb4 Browser - ok 21:16:50.0854 0x2eb4 [ 71233D81FA5C8F7BE82268F6DD83FB03, 34EC2E590D1BB4436F3C3ECDE583454C1C8229300C6A2FF84D44F5EC3BBA06D9 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe 21:16:50.0885 0x2eb4 BstHdAndroidSvc - ok 21:16:50.0885 0x2eb4 [ A4402EAF43656E38065BE74B87EDC111, FE7A14A24F4728A42CB608E7F5800CC13F19F36D2B7920F8A609902D56BF39E3 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys 21:16:50.0932 0x2eb4 BstHdDrv - ok 21:16:50.0948 0x2eb4 [ 0602AD2C3DB59F92BC86CD7CD2550868, EE4E26B37DCB5465059969DFD21707D5F37E239F7A8887AE34C56F13ED269116 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe 21:16:50.0994 0x2eb4 BstHdLogRotatorSvc - ok 21:16:51.0010 0x2eb4 [ 8F7A6409A76914E203423A384A4E1C11, 567D1B456F6457C2D2612D048B7E59C41504565E67BB7F349530249274BF3C3B ] BthA2DP C:\WINDOWS\system32\drivers\BthA2DP.sys 21:16:51.0026 0x2eb4 BthA2DP - ok 21:16:51.0041 0x2eb4 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg C:\WINDOWS\System32\drivers\BthAvrcpTg.sys 21:16:51.0057 0x2eb4 BthAvrcpTg - ok 21:16:51.0057 0x2eb4 [ 131F1C8573E7BFB41C54FBF5309CCD94, DAFE51E3BADBD82A33B580F212B2D6520A120877C23F6D675521FEA2F4BA5A1F ] BthEnum C:\WINDOWS\System32\drivers\BthEnum.sys 21:16:51.0104 0x2eb4 BthEnum - ok 21:16:51.0104 0x2eb4 [ 746B9F94214915AECDE4B7FEA5FF9664, EA2877D49DB4B7B9CE61653D63E8776DFF1CBCCAB12C14DB1D20DA44B8F06357 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys 21:16:51.0119 0x2eb4 BthHFEnum - ok 21:16:51.0135 0x2eb4 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid C:\WINDOWS\System32\drivers\BthHFHid.sys 21:16:51.0166 0x2eb4 bthhfhid - ok 21:16:51.0182 0x2eb4 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70692FAB838E11F1 ] BthLEEnum C:\WINDOWS\System32\drivers\BthLEEnum.sys 21:16:51.0229 0x2eb4 BthLEEnum - ok 21:16:51.0229 0x2eb4 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504C2434261684F0B ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys 21:16:51.0276 0x2eb4 BTHMODEM - ok 21:16:51.0276 0x2eb4 [ 25BB93167DEF270188072603F92A1EF5, CE4637CE4B63420E218F53CAF89A8C85D036B879B80456FEF3C7C395590E26BB ] BthPan C:\WINDOWS\System32\drivers\bthpan.sys 21:16:51.0323 0x2eb4 BthPan - ok 21:16:51.0369 0x2eb4 [ 97B9076611291AE4C4C107BC915BD026, 0A77873AAF1ADB76CAB98A84D2242781E34E2699632E45EB92ED7DB20B2BE0C1 ] BTHPORT C:\WINDOWS\System32\Drivers\BTHport.sys 21:16:51.0432 0x2eb4 BTHPORT - ok 21:16:51.0448 0x2eb4 [ E5E48FEED73D463175EAB1542495191C, 0A8182F5BA7B694AB1DD3680F1194E4A568FE40DBA4BFDFF2EA09BAD045FFB29 ] bthserv C:\WINDOWS\system32\bthserv.dll 21:16:51.0479 0x2eb4 bthserv - ok 21:16:51.0494 0x2eb4 [ 53ECA72327243009C4D49BF934134A1B, 910CE8EA6921304B0DF13227CA2DC0FE18A57E9633C885EE7AE7F71AD536EB6E ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 21:16:51.0526 0x2eb4 BTHSSecurityMgr - ok 21:16:51.0526 0x2eb4 [ 23E75BED9076F856B36F5F934BBD5795, CCEB72B788522B7D52A6C07646005EBC68F9599D3714ECACF3A194CA47A1BE85 ] BTHUSB C:\WINDOWS\System32\Drivers\BTHUSB.sys 21:16:51.0541 0x2eb4 BTHUSB - ok 21:16:51.0573 0x2eb4 [ 7B31A8A9DC95B3634D896FD0F2814F19, 8FD5FBC61968F4BB8C2BAD0D432D5B86DCFED38CCF6F559F9EFB71AADD25474F ] btmhsf C:\WINDOWS\system32\DRIVERS\btmhsf.sys 21:16:51.0633 0x2eb4 btmhsf - ok 21:16:51.0637 0x2eb4 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs C:\WINDOWS\system32\DRIVERS\cdfs.sys 21:16:51.0652 0x2eb4 cdfs - ok 21:16:51.0668 0x2eb4 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom C:\WINDOWS\System32\drivers\cdrom.sys 21:16:51.0684 0x2eb4 cdrom - ok 21:16:51.0699 0x2eb4 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] CertPropSvc C:\WINDOWS\System32\certprop.dll 21:16:51.0731 0x2eb4 CertPropSvc - ok 21:16:51.0733 0x2eb4 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass C:\WINDOWS\System32\drivers\circlass.sys 21:16:51.0748 0x2eb4 circlass - ok 21:16:51.0748 0x2eb4 [ 55FE970B500F6D2A550B5E80AB8C4EAC, B62BFD973949E64F408058D8590EE1BD899ECB11139F3E3B7D6448566161C2D3 ] ClassicShellService C:\Program Files\Classic Shell\ClassicShellService.exe 21:16:51.0764 0x2eb4 ClassicShellService - detected UnsignedFile.Multi.Generic ( 1 ) 21:16:54.0240 0x2eb4 Detect skipped due to KSN trusted 21:16:54.0240 0x2eb4 ClassicShellService - ok 21:16:54.0256 0x2eb4 [ 179A41249055D5F039F1B6703F3B6D2B, 886CF715D9E85DB5C9B991EBCB9B12E27AA0EEE52528E222C80CA5B5B0A7AF52 ] CLFS C:\WINDOWS\system32\drivers\CLFS.sys 21:16:54.0350 0x2eb4 CLFS - ok 21:16:54.0350 0x2eb4 [ 075CCE75090786F124573A788C8656E6, AA188CFF2F8EE2D9F50701AB2315D24E15D7715FD84F5054D3FC175D4BD35734 ] CLVirtualDrive C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys 21:16:54.0381 0x2eb4 CLVirtualDrive - ok 21:16:54.0397 0x2eb4 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt C:\WINDOWS\System32\drivers\CmBatt.sys 21:16:54.0412 0x2eb4 CmBatt - ok 21:16:54.0428 0x2eb4 [ 4E1207CE16E615B0B7A70DC889F4500E, 1778D5AC0AF5F5DD1551192F4CDBCCB9878995155CF337EBB03460A6FD5C6B78 ] CNG C:\WINDOWS\system32\Drivers\cng.sys 21:16:54.0459 0x2eb4 CNG - ok 21:16:54.0490 0x2eb4 [ D154861655575786335549F3208B133F, 5173BB3ECC65439B54BA8143FBEC09E23ABFC899B92C99D31714CFE9D37851CE ] CnxtHdAudService C:\WINDOWS\system32\drivers\CHDRT64.sys 21:16:54.0553 0x2eb4 CnxtHdAudService - ok 21:16:54.0553 0x2eb4 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus C:\WINDOWS\System32\drivers\CompositeBus.sys 21:16:54.0568 0x2eb4 CompositeBus - ok 21:16:54.0568 0x2eb4 COMSysApp - ok 21:16:54.0584 0x2eb4 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv C:\WINDOWS\system32\drivers\condrv.sys 21:16:54.0600 0x2eb4 condrv - ok 21:16:54.0662 0x2eb4 [ 6DB7264A95FE984FFA072BA79FA087C8, CF180663B24B1660CD04CB26D8663FB7F357C9CF5731B315635D63B7DB76BCEC ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe 21:16:54.0678 0x2eb4 cphs - ok 21:16:54.0709 0x2eb4 [ 97558F429F8F09446AE51C1AA88C9B9B, 10F370982E2AEADB5F15487530453B007D1920AC89E66DC15D853C3F0C0357C5 ] CrossLoopService C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe 21:16:54.0756 0x2eb4 CrossLoopService - ok 21:16:54.0772 0x2eb4 [ 0EFE4B5884A8032617826A4D76F80969, 083D296CC623C83D36A97AEE343ADF819B17E490F931DBE4D161BD1E8C289E02 ] CryptSvc C:\WINDOWS\system32\cryptsvc.dll 21:16:54.0787 0x2eb4 CryptSvc - ok 21:16:54.0803 0x2eb4 [ EE2F3C0D6ADBC975D6B621EC15ACF4E2, D158C0FACA6344BCD77616EC3D23212F9FD76D7D0C834ACA51998B80162106D5 ] CSC C:\WINDOWS\system32\drivers\csc.sys 21:16:54.0834 0x2eb4 CSC - ok 21:16:54.0865 0x2eb4 [ 936D9E2871CEEFF6A33695D98374367B, C30D42E870F196C4FA20AF95C7B9D9C9C5414D6DDE71268F88C3FC5BF372E61B ] CscService C:\WINDOWS\System32\cscsvc.dll 21:16:54.0897 0x2eb4 CscService - ok 21:16:54.0912 0x2eb4 [ 9A59DF2CA690019FEA3B265D5A7EB619, F15D51B3C78A213BA6D6FF7CEA58549673CEAFE97C0A6C90C93591637CE4D5B2 ] CxUtilSvc C:\Program Files\Conexant\SA3\CxUtilSvc.exe 21:16:54.0928 0x2eb4 CxUtilSvc - ok 21:16:54.0928 0x2eb4 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF74234C4C36910BE ] dam C:\WINDOWS\system32\drivers\dam.sys 21:16:54.0944 0x2eb4 dam - ok 21:16:54.0959 0x2eb4 [ 7AF9DAC504FBD047CBC3E64AE52C92BF, CA8F9564733DED4C3895CF7150BB254995D66889E6BE08D6654E4F897E4FF7A4 ] dc3d C:\WINDOWS\System32\drivers\dc3d.sys 21:16:54.0975 0x2eb4 dc3d - ok 21:16:54.0990 0x2eb4 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 21:16:55.0037 0x2eb4 DcomLaunch - ok 21:16:55.0037 0x2eb4 [ D249C3A58A4FCF755EF4C94F7047E015, 68C044CE2DB93FB502F85F6E081EA164F6E6DCBA6B3EE2A5CBDA122065E522F8 ] defragsvc C:\WINDOWS\System32\defragsvc.dll 21:16:55.0100 0x2eb4 defragsvc - ok 21:16:55.0100 0x2eb4 [ DC253191A553DACA7684CFB5B03A4268, 2D651A059F1334671E875EB4FC642383DCC00710809255DA29F96C41EC2C8205 ] DellRbtn C:\WINDOWS\System32\drivers\DellRbtn.sys 21:16:55.0131 0x2eb4 DellRbtn - ok 21:16:55.0131 0x2eb4 [ 8F387C2C99EE09C6E2AC316205F86A17, EC9E8AE72A21992AA118964E17090BA4503EB051273AD18185C95172F57328CE ] DeviceAssociationService C:\WINDOWS\system32\das.dll 21:16:55.0162 0x2eb4 DeviceAssociationService - ok 21:16:55.0178 0x2eb4 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] DeviceInstall C:\WINDOWS\system32\umpnpmgr.dll 21:16:55.0194 0x2eb4 DeviceInstall - ok 21:16:55.0209 0x2eb4 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc C:\WINDOWS\system32\Drivers\dfsc.sys 21:16:55.0232 0x2eb4 Dfsc - ok 21:16:55.0237 0x2eb4 [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus.sys 21:16:55.0253 0x2eb4 dg_ssudbus - ok 21:16:55.0253 0x2eb4 [ 05DE04005CE0D84D0E6AD21CAEB369C6, E6704A2A685BCFD560796D7C328F8E53DF0793DBDA590598A492D9070D109298 ] Dhcp C:\WINDOWS\system32\dhcpcore.dll 21:16:55.0300 0x2eb4 Dhcp - ok 21:16:55.0316 0x2eb4 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk C:\WINDOWS\system32\drivers\disk.sys 21:16:55.0331 0x2eb4 disk - ok 21:16:55.0347 0x2eb4 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc C:\WINDOWS\System32\drivers\dmvsc.sys 21:16:55.0363 0x2eb4 dmvsc - ok 21:16:55.0363 0x2eb4 [ FE7656474448BE6A6C68E5C9BEB7CA94, 8B9F04CAA29A6EEFCA3D1E7BAFE340D5CCA8AF665474E69B1DF7E2A518B83A89 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 21:16:55.0409 0x2eb4 Dnscache - ok 21:16:55.0425 0x2eb4 [ 50288EA079BB520C2B8C8A154202D518, 8916A9180CA009D124FFDFB4CCF5FDFEF7FA2FD37CBCD49FAD4C68E051B4734D ] dot3svc C:\WINDOWS\System32\dot3svc.dll 21:16:55.0472 0x2eb4 dot3svc - ok 21:16:55.0488 0x2eb4 [ 40BFE7F0CF7CB9FC9F25CF6EAE95F061, 5A0E2088B78BE1A46FAEA3DD2B9B69747E4C21B2CA7911C0E5FF970C2B4D8374 ] DpHost C:\Program Files\DigitalPersona\Bin\DpHostW.exe 21:16:55.0519 0x2eb4 DpHost - ok 21:16:55.0519 0x2eb4 [ 281BEE07BA97E3E98D12A822D923D0D8, 6EB482B2D4D6048D145C3738B2B6FA27A90B5EA53E9167447820F9981B004E63 ] DPS C:\WINDOWS\system32\dps.dll 21:16:55.0550 0x2eb4 DPS - ok 21:16:55.0566 0x2eb4 [ 8D204535D6E0727DF89AF6D962A36359, 8EB84D4AAB280D46EDDD2FF0306FA6F341BF812F913A4964155514EF330D63B5 ] DRHARD64 C:\WINDOWS\system32\drivers\DRHARD64.sys 21:16:55.0581 0x2eb4 DRHARD64 - ok 21:16:55.0581 0x2eb4 [ 5F8D4D82CB212774980F15258825F8E1, 67F6274B4632163197E7BB026E3EB00B75937DA8F98A566FAA3586E04DA54D1F ] DRHMSR64 C:\WINDOWS\system32\drivers\DRHMSR64.sys 21:16:55.0597 0x2eb4 DRHMSR64 - ok 21:16:55.0597 0x2eb4 [ DDC11A202207C0400CBE07315B8FDE5E, 3ED0CA3A714582D92001BA3BFF78BE082F4DC8021298D5A2632F3B2B0A1C09DC ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 21:16:55.0628 0x2eb4 drmkaud - ok 21:16:55.0628 0x2eb4 [ 5B074F14F5DD6418F46EE4CA2DEB7EA8, B8223D73C3DE123759101F7D5D45C60BD12B221F09D349575A1044CE3F43CBC5 ] DsmSvc C:\WINDOWS\System32\DeviceSetupManager.dll 21:16:55.0659 0x2eb4 DsmSvc - ok 21:16:55.0691 0x2eb4 [ 313DCE665B57000B18CB26C6B6A10DFE, 6C332D4AD13A316C192321AB7E7597E66AF8E1688101FFD851E06C52128DBA52 ] DXGKrnl C:\WINDOWS\System32\drivers\dxgkrnl.sys 21:16:55.0784 0x2eb4 DXGKrnl - ok 21:16:55.0784 0x2eb4 EagleX64 - ok 21:16:55.0784 0x2eb4 [ 6073537F250B45E1CB2A02E97F0FE1B2, 653F3F2F2019168EDF225944A88AFDBF8393B62AA076BD19980691778F3DB67D ] Eaphost C:\WINDOWS\System32\eapsvc.dll 21:16:55.0816 0x2eb4 Eaphost - ok 21:16:55.0909 0x2eb4 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv C:\WINDOWS\system32\drivers\evbda.sys 21:16:56.0050 0x2eb4 ebdrv - ok 21:16:56.0050 0x2eb4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] EFS C:\WINDOWS\System32\lsass.exe 21:16:56.0081 0x2eb4 EFS - ok 21:16:56.0081 0x2eb4 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass C:\WINDOWS\system32\drivers\EhStorClass.sys 21:16:56.0097 0x2eb4 EhStorClass - ok 21:16:56.0113 0x2eb4 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys 21:16:56.0128 0x2eb4 EhStorTcgDrv - ok 21:16:56.0159 0x2eb4 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev C:\WINDOWS\System32\drivers\errdev.sys 21:16:56.0175 0x2eb4 ErrDev - ok 21:16:56.0175 0x2eb4 [ F37415F77CDD8AFD4F611BC125764C9E, DCF77D004A51B37B4C71DB4866B4C396B53E430E906211000569C77E943F327C ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys 21:16:56.0206 0x2eb4 ETD - ok 21:16:56.0206 0x2eb4 [ ACF1FB778B3729DC3863DA55ACC2E99B, FFF146BC00B9B94AE02B2A7FA4B20BB497B97937D9BEB2AAEB0DD6E196B99AC9 ] ETDService C:\Program Files\Elantech\ETDService.exe 21:16:56.0253 0x2eb4 ETDService - ok 21:16:56.0284 0x2eb4 [ 030CE75B7D8F75FAA7BA1EC6FD0EB5A3, 5264734F0572FAEDCCB008221C9982CCB7922C4FFC358605424EA413CDCDAE99 ] EventSystem C:\WINDOWS\system32\es.dll 21:16:56.0394 0x2eb4 EventSystem - ok 21:16:56.0488 0x2eb4 [ 21FFB87A70019E9B39C5A8469695ACBA, B41BEDB737CFD33707181DA0B69FC47C01C897AF8B42211A46B54A9FDB2B9004 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 21:16:56.0519 0x2eb4 EvtEng - ok 21:16:56.0534 0x2eb4 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat C:\WINDOWS\system32\drivers\exfat.sys 21:16:56.0550 0x2eb4 exfat - ok 21:16:56.0566 0x2eb4 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat C:\WINDOWS\system32\drivers\fastfat.sys 21:16:56.0581 0x2eb4 fastfat - ok 21:16:56.0597 0x2eb4 [ 2BC8532ABF2B3756B78FA1DA54147DDE, DF65EE2AB0255A2CF3221085A6BE7C37E3DB6BFEED3BCADCDD69BB1049F6DCB1 ] Fax C:\WINDOWS\system32\fxssvc.exe 21:16:56.0659 0x2eb4 Fax - ok 21:16:56.0659 0x2eb4 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc C:\WINDOWS\System32\drivers\fdc.sys 21:16:56.0706 0x2eb4 fdc - ok 21:16:56.0706 0x2eb4 [ DC1A78BCCCB7EE53D6FD3BD615A8E222, EE16B6853185AAE779D7135035983938009901658F76A8856AAC12EBA15BB34E ] fdPHost C:\WINDOWS\system32\fdPHost.dll 21:16:56.0738 0x2eb4 fdPHost - ok 21:16:56.0738 0x2eb4 [ E5AD448F2DC84B1CF387FA7F2A3D1936, BBB29C79A085C503F5EFFB5144596D5DEC48A4EB34A049A4E7B38B27F6D92E0A ] FDResPub C:\WINDOWS\system32\fdrespub.dll 21:16:56.0784 0x2eb4 FDResPub - ok 21:16:56.0784 0x2eb4 [ 0046E0BD031213D37123876B0D0FA61C, A4FE17D56F0BAFB70D0D421ED9D1B6E50AF8ADAA4B59328A41AEC5B4C068A3CB ] fhsvc C:\WINDOWS\system32\fhsvc.dll 21:16:56.0831 0x2eb4 fhsvc - ok 21:16:56.0831 0x2eb4 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo C:\WINDOWS\system32\drivers\fileinfo.sys 21:16:56.0847 0x2eb4 FileInfo - ok 21:16:56.0863 0x2eb4 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace C:\WINDOWS\system32\drivers\filetrace.sys 21:16:56.0878 0x2eb4 Filetrace - ok 21:16:56.0878 0x2eb4 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk C:\WINDOWS\System32\drivers\flpydisk.sys 21:16:56.0894 0x2eb4 flpydisk - ok 21:16:56.0909 0x2eb4 [ 6592D192E2823C043EDBC010E7774053, C025A0EC5517DC3BD5D6656DC0F0F19021FB3D2EE90EC6194E1BD74E638EBBDC ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 21:16:56.0941 0x2eb4 FltMgr - ok 21:16:56.0972 0x2eb4 [ 3FA6DC6B29717E32E211C1FD821F2C75, E467F3775427C93CC2B87327B0A45669631A5FC460C558F6796BA26002A8BBFC ] FontCache C:\WINDOWS\system32\FntCache.dll 21:16:57.0050 0x2eb4 FontCache - ok 21:16:57.0066 0x2eb4 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:16:57.0097 0x2eb4 FontCache3.0.0.0 - ok 21:16:57.0097 0x2eb4 [ 35005534E600E993A90B036E4E599F2B, DA56FA3776FBD3D50276CB7410E0CB6F137DD8FCA84C0F3FEF8B1FEA5F6CA592 ] FsDepends C:\WINDOWS\system32\drivers\FsDepends.sys 21:16:57.0144 0x2eb4 FsDepends - ok 21:16:57.0144 0x2eb4 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:16:57.0159 0x2eb4 Fs_Rec - ok 21:16:57.0175 0x2eb4 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol C:\WINDOWS\system32\DRIVERS\fvevol.sys 21:16:57.0206 0x2eb4 fvevol - ok 21:16:57.0222 0x2eb4 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM C:\WINDOWS\System32\drivers\fxppm.sys 21:16:57.0253 0x2eb4 FxPPM - ok 21:16:57.0253 0x2eb4 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx C:\WINDOWS\system32\drivers\gagp30kx.sys 21:16:57.0269 0x2eb4 gagp30kx - ok 21:16:57.0284 0x2eb4 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys 21:16:57.0303 0x2eb4 gencounter - ok 21:16:57.0307 0x2eb4 [ 16C2A6BCDDA8952C2035DEC861492A19, 9023CD3A2C1009786A48EF7FBCC97ED1724C836279424A4D465CCE1AFA2DBDDA ] ggflt C:\WINDOWS\System32\drivers\ggflt.sys 21:16:57.0325 0x2eb4 ggflt - ok 21:16:57.0341 0x2eb4 [ 6B503DF845EABF3457E49FBBDA26C10E, A1553E3822EDEA26D8E67FCC7F9EA40DFBED49EC92FD5674AAF938F2D58CF964 ] ggsemc C:\WINDOWS\System32\drivers\ggsemc.sys 21:16:57.0372 0x2eb4 ggsemc - ok 21:16:57.0388 0x2eb4 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101 C:\WINDOWS\system32\Drivers\msgpioclx.sys 21:16:57.0403 0x2eb4 GPIOClx0101 - ok 21:16:57.0434 0x2eb4 [ 69DB09F0263C637DA8568D404842466A, D042194266978AAD31E04DAF7018CD50754077212DC74A4D8AFF6BFEE80CDD20 ] gpsvc C:\WINDOWS\System32\gpsvc.dll 21:16:57.0497 0x2eb4 gpsvc - ok 21:16:57.0513 0x2eb4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:16:57.0528 0x2eb4 gupdate - ok 21:16:57.0528 0x2eb4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:16:57.0544 0x2eb4 gupdatem - ok 21:16:57.0544 0x2eb4 [ 9EA41C1F650A7DA597557297F3AEE720, 7FB5F34A1A28DFB80097B0CD1F040CD1EFB44A7391E74E69D96B9AD0BDCEC9C9 ] Hamachi C:\WINDOWS\system32\DRIVERS\Hamdrv.sys 21:16:57.0559 0x2eb4 Hamachi - ok 21:16:57.0622 0x2eb4 [ 8F1E6AC416C8E48F6731B8F625BBC30B, A4BDFA9771C1470FCAB65ACEDF57CCA5C741A8DF09FA3A7F91EE79DBFE9D5699 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 21:16:57.0700 0x2eb4 Hamachi2Svc - ok 21:16:57.0716 0x2eb4 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\WINDOWS\system32\drivers\HdAudio.sys 21:16:57.0763 0x2eb4 HdAudAddService - ok 21:16:57.0763 0x2eb4 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus C:\WINDOWS\System32\drivers\HDAudBus.sys 21:16:57.0809 0x2eb4 HDAudBus - ok 21:16:57.0809 0x2eb4 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt C:\WINDOWS\System32\drivers\HidBatt.sys 21:16:57.0841 0x2eb4 HidBatt - ok 21:16:57.0841 0x2eb4 [ 1EA1B4FABB8CC348E73CA90DBA22E104, 5C18C6BD499272F216DD4626B5E8D38181AEAC9AD917FBEB614A75B70467B258 ] HidBth C:\WINDOWS\System32\drivers\hidbth.sys 21:16:57.0890 0x2eb4 HidBth - ok 21:16:57.0890 0x2eb4 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c C:\WINDOWS\System32\drivers\hidi2c.sys 21:16:57.0921 0x2eb4 hidi2c - ok 21:16:57.0921 0x2eb4 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys 21:16:57.0968 0x2eb4 HidIr - ok 21:16:57.0968 0x2eb4 [ 449A20A674AA3FAA7F0DD4E33EE2DC20, 28B9BDA306456E8640C355718DE3477537B0FAF8C37F633C709129AAB64D9873 ] hidserv C:\WINDOWS\system32\hidserv.dll 21:16:57.0984 0x2eb4 hidserv - ok 21:16:58.0000 0x2eb4 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb C:\WINDOWS\System32\drivers\hidusb.sys 21:16:58.0015 0x2eb4 HidUsb - ok 21:16:58.0015 0x2eb4 [ 7BF3ADCBD021D4F4A84CF40EB49C71B5, 5758A51FD2EBE67E6DBE3A298D714D351910F9E01C428D0C1359457C9242B298 ] hkmsvc C:\WINDOWS\system32\kmsvc.dll 21:16:58.0046 0x2eb4 hkmsvc - ok 21:16:58.0046 0x2eb4 [ 6CD9C3819BE8C0A3DACC82AE5D3C4F18, 46BF4A968E506DE17CA401401D716B444CDC10A5C60EB081890DD4B886AEDF5F ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll 21:16:58.0078 0x2eb4 HomeGroupListener - ok 21:16:58.0093 0x2eb4 [ 1A4DA1D6287B99033D144B436C23B656, D4D1EEB372E61512EA36A33F095E68C225B8E6C72CC57ED8BD00533F88012F40 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll 21:16:58.0125 0x2eb4 HomeGroupProvider - ok 21:16:58.0140 0x2eb4 [ CC1A58B54BCFFF376C3901BC8BEC1E22, CE40C382DC4F49B19F261DE0B8B989CCCC3A952B9B3A051D1A54E0B966BD0677 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe 21:16:58.0171 0x2eb4 HP LaserJet Service - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:00.0625 0x2eb4 Detect skipped due to KSN trusted 21:17:00.0625 0x2eb4 HP LaserJet Service - ok 21:17:00.0641 0x2eb4 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD C:\WINDOWS\system32\drivers\HpSAMD.sys 21:17:00.0656 0x2eb4 HpSAMD - ok 21:17:00.0656 0x2eb4 [ D26D7D9D6B2B447BDC35ACE9ADBBE7E1, 7CFCF14CFCBF62AF5182A07642840BC78815360CA5143DBB7614F259021F2A17 ] HPSIService C:\WINDOWS\system32\HPSIsvc.exe 21:17:00.0719 0x2eb4 HPSIService - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:03.0175 0x2eb4 Detect skipped due to KSN trusted 21:17:03.0175 0x2eb4 HPSIService - ok 21:17:03.0190 0x2eb4 [ 5C8BC8A28798FD010E7ABC4E0D588CAA, 622CAFD3DCBB05E15539589FDD4002DA6F24790FC55BDF05AA3D043E8A34E53E ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe 21:17:03.0268 0x2eb4 HTCMonitorService - ok 21:17:03.0268 0x2eb4 [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot C:\WINDOWS\system32\DRIVERS\htcnprot.sys 21:17:03.0284 0x2eb4 htcnprot - ok 21:17:03.0315 0x2eb4 [ 9DDCA7F18983C5410DEFF79F819DF93C, CE97B4440377BFC5CA81BB600C3BD1DD9FB3951CA1EB70735F5E2050EBB74223 ] HTTP C:\WINDOWS\system32\drivers\HTTP.sys 21:17:03.0378 0x2eb4 HTTP - ok 21:17:03.0378 0x2eb4 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy C:\WINDOWS\system32\drivers\hwpolicy.sys 21:17:03.0393 0x2eb4 hwpolicy - ok 21:17:03.0393 0x2eb4 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd C:\WINDOWS\System32\drivers\hyperkbd.sys 21:17:03.0440 0x2eb4 hyperkbd - ok 21:17:03.0440 0x2eb4 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo C:\WINDOWS\system32\DRIVERS\HyperVideo.sys 21:17:03.0456 0x2eb4 HyperVideo - ok 21:17:03.0472 0x2eb4 [ 84CFC5EFA97D0C965EDE1D56F116A541, 0155EA62BF07D99D98D1C9B6559C8E3301B016A20D03DF1EF64B2FAB8C37403B ] i8042prt C:\WINDOWS\System32\drivers\i8042prt.sys 21:17:03.0550 0x2eb4 i8042prt - ok 21:17:03.0550 0x2eb4 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 21:17:03.0565 0x2eb4 iaLPSSi_GPIO - ok 21:17:03.0565 0x2eb4 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys 21:17:03.0581 0x2eb4 iaLPSSi_I2C - ok 21:17:03.0597 0x2eb4 [ 57CD95DEB3529181BCC931DD2DFB2341, 03ACF906E4C3CF954F503900F42C7A60FCD5624772B90A956F032484146E42B7 ] iaStorA C:\WINDOWS\system32\drivers\iaStorA.sys 21:17:03.0643 0x2eb4 iaStorA - ok 21:17:03.0659 0x2eb4 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV C:\WINDOWS\system32\drivers\iaStorAV.sys 21:17:03.0722 0x2eb4 iaStorAV - ok 21:17:03.0722 0x2eb4 [ 20E83F4632E15A5E9E716FF2E8AC7FAE, 7CA1A4924F432AD30ED7FA6247C6513DA173EE31132AE115E85C0ED7E5971029 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 21:17:03.0753 0x2eb4 IAStorDataMgrSvc - ok 21:17:03.0768 0x2eb4 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV C:\WINDOWS\system32\drivers\iaStorV.sys 21:17:03.0815 0x2eb4 iaStorV - ok 21:17:03.0815 0x2eb4 [ 23E22B130EFE5A225E279467BE146317, 2302C119FE9C57F3A71DFE504489423B6F7140E2DFF5D501883AD971CB671CB4 ] iBtFltCoex C:\WINDOWS\system32\DRIVERS\iBtFltCoex.sys 21:17:03.0831 0x2eb4 iBtFltCoex - ok 21:17:03.0847 0x2eb4 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:17:03.0878 0x2eb4 IDriverT - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:06.0361 0x2eb4 Detect skipped due to KSN trusted 21:17:06.0361 0x2eb4 IDriverT - ok 21:17:06.0361 0x2eb4 IEEtwCollectorService - ok 21:17:06.0439 0x2eb4 [ 0AECABC08F9AB4E504935B7662123B6E, 79D1C801A8FB0920469D6088158C518481485A065E8AF2E580FE4FCC1DE8F39B ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys 21:17:06.0579 0x2eb4 igfx - ok 21:17:06.0611 0x2eb4 [ DEA76F90F9777E3427D70E380222B23B, B917BA423896A12E45623E3D494CA03317A6FC612CA433C62C897524DC3E756B ] IKEEXT C:\WINDOWS\System32\ikeext.dll 21:17:06.0658 0x2eb4 IKEEXT - ok 21:17:06.0658 0x2eb4 [ F0F581A2299CB2BAB1DF2597BCDDB80F, EE485AF3049C87666BC6D6BFFC8A0EB4B95831D9061EB81848ECEE29C4232BF4 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys 21:17:06.0720 0x2eb4 intaud_WaveExtensible - ok 21:17:06.0736 0x2eb4 [ B375D8686E1BD2B79C0F00E3868A8C3B, A15D99F04B69FB37ED3AC0C3BBA464BF6D6EB1873D4AE1062983120E3BD1C4DB ] IntcDAud C:\WINDOWS\system32\DRIVERS\IntcDAud.sys 21:17:06.0751 0x2eb4 IntcDAud - ok 21:17:06.0783 0x2eb4 [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 21:17:06.0845 0x2eb4 Intel(R) Capability Licensing Service Interface - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:12.0474 0x2eb4 Detect skipped due to KSN trusted 21:17:12.0474 0x2eb4 Intel(R) Capability Licensing Service Interface - ok 21:17:12.0489 0x2eb4 [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe 21:17:12.0536 0x2eb4 Intel(R) Capability Licensing Service TCP IP Interface - ok 21:17:12.0536 0x2eb4 [ 441D5FAF24CC2EC115B654A55C52F0AF, 5BF5299DAD9A7076C43D68C70E02AEC8DBFD89C1AFDF7CD6AB95550EE25EEB36 ] Intel(R) Wireless Bluetooth(R) 4.0 Radio Management C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe 21:17:12.0552 0x2eb4 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - ok 21:17:12.0552 0x2eb4 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide C:\WINDOWS\system32\drivers\intelide.sys 21:17:12.0567 0x2eb4 intelide - ok 21:17:12.0817 0x2eb4 [ 28388795BDF79464E8FDADB127671734, 4C740A8E35462C051DE3166BF87F5061518F589D8BCF4C36247FEC4903231593 ] intelkmd C:\WINDOWS\system32\DRIVERS\igdpmd64.sys 21:17:13.0083 0x2eb4 intelkmd - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:15.0660 0x2eb4 Detect skipped due to KSN trusted 21:17:15.0660 0x2eb4 intelkmd - ok 21:17:15.0660 0x2eb4 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA28D1D4EFD029A7 ] intelpep C:\WINDOWS\system32\drivers\intelpep.sys 21:17:15.0699 0x2eb4 intelpep - ok 21:17:15.0705 0x2eb4 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm C:\WINDOWS\System32\drivers\intelppm.sys 21:17:15.0716 0x2eb4 intelppm - ok 21:17:15.0716 0x2eb4 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:17:15.0748 0x2eb4 IpFilterDriver - ok 21:17:15.0763 0x2eb4 [ ACFEE9487693C2BD573DFCA71D98E17C, A347FD476147CD3568EEE6993B46AFC05A66A4269094CA51572D0FD013FCB535 ] iphlpsvc C:\WINDOWS\System32\iphlpsvc.dll 21:17:15.0841 0x2eb4 iphlpsvc - ok 21:17:15.0841 0x2eb4 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV C:\WINDOWS\System32\drivers\IPMIDrv.sys 21:17:15.0857 0x2eb4 IPMIDRV - ok 21:17:15.0873 0x2eb4 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys 21:17:15.0904 0x2eb4 IPNAT - ok 21:17:15.0904 0x2eb4 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM C:\WINDOWS\system32\drivers\irenum.sys 21:17:15.0951 0x2eb4 IRENUM - ok 21:17:15.0966 0x2eb4 [ 5FD1AD322C594FFE45D5BC47D27C52A7, 3F1F0AB9A3C7E847EF9810191530DF37956BD8829154A2034721648CFBFCC201 ] irstrtdv C:\WINDOWS\System32\drivers\irstrtdv.sys 21:17:15.0966 0x2eb4 irstrtdv - ok 21:17:16.0045 0x2eb4 [ FF98E85E00DC52E29173029F71958C82, 8094EF7071D4A05A1C89DB9925A009D6F5D548A847E3327698AC52918B37F74B ] irstrtsv C:\Windows\SysWOW64\irstrtsv.exe 21:17:16.0123 0x2eb4 irstrtsv - ok 21:17:16.0138 0x2eb4 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp C:\WINDOWS\system32\drivers\isapnp.sys 21:17:16.0154 0x2eb4 isapnp - ok 21:17:16.0154 0x2eb4 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt C:\WINDOWS\System32\drivers\msiscsi.sys 21:17:16.0263 0x2eb4 iScsiPrt - ok 21:17:16.0279 0x2eb4 [ C2BC9AC9C6514230A481BDCA6A24BEFD, 84E41675D11EF2EEECED23C8469503C8D12810A2C6B6743D7AA322EB6DF7E68D ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys 21:17:16.0295 0x2eb4 iwdbus - ok 21:17:16.0310 0x2eb4 [ 52069AEB42D3D0F97CBCA1085EBF55E6, ADB2EFFF563B3FE113FCD156FD1E469BC24FC1D68AFEDCA21306F76592C9FF88 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 21:17:16.0342 0x2eb4 jhi_service - ok 21:17:16.0357 0x2eb4 [ 8BE92376799B6B44D543E8D07CDCF885, 425B8BB1BAF62F735B3CB5A002E6055879F02E7207E55942BFD37F1784F5F368 ] kbdclass C:\WINDOWS\System32\drivers\kbdclass.sys 21:17:16.0373 0x2eb4 kbdclass - ok 21:17:16.0373 0x2eb4 [ FB6E47E569D4872ABEB506BE03A45FBA, 5C4056CADA8F67587A119D9AE2A0EFAB30387CF6298F4019FF68AC92E2F6F54B ] kbdhid C:\WINDOWS\System32\drivers\kbdhid.sys 21:17:16.0388 0x2eb4 kbdhid - ok 21:17:16.0388 0x2eb4 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr C:\WINDOWS\system32\drivers\kbldfltr.sys 21:17:16.0435 0x2eb4 kbldfltr - ok 21:17:16.0435 0x2eb4 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic C:\WINDOWS\system32\DRIVERS\kdnic.sys 21:17:16.0482 0x2eb4 kdnic - ok 21:17:16.0482 0x2eb4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] KeyIso C:\WINDOWS\system32\lsass.exe 21:17:16.0498 0x2eb4 KeyIso - ok 21:17:16.0498 0x2eb4 [ ADDECBCC777665BD113BED437E602AB0, B6283475A1219CE44E9F683DD3BEB8C42DA0943297E5C4699B22176AD8A6A7ED ] KSecDD C:\WINDOWS\system32\Drivers\ksecdd.sys 21:17:16.0529 0x2eb4 KSecDD - ok 21:17:16.0529 0x2eb4 [ 6D2EE96150E35B9EA49F2B481DE0369A, AC5915219FD81D89E444F6E86D71F7C495108FC35E7BD683321FC7006161AFE1 ] KSecPkg C:\WINDOWS\system32\Drivers\ksecpkg.sys 21:17:16.0545 0x2eb4 KSecPkg - ok 21:17:16.0560 0x2eb4 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk C:\WINDOWS\system32\drivers\ksthunk.sys 21:17:16.0576 0x2eb4 ksthunk - ok 21:17:16.0592 0x2eb4 [ 32B1A8351160F307A8C66BCB0F94A9C2, 52F1DEC2BBD4D5DDBB85ED20B99D96BBA7EB83304D76F183A11FDAFDA364E873 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll 21:17:16.0638 0x2eb4 KtmRm - ok 21:17:16.0654 0x2eb4 [ 793EACA6BAE9F481C2059BCB3743EB4A, 2624905C6B6A1227BD1CAC7D4FE55A5F6543E1278DAB31EC553748472D180D1D ] LanmanServer C:\WINDOWS\system32\srvsvc.dll 21:17:16.0685 0x2eb4 LanmanServer - ok 21:17:16.0685 0x2eb4 [ D0D9C2ECA4D03A8F06DCD91236B90C98, E2D1144DC8040EA5FEB0602A20BA4CB920B4BC86AD5AD05FC0DF7D74DC95DC66 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll 21:17:16.0717 0x2eb4 LanmanWorkstation - ok 21:17:16.0732 0x2eb4 [ 626D19F1771E1AE72208AE9A8F3082F7, 78FDB64545ED2EAE9F51C08120E21D2C3285208F6846BD8BBA08CAA839E7A0C4 ] lfsvc C:\WINDOWS\System32\GeofenceMonitorService.dll 21:17:16.0779 0x2eb4 lfsvc - ok 21:17:16.0779 0x2eb4 [ FA529FB35694C24BF98A9EF67C1CD9D0, 7B3C587C38CF13D514140F0A55E58997D6071D1DEFD97E274E3F490660AC6075 ] LGBusEnum C:\WINDOWS\system32\drivers\LGBusEnum.sys 21:17:16.0795 0x2eb4 LGBusEnum - ok 21:17:16.0795 0x2eb4 [ 94B29CE153765E768F004FB3440BE2B0, E74C01CEBDA589CDDE35CBCBAA18700E3742DD3B48A90DB3630992467FFC5024 ] LGVirHid C:\WINDOWS\system32\drivers\LGVirHid.sys 21:17:16.0810 0x2eb4 LGVirHid - ok 21:17:16.0826 0x2eb4 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio C:\WINDOWS\system32\DRIVERS\lltdio.sys 21:17:16.0873 0x2eb4 lltdio - ok 21:17:16.0888 0x2eb4 [ 00E070FC0C673311AFD4B068D1242780, 50B0E0E625361145332C849709498FF444E46578DCAD2536E6D0289E0125580F ] lltdsvc C:\WINDOWS\System32\lltdsvc.dll 21:17:16.0920 0x2eb4 lltdsvc - ok 21:17:16.0920 0x2eb4 [ D113FAD71A5E67AA94B32A0F8828D265, 08DDB4BBDB570C59926DBF5E27FCF46DCDF8B8212BB9251E97837E0504516FB3 ] lmhosts C:\WINDOWS\System32\lmhsvc.dll 21:17:16.0935 0x2eb4 lmhosts - ok 21:17:16.0951 0x2eb4 [ DECDC94EE980974EDFE4663B28A127C1, 9546F6B6F049EAD3D503A18CA106A1716AFE46CA40769D3DB128A3C152E02D30 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe 21:17:16.0982 0x2eb4 LMIGuardianSvc - ok 21:17:16.0982 0x2eb4 [ 90C864827E1722F5BB6EEA8896A4E8EF, 6F9D96B7A65BD79ED5A384025393F36A5DEAC4EE01CA173874906B54F57150EF ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:17:17.0029 0x2eb4 LMS - ok 21:17:17.0029 0x2eb4 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS C:\WINDOWS\system32\drivers\lsi_sas.sys 21:17:17.0045 0x2eb4 LSI_SAS - ok 21:17:17.0045 0x2eb4 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2 C:\WINDOWS\system32\drivers\lsi_sas2.sys 21:17:17.0076 0x2eb4 LSI_SAS2 - ok 21:17:17.0076 0x2eb4 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3 C:\WINDOWS\system32\drivers\lsi_sas3.sys 21:17:17.0092 0x2eb4 LSI_SAS3 - ok 21:17:17.0092 0x2eb4 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS C:\WINDOWS\system32\drivers\lsi_sss.sys 21:17:17.0107 0x2eb4 LSI_SSS - ok 21:17:17.0123 0x2eb4 [ 8EBB271E4588D835784A3FF7E80076A8, A508BE95F6F5063A76F4C8726D9425BB1F00DE803EFE73A0BE145DD9AB82FF0A ] LSM C:\WINDOWS\System32\lsm.dll 21:17:17.0185 0x2eb4 LSM - ok 21:17:17.0217 0x2eb4 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv C:\WINDOWS\system32\drivers\luafv.sys 21:17:17.0248 0x2eb4 luafv - ok 21:17:17.0248 0x2eb4 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas C:\WINDOWS\system32\drivers\megasas.sys 21:17:17.0279 0x2eb4 megasas - ok 21:17:17.0357 0x2eb4 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr C:\WINDOWS\system32\drivers\megasr.sys 21:17:17.0420 0x2eb4 megasr - ok 21:17:17.0420 0x2eb4 [ 926C135CFB0C75B32FB714B5C0C58FAA, AF627CD125794B69D450D298D5608D357F2C91FB89EBFAA0DA2A0F07C6A304A8 ] MEIx64 C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys 21:17:17.0451 0x2eb4 MEIx64 - ok 21:17:17.0451 0x2eb4 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] MMCSS C:\WINDOWS\system32\mmcss.dll 21:17:17.0482 0x2eb4 MMCSS - ok 21:17:17.0482 0x2eb4 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem C:\WINDOWS\system32\drivers\modem.sys 21:17:17.0498 0x2eb4 Modem - ok 21:17:17.0498 0x2eb4 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor C:\WINDOWS\System32\drivers\monitor.sys 21:17:17.0513 0x2eb4 monitor - ok 21:17:17.0529 0x2eb4 [ CEAC6D40FE887CE8406C2393CF97DE06, 34E76908B802764FF0D7AB3AF89BE77BD35B44787983343FAD89891891C0A045 ] mouclass C:\WINDOWS\System32\drivers\mouclass.sys 21:17:17.0545 0x2eb4 mouclass - ok 21:17:17.0545 0x2eb4 [ 02D98BF804084E9A0D69D1C69B02CCA9, EC5BC5D87043DFFD035FD4DD27B3D94E03119063519E4151BCC3522B613E2D7F ] mouhid C:\WINDOWS\System32\drivers\mouhid.sys 21:17:17.0576 0x2eb4 mouhid - ok 21:17:17.0576 0x2eb4 [ 515549560D481138E6E21AF7C6998E56, C7E4B38D8CCAF15B9BDA63C8C8209F6193AD220DA02E1264F1B687AACD8F409F ] mountmgr C:\WINDOWS\system32\drivers\mountmgr.sys 21:17:17.0592 0x2eb4 mountmgr - ok 21:17:17.0592 0x2eb4 [ 0329A45C849C9D77901094B8FFE8BBB9, 2151C15A4185FABBC3367B8213017B45E08C43E26E1D8942E707E217C6A5EDA7 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 21:17:17.0638 0x2eb4 MozillaMaintenance - ok 21:17:17.0638 0x2eb4 [ F170510BE94CF45E3C6274578F6204B2, 344C3DDE1D622607CA2ABECB2C47CB0166D2D258BD94A7960C45A5ADBB640566 ] mpsdrv C:\WINDOWS\system32\drivers\mpsdrv.sys 21:17:17.0654 0x2eb4 mpsdrv - ok 21:17:17.0685 0x2eb4 [ D186C5844393252147BE934F3871DB7A, 30160F8268B9F46E82C5CB536867E0CF280DC98074A481595072E3320200E343 ] MpsSvc C:\WINDOWS\system32\mpssvc.dll 21:17:17.0748 0x2eb4 MpsSvc - ok 21:17:17.0763 0x2eb4 [ 1D55DADC22D21883A2F80297F5A5AE48, B79DF4AFC2A9CBC54E74233596544D6E41C8CAA0516BD57CA695D051EC780265 ] MRxDAV C:\WINDOWS\system32\drivers\mrxdav.sys 21:17:17.0808 0x2eb4 MRxDAV - ok 21:17:17.0808 0x2eb4 [ 7A1A3F213CDB3363D179D5014272025D, 6756F5B7D9FBF6839DB1FF4E94EA45B5499D7DF925E75581C96FBBA4BE131542 ] mrxsmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:17:17.0839 0x2eb4 mrxsmb - ok 21:17:17.0855 0x2eb4 [ 3E28B99198B514DFEB152EACF913025E, 6C1D8353DCD5F811F39C0C3CB5DF3D2457F0D17EE80FB06196AA169E3D19E9B2 ] mrxsmb10 C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys 21:17:17.0886 0x2eb4 mrxsmb10 - ok 21:17:17.0886 0x2eb4 [ C910E5D18958914A66F0E45689D0B40A, AD7C91DD8A60A511E580DD56BACC97F85075A539E7C5D95040A8F870A621DAF4 ] mrxsmb20 C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys 21:17:17.0917 0x2eb4 mrxsmb20 - ok 21:17:17.0933 0x2eb4 [ E0927EFA25D473367C3341B9F5969779, B77A162BD3334557623674373D8EC2BE7CC0B359DF06304E467ABFFEE0530271 ] MsBridge C:\WINDOWS\system32\DRIVERS\bridge.sys 21:17:17.0949 0x2eb4 MsBridge - ok 21:17:17.0949 0x2eb4 [ A082C17D14D0790E27D064EA4B138AE1, 9A565ED885782D9D5135C8399C11C356DBF9EBF3B8EB4B4504BD2604AD0B45E6 ] MSDTC C:\WINDOWS\System32\msdtc.exe 21:17:17.0980 0x2eb4 MSDTC - ok 21:17:17.0980 0x2eb4 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 21:17:17.0996 0x2eb4 Msfs - ok 21:17:18.0011 0x2eb4 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys 21:17:18.0027 0x2eb4 msgpiowin32 - ok 21:17:18.0027 0x2eb4 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf C:\WINDOWS\System32\drivers\mshidkmdf.sys 21:17:18.0074 0x2eb4 mshidkmdf - ok 21:17:18.0074 0x2eb4 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys 21:17:18.0105 0x2eb4 mshidumdf - ok 21:17:18.0105 0x2eb4 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv C:\WINDOWS\system32\drivers\msisadrv.sys 21:17:18.0136 0x2eb4 msisadrv - ok 21:17:18.0152 0x2eb4 [ 810F8A0A0680662BB0CE44D0E2CEF90C, 5631B07911B7EF378CB1583A480A3C5715E59A5488B33A528F4D7A2F849B9113 ] MSiSCSI C:\WINDOWS\system32\iscsiexe.dll 21:17:18.0167 0x2eb4 MSiSCSI - ok 21:17:18.0167 0x2eb4 msiserver - ok 21:17:18.0183 0x2eb4 [ D22AE5313F6B7EFDDD8C117B5501F4A3, 1937EEE33BF9C4485F172B10FB17AEF3F3B8978371307F49C3338D74D96A8389 ] MsKeyboardFilter C:\WINDOWS\System32\KeyboardFilterSvc.dll 21:17:18.0199 0x2eb4 MsKeyboardFilter - ok 21:17:18.0199 0x2eb4 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:17:18.0230 0x2eb4 MSKSSRV - ok 21:17:18.0246 0x2eb4 [ 375E44168F2DFB91A68B8A3F619C5A7C, AC243E02E9A39D0B4DE9571F196941700EE6EB5E94F5B0BA8994FB551E73A7A8 ] MsLldp C:\WINDOWS\system32\DRIVERS\mslldp.sys 21:17:18.0277 0x2eb4 MsLldp - ok 21:17:18.0277 0x2eb4 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:17:18.0293 0x2eb4 MSPCLOCK - ok 21:17:18.0293 0x2eb4 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 21:17:18.0324 0x2eb4 MSPQM - ok 21:17:18.0324 0x2eb4 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC C:\WINDOWS\system32\drivers\MsRPC.sys 21:17:18.0355 0x2eb4 MsRPC - ok 21:17:18.0371 0x2eb4 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios C:\WINDOWS\System32\drivers\mssmbios.sys 21:17:18.0371 0x2eb4 mssmbios - ok 21:17:18.0386 0x2eb4 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 21:17:18.0402 0x2eb4 MSTEE - ok 21:17:18.0402 0x2eb4 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig C:\WINDOWS\System32\drivers\MTConfig.sys 21:17:18.0418 0x2eb4 MTConfig - ok 21:17:18.0433 0x2eb4 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup C:\WINDOWS\system32\Drivers\mup.sys 21:17:18.0449 0x2eb4 Mup - ok 21:17:18.0449 0x2eb4 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis C:\WINDOWS\system32\drivers\mvumis.sys 21:17:18.0464 0x2eb4 mvumis - ok 21:17:18.0464 0x2eb4 [ 705E9675014EB688BEDD967B1ABECF19, 7FA4B0A5120DD415C5D3F3BE56C69455647029332DC2E9B4E9874AF3C34F89AD ] mvusbews C:\WINDOWS\System32\Drivers\mvusbews.sys 21:17:18.0511 0x2eb4 mvusbews - ok 21:17:18.0543 0x2eb4 [ 53EE034F83E9A7A8E421572E385F67CD, 29F718B95B9D6CBDA49D5DE14FEC46DA64D7977131D585C975B3D703559D0988 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 21:17:18.0558 0x2eb4 MyWiFiDHCPDNS - ok 21:17:18.0599 0x2eb4 [ 41A45D2A75494EABF2806EA051E00376, EB2497561C8E33A4297C044604C717FF854C7F046882A9E4A400AE7679BF5467 ] napagent C:\WINDOWS\system32\qagentRT.dll 21:17:18.0631 0x2eb4 napagent - ok 21:17:18.0631 0x2eb4 [ 26ACA481FAFEC59FE311D719E3027BBA, 16A24CCA95A38BDFE970580159F6ACAA13FF1B74CF2290B1B020D909F90D3347 ] NativeWifiP C:\WINDOWS\system32\DRIVERS\nwifi.sys 21:17:18.0663 0x2eb4 NativeWifiP - ok 21:17:18.0678 0x2eb4 [ 71E3C0100AA19D11373CCEB2F51A6008, 58FBF35F5FE19BEABE483C11E9996BE93D76721C8C34465350FA98B465CA3672 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll 21:17:18.0694 0x2eb4 NcaSvc - ok 21:17:18.0709 0x2eb4 [ 51DF09CAB2CAC64FEE3E371D9028ED01, 9B81604D0D0359AF8F54FED6DA7116FFD2F40407895028EAD99FF1D7CFDC2D14 ] NcbService C:\WINDOWS\System32\ncbservice.dll 21:17:18.0756 0x2eb4 NcbService - ok 21:17:18.0756 0x2eb4 [ 2586C4C167499210DCBF3ECFD8CCE210, D8129FEDE9918BF4FB0057CC58700D4E08457060E810B9CC25CA0F598506ADB8 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll 21:17:18.0819 0x2eb4 NcdAutoSetup - ok 21:17:18.0834 0x2eb4 [ E4B4BE2D7750849C07589DA0B0AABA01, BB5AA727BA018A94B5DE2C4E0B594DD2E7A2B3457885446EE568F3A1E18AB3B0 ] NDIS C:\WINDOWS\system32\drivers\ndis.sys 21:17:18.0913 0x2eb4 NDIS - ok 21:17:18.0913 0x2eb4 [ C6BB12BC35D1637CA17AE16D3A4725EB, 01C1D9FA738886A195166F88207EEB6715A1DE0608978ED6C5DC738AF5C02513 ] NdisCap C:\WINDOWS\system32\DRIVERS\ndiscap.sys 21:17:18.0960 0x2eb4 NdisCap - ok 21:17:18.0960 0x2eb4 [ B1AA3B19A2E596A59224F893E01A5A75, E08696CA5E087E51AC3E64D4FB8490EEADD612DDF30C9A94DD1BD1BA124B71B7 ] NdisImPlatform C:\WINDOWS\system32\DRIVERS\NdisImPlatform.sys 21:17:18.0991 0x2eb4 NdisImPlatform - ok 21:17:18.0991 0x2eb4 [ 9423421E735BD5394351E0C47C76BB92, 763E5D06F896C0EF8AD52515464F28BA85DB7A1560E451857AC9AA68FAFCBC66 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:17:19.0022 0x2eb4 NdisTapi - ok 21:17:19.0022 0x2eb4 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:17:19.0038 0x2eb4 Ndisuio - ok 21:17:19.0053 0x2eb4 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus C:\WINDOWS\System32\drivers\NdisVirtualBus.sys 21:17:19.0074 0x2eb4 NdisVirtualBus - ok 21:17:19.0081 0x2eb4 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:17:19.0100 0x2eb4 NdisWan - ok 21:17:19.0100 0x2eb4 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:17:19.0131 0x2eb4 NdisWanLegacy - ok 21:17:19.0131 0x2eb4 [ A5BD69A8812FA79D1A487691DD3FB244, 67B5EDE101943E0E8B8041DB2353D20C8B9F2D253E77964761CFE8F136C0BBC7 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 21:17:19.0162 0x2eb4 NDProxy - ok 21:17:19.0162 0x2eb4 [ 5A072F0B90C29C5233D78BE33EF5ED78, B32ED76A674B1FC743361FB7BBD4C915A78B14132AB056AADD445D5995AD4F32 ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys 21:17:19.0178 0x2eb4 Ndu - ok 21:17:19.0193 0x2eb4 [ A83D67D347A684F10B7D3019C8A6380C, 2B86832967981C8C786BF24C1CF8E13E01745ACE3333CF5C821DD93D623B96E4 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 21:17:19.0209 0x2eb4 NetBIOS - ok 21:17:19.0225 0x2eb4 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 21:17:19.0240 0x2eb4 NetBT - ok 21:17:19.0240 0x2eb4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] Netlogon C:\WINDOWS\system32\lsass.exe 21:17:19.0256 0x2eb4 Netlogon - ok 21:17:19.0272 0x2eb4 [ B7AD851A21FEBA3BA214972627614207, 29605320CCC3DAAD062CAECF0009DACBC2F6D28ED4E8AF7CE76132129F5572A0 ] Netman C:\WINDOWS\System32\netman.dll 21:17:19.0318 0x2eb4 Netman - ok 21:17:19.0334 0x2eb4 [ F0F0A372C2EF6358399C4936F91B6131, CE596C71EB4D1A5E104D3148F2D0D8789882C59FD198DCF33CCAC7A08B50E4EE ] netprofm C:\WINDOWS\System32\netprofmsvc.dll 21:17:19.0381 0x2eb4 netprofm - ok 21:17:19.0412 0x2eb4 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:17:19.0428 0x2eb4 NetTcpPortSharing - ok 21:17:19.0428 0x2eb4 [ 70414DB660BFBB7BD58FCE8EA4364E1B, 6DFB3897CD55E22BA1EDF0AE672F4D7A6A1F512F8A0A26AF106765E6B1CF65AC ] netvsc C:\WINDOWS\system32\DRIVERS\netvsc63.sys 21:17:19.0475 0x2eb4 netvsc - ok 21:17:19.0553 0x2eb4 [ 75B9B86878CC159FBC40C4F9202ADBE3, 80D9176112BAFB42E6568E723781E5C03BD5472AB382496C1BD784DB9B2FB6E6 ] NETwNe64 C:\WINDOWS\system32\DRIVERS\Netwew00.sys 21:17:19.0670 0x2eb4 NETwNe64 - ok 21:17:19.0685 0x2eb4 [ 3A280F3B3C7A46E29C404ACD46ECBF5E, 81C3367A2A212DBCC65B8A0166FD092E3205AB31A146B4B737061335CEC51F9D ] NlaSvc C:\WINDOWS\System32\nlasvc.dll 21:17:19.0732 0x2eb4 NlaSvc - ok 21:17:19.0732 0x2eb4 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 21:17:19.0763 0x2eb4 Npfs - ok 21:17:19.0779 0x2eb4 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig C:\WINDOWS\System32\drivers\npsvctrig.sys 21:17:19.0795 0x2eb4 npsvctrig - ok 21:17:19.0810 0x2eb4 [ 6E2271ED0C3E95B8E29F3752B91B9E84, 44026AD9757EA82967D7F7578455802FAD7FE0057EAC088E0AE207C15F594B86 ] nsi C:\WINDOWS\system32\nsisvc.dll 21:17:19.0860 0x2eb4 nsi - ok 21:17:19.0860 0x2eb4 [ E490B459978CB87779E84C761D22B827, 1E5CA38626E41618E4CA16DD0C70EB2FA86E986F0CF21A749BDE2A17015DEEC6 ] nsiproxy C:\WINDOWS\system32\drivers\nsiproxy.sys 21:17:19.0887 0x2eb4 nsiproxy - ok 21:17:19.0957 0x2eb4 [ 038C77D577900EE39410662478BB0D50, A33AAFD5750245C17A47EC71F3C6EAD2E0925CAD34C65AB3E6CEE44756C668E6 ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 21:17:20.0035 0x2eb4 Ntfs - ok 21:17:20.0035 0x2eb4 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null C:\WINDOWS\system32\drivers\Null.sys 21:17:20.0051 0x2eb4 Null - ok 21:17:20.0066 0x2eb4 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid C:\WINDOWS\system32\drivers\nvraid.sys 21:17:20.0098 0x2eb4 nvraid - ok 21:17:20.0098 0x2eb4 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor C:\WINDOWS\system32\drivers\nvstor.sys 21:17:20.0113 0x2eb4 nvstor - ok 21:17:20.0129 0x2eb4 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp C:\WINDOWS\system32\drivers\nv_agp.sys 21:17:20.0144 0x2eb4 nv_agp - ok 21:17:20.0160 0x2eb4 [ 2B7D360154E5324F9BA181AF0DBFB2AA, DD53FEDAEC6CB8243142561A946B7A372C320A2C69F8896D33DB504B78707D35 ] OverwolfUpdaterService C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe 21:17:20.0191 0x2eb4 OverwolfUpdaterService - ok 21:17:20.0207 0x2eb4 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] p2pimsvc C:\WINDOWS\system32\pnrpsvc.dll 21:17:20.0254 0x2eb4 p2pimsvc - ok 21:17:20.0269 0x2eb4 [ 2A57A937BC5B1B2D6AFE6A8C5925F50B, 00D84EFED5A7129AAD86945940030474795905C32D65CBD5B1A3EBADCED8F873 ] p2psvc C:\WINDOWS\system32\p2psvc.dll 21:17:20.0301 0x2eb4 p2psvc - ok 21:17:20.0301 0x2eb4 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport C:\WINDOWS\System32\drivers\parport.sys 21:17:20.0316 0x2eb4 Parport - ok 21:17:20.0332 0x2eb4 [ EF0C1749C9A8CEE9A457473D433CC00F, A5FDAB5AD47471640D697C6CFBA6C67730878ABBA47D394EAA47C9733EDCE1F3 ] partmgr C:\WINDOWS\system32\drivers\partmgr.sys 21:17:20.0363 0x2eb4 partmgr - ok 21:17:20.0363 0x2eb4 [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe 21:17:20.0394 0x2eb4 PassThru Service - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:22.0886 0x2eb4 Detect skipped due to KSN trusted 21:17:22.0886 0x2eb4 PassThru Service - ok 21:17:22.0901 0x2eb4 [ 9A5309EF92F39346CFD5A4C2C3D1BFAD, 5908E0C9562F9CB24784491BD9AE7983A33A6BDF81AFA0A08045518A0C9BB2B1 ] PcaSvc C:\WINDOWS\System32\pcasvc.dll 21:17:22.0933 0x2eb4 PcaSvc - ok 21:17:22.0948 0x2eb4 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci C:\WINDOWS\system32\drivers\pci.sys 21:17:22.0979 0x2eb4 pci - ok 21:17:22.0979 0x2eb4 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide C:\WINDOWS\system32\drivers\pciide.sys 21:17:22.0995 0x2eb4 pciide - ok 21:17:23.0011 0x2eb4 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia C:\WINDOWS\system32\drivers\pcmcia.sys 21:17:23.0026 0x2eb4 pcmcia - ok 21:17:23.0026 0x2eb4 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw C:\WINDOWS\system32\drivers\pcw.sys 21:17:23.0073 0x2eb4 pcw - ok 21:17:23.0073 0x2eb4 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8F42933A3525A67 ] pdc C:\WINDOWS\system32\drivers\pdc.sys 21:17:23.0104 0x2eb4 pdc - ok 21:17:23.0120 0x2eb4 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH C:\WINDOWS\system32\drivers\peauth.sys 21:17:23.0167 0x2eb4 PEAUTH - ok 21:17:23.0229 0x2eb4 [ 084DE525DFE82AE7453DD527390FA110, 8216AE63AE740D97204CDED6543B66FC1FB55DB86D42FBA0EC629361C40F9EC0 ] PeerDistSvc C:\WINDOWS\system32\peerdistsvc.dll 21:17:23.0339 0x2eb4 PeerDistSvc - ok 21:17:23.0401 0x2eb4 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe 21:17:23.0433 0x2eb4 PerfHost - ok 21:17:23.0479 0x2eb4 [ 928061178CD9856CA6B67FFFCE6BA766, 71DE3C7CA7F83EAAA550CD8A68FB67DE042B0AE51BFACB1ECB8852D502E11F50 ] pla C:\WINDOWS\system32\pla.dll 21:17:23.0558 0x2eb4 pla - ok 21:17:23.0573 0x2eb4 [ BC6849C62DB407573C6AD8CB1A4D2628, 5BDE0D60F85E4C27CEAD1B301155B54D841FB773BD5BB8AC5DDAEE31F8E94627 ] PlugPlay C:\WINDOWS\system32\umpnpmgr.dll 21:17:23.0589 0x2eb4 PlugPlay - ok 21:17:23.0604 0x2eb4 [ 045EB4F260606A03BE340D09DEAF3BA4, 6F34B8D414F7F69F4388F2F8A86E0F3AD179E423126990AF3E1EC4DCCB8E7693 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll 21:17:23.0620 0x2eb4 PNRPAutoReg - ok 21:17:23.0636 0x2eb4 [ E287F157F7A0011D93179C64EF8ADCF2, C16FB92C7B18D634BB1344238D35B3111494C243FBD5853F05376F5051480D83 ] PNRPsvc C:\WINDOWS\system32\pnrpsvc.dll 21:17:23.0667 0x2eb4 PNRPsvc - ok 21:17:23.0667 0x2eb4 [ C16097D77A232A288D65F299E2E01105, 5CE4B44B06FD26569C0F92FF1D3991D0128D8444AE7BC9EBEF5A33811D721BE8 ] PolicyAgent C:\WINDOWS\System32\ipsecsvc.dll 21:17:23.0698 0x2eb4 PolicyAgent - ok 21:17:23.0714 0x2eb4 [ 00E08B30E7F7C13ECE2CDF4F46A77311, 1807C0A64C1794E572C86730816C01DCF4D8F773ADE9CAEA3AC0658F7BD71A4E ] Power C:\WINDOWS\system32\umpo.dll 21:17:23.0761 0x2eb4 Power - ok 21:17:23.0854 0x2eb4 [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll 21:17:23.0989 0x2eb4 PrintNotify - ok 21:17:24.0005 0x2eb4 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor C:\WINDOWS\System32\drivers\processr.sys 21:17:24.0052 0x2eb4 Processor - ok 21:17:24.0052 0x2eb4 [ EF1F8B57323E5D3FC6A0A25F98F90DBC, F50E81151604DCD59BB647FD6767C1631AE48B5FCA6D3423C4E32535C94D6369 ] ProfSvc C:\WINDOWS\system32\profsvc.dll 21:17:24.0083 0x2eb4 ProfSvc - ok 21:17:24.0083 0x2eb4 [ 8528BB05E4D4E25945F78B00B2555FB7, FF8E0D4580F93CD348080967F52FE6C2C68B56DAEACAE2EAEF04E19412A953AE ] Psched C:\WINDOWS\system32\DRIVERS\pacer.sys 21:17:24.0114 0x2eb4 Psched - ok 21:17:24.0130 0x2eb4 [ AF90BB44C99D6820BE52C9BBAA523283, 9772D9CC1666959EC8EE4ED740A5179473CE4F38762109F1123DD68010D20EA1 ] QWAVE C:\WINDOWS\system32\qwave.dll 21:17:24.0161 0x2eb4 QWAVE - ok 21:17:24.0161 0x2eb4 [ 3FB466684609A4329858CF2EBD62E0FD, CFC8FBAB1436948F9D34CE6A2D6DE2F86F3E93E50B86851CED979C8CCE609798 ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys 21:17:24.0177 0x2eb4 QWAVEdrv - ok 21:17:24.0177 0x2eb4 [ 2C56F0EE27E4EF70CA4B4983D3638905, AFFDD686886CE982424B644D9168D61C6F86A5244FF97BC644DF75B321E415E5 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:17:24.0208 0x2eb4 RasAcd - ok 21:17:24.0223 0x2eb4 [ 5F061AC45266841A2860C1858ED863B8, 9E0D52BAC8A50225C32D0397C35350601B996443E2481C808CC59D3B0763FEF0 ] RasAuto C:\WINDOWS\System32\rasauto.dll 21:17:24.0239 0x2eb4 RasAuto - ok 21:17:24.0255 0x2eb4 [ 5C7B86EE33505E36026AFAAB62DA6364, 903BB1A355AC746BF09C2A7C87B068168648DB79DEF39AB1DC710B6A7A5F6556 ] RasMan C:\WINDOWS\System32\rasmans.dll 21:17:24.0286 0x2eb4 RasMan - ok 21:17:24.0302 0x2eb4 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:17:24.0348 0x2eb4 RasPppoe - ok 21:17:24.0364 0x2eb4 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:17:24.0395 0x2eb4 rdbss - ok 21:17:24.0395 0x2eb4 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys 21:17:24.0427 0x2eb4 rdpbus - ok 21:17:24.0427 0x2eb4 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR C:\WINDOWS\system32\drivers\rdpdr.sys 21:17:24.0458 0x2eb4 RDPDR - ok 21:17:24.0458 0x2eb4 [ 9F08A6608F98B5407E7DDBCF306573EF, 92812F97CFDB2EC128BC48143DE215B7D012B15D3FB4D2199222AD8C31DA5016 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys 21:17:24.0473 0x2eb4 RdpVideoMiniport - ok 21:17:24.0489 0x2eb4 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys 21:17:24.0505 0x2eb4 rdyboost - ok 21:17:24.0536 0x2eb4 [ E515A287C8FAE901EB8FB42F168E14F2, 9AE8D608587713FD18BB728BADD402C86FFF06A67359B22ED9431705522BC310 ] ReFS C:\WINDOWS\system32\drivers\ReFS.sys 21:17:24.0583 0x2eb4 ReFS - ok 21:17:24.0583 0x2eb4 [ 1791B1C8C72E13D193ADE659E7DB87C1, F0C1EA05283BB89ACBE721D0CDBB30FD8F1E75D5545158D29D6EC11E41B145BA ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 21:17:24.0598 0x2eb4 RegSrvc - ok 21:17:24.0614 0x2eb4 [ BFFB40FBE6D2C3469F8D06EE5E4934AB, 5B6763F973A740DCD53CEA75156926457BED8B075965033C484877DDA8B97F39 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 21:17:24.0630 0x2eb4 RemoteAccess - ok 21:17:24.0645 0x2eb4 [ 4DCCABE03D06955ED61BABBD8EF9F30F, 531CD60315AAF283B73E0F6CF77D4DE093B809E73C44D2AC43B7247500B3485E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 21:17:24.0677 0x2eb4 RemoteRegistry - ok 21:17:24.0677 0x2eb4 [ 0527EF6E23B9FAB37DDCBC479C6CFA28, C004CE600074AC434F8B24A3383F8C0ACFA5476D9E3B1493B40911C78B028D64 ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys 21:17:24.0708 0x2eb4 RFCOMM - ok 21:17:24.0708 0x2eb4 [ 41DDCF1ADD1FB7DE23DCF671740DDBE6, 87ECB5C883CEFF76D126A5B4D92E069C9298FA5B62CC981870F9ECCA13C074F1 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 21:17:24.0770 0x2eb4 RichVideo - ok 21:17:24.0786 0x2eb4 [ D894CBD7DA753C881EE8D5E33B583225, DA4472A85F10A3DF8CE969F731E67FE7C75EE6095908AB8AC2C44851DC5A3F8B ] RpcEptMapper C:\WINDOWS\System32\RpcEpMap.dll 21:17:24.0802 0x2eb4 RpcEptMapper - ok 21:17:24.0802 0x2eb4 [ 5CAE8F47B31D5CFC322B5B898C19E0FE, FDB5F0B6EA36403E031D9147AB0519011FAAD3AC8190DE5B1F17FB5472D79D47 ] RpcLocator C:\WINDOWS\system32\locator.exe 21:17:24.0833 0x2eb4 RpcLocator - ok 21:17:24.0848 0x2eb4 [ 81979817943D830BF24571B7C1B28A1A, 9584D8F1FB3E6CF17BD465670B208C723A8E8B06775A3DA44F75D7710404EEA6 ] RpcSs C:\WINDOWS\system32\rpcss.dll 21:17:24.0880 0x2eb4 RpcSs - ok 21:17:24.0895 0x2eb4 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr C:\WINDOWS\system32\DRIVERS\rspndr.sys 21:17:24.0942 0x2eb4 rspndr - ok 21:17:24.0942 0x2eb4 [ 28B356BAB74470786867BF4DC261E17C, 92030573D97224FF9BE6CCEBFFDE71EC3F845A1A4D19DA599A6E93CC215FBB0E ] RSUSBVSTOR C:\WINDOWS\System32\Drivers\RtsUVStor.sys 21:17:24.0973 0x2eb4 RSUSBVSTOR - ok 21:17:24.0973 0x2eb4 [ 0D992B69029D1F23A872FF5A3352FB5B, 0ACA4447EE54D635F76B941F6100B829DC8B2E0DF27BDF584ACB90F15F12FBDA ] RTCore64 C:\Program Files (x86)\MSI Afterburner\RTCore64.sys 21:17:24.0989 0x2eb4 RTCore64 - ok 21:17:25.0020 0x2eb4 [ 948D5E71CF9DB59961353A355EA45139, A23D012B07A92CC217C67C904CDFBA2BCCDCC2BD49B24FB694BD230D000F2B7B ] RTL8168 C:\WINDOWS\system32\DRIVERS\Rt630x64.sys 21:17:25.0052 0x2eb4 RTL8168 - ok 21:17:25.0052 0x2eb4 [ 032F537623A7B2FB81AAA184C30B70C3, C9E0569322A173D62D357CEA7BFECB0CF9D5817E3AE4B46955760BF98F5D16B3 ] s0017bus C:\WINDOWS\System32\drivers\s0017bus.sys 21:17:25.0067 0x2eb4 s0017bus - ok 21:17:25.0067 0x2eb4 [ 9964A28E569B4FF105B446EF8978FD5C, 7872699B528C31E8B8699B6F8D2127440CD67A3BEAD0E5941BD58FDCD73DBE2C ] s0017mdfl C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys 21:17:25.0083 0x2eb4 s0017mdfl - ok 21:17:25.0098 0x2eb4 [ 06347087D274C23DCFA8C4AB5C4314DB, 757DDAC72524EB59854A05E46A16CE2B0AF0CE1FC411110712576327D3984E91 ] s0017mdm C:\WINDOWS\system32\DRIVERS\s0017mdm.sys 21:17:25.0130 0x2eb4 s0017mdm - ok 21:17:25.0145 0x2eb4 [ F0F0747B3FA50272DE6B1BF575FA4700, FCB9007C630A0FD23CA0A8286BA9E498F6B36F1090F717B4A713286EEC4346C0 ] s0017mgmt C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys 21:17:25.0161 0x2eb4 s0017mgmt - ok 21:17:25.0161 0x2eb4 [ 7224412CEA2FF2DF7D4842C1B0E71045, A2773319909B66F4DEA2E6134BB2723383866A63C482A26E2ADB65F29A405281 ] s0017nd5 C:\WINDOWS\system32\DRIVERS\s0017nd5.sys 21:17:25.0192 0x2eb4 s0017nd5 - ok 21:17:25.0192 0x2eb4 [ 3FEADBC7F09B8B596CBFB82F12ABA87F, FBA6209893FF7C07823AB6F89FF7E36CF116C9FE202868DB4289233AF85E659A ] s0017obex C:\WINDOWS\system32\DRIVERS\s0017obex.sys 21:17:25.0224 0x2eb4 s0017obex - ok 21:17:25.0239 0x2eb4 [ 2B63BEA31D939888B2A8F3F14D89B5C1, 0C1333885DB315A63C1FAA53ED2160695F97C1B336B8DA986A48B97F39A46954 ] s0017unic C:\WINDOWS\System32\drivers\s0017unic.sys 21:17:25.0255 0x2eb4 s0017unic - ok 21:17:25.0255 0x2eb4 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys 21:17:25.0270 0x2eb4 s3cap - ok 21:17:25.0286 0x2eb4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] SamSs C:\WINDOWS\system32\lsass.exe 21:17:25.0302 0x2eb4 SamSs - ok 21:17:25.0302 0x2eb4 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port C:\WINDOWS\system32\drivers\sbp2port.sys 21:17:25.0317 0x2eb4 sbp2port - ok 21:17:25.0333 0x2eb4 [ 47C497FA4DDEA908633CAA60CEBE6805, 4DF5742D4C99D3F7B6A5671AEDB1E5E47D3399D36B28BA19C105FA604D8D5A1C ] SCardSvr C:\WINDOWS\System32\SCardSvr.dll 21:17:25.0348 0x2eb4 SCardSvr - ok 21:17:25.0364 0x2eb4 [ E76C4E98302AE39CC6FA5D20FC8B5438, B6B6B59CF427515087689285797F4A5763103440EBE5D87A61FA74F80F895BD0 ] ScDeviceEnum C:\WINDOWS\System32\ScDeviceEnum.dll 21:17:25.0380 0x2eb4 ScDeviceEnum - ok 21:17:25.0395 0x2eb4 [ ABD0237B15DBD2B4695F4B7D734A58F7, D6831921F0CD3E03CBF1CA3ED5824EE0C75127842D12D4E897E74EC72B0792EB ] scfilter C:\WINDOWS\system32\DRIVERS\scfilter.sys 21:17:25.0411 0x2eb4 scfilter - ok 21:17:25.0442 0x2eb4 [ D3AE5DB16EAF913860EC28654CE00E6B, AD76B6044F7247C6E86F6DCB7CFD6B25BCA2B9F09A97A419F043A999E66726A2 ] Schedule C:\WINDOWS\system32\schedsvc.dll 21:17:25.0489 0x2eb4 Schedule - ok |
|
06.01.2015, 22:26
| #4 |
| | Trojaner durch Fake- Deutsche Post Mail eingefangen 21:17:25.0510 0x2eb4 [ AB285CE3431FF3D2ACE669245874C1C7, 6AF4C3E86EFA51F7FB6F8492CB2CCB807C7775EAE0508B87F07134FDAC679BD7 ] SCPolicySvc C:\WINDOWS\System32\certprop.dll 21:17:25.0532 0x2eb4 SCPolicySvc - ok 21:17:25.0533 0x2eb4 [ 7B7C482CF48E6EE33664340D1A78E6FE, CE5077C4B0372F4F9F02B0B37AE58C0DAEFCA9D242065731A23F072506430575 ] sdbus C:\WINDOWS\System32\drivers\sdbus.sys 21:17:25.0564 0x2eb4 sdbus - ok 21:17:25.0627 0x2eb4 [ 95AA9E165C7DE1B64A11E8B18E91E499, 505BB51F358EAE5835071A89069530DFDA99E9C5220EA6A648842C15E74E4907 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe 21:17:25.0705 0x2eb4 SDScannerService - ok 21:17:25.0705 0x2eb4 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor C:\WINDOWS\System32\drivers\sdstor.sys 21:17:25.0720 0x2eb4 sdstor - ok 21:17:25.0752 0x2eb4 [ D31398D4BB4907B517B6E784C2100C4A, 36BDB2BFAC2C0ADF8C6DF6D1511ECF43C8F6ED7D4D76244DC5232AD97BA5E9C9 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe 21:17:25.0814 0x2eb4 SDUpdateService - ok 21:17:25.0830 0x2eb4 [ 6AE8E702D1027A9627DDE2B77BB9992B, 5EA68E2A487D252A68DB0861E7FAFA69956D266CBAA5A1D77751F7E6BD4169B7 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe 21:17:25.0877 0x2eb4 SDWSCService - ok 21:17:25.0892 0x2eb4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\WINDOWS\system32\drivers\secdrv.sys 21:17:25.0908 0x2eb4 secdrv - ok 21:17:25.0908 0x2eb4 [ C49009F897BA4F2F4F31043663AA1485, 48C8BE1E3A4F150662AD012AF4E0357ABA792AD1147AB90EFF6CB2630E2501B6 ] seclogon C:\WINDOWS\system32\seclogon.dll 21:17:25.0939 0x2eb4 seclogon - ok 21:17:25.0939 0x2eb4 [ A88882E64BDC1D8E8D6E727B71CCCC53, 12D2235F54D0CEEED8AA268C17CDE44020269F4FEFC70CE957DBBF99AF7F553D ] SENS C:\WINDOWS\System32\sens.dll 21:17:26.0002 0x2eb4 SENS - ok 21:17:26.0017 0x2eb4 [ E66A7C8CE7ED22DED6DF1CA479FB4790, ADEB076F131E7A8C3AD96022B09BB33EB9AB26C9C831503B8C6960AA763B8975 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll 21:17:26.0049 0x2eb4 SensrSvc - ok 21:17:26.0049 0x2eb4 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx C:\WINDOWS\system32\drivers\SerCx.sys 21:17:26.0064 0x2eb4 SerCx - ok 21:17:26.0080 0x2eb4 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2 C:\WINDOWS\system32\drivers\SerCx2.sys 21:17:26.0095 0x2eb4 SerCx2 - ok 21:17:26.0095 0x2eb4 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum C:\WINDOWS\System32\drivers\serenum.sys 21:17:26.0111 0x2eb4 Serenum - ok 21:17:26.0111 0x2eb4 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial C:\WINDOWS\System32\drivers\serial.sys 21:17:26.0142 0x2eb4 Serial - ok 21:17:26.0158 0x2eb4 [ 0BD2B65DCE756FDE95A2E5CCCBF7705D, F13FAFEC8FCF3E796196562717C433CE359A74A3E5876AB070647C717AF74028 ] sermouse C:\WINDOWS\System32\drivers\sermouse.sys 21:17:26.0189 0x2eb4 sermouse - ok 21:17:26.0236 0x2eb4 [ D5C3776CBD8BC307DCCA3FD4CE667A37, 98E4253B770C25914C91A6148E2EA15ED0EF37ADCB042A47252DBA135972BF74 ] SessionEnv C:\WINDOWS\system32\sessenv.dll 21:17:26.0283 0x2eb4 SessionEnv - ok 21:17:26.0283 0x2eb4 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy C:\WINDOWS\System32\drivers\sfloppy.sys 21:17:26.0299 0x2eb4 sfloppy - ok 21:17:26.0361 0x2eb4 [ AA37EE4C012656A974561D68E0A40291, 3C029D3A0929B698ED02185354DD2AAF9575774B3AE1FC2AEF65F08F19235A8C ] SftService C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe 21:17:26.0424 0x2eb4 SftService - ok 21:17:26.0439 0x2eb4 [ F4414F57DF2CECB8FC969AA43A6B0D50, AD09A6E1294721507DD6BE82B91F2EEB0FF0151B9BC14A75840CD657DBFDECEC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 21:17:26.0486 0x2eb4 SharedAccess - ok 21:17:26.0502 0x2eb4 [ 0D190D8B4B20446BE6299AC734DFADF1, 6551095971F99820BBFC5FED8FAB9591A3F8ABFA0F027887F3B71B79325FF6D9 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 21:17:26.0564 0x2eb4 ShellHWDetection - ok 21:17:26.0564 0x2eb4 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2 C:\WINDOWS\system32\drivers\SiSRaid2.sys 21:17:26.0596 0x2eb4 SiSRaid2 - ok 21:17:26.0596 0x2eb4 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4 C:\WINDOWS\system32\drivers\sisraid4.sys 21:17:26.0611 0x2eb4 SiSRaid4 - ok 21:17:26.0627 0x2eb4 [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:17:26.0658 0x2eb4 SkypeUpdate - ok 21:17:26.0658 0x2eb4 [ E77CB3736A702D46A6FB15FB4A9894E3, A341AD51825D4DB8A68ADDABE0FD17693DE387B0DA11800D427B8EA31577626C ] SmartDefragDriver C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys 21:17:26.0689 0x2eb4 SmartDefragDriver - ok 21:17:26.0689 0x2eb4 [ 587ACA15210D1B01FBF272E07A08F91A, 1F3C13C218C5EA329C6E33E4AE7CFE88DAD59DA40F59FDE09D733AFD2E489000 ] smphost C:\WINDOWS\System32\smphost.dll 21:17:26.0720 0x2eb4 smphost - ok 21:17:26.0720 0x2eb4 [ 49EEB92DE930B8566EF615D600781DB4, 0B7C929D24FAFC34F95BB4AA77DCBA29DDD8F1977EB42713B64228677D1FBFD3 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe 21:17:26.0783 0x2eb4 SNMPTRAP - ok 21:17:26.0799 0x2eb4 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe 21:17:26.0814 0x2eb4 Sony PC Companion - ok 21:17:26.0830 0x2eb4 [ 240C5C3793206725AA05665851E8C214, 96ADFB85EB1623EB00C251C1C6A1F441A1795F0EBFD10B17DD1CA58E3AE8A90D ] spaceport C:\WINDOWS\system32\drivers\spaceport.sys 21:17:26.0861 0x2eb4 spaceport - ok 21:17:26.0877 0x2eb4 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx C:\WINDOWS\system32\drivers\SpbCx.sys 21:17:26.0892 0x2eb4 SpbCx - ok 21:17:26.0908 0x2eb4 [ 42FEA9E0BA9761D9E65A4F167D91515B, 9A34CE83F3ACD50608671BDABE5E475F8E0C8335D3B8B7B3D7E84B2A319FA29F ] Spooler C:\WINDOWS\System32\spoolsv.exe 21:17:26.0955 0x2eb4 Spooler - ok 21:17:27.0127 0x2eb4 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B588AAB282A50FC ] sppsvc C:\WINDOWS\system32\sppsvc.exe 21:17:27.0314 0x2eb4 sppsvc - ok 21:17:27.0346 0x2eb4 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv C:\WINDOWS\system32\DRIVERS\srv.sys 21:17:27.0377 0x2eb4 srv - ok 21:17:27.0392 0x2eb4 [ 5BED3AB69797C8786EF70AEA8C33748B, 0474EE6C43D437CBA9848BCF25D1341B122D7E9F371A0FF3C62C83D14B2CB095 ] srv2 C:\WINDOWS\system32\DRIVERS\srv2.sys 21:17:27.0517 0x2eb4 srv2 - ok 21:17:27.0533 0x2eb4 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet C:\WINDOWS\system32\DRIVERS\srvnet.sys 21:17:27.0564 0x2eb4 srvnet - ok 21:17:27.0611 0x2eb4 [ BB9ED3EDD8E85008215A7250D325A72E, D3404E31B7706B25CDEA7CB4260C343B5F090E8CCB9A5FA203B0F94A9112F1B3 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 21:17:27.0642 0x2eb4 SSDPSRV - ok 21:17:27.0642 0x2eb4 [ 3911418AFDE10EA6823B7799E4815524, A73517C4C1271E666B2B3A747756070098E923742B41572AA16573170440AA07 ] SstpSvc C:\WINDOWS\system32\sstpsvc.dll 21:17:27.0689 0x2eb4 SstpSvc - ok 21:17:27.0705 0x2eb4 [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys 21:17:27.0721 0x2eb4 ssudmdm - ok 21:17:27.0721 0x2eb4 [ F03B03AA7A18DEB0538D242F1DA01481, F1BF74979660F4AB004EBA6BB91EB0E66890BD2C76371ED017574F1F32228D7C ] stdcfltn C:\WINDOWS\system32\DRIVERS\stdcfltn.sys 21:17:27.0736 0x2eb4 stdcfltn - ok 21:17:27.0752 0x2eb4 [ C3D855CC0A8E5E373FDFCF4F743C5C9D, 8DFDD2470DCCC63FCF1621B6B3A996285C75EE330BE8AC905B2176E5DE52C150 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 21:17:27.0799 0x2eb4 Steam Client Service - ok 21:17:27.0814 0x2eb4 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor C:\WINDOWS\system32\drivers\stexstor.sys 21:17:27.0830 0x2eb4 stexstor - ok 21:17:27.0830 0x2eb4 [ 2A997C64F9B2584D81FA6749FE36A887, D26F5BC591ED46B96B2ACFDF555C2BF42F4915A22B12E4139ACEF7DE7AC303A7 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys 21:17:27.0861 0x2eb4 StillCam - ok 21:17:27.0908 0x2eb4 [ D638904FE86A5FE542A1BA13A9D68E5C, 89A956F932316BC50DD99B54BAF4E2809DCAA084DBB04CB84D11E5470BEAF251 ] stisvc C:\WINDOWS\System32\wiaservc.dll 21:17:27.0971 0x2eb4 stisvc - ok 21:17:27.0971 0x2eb4 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci C:\WINDOWS\system32\drivers\storahci.sys 21:17:27.0986 0x2eb4 storahci - ok 21:17:28.0002 0x2eb4 [ 7A08CEE1535F5A448215634C5EA74E50, 41529CDC08A3956F8FE9D5759B147E2E56E3305149EA415EB200249F7CD32094 ] storflt C:\WINDOWS\system32\DRIVERS\vmstorfl.sys 21:17:28.0018 0x2eb4 storflt - ok 21:17:28.0022 0x2eb4 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme C:\WINDOWS\system32\drivers\stornvme.sys 21:17:28.0056 0x2eb4 stornvme - ok 21:17:28.0056 0x2eb4 [ 3118058E3D07021A55324A943C6D722B, 0B255DF1977DADD2B9766EEEA814B464F0ABFA34D6439F3C453083850C121F16 ] StorSvc C:\WINDOWS\system32\storsvc.dll 21:17:28.0103 0x2eb4 StorSvc - ok 21:17:28.0103 0x2eb4 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc C:\WINDOWS\system32\drivers\storvsc.sys 21:17:28.0119 0x2eb4 storvsc - ok 21:17:28.0119 0x2eb4 [ 03618F935379614837F915D04C45FC0E, 9CC0CBA7AFC58E7F921C13FA3F5269714F1F827535A311E11EA48689C4D539DE ] storvsp C:\WINDOWS\System32\drivers\storvsp.sys 21:17:28.0150 0x2eb4 storvsp - ok 21:17:28.0150 0x2eb4 [ 0248DE650E192EA7E383EC3BE828AF51, 939204402EA587F64B9D1F232126527D72B3CA035CF6D4E4EC6CBDC99048722A ] ST_Accel C:\WINDOWS\system32\DRIVERS\ST_Accel.sys 21:17:28.0166 0x2eb4 ST_Accel - ok 21:17:28.0166 0x2eb4 [ D8E1AE075AB3E8AD56F69C44AA978596, CAFF5116DE7F0EEFFEBE38724BCEE7D11B44153AD35EE43E314C56D5E210758A ] svsvc C:\WINDOWS\system32\svsvc.dll 21:17:28.0197 0x2eb4 svsvc - ok 21:17:28.0197 0x2eb4 [ 84E0F5D41C138C5CC975137A2A98F6D3, 1E36CED05E4F4365C2AB020CAF920E3959995D7F89F3FABD7B2FB05985F85F38 ] swenum C:\WINDOWS\System32\drivers\swenum.sys 21:17:28.0213 0x2eb4 swenum - ok 21:17:28.0228 0x2eb4 [ 850EBB87584484DC16F917E7B6F4A304, C253D1DFFCDFB018432063602FB01DBCBDDD6E03458E5C366AABD4670F114B0C ] swprv C:\WINDOWS\System32\swprv.dll 21:17:28.0306 0x2eb4 swprv - ok 21:17:28.0338 0x2eb4 [ 3DA26652B12E9AB43FD04976AC6DFD33, DEFE220D86197949E97342FE3487CD6A07DD2FFAF6D17A7C65419C2C1B9D1AB5 ] SysMain C:\WINDOWS\system32\sysmain.dll 21:17:28.0431 0x2eb4 SysMain - ok 21:17:28.0431 0x2eb4 [ FD4EA8E9232ADD51DC31C295DDEF2768, 3EA40D7376AB5AA5DA2BCF4745C79F7BF819363466967ECC3CD15ADECBFD7244 ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll 21:17:28.0494 0x2eb4 SystemEventsBroker - ok 21:17:28.0509 0x2eb4 [ BA6DD39266A5E15515C8C14DA2DA3E5C, 5BC917BA4E7281A67CC6CEF2F4D1972DF04DECBEFB6DED0B08FFBD06E15D4B4F ] TabletInputService C:\WINDOWS\System32\TabSvc.dll 21:17:28.0525 0x2eb4 TabletInputService - ok 21:17:28.0525 0x2eb4 [ B08740047145B9BCE15BF75CA0F9718A, 3E2A8A5A2A4DC4D0F05E22EA2C0EBD85AA5C7C6854E873D53538D1F54B8F7C63 ] tap0901t C:\WINDOWS\system32\DRIVERS\tap0901t.sys 21:17:28.0588 0x2eb4 tap0901t - ok 21:17:28.0588 0x2eb4 [ B517410F157693043DACA21B19B258A6, 2224EECEB575CEA811036C43BB5B0A408DE5F59BC97235AB948968E4C3E438F2 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 21:17:28.0619 0x2eb4 TapiSrv - ok 21:17:28.0697 0x2eb4 [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] Tcpip C:\WINDOWS\system32\drivers\tcpip.sys 21:17:28.0806 0x2eb4 Tcpip - ok 21:17:28.0853 0x2eb4 [ CCB3A2BB60FE5073F2DEA63FE83CF8FE, 02982136236DD595D8974E6645A008D663B4DD3BC3824721E4DE4377B97887C7 ] TCPIP6 C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:17:28.0931 0x2eb4 TCPIP6 - ok 21:17:28.0947 0x2eb4 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys 21:17:28.0994 0x2eb4 tcpipreg - ok 21:17:28.0994 0x2eb4 [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx C:\WINDOWS\system32\DRIVERS\tdx.sys 21:17:29.0041 0x2eb4 tdx - ok 21:17:29.0134 0x2eb4 [ 97F6FFB8A305A77D25C6C0E07B71D252, 97C5FC73A250FC2016E29148A6A37E54BD74AE983D99AAF4890C059719C93EC2 ] TeamViewer9 C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe 21:17:29.0291 0x2eb4 TeamViewer9 - ok 21:17:29.0306 0x2eb4 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys 21:17:29.0322 0x2eb4 terminpt - ok 21:17:29.0338 0x2eb4 [ 3D748E5558FD9A9F03182CB2330698DC, 70B2069AB7912EB49AB3ABD18D4B42CB94AC99CA6DE3F63F4888B8EAAC78AAA2 ] TermService C:\WINDOWS\System32\termsrv.dll 21:17:29.0384 0x2eb4 TermService - ok 21:17:29.0400 0x2eb4 [ 05FBE1F7C13E87AF7A414CDF288B1F62, 24079E1A6B2E33A1A8E76A77F73473B93DD6B379E44C982CE50D6CEED9747838 ] Themes C:\WINDOWS\system32\themeservice.dll 21:17:29.0431 0x2eb4 Themes - ok 21:17:29.0431 0x2eb4 [ FD788C2D96EA91469A3C1D13E80D7473, 7B14D4BFDE18CECC19FBFFAA5AFF5FD78BFB7FCDA6613990740A8A7DD9873D26 ] THREADORDER C:\WINDOWS\system32\mmcss.dll 21:17:29.0463 0x2eb4 THREADORDER - ok 21:17:29.0463 0x2eb4 [ 347A3E49CE18402305B8119A6EC7CFEB, 6768B20EE577880B0353FE84B980D4A18D323929A63FAE41F7A55123BBFC8DBA ] TimeBroker C:\WINDOWS\System32\TimeBrokerServer.dll 21:17:29.0509 0x2eb4 TimeBroker - ok 21:17:29.0509 0x2eb4 [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM C:\WINDOWS\system32\drivers\tpm.sys 21:17:29.0541 0x2eb4 TPM - ok 21:17:29.0541 0x2eb4 [ C97E14BB6A196B0554D6EB67D8818175, C00588C94988F10507F84584DFA4C0A43B8648AD1AD35E9BAE14CDD21FCF7B90 ] TrkWks C:\WINDOWS\System32\trkwks.dll 21:17:29.0603 0x2eb4 TrkWks - ok 21:17:29.0603 0x2eb4 [ 887CC44830D3F367CAD17A0CA7CCA5C8, D4022A76433A11FD66D0F41A1EB4D6893BC5B22317E7E9E021739109EB493B44 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe 21:17:29.0650 0x2eb4 TrustedInstaller - ok 21:17:29.0728 0x2eb4 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys 21:17:29.0791 0x2eb4 TsUsbFlt - ok 21:17:29.0791 0x2eb4 [ E0088068DCE2EE82897027DDB8E05254, FA9C201D3C885DAD2ABE6A23343EDCC83CFB342EFF9E3005FA50B1D88B21D203 ] TsUsbGD C:\WINDOWS\System32\drivers\TsUsbGD.sys 21:17:29.0853 0x2eb4 TsUsbGD - ok 21:17:29.0869 0x2eb4 [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel C:\WINDOWS\system32\DRIVERS\tunnel.sys 21:17:29.0931 0x2eb4 tunnel - ok 21:17:29.0947 0x2eb4 [ A96BE6F92EDE53BA5997B2AE7367EACD, D2CE331F0BBA15C19A66BEF91FBDA96536F656C89DC9FE1A2F88D0C368986BB2 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe 21:17:30.0009 0x2eb4 TunngleService - ok 21:17:30.0009 0x2eb4 [ 42350E49DA754D2D77362FDAE3491651, F29E8BA444ECB0484066B02C0A3DCE09B8417159EE37D7A2E05D4C06A98449C4 ] TurboB C:\WINDOWS\system32\DRIVERS\TurboB.sys 21:17:30.0041 0x2eb4 TurboB - ok 21:17:30.0041 0x2eb4 [ 4F4B0AB2FB69C414CCBCEF7CF2E1C8D8, E1F197554369C97DBF61389346B4CB0233F40AAA2575F5D2FEC809AC9123FC69 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 21:17:30.0088 0x2eb4 TurboBoost - ok 21:17:30.0119 0x2eb4 [ 7694DCA064D0B7E0D1A6972BB9C71B39, BD5CB54534A27BD6B681234B257692E5D833D04BF3EAA52F6CE022A2B5D3CEED ] tvnserver C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\tvnserver.exe 21:17:30.0197 0x2eb4 tvnserver - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:32.0689 0x2eb4 Detect skipped due to KSN trusted 21:17:32.0689 0x2eb4 tvnserver - ok 21:17:32.0689 0x2eb4 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35 C:\WINDOWS\system32\drivers\uagp35.sys 21:17:32.0752 0x2eb4 uagp35 - ok 21:17:32.0752 0x2eb4 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor C:\WINDOWS\System32\drivers\uaspstor.sys 21:17:32.0783 0x2eb4 UASPStor - ok 21:17:32.0798 0x2eb4 [ B034A41891A36457B994307DFA772293, CA5E6500764A9777AE0E15B2AFB6F05982C90F01374E3F6DDC6DF3852282C66B ] UCX01000 C:\WINDOWS\System32\drivers\ucx01000.sys 21:17:32.0830 0x2eb4 UCX01000 - ok 21:17:32.0845 0x2eb4 [ 1EC649F112896FAE33250F0B97AC5D0B, 0C0A1C2C7615DEB298AD3073340FD1BF91FEBE611F133E3B48D994A6EAA8369F ] udfs C:\WINDOWS\system32\DRIVERS\udfs.sys 21:17:32.0877 0x2eb4 udfs - ok 21:17:32.0877 0x2eb4 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI C:\WINDOWS\System32\drivers\UEFI.sys 21:17:32.0908 0x2eb4 UEFI - ok 21:17:32.0923 0x2eb4 [ 320878AFECDBBD61BBE98624A6CAAC08, 15C090EA32A24D976B5FCB1373B1281DCC2295C075299C814345D694AEB47CB9 ] UI0Detect C:\WINDOWS\system32\UI0Detect.exe 21:17:32.0955 0x2eb4 UI0Detect - ok 21:17:32.0955 0x2eb4 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx C:\WINDOWS\system32\drivers\uliagpkx.sys 21:17:32.0986 0x2eb4 uliagpkx - ok 21:17:32.0986 0x2eb4 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus C:\WINDOWS\System32\drivers\umbus.sys 21:17:33.0064 0x2eb4 umbus - ok 21:17:33.0064 0x2eb4 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass C:\WINDOWS\System32\drivers\umpass.sys 21:17:33.0127 0x2eb4 UmPass - ok 21:17:33.0142 0x2eb4 [ E3DDF7D43E05784FAA5E042605EEE528, 8E20E880FAB09AF4FF5C438BF9EAE9970D46C05167870110869B744E498FD761 ] UmRdpService C:\WINDOWS\System32\umrdp.dll 21:17:33.0189 0x2eb4 UmRdpService - ok 21:17:33.0205 0x2eb4 [ 4A2FFDAC45F317E17DF642C7160EB633, F1AB762912FAA5F469F322407DA37C91556086C42D1643AD27516C12A84F74D0 ] upnphost C:\WINDOWS\System32\upnphost.dll 21:17:33.0252 0x2eb4 upnphost - ok 21:17:33.0252 0x2eb4 [ 8047D8AFA070A4C3B9FCBDBF77A84C45, D8B47716EE57391E3B9CBE3B35FF1F933F08E40B1C8C12EB5BE2438D9E409FF0 ] usb3Hub C:\WINDOWS\System32\drivers\usb3Hub.sys 21:17:33.0283 0x2eb4 usb3Hub - ok 21:17:33.0283 0x2eb4 [ DF355EB0199198728027962DCFCDE5FB, 9E158BD07389B4CFF99674716647FA3AABEECBD1A98EDF20E544E099A99A8768 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 21:17:33.0314 0x2eb4 usbaudio - ok 21:17:33.0314 0x2eb4 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp C:\WINDOWS\System32\drivers\usbccgp.sys 21:17:33.0345 0x2eb4 usbccgp - ok 21:17:33.0345 0x2eb4 [ B3D6457D841A0CAEF4C52D88621715F2, CBDD76A8A28379B107B1FB530757B477B8AB74CD01F9F3CEDC7B1BA0C6E5A990 ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys 21:17:33.0393 0x2eb4 usbcir - ok 21:17:33.0399 0x2eb4 [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci C:\WINDOWS\System32\drivers\usbehci.sys 21:17:33.0403 0x2eb4 usbehci - ok 21:17:33.0419 0x2eb4 [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub C:\WINDOWS\System32\drivers\usbhub.sys 21:17:33.0450 0x2eb4 usbhub - ok 21:17:33.0482 0x2eb4 [ 65392F3F3F65E4C6CC82A0F4F8A0B051, C11B662A28D95820717DFFC6B76DBB755E4876009A2342E5E3992DE32D6BFF61 ] USBHUB3 C:\WINDOWS\System32\drivers\UsbHub3.sys 21:17:33.0513 0x2eb4 USBHUB3 - ok 21:17:33.0513 0x2eb4 [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci C:\WINDOWS\System32\drivers\usbohci.sys 21:17:33.0528 0x2eb4 usbohci - ok 21:17:33.0544 0x2eb4 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint C:\WINDOWS\System32\drivers\usbprint.sys 21:17:33.0560 0x2eb4 usbprint - ok 21:17:33.0560 0x2eb4 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR C:\WINDOWS\System32\drivers\USBSTOR.SYS 21:17:33.0591 0x2eb4 USBSTOR - ok 21:17:33.0591 0x2eb4 [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci C:\WINDOWS\System32\drivers\usbuhci.sys 21:17:33.0638 0x2eb4 usbuhci - ok 21:17:33.0638 0x2eb4 [ 18F744E8CCEB2670040EBAF7AD77B8C6, C5E2DF4EA0D946B4DA67DE29FA9D0F079DED35EC59B98E532C4C2D5F8E86DA0A ] usbvideo C:\WINDOWS\System32\Drivers\usbvideo.sys 21:17:33.0669 0x2eb4 usbvideo - ok 21:17:33.0685 0x2eb4 [ 48430B0313FC1CFE3D2400553F1A93CD, 92994DE6B131E904AFF2C9C4FBB4E6B0D58525A1539763327373DA18C9F08193 ] USBXHCI C:\WINDOWS\System32\drivers\USBXHCI.SYS 21:17:33.0716 0x2eb4 USBXHCI - ok 21:17:33.0716 0x2eb4 [ F6F209DDB94959BA104FC8FC87C53759, 8E862D41F4332EABF64BD034E2C0E3CC8109C7990CB4112C2B2880E8E6EDF2D3 ] VaultSvc C:\WINDOWS\system32\lsass.exe 21:17:33.0732 0x2eb4 VaultSvc - ok 21:17:33.0747 0x2eb4 [ 1352B215BDC5807A5641E7C143796DD7, B54F95307253BB81E4CEE4F2033782210652364DE6A1E833B27ECE7E04A2BD51 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys 21:17:33.0778 0x2eb4 VBoxAswDrv - ok 21:17:33.0825 0x2eb4 [ 6BDA0A8495A3190E37C1F65FDB8D851E, 9376CF78941B5E483277A898D6C32721F3B2BFCB03ABA87EBE0F8D1F948C3677 ] vcsFPService C:\Windows\system32\vcsFPService.exe 21:17:33.0938 0x2eb4 vcsFPService - ok 21:17:33.0954 0x2eb4 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot C:\WINDOWS\system32\drivers\vdrvroot.sys 21:17:33.0970 0x2eb4 vdrvroot - ok 21:17:34.0001 0x2eb4 [ E3EF58D4123B5AA29C8E19825AF84A5E, FB1046722BC643E955DBC3B1459DBF2A6D575EBA2BCF7B20A0FA51E3993835E2 ] vds C:\WINDOWS\System32\vds.exe 21:17:34.0063 0x2eb4 vds - ok 21:17:34.0063 0x2eb4 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt C:\WINDOWS\system32\drivers\VerifierExt.sys 21:17:34.0079 0x2eb4 VerifierExt - ok 21:17:34.0110 0x2eb4 [ 52E483A3701A5A61A75A06993720347D, 689E812755E485DF6960D1E049740FBAFB812467D23B673DCAA40C03FEBB544F ] vhdmp C:\WINDOWS\System32\drivers\vhdmp.sys 21:17:34.0141 0x2eb4 vhdmp - ok 21:17:34.0141 0x2eb4 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide C:\WINDOWS\system32\drivers\viaide.sys 21:17:34.0157 0x2eb4 viaide - ok 21:17:34.0173 0x2eb4 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid C:\WINDOWS\System32\drivers\Vid.sys 21:17:34.0204 0x2eb4 Vid - ok 21:17:34.0204 0x2eb4 [ C6305BDFC4F7CE51F72BB072C03D4ACE, 73E62869CA3104F48CC3B0C45E69CE9BF4F8D7D06E29C2F049B9347ABB50554D ] vmbus C:\WINDOWS\system32\drivers\vmbus.sys 21:17:34.0235 0x2eb4 vmbus - ok 21:17:34.0235 0x2eb4 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID C:\WINDOWS\System32\drivers\VMBusHID.sys 21:17:34.0266 0x2eb4 VMBusHID - ok 21:17:34.0266 0x2eb4 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr C:\WINDOWS\System32\drivers\vmbusr.sys 21:17:34.0313 0x2eb4 vmbusr - ok 21:17:34.0329 0x2eb4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicguestinterface C:\WINDOWS\System32\ICSvc.dll 21:17:34.0391 0x2eb4 vmicguestinterface - ok 21:17:34.0391 0x2eb4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicheartbeat C:\WINDOWS\System32\ICSvc.dll 21:17:34.0423 0x2eb4 vmicheartbeat - ok 21:17:34.0439 0x2eb4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmickvpexchange C:\WINDOWS\System32\ICSvc.dll 21:17:34.0470 0x2eb4 vmickvpexchange - ok 21:17:34.0486 0x2eb4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicrdv C:\WINDOWS\System32\ICSvc.dll 21:17:34.0517 0x2eb4 vmicrdv - ok 21:17:34.0533 0x2eb4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicshutdown C:\WINDOWS\System32\ICSvc.dll 21:17:34.0564 0x2eb4 vmicshutdown - ok 21:17:34.0564 0x2eb4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmictimesync C:\WINDOWS\System32\ICSvc.dll 21:17:34.0595 0x2eb4 vmictimesync - ok 21:17:34.0611 0x2eb4 [ 9067880BBB1C18703DBFF27D731D7ECA, 0044246249F4B945D72BBC0FEF9BF3C31E62F57CBF77615A95213B36A29F0C71 ] vmicvss C:\WINDOWS\System32\ICSvc.dll 21:17:34.0642 0x2eb4 vmicvss - ok 21:17:34.0642 0x2eb4 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr C:\WINDOWS\system32\drivers\volmgr.sys 21:17:34.0658 0x2eb4 volmgr - ok 21:17:34.0673 0x2eb4 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx C:\WINDOWS\system32\drivers\volmgrx.sys 21:17:34.0701 0x2eb4 volmgrx - ok 21:17:34.0717 0x2eb4 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap C:\WINDOWS\system32\drivers\volsnap.sys 21:17:34.0782 0x2eb4 volsnap - ok 21:17:34.0782 0x2eb4 [ 01355C98B5C3ED1EC446743CDA848FCE, B9FCF558C20E05DD0F53FFB70BBEF873EA57801E13A16701E636128D625C4B67 ] vpci C:\WINDOWS\System32\drivers\vpci.sys 21:17:34.0798 0x2eb4 vpci - ok 21:17:34.0798 0x2eb4 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp C:\WINDOWS\System32\drivers\vpcivsp.sys 21:17:34.0829 0x2eb4 vpcivsp - ok 21:17:34.0829 0x2eb4 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid C:\WINDOWS\system32\drivers\vsmraid.sys 21:17:34.0845 0x2eb4 vsmraid - ok 21:17:34.0892 0x2eb4 [ E369C59F2C0852DDD090C07E0DDE0051, 4FAC94458EAAEED4F84A86FBAB8FBB332D0AF85BD528E63C0C058A2DA8E3011D ] VSS C:\WINDOWS\system32\vssvc.exe 21:17:34.0954 0x2eb4 VSS - ok 21:17:34.0954 0x2eb4 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID C:\WINDOWS\system32\drivers\vstxraid.sys 21:17:34.0986 0x2eb4 VSTXRAID - ok 21:17:34.0986 0x2eb4 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus C:\WINDOWS\System32\drivers\vwifibus.sys 21:17:35.0048 0x2eb4 vwifibus - ok 21:17:35.0048 0x2eb4 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59E624C14DA29E55 ] vwififlt C:\WINDOWS\system32\DRIVERS\vwififlt.sys 21:17:35.0095 0x2eb4 vwififlt - ok 21:17:35.0095 0x2eb4 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB4E0573531040E8 ] vwifimp C:\WINDOWS\system32\DRIVERS\vwifimp.sys 21:17:35.0126 0x2eb4 vwifimp - ok 21:17:35.0142 0x2eb4 [ 7599E582CA3A6AAA95A18FFE1172D339, A0410778FBBC4302EA91CF24B944427410B4706535F1192504D4F34C3ED4503E ] W32Time C:\WINDOWS\system32\w32time.dll 21:17:35.0173 0x2eb4 W32Time - ok 21:17:35.0189 0x2eb4 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen C:\WINDOWS\System32\drivers\wacompen.sys 21:17:35.0220 0x2eb4 WacomPen - ok 21:17:35.0251 0x2eb4 [ 61692DB39AD3DF2F29392D68EAA7BB93, 854D4B9C7DD1676968598ED973500650ECEC02C420E44C0B3957C24F073AA5FB ] wbengine C:\WINDOWS\system32\wbengine.exe 21:17:35.0329 0x2eb4 wbengine - ok 21:17:35.0345 0x2eb4 [ 3BC1D1D56637A32CD91C8AE08E2484AA, 9EE1BD3FB0D289E25F3DDD0D8F67DC1C701A6B1D5418FADF348D0E642B1DEBEB ] WbioSrvc C:\WINDOWS\System32\wbiosrvc.dll 21:17:35.0407 0x2eb4 WbioSrvc - ok 21:17:35.0407 0x2eb4 [ A07CFC4B593D15B6BF06813C3B5B33BF, B57BD918E2AFF9943B51A24B95E0C4D3482B4DF73C0E2421E8CC67C2BC7A4C70 ] Wcmsvc C:\WINDOWS\System32\wcmsvc.dll 21:17:35.0454 0x2eb4 Wcmsvc - ok 21:17:35.0454 0x2eb4 [ D2726823DF7E19F213F4805A9D6D145F, A7F582C99918D204264D3B374F70D75984BDA5805203041E3DECB8153D16E102 ] wcncsvc C:\WINDOWS\System32\wcncsvc.dll 21:17:35.0532 0x2eb4 wcncsvc - ok 21:17:35.0548 0x2eb4 [ 846C02A8B48CBD921A3D6AB521AA0DC4, B07573A774A6C65D24E5718DC25DF378270EB5B40221CA5A53B21D47838381D3 ] WcsPlugInService C:\WINDOWS\System32\WcsPlugInService.dll 21:17:35.0564 0x2eb4 WcsPlugInService - ok 21:17:35.0564 0x2eb4 [ 0359607177E5E9F6041136CC0A5CB0B6, 16687BE2639648CF46E8768BA1798030472C525612C629BF134D053240E2195B ] WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys 21:17:35.0579 0x2eb4 WdBoot - ok 21:17:35.0611 0x2eb4 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000 C:\WINDOWS\system32\drivers\Wdf01000.sys 21:17:35.0642 0x2eb4 Wdf01000 - ok 21:17:35.0657 0x2eb4 [ DE8D12B4C3F55FA2C5E9774314F6C58A, C3E835DC066A94E1431BCDC90D7EA27AAC6F82826F4A5527B37D865241D7A366 ] WdFilter C:\WINDOWS\system32\drivers\WdFilter.sys 21:17:35.0689 0x2eb4 WdFilter - ok 21:17:35.0689 0x2eb4 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiServiceHost C:\WINDOWS\system32\wdi.dll 21:17:35.0720 0x2eb4 WdiServiceHost - ok 21:17:35.0720 0x2eb4 [ 40C67D1A4891120874767F6E6604D6C5, 4D9DD658566DE711ADF4D6C33FCB31DA351EE050E3ED188664D04526CCAAEEF5 ] WdiSystemHost C:\WINDOWS\system32\wdi.dll 21:17:35.0736 0x2eb4 WdiSystemHost - ok 21:17:35.0751 0x2eb4 [ 4AD874CDC812EC156265E451B6B09DAB, 6E3E05B8301841425E9BB0D54B35EF386B78EEB307B5A6153FD1F366D30F23FA ] WdNisDrv C:\WINDOWS\system32\Drivers\WdNisDrv.sys 21:17:35.0767 0x2eb4 WdNisDrv - ok 21:17:35.0767 0x2eb4 WdNisSvc - ok 21:17:35.0782 0x2eb4 [ 91B18D7A1702ED589E67C6C81052B955, 5D1DA8B86106A28E50BBCCB36527CC130D41201F5BE1D3DC5F1D6F7ECCF807BA ] WebClient C:\WINDOWS\System32\webclnt.dll 21:17:35.0798 0x2eb4 WebClient - ok 21:17:35.0814 0x2eb4 [ 3274312F263882B51B964329FAF49734, 99A020377ACF0762BE5ECD2D68EB5E1497B9D59963247E725F7F96FB5DF41FAD ] Wecsvc C:\WINDOWS\system32\wecsvc.dll 21:17:35.0845 0x2eb4 Wecsvc - ok 21:17:35.0845 0x2eb4 [ 7CDD84E0023A0C5C230B06A7965EC65E, 6EC7DC18C76D66CF9A893C3DD20F9BE3ADD76546F9A9BA42CE4F24854709F9D9 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll 21:17:35.0876 0x2eb4 WEPHOSTSVC - ok 21:17:35.0876 0x2eb4 [ 959534ACF085C137D2D094384EF89C45, D029F440789FE170A1C46217C6DE6D78DC0188A5CF33FCCC17FA65D3BC80C2B7 ] wercplsupport C:\WINDOWS\System32\wercplsupport.dll 21:17:35.0907 0x2eb4 wercplsupport - ok 21:17:35.0923 0x2eb4 [ 82BCCF5FBE47AC9E8CBA2020994DFB3F, EA96C6BD98A701B465D0780EC10BDA92E45FE636D60C1385813AA3B456D8B931 ] WerSvc C:\WINDOWS\System32\WerSvc.dll 21:17:35.0954 0x2eb4 WerSvc - ok 21:17:35.0954 0x2eb4 [ BFBE1C5F57FE7A885673A1962D5532B7, F0BD05B257108699FE6AB32EF11F927C31932F27062A705B3FEFA4F5B4C0D8C3 ] WFPLWFS C:\WINDOWS\system32\DRIVERS\wfplwfs.sys 21:17:35.0986 0x2eb4 WFPLWFS - ok 21:17:35.0986 0x2eb4 [ E06AFE2F94BA7CFA2FE4FD2A449E60E2, 99A81E16366E9E77905D873B0246E4C11B383FE1E99E0E1D9A07FAD4E52EA9E4 ] WiaRpc C:\WINDOWS\System32\wiarpc.dll 21:17:36.0023 0x2eb4 WiaRpc - ok 21:17:36.0027 0x2eb4 [ 867BCC69ED9C31C501465EB0E8BA9DFA, 678B7FF4D4E8624514301956CDA7FB451159BBFC83FF2E4E5E7DADAE3C7AB2EC ] WIMMount C:\WINDOWS\system32\drivers\wimmount.sys 21:17:36.0049 0x2eb4 WIMMount - ok 21:17:36.0049 0x2eb4 WinDefend - ok 21:17:36.0080 0x2eb4 [ DD079EC8F44DCA3A176B345C6ADEFB66, 6CD9371B83EA23D2181891FAE1DB285BC111A78C35F374E57666ED09860C91A9 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll 21:17:36.0127 0x2eb4 WinHttpAutoProxySvc - ok 21:17:36.0142 0x2eb4 [ 9DB490F3E823C5C3C070644B96CB9D59, 81937D0B331E43C7C61514E60B3AD51370C5201F7B4D12F8534840D91EDC32DD ] Winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 21:17:36.0158 0x2eb4 Winmgmt - ok 21:17:36.0239 0x2eb4 [ 9CE162EB9057CF079736F4DD00FC0D6C, 412C34557866D2A3B3CDAFA5A03B87C01AACF75E349802E511098B20137028D9 ] WinRM C:\WINDOWS\system32\WsmSvc.dll 21:17:36.0426 0x2eb4 WinRM - ok 21:17:36.0458 0x2eb4 [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUSB C:\WINDOWS\System32\drivers\WinUSB.sys 21:17:36.0505 0x2eb4 WinUSB - ok 21:17:36.0536 0x2eb4 [ 3F5EF31C6AA204B099EE76497DF80A26, CBE648A4E7E1D98A3D8C72582C1CB3C2FD2329EAA24EE4DCAD271AAA6F4D82CE ] WlanSvc C:\WINDOWS\System32\wlansvc.dll 21:17:36.0623 0x2eb4 WlanSvc - ok 21:17:36.0654 0x2eb4 [ 5F56C0DE776C7AE43AF749845BFAA1EF, 837993C5853B7E682C7FB8401B7F5D951FFD15E5659EBB1B01DC3F5719ACEE19 ] wlidsvc C:\WINDOWS\system32\wlidsvc.dll 21:17:36.0717 0x2eb4 wlidsvc - ok 21:17:36.0717 0x2eb4 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi C:\WINDOWS\System32\drivers\wmiacpi.sys 21:17:36.0779 0x2eb4 WmiAcpi - ok 21:17:36.0779 0x2eb4 [ 7AFAC828F52D62F304A911EC32F42EEE, 4EDCF4149069413A166169F2E23F7505F47B39B7EC319E1EF6D2C46CD140AA24 ] wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe 21:17:36.0826 0x2eb4 wmiApSrv - ok 21:17:36.0842 0x2eb4 WMPNetworkSvc - ok 21:17:36.0842 0x2eb4 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof C:\WINDOWS\system32\drivers\Wof.sys 21:17:36.0859 0x2eb4 Wof - ok 21:17:36.0906 0x2eb4 [ 61BF52E9FFAB27A0B6D621BE26088373, 81291D52C381360E69D51E7DEB05CFAC651A7E9EF781CA23062C0583D0C94708 ] workfolderssvc C:\WINDOWS\system32\workfolderssvc.dll 21:17:36.0984 0x2eb4 workfolderssvc - ok 21:17:36.0984 0x2eb4 [ 182561A14F2E93E81E66FE3700D17A5A, FB9A06058A8BCCEDCDC5BF8899D9B2FBA5752C262C5FC6D2B8338884F3303D12 ] wpcfltr C:\WINDOWS\system32\DRIVERS\wpcfltr.sys 21:17:37.0000 0x2eb4 wpcfltr - ok 21:17:37.0000 0x2eb4 [ 4E6A0F60DA7EF050D3D26417CD4D24E9, E6B3BFB007B641D41F8532ED086F92CB3D86E210023DBFAA9AD8152A9FD33CCA ] WPCSvc C:\WINDOWS\System32\wpcsvc.dll 21:17:37.0031 0x2eb4 WPCSvc - ok 21:17:37.0047 0x2eb4 [ 618A19EB31ECA7B7F2AA0207BAF598A5, CB18CF9B781EAB3D775F8201F294A7135E058D6C963D2CC759DCA14D95EED538 ] WPDBusEnum C:\WINDOWS\system32\wpdbusenum.dll 21:17:37.0062 0x2eb4 WPDBusEnum - ok 21:17:37.0078 0x2eb4 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys 21:17:37.0078 0x2eb4 WpdUpFltr - ok 21:17:37.0094 0x2eb4 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl C:\WINDOWS\system32\drivers\ws2ifsl.sys 21:17:37.0109 0x2eb4 ws2ifsl - ok 21:17:37.0109 0x2eb4 [ 9654DE19551093CD73874281E1573C94, 5E3513EC0CB180D90904BE8970AB64A4434279E8C467AE2CF693254E47B1D11E ] wscsvc C:\WINDOWS\System32\wscsvc.dll 21:17:37.0140 0x2eb4 wscsvc - ok 21:17:37.0156 0x2eb4 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice C:\WINDOWS\System32\drivers\WSDPrint.sys 21:17:37.0172 0x2eb4 WSDPrintDevice - ok 21:17:37.0172 0x2eb4 WSearch - ok 21:17:37.0265 0x2eb4 [ 95B6670E6933E1DEE19686C55BE709A0, 4B9EB8F1712B7959A71F6DA445D29BD09B25EEFC6B30D736EFE30163D79B233E ] WSService C:\WINDOWS\System32\WSService.dll 21:17:37.0406 0x2eb4 WSService - ok 21:17:37.0500 0x2eb4 [ DCD090318EC800CF6275C6835900B0C6, 9E72762EEE46CC0606B909850E6D22E9C8E5C88E82F7C974B2B7C1E5160BEBA7 ] wuauserv C:\WINDOWS\system32\wuaueng.dll 21:17:37.0656 0x2eb4 wuauserv - ok 21:17:37.0656 0x2eb4 [ D537815E450A149752C15868392AD1F3, 8788CE493349299DB36E409C8CC3C6EA08301FA492C95D9D556E00BC13A05F13 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys 21:17:37.0719 0x2eb4 WudfPf - ok 21:17:37.0734 0x2eb4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys 21:17:37.0750 0x2eb4 WUDFRd - ok 21:17:37.0765 0x2eb4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFSensorLP C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 21:17:37.0781 0x2eb4 WUDFSensorLP - ok 21:17:37.0781 0x2eb4 [ 9CDC2059A23E3C9B57696178508777E7, B680A2E2EDA5C8C6A547E7D9B2F2F8E6407C3EA0A01B82A4B88D48A27913A597 ] wudfsvc C:\WINDOWS\System32\WUDFSvc.dll 21:17:37.0844 0x2eb4 wudfsvc - ok 21:17:37.0859 0x2eb4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdComp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 21:17:37.0875 0x2eb4 WUDFWpdComp - ok 21:17:37.0875 0x2eb4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 21:17:37.0906 0x2eb4 WUDFWpdFs - ok 21:17:37.0906 0x2eb4 [ 7CCBBCEE408A5DBE3FE47297DB5A6CFC, FB44B65B37B1C1A12C618E16BEF195EF861A87179B9216E43024C671C3AE052C ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 21:17:37.0922 0x2eb4 WUDFWpdMtp - ok 21:17:37.0937 0x2eb4 [ 2FA9794CA36147756F3FDFD6CA29B46F, 4B86DC38C2411C281686E9A4E64DA6FB2992E39391371F78E012D6D8BB85123F ] WwanSvc C:\WINDOWS\System32\wwansvc.dll 21:17:37.0984 0x2eb4 WwanSvc - ok 21:17:37.0984 0x2eb4 [ 24E57041608ED6A9D7FDAD0D9EC214E2, 895A16072F5EFFF57A7DCA21917540726BF816A2746EC47A066AAD363F69E5D7 ] XHCIPort C:\WINDOWS\System32\drivers\XHCIPort.sys 21:17:38.0000 0x2eb4 XHCIPort - ok 21:17:38.0015 0x2eb4 [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22 C:\WINDOWS\System32\drivers\xusb22.sys 21:17:38.0031 0x2eb4 xusb22 - ok 21:17:38.0125 0x2eb4 [ 2AC426C57AC3D6A226D66E5A03223C90, 45AD44153D280E4066BA62260CE7733AC3DC23D59951BBCC0F8D4F5226F97203 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe 21:17:38.0219 0x2eb4 ZeroConfigService - ok 21:17:38.0234 0x2eb4 ================ Scan global =============================== 21:17:38.0250 0x2eb4 [ C89780A6F58D113C28A96D85D1261DC5, 185114F33A60916C7904E4A0F278CA43258454343E614F01F0DAFA98BAC981B1 ] C:\WINDOWS\system32\basesrv.dll 21:17:38.0266 0x2eb4 [ 00DD4D2ACC2E72155A8AAA82018BEC0D, 9D7CA68B4A81240477FCC85A3CC11EF986093F9D6228A6C5AC608EDAD664068C ] C:\WINDOWS\system32\winsrv.dll 21:17:38.0344 0x2eb4 [ 9C1833ABD62876856836C5AE55C7CE86, 0A21E2C8B2FF3B0438C86DA7151A548F9C6F5C62CD402CBBEDB435994C8508F1 ] C:\WINDOWS\system32\sxssrv.dll 21:17:38.0391 0x2eb4 [ 067CB90C277DB4A737D5DEABA3055972, C681BF013170F2D92A3FC4D783FC3F200CDC0C8173373B7ECC27FCF32A03CCBD ] C:\WINDOWS\system32\services.exe 21:17:38.0391 0x2eb4 [ Global ] - ok 21:17:38.0391 0x2eb4 ================ Scan MBR ================================== 21:17:38.0406 0x2eb4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0 21:17:38.0500 0x2eb4 \Device\Harddisk0\DR0 - ok 21:17:38.0500 0x2eb4 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1 21:17:38.0516 0x2eb4 \Device\Harddisk1\DR1 - ok 21:17:38.0516 0x2eb4 ================ Scan VBR ================================== 21:17:38.0516 0x2eb4 [ 1438537CCBA5C5213540520D3428F8D8 ] \Device\Harddisk0\DR0\Partition1 21:17:38.0558 0x2eb4 \Device\Harddisk0\DR0\Partition1 - ok 21:17:38.0561 0x2eb4 [ 9CA09A826D0FBF4664F5381E6706918F ] \Device\Harddisk0\DR0\Partition2 21:17:38.0608 0x2eb4 \Device\Harddisk0\DR0\Partition2 - ok 21:17:38.0624 0x2eb4 [ 1E70D07EDBAC0FF4A6B4DF281D714E6B ] \Device\Harddisk0\DR0\Partition3 21:17:38.0624 0x2eb4 \Device\Harddisk0\DR0\Partition3 - ok 21:17:38.0624 0x2eb4 [ 70412B0EE432D22D7B30E03C87069AAB ] \Device\Harddisk0\DR0\Partition4 21:17:38.0686 0x2eb4 \Device\Harddisk0\DR0\Partition4 - ok 21:17:38.0686 0x2eb4 [ 0026BE25AC81D74476FE1EAC582D09A0 ] \Device\Harddisk0\DR0\Partition5 21:17:38.0765 0x2eb4 \Device\Harddisk0\DR0\Partition5 - ok 21:17:38.0765 0x2eb4 [ 732DD709352A0AD9A20B898DA11280A6 ] \Device\Harddisk0\DR0\Partition6 21:17:38.0765 0x2eb4 \Device\Harddisk0\DR0\Partition6 - ok 21:17:38.0765 0x2eb4 [ 8E6AA99878DC571F5F6D3087CEFA21A4 ] \Device\Harddisk0\DR0\Partition7 21:17:38.0765 0x2eb4 \Device\Harddisk0\DR0\Partition7 - ok 21:17:38.0765 0x2eb4 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1 21:17:38.0765 0x2eb4 \Device\Harddisk1\DR1\Partition1 - ok 21:17:38.0765 0x2eb4 ================ Scan generic autorun ====================== 21:17:38.0827 0x2eb4 [ D7D635B9E23DB30FB8213CED2DE15146, F4666ED2D478649471C0EC311A0654616699F295623D98B5C057BBD4608D3F90 ] C:\Program Files\Elantech\ETDCtrl.exe 21:17:38.0936 0x2eb4 ETDCtrl - ok 21:17:38.0968 0x2eb4 [ 8970A59A838FF1CDC3D62D85823AA61E, 5842DAFD20C1A024CF8984652A08D12DBA1DE15788794D01FF6070D4E24D2479 ] C:\Program Files\CONEXANT\SA3\SACpl.exe 21:17:39.0077 0x2eb4 SmartAudio - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:41.0518 0x2eb4 Detect skipped due to KSN trusted 21:17:41.0518 0x2eb4 SmartAudio - ok 21:17:41.0534 0x2eb4 IntelTBRunOnce - ok 21:17:41.0534 0x2eb4 BTMTrayAgent - ok 21:17:41.0753 0x2eb4 [ 1539331FFDB2D977BFF14F5737F5063E, 29C6CDEDA01D406BEE2B6E06CC42491A9EA89E45751D92DB4A2E9C017527B44A ] C:\Program Files\Logitech Gaming Software\LCore.exe 21:17:41.0987 0x2eb4 Launch LCore - ok 21:17:42.0034 0x2eb4 [ ED43758BF94B8A5221D69F1B7F63F13D, F6E7418823E45085F4D4F50DD25A55ED517C0A335C6C2F69A1139B30677D3DA9 ] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe 21:17:42.0097 0x2eb4 XboxStat - ok 21:17:42.0222 0x2eb4 [ 2D389C06CB1A2114628625A9FF063CC7, 5831EBE9FAC0478561FA13E418C581124E7C5DA7A737976EE29D1C9CFFEC7985 ] C:\Program Files\Dell\QuickSet\QuickSet.exe 21:17:42.0393 0x2eb4 QuickSet - ok 21:17:42.0393 0x2eb4 [ 4A0477ADCD07EC9D21257A2E456B16C5, CEF9C81730C12283A7600C3D921D89A62B14D1C46544B493F3AF7520DD2D1F79 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe 21:17:42.0440 0x2eb4 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:44.0914 0x2eb4 Detect skipped due to KSN trusted 21:17:44.0914 0x2eb4 IAStorIcon - ok 21:17:44.0914 0x2eb4 [ ED77575498921FE61B53A5EBB1F4136B, C52D3451F34E5115A1AAA424DC8F0A7A2AA3468726BA1873F0BCCFE1480FCB57 ] C:\WINDOWS\system32\igfxtray.exe 21:17:44.0945 0x2eb4 IgfxTray - ok 21:17:44.0960 0x2eb4 [ F31985811DD87B61708B0E8484E88216, A61C4B48AFF70455FBD989FBAC3C9CF8C4C1425CF1F94296660036CF6E0E2B04 ] C:\WINDOWS\system32\hkcmd.exe 21:17:45.0007 0x2eb4 HotKeysCmds - ok 21:17:45.0023 0x2eb4 [ C89C68961854E7A67946BE47D44EFAF4, 954EE4BF56F9602B6275B6F852BBB5F739147B3D1395AC07A02BDE0027828CFF ] C:\WINDOWS\system32\igfxpers.exe 21:17:45.0054 0x2eb4 Persistence - ok 21:17:45.0109 0x2eb4 [ 724CB7A116F7E1A67009D751BCF86586, F0C4BE7451C5573AD584F5EF125C0702841E30D928909B5B3EA702831EF2FD9B ] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe 21:17:45.0124 0x2eb4 CLMLServer_For_P2G8 - ok 21:17:45.0140 0x2eb4 [ 3A632F4EA3386DFEE9D8FDE68C34EFE0, 481B3732D47E3738F74C073CEA41CAD3AF64F702FD42ECCE6551B53AFDAE72AD ] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe 21:17:45.0218 0x2eb4 CLVirtualDrive - ok 21:17:45.0249 0x2eb4 [ 9388FBA0B9985B18B3693A32B530A16B, F3C3DCDB4D66433EB33C7BA3BD1B8B80E8E67E6B3614DDF37EE77FEA143015B3 ] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe 21:17:45.0265 0x2eb4 RemoteControl10 - ok 21:17:45.0280 0x2eb4 [ CABB69996A83388978D7C6CFA544D0F5, EA8BCFEC6ECC0DC7D9C126FC1E8F9B324B40DC2B598198A5EA6D636D6C17EB52 ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe 21:17:45.0327 0x2eb4 BlueStacks Agent - ok 21:17:45.0452 0x2eb4 [ AF49D1C79EA49A7833017F290EE63B82, FFE98E8F6AE3BFAB324B3A7C6C6C00545C597A6861CBDD82ACE97591C6A1D287 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe 21:17:45.0609 0x2eb4 SDTray - ok 21:17:45.0609 0x2eb4 Wondershare Helper Compact.exe - ok 21:17:45.0624 0x2eb4 [ CE5C9977DA751DDC30952AC4DCBCA788, 295172C4681E9AC27121122CDD2BA6F2A62435917A083CC8490D584CA0164BE6 ] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe 21:17:45.0640 0x2eb4 HP Software Update - ok 21:17:45.0687 0x2eb4 [ CB039EF8D06E2AC75119D397FC883CAC, A43D152CE46FDA95C355CBFE44DE6F985DCD0107AC2840AD90A1808AD48F70EC ] C:\Program Files (x86)\Steam\Steam.exe 21:17:45.0749 0x2eb4 Steam - ok 21:17:45.0749 0x2eb4 [ D899CE3E9FC5A747C7316B8E7EC7C33E, 8206FB98699759CD360857B44B745AA10C384D0E47F4293F848E11631A81099C ] C:\Program Files\TaskmgrPro\TaskmpStart.exe 21:17:45.0792 0x2eb4 TaskmgrPro - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:48.0245 0x2eb4 Detect skipped due to KSN trusted 21:17:48.0245 0x2eb4 TaskmgrPro - ok 21:17:48.0261 0x2eb4 [ D7EC6B4A2557A9F5726C7C1F1D4355D5, D3B92D99FEC3F8B20BD16BFEBE5D1FE4834C12710F679762D6E16EDD9AD1C15C ] C:\Program Files (x86)\Overwolf\Overwolf.exe 21:17:48.0276 0x2eb4 Overwolf - ok 21:17:48.0323 0x2eb4 [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe 21:17:48.0401 0x2eb4 HP Officejet 6500 E710n-z (NET) - ok 21:17:48.0417 0x2eb4 [ 40ADA4963225D142B831D0551151210E, 3E6DB8F6FBFED4CC81FA6BF8E4280F4B02A2BDBBD10396F2887412D1DF2137CE ] C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms 21:17:48.0542 0x2eb4 DellSystemDetect - detected UnsignedFile.Multi.Generic ( 1 ) 21:17:51.0037 0x2eb4 DellSystemDetect ( UnsignedFile.Multi.Generic ) - warning 21:17:51.0037 0x2eb4 Force sending object to P2P due to detect: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms 21:17:53.0521 0x2eb4 Object send P2P result: true 21:17:55.0952 0x2eb4 [ 00E10C74F2C0350277B5B0500D51D7D2, 92A41B0CCACE751DDBF0369354FC5182B94B035775CE79BE96C0CF6E944B9024 ] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe 21:17:56.0030 0x2eb4 Sony PC Companion - ok 21:17:56.0030 0x2eb4 GoogleDriveSync - ok 21:17:56.0030 0x2eb4 Skype - ok 21:17:56.0202 0x2eb4 [ B2BAE2D76FBE9FDC3F6E0D1F886DF367, 964EBF736891BE252C68FCE1F9EAD5E60E6E0C2119D21C6DF49FBD30FBB678EF ] C:\Program Files\CCleaner\CCleaner64.exe 21:17:56.0483 0x2eb4 CCleaner Monitoring - ok 21:17:56.0530 0x2eb4 [ 2A65AE735E0C439762072787AD61FA07, 19E4A96924BBD51F45DD5D34D18B16D614779F508B3DF5895DF2218043BEF0E0 ] C:\Program Files (x86)\Windows Mail\wab.exe 21:17:56.0624 0x2eb4 WAB Migrate - ok 21:17:56.0624 0x2eb4 Waiting for KSN requests completion. In queue: 3 21:17:57.0640 0x2eb4 Waiting for KSN requests completion. In queue: 3 21:17:58.0655 0x2eb4 Waiting for KSN requests completion. In queue: 3 21:17:59.0693 0x2eb4 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.6.305.0 ), 0x60100 ( disabled : updated ) 21:17:59.0725 0x2eb4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated ) 21:17:59.0740 0x2eb4 Win FW state via NFP2: enabled 21:18:02.0100 0x2eb4 ============================================================ 21:18:02.0100 0x2eb4 Scan finished 21:18:02.0100 0x2eb4 ============================================================ 21:18:02.0100 0x0200 Detected object count: 1 21:18:02.0100 0x0200 Actual detected object count: 1 21:26:30.0953 0x0200 DellSystemDetect ( UnsignedFile.Multi.Generic ) - skipped by user 21:26:30.0953 0x0200 DellSystemDetect ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:13:24.0455 0x2498 Deinitialize success - - - - - - Malwarebytes Anti-Rootkit BETA 1.08.2.1001 www.malwarebytes.org Database version: v2015.01.06.11 Windows 8.1 x64 NTFS Internet Explorer 11.0.9600.17498 "MEIN NAME" :: "MEIN NAME"PC [administrator] 06.01.2015 21:39:56 mbar-log-2015-01-06 (21-39-56).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 445393 Time elapsed: 31 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
|
07.01.2015, 09:01
| #5 |
| /// the machine /// TB-Ausbilder | Trojaner durch Fake- Deutsche Post Mail eingefangen So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.01.2015, 21:50
| #6 |
| | Trojaner durch Fake- Deutsche Post Mail eingefangen Hallo! Tut mir Leid für das Zeichenarmageddon. -Bei mir schlägt, egal bei was, immer der "Backup Registry"- Befehl fehl. Weißt du warum? Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.01.2015 Suchlauf-Zeit: 19:45:46 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.07.12 Rootkit Datenbank: v2015.01.07.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: "MEIN NAME" Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 419742 Verstrichene Zeit: 17 Min, 53 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 1 PUP.Optional.MySpeedDial.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff, In Quarantäne, [1088cb29b6d32d09cc1293a99b6801ff], Dateien: 15 PUP.Optional.Spigot, C:\Users\"MEIN NAME"\Desktop\YTDSetup.exe, In Quarantäne, [f5a3d22286036dc9ef060cafef12f907], PUP.Optional.OpenCandy, C:\Users\"MEIN NAME"\Downloads\FreemakeVideoConverterSetup_4.0.4.3.exe, In Quarantäne, [0494698b90f935010390db53b8498d73], PUP.Optional.BundleInstaller.A, C:\Users\"MEIN NAME"\Downloads\voxware-metasound-audio-codec-windows-downloader.exe, In Quarantäne, [4e4afff508815cda001436595aa7c63a], Hacktool.Agent, C:\Users\"MEIN NAME"\Downloads\Windows Loader v2.2.2 (1).rar, In Quarantäne, [41573cb85a2fc5713478f77351b0c23e], Hacktool.Agent, C:\Users\"MEIN NAME"\Downloads\Windows Loader v2.2.2.rar, In Quarantäne, [7325b73df0997cba6a423733ce33dd23], PUP.Optional.OpenCandy, C:\Users\"MEIN NAME"\Downloads\DTLite4471-0333.exe, In Quarantäne, [efa9de165633171f1b49efc36c99867a], PUP.Optional.Spigot.A, C:\Users\"MEIN NAME"\Downloads\YTD471Setup.exe, In Quarantäne, [a2f64da76821a195df0d54d2cc34a15f], PUP.Optional.SmartBar.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_amfclgbdpgndipgoegfpkkgobahigbcl_0.localstorage, In Quarantäne, [1187876dfa8f74c20646acc050b3649c], PUP.Optional.MySpeedDial.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000005.ldb, In Quarantäne, [1088cb29b6d32d09cc1293a99b6801ff], PUP.Optional.MySpeedDial.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\000006.log, In Quarantäne, [1088cb29b6d32d09cc1293a99b6801ff], PUP.Optional.MySpeedDial.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\CURRENT, In Quarantäne, [1088cb29b6d32d09cc1293a99b6801ff], PUP.Optional.MySpeedDial.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOCK, In Quarantäne, [1088cb29b6d32d09cc1293a99b6801ff], PUP.Optional.MySpeedDial.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG, In Quarantäne, [1088cb29b6d32d09cc1293a99b6801ff], PUP.Optional.MySpeedDial.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\LOG.old, In Quarantäne, [1088cb29b6d32d09cc1293a99b6801ff], PUP.Optional.MySpeedDial.A, C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pflphaooapbgpeakohlggbpidpppgdff\MANIFEST-000004, In Quarantäne, [1088cb29b6d32d09cc1293a99b6801ff], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.106 - Bericht erstellt am 07/01/2015 um 20:32:06
# Aktualisiert 21/12/2014 von Xplode
# Database : 2015-01-03.1 [Live]
# Betriebssystem : Windows 8.1 Pro (64 bits)
# Benutzername : "MEIN NAME" - "MEIN NAME"PC
# Gestartet von : C:\Users\"MEIN NAME"\Downloads\AdwCleaner_4.106 (2).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v24.0 (de)
-\\ Google Chrome v39.0.2171.95
-\\ Opera v25.0.1614.71
*************************
AdwCleaner[R0].txt - [4606 octets] - [19/09/2013 14:32:42]
AdwCleaner[R10].txt - [2074 octets] - [13/02/2014 14:22:20]
AdwCleaner[R11].txt - [4040 octets] - [05/03/2014 02:43:35]
AdwCleaner[R12].txt - [2519 octets] - [15/04/2014 15:09:03]
AdwCleaner[R13].txt - [3195 octets] - [23/04/2014 20:06:32]
AdwCleaner[R14].txt - [8305 octets] - [22/05/2014 17:13:53]
AdwCleaner[R15].txt - [2877 octets] - [07/06/2014 23:14:28]
AdwCleaner[R16].txt - [6720 octets] - [22/09/2014 19:39:56]
AdwCleaner[R17].txt - [5286 octets] - [19/12/2014 23:13:11]
AdwCleaner[R18].txt - [3037 octets] - [04/01/2015 19:42:20]
AdwCleaner[R19].txt - [3073 octets] - [04/01/2015 20:08:11]
AdwCleaner[R1].txt - [1035 octets] - [19/09/2013 14:47:47]
AdwCleaner[R20].txt - [3195 octets] - [04/01/2015 21:04:26]
AdwCleaner[R21].txt - [3256 octets] - [04/01/2015 23:47:41]
AdwCleaner[R22].txt - [3468 octets] - [07/01/2015 20:29:57]
AdwCleaner[R2].txt - [1219 octets] - [21/09/2013 02:48:12]
AdwCleaner[R3].txt - [1148 octets] - [04/10/2013 16:20:34]
AdwCleaner[R4].txt - [5711 octets] - [10/10/2013 19:29:38]
AdwCleaner[R5].txt - [6979 octets] - [12/11/2013 13:20:14]
AdwCleaner[R6].txt - [5692 octets] - [24/12/2013 17:25:12]
AdwCleaner[R7].txt - [7098 octets] - [11/01/2014 13:38:50]
AdwCleaner[R8].txt - [1833 octets] - [04/02/2014 12:55:55]
AdwCleaner[R9].txt - [7604 octets] - [13/02/2014 14:06:44]
AdwCleaner[S0].txt - [4619 octets] - [19/09/2013 14:34:27]
AdwCleaner[S10].txt - [4010 octets] - [05/03/2014 02:44:34]
AdwCleaner[S11].txt - [2479 octets] - [15/04/2014 15:27:06]
AdwCleaner[S12].txt - [3259 octets] - [23/04/2014 20:18:26]
AdwCleaner[S13].txt - [7436 octets] - [22/05/2014 17:14:45]
AdwCleaner[S14].txt - [2893 octets] - [07/06/2014 23:15:19]
AdwCleaner[S15].txt - [6622 octets] - [22/09/2014 19:41:18]
AdwCleaner[S16].txt - [5120 octets] - [19/12/2014 23:18:56]
AdwCleaner[S17].txt - [3053 octets] - [04/01/2015 19:44:54]
AdwCleaner[S18].txt - [3135 octets] - [04/01/2015 20:58:30]
AdwCleaner[S19].txt - [3318 octets] - [04/01/2015 23:53:13]
AdwCleaner[S1].txt - [1097 octets] - [19/09/2013 14:48:43]
AdwCleaner[S20].txt - [2861 octets] - [07/01/2015 20:32:06]
AdwCleaner[S2].txt - [1227 octets] - [21/09/2013 02:49:04]
AdwCleaner[S3].txt - [5476 octets] - [10/10/2013 19:30:19]
AdwCleaner[S4].txt - [5841 octets] - [12/11/2013 13:20:52]
AdwCleaner[S5].txt - [10630 octets] - [12/11/2013 13:30:57]
AdwCleaner[S6].txt - [6983 octets] - [11/01/2014 13:42:11]
AdwCleaner[S7].txt - [1894 octets] - [04/02/2014 12:57:54]
AdwCleaner[S8].txt - [7257 octets] - [13/02/2014 14:07:26]
AdwCleaner[S9].txt - [2135 octets] - [13/02/2014 14:23:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S20].txt - [3403 octets] ##########
[/CODE] Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Pro x64
Ran by "MEIN NAME" on 07.01.2015 at 20:51:18.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\"MEIN NAME"\AppData\Roaming\pcdr"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.01.2015 at 20:59:44.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by "MEIN NAME" (administrator) on "MEIN NAME"PC on 07-01-2015 21:32:57 Running from C:\Users\"MEIN NAME"\Downloads Loaded Profile: "MEIN NAME" (Available profiles: "MEIN NAME" & Administrator) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (CrossLoop) C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (HP) C:\Windows\System32\HPSIsvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe () C:\Program Files\TaskmgrPro\TaskmgrPro.exe (Dell) C:\Users\"MEIN NAME"\AppData\Local\Apps\2.0\C8ZALKY8.C7R\63MY89XB.YXL\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (phase6) C:\Program Files (x86)\phase6\phase6_19\WinStart\WinStart.exe (Dropbox, Inc.) C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe (Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5773640 2013-08-22] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [TaskmgrPro] => C:\Program Files\TaskmgrPro\TaskmpStart.exe [92504 2013-09-05] () HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [35768 2013-12-09] (Overwolf) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [DellSystemDetect] => C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: E - "E:\Autorun.exe" HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {286156db-5ad5-11e4-bf0f-e0db55d136b3} - "E:\SISetup.exe" HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {94b87bbb-af70-11e3-bed0-e0db55d136b3} - "E:\Startme.exe" HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {e3f38ccb-91dc-11e4-bf1b-6036dda89aa7} - "E:\HTC_Sync_Manager_PC.exe" Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\WinStart.exe (phase6) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk ShortcutTarget: DesktopEarth AutoStart.lnk -> C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe () Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UDPixel.lnk ShortcutTarget: UDPixel.lnk -> C:\Program Files (x86)\UDPixel\UDPixel.exe (hxxp://sam100.free.fr/UDPixel) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-2901914888-2273405363-3910051971-1001] => http=127.0.0.1:49244;https=127.0.0.1:49244 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: https://www.google.com/?trackid=sp-006 FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\DigitalPersona\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.) FF Plugin HKU\S-1-5-21-2901914888-2273405363-3910051971-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default\searchplugins\google-avast.xml FF Extension: Firefox Old Version Update Hotfix - C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-29] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2013-01-28] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-14] FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://de.wikipedia.org/wiki/Solid-State-Drive", "hxxp://hukd.mydealz.de/deals/kaufe-mario-kart-8-und-bekomme-eins-von-10-wii-u-spielen-gratis-348180", "hxxp://hukd.mydealz.de/deals/rowenta-vu2540-turbo-silence-hochwertiger-tischventilator-57-vergleichspreis-68-364229", "hxxp://www.ebay.de/itm/Screw-Propeller-Flying-Style-Digital-Alarm-Clock-H443-/280480463541?clk_rvr_id=648712950446", "hxxp://hukd.mydealz.de/deals/apple-iphone-16-gb-bei-24-mobile-552-669?page=3", "hxxp://www.meinestadt.de/deutschland/jobinfo/ausbildung-info", "hxxp://www.0180.info/", "Trojaner-Board - Viren und Trojaner entfernen - kostenlos "http://www.trojaner-board.de/search....chid=2734463", "hxxp://www.drk-intern.de/adressen/kreisverbaende/detail/0616/", "hxxp://hukd.mydealz.de/deals/fl%C3%BCge-island-basel-51-hin-und-zur%C3%BCck-reise-1-woche-island-flug-transfer-3-hotel-181-391824", "https://www.facebook.com/VirginRadioLebanon/photos/a.355063757936301.1073741826.275155342593810/493895747386434/?type=1&theater", "https://www.youtube.com/watch?v=kvDjMGgAJF8", "https://www.youtube.com/watch?v=Yc8bzl6dqQI&list=UUJ98xGeWxpuKDAb2-Xs01Ug", "https://www.youtube.com/watch?v=BQ2pHDId9xk", "hxxp://hukd.mydealz.de/deals/real-bundesweit-kw48-2x-wilkison-hydro-3-rasierklingen-4-st%C3%BCck-8-klingen-4-87-0-434918", "hxxp://www.amazon.de/Klarstein-Lichtdusche-Summershine-Tageslichtlampe-wohltemperiertes/dp/B00FL1FBPC/ref=cm_cr_pr_product_top", "https://www.qipu.de/" CHR Profile: C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Media Hint) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2014-04-06] CHR Extension: (Angry Birds) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-17] CHR Extension: (Google Docs) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-17] CHR Extension: (Google Drive) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-17] CHR Extension: (Adblock Plus) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-17] CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-09-17] CHR Extension: (Google-Suche) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-17] CHR Extension: (Avast Online Security) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-17] CHR Extension: (Google Maps) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-09-17] CHR Extension: (Google Wallet) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17] CHR Extension: (Better Pop Up Blocker) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-17] CHR Extension: (Bungalow) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo [2013-09-20] CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-07-01] CHR Extension: (Google Mail) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-17] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed] R2 CrossLoopService; C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop) R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-07] (Conexant Systems, Inc.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [File not signed] R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [124536 2012-12-25] (HP) [File not signed] R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH) S3 tvnserver; C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.) R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] () R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2013-12-29] (AVG Technologies) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.) R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] () R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] () R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.) S3 intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [8982208 2012-07-25] (Intel Corporation) [File not signed] R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-11-28] (Marvell Semiconductor, Inc.) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] () S3 s0017bus; C:\Windows\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\system32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\system32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\system32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\system32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\system32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics) R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 21:32 - 2015-01-07 21:32 - 00000000 ____D () C:\Users\"MEIN NAME"\Downloads\FRST-OlderVersion 2015-01-07 20:59 - 2015-01-07 20:59 - 00000752 _____ () C:\Users\"MEIN NAME"\Desktop\JRT.txt 2015-01-07 20:46 - 2015-01-07 20:46 - 01707939 _____ (Thisisu) C:\Users\"MEIN NAME"\Downloads\JRT (1).exe 2015-01-07 20:34 - 2015-01-07 20:34 - 00000197 _____ () C:\windows\system32\2015-01-07-19-34-55.031-AvastVBoxSVC.exe-3568.log 2015-01-07 20:29 - 2015-01-07 20:29 - 02173952 _____ () C:\Users\"MEIN NAME"\Downloads\AdwCleaner_4.106 (2).exe 2015-01-07 20:28 - 2015-01-07 20:28 - 00003978 _____ () C:\mbam.txt 2015-01-07 20:27 - 2015-01-07 20:27 - 00003986 _____ () C:\MALWARE test.txt 2015-01-07 20:09 - 2015-01-07 20:32 - 00006244 _____ () C:\windows\PFRO.log 2015-01-07 20:09 - 2015-01-07 20:09 - 00000197 _____ () C:\windows\system32\2015-01-07-19-09-44.051-AvastVBoxSVC.exe-3968.log 2015-01-07 19:36 - 2015-01-07 19:36 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-07 19:36 - 2015-01-07 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-07 19:36 - 2015-01-07 19:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-07 19:36 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-01-07 19:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-01-07 19:32 - 2015-01-07 19:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\"MEIN NAME"\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-07 19:26 - 2015-01-07 19:26 - 00001286 _____ () C:\Users\"MEIN NAME"\Desktop\Revo Uninstaller.lnk 2015-01-07 19:26 - 2015-01-07 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-07 19:25 - 2015-01-07 19:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\"MEIN NAME"\Downloads\revosetup95 (1).exe 2015-01-07 01:37 - 2015-01-07 01:37 - 00007334 _____ () C:\Users\"MEIN NAME"\Desktop\blabla célinefail.odt 2015-01-06 21:39 - 2015-01-07 20:49 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-06 21:39 - 2015-01-07 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-06 21:39 - 2015-01-06 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-06 21:36 - 2015-01-06 22:13 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\mbar 2015-01-06 21:36 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-01-06 21:12 - 2015-01-06 21:12 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\"MEIN NAME"\Desktop\TDSSKiller42.exe 2015-01-06 21:09 - 2015-01-06 21:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\"MEIN NAME"\Downloads\mbar-1.08.2.1001.exe 2015-01-06 21:07 - 2015-01-06 21:07 - 01991306 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate_2015_01.zip 2015-01-06 21:07 - 2015-01-06 21:07 - 01174352 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate Wallpaper Jessica Ashley - CHIP-Installer.exe 2015-01-06 21:07 - 2015-01-06 21:07 - 00000000 __SHD () C:\Users\"MEIN NAME"\AppData\Local\EmieBrowserModeList 2015-01-06 20:54 - 2015-01-06 20:54 - 00012838 _____ () C:\Users\"MEIN NAME"\Desktop\an den Trojaner-Board Helfer SChraube.odt 2015-01-06 19:41 - 2015-01-07 20:53 - 00209290 _____ () C:\windows\WindowsUpdate.log 2015-01-06 19:10 - 2015-01-06 19:10 - 00054941 _____ () C:\Users\"MEIN NAME"\Downloads\Addition.txt 2015-01-06 18:42 - 2015-01-06 18:42 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-06 18:39 - 2015-01-06 18:40 - 04188536 _____ (Piriform Ltd) C:\Users\"MEIN NAME"\Downloads\ccsetup501_slim.exe 2015-01-06 18:11 - 2015-01-06 18:11 - 00003292 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-2901914888-2273405363-3910051971-1001 2015-01-05 04:36 - 2015-01-05 04:36 - 00000197 _____ () C:\windows\system32\2015-01-05-03-36-40.091-AvastVBoxSVC.exe-3980.log 2015-01-04 21:35 - 2015-01-04 21:35 - 01707939 _____ (Thisisu) C:\Users\"MEIN NAME"\Downloads\JRT.exe 2015-01-04 21:01 - 2015-01-04 21:01 - 00000197 _____ () C:\windows\system32\2015-01-04-20-01-42.003-AvastVBoxSVC.exe-1308.log 2015-01-04 19:57 - 2015-01-04 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2015-01-04 19:56 - 2015-01-04 19:56 - 00000197 _____ () C:\windows\system32\2015-01-04-18-56-48.003-AvastVBoxSVC.exe-4104.log 2015-01-04 19:42 - 2015-01-04 19:42 - 02173952 _____ () C:\Users\"MEIN NAME"\Downloads\adwcleaner_4.106.exe 2015-01-04 19:42 - 2015-01-04 19:42 - 02173952 _____ () C:\Users\"MEIN NAME"\Downloads\adwcleaner_4.106 (1).exe 2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\HTC 2015-01-04 19:37 - 2015-01-07 20:33 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\HTC MediaHub 2015-01-04 19:37 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\HTC 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Apple Computer 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Apple Computer 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\.android 2015-01-04 19:36 - 2015-01-04 19:36 - 00002049 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2015-01-04 19:34 - 2015-01-04 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2015-01-04 19:34 - 2015-01-04 19:34 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications 2015-01-04 19:30 - 2015-01-04 19:36 - 00000000 ____D () C:\Program Files (x86)\HTC 2015-01-04 19:30 - 2015-01-04 19:30 - 00000000 ____D () C:\ProgramData\HTC 2014-12-30 16:13 - 2014-12-30 16:13 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\Meine empfangenen Dateien 2014-12-27 17:45 - 2014-12-27 17:45 - 01344495 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate_2014_11.zip 2014-12-27 17:44 - 2014-12-27 17:44 - 01174352 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate Wallpaper Annetta Negare - CHIP-Installer.exe 2014-12-27 11:18 - 2014-12-27 11:18 - 00000197 _____ () C:\windows\system32\2014-12-27-10-18-09.025-AvastVBoxSVC.exe-4108.log 2014-12-19 23:22 - 2014-12-19 23:22 - 00000197 _____ () C:\windows\system32\2014-12-19-22-22-04.069-AvastVBoxSVC.exe-3952.log 2014-12-15 22:09 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-12-15 22:09 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-12-15 13:00 - 2014-12-15 13:00 - 00000197 _____ () C:\windows\system32\2014-12-15-12-00-25.092-AvastVBoxSVC.exe-3880.log 2014-12-15 13:00 - 2014-12-15 13:00 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery 2014-12-15 11:31 - 2014-12-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-15 11:31 - 2014-12-15 11:31 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-14 01:41 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupStatusProvider.dll 2014-12-14 01:41 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-14 01:41 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2014-12-14 01:41 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2014-12-14 01:29 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-12-14 01:29 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-12-14 01:29 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-12-14 01:29 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-12-14 01:29 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll 2014-12-14 01:29 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll 2014-12-14 01:29 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys 2014-12-14 01:28 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-12-14 01:28 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-12-14 01:28 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2014-12-14 01:28 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-12-14 01:28 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-12-14 01:28 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-12-14 01:28 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-12-14 01:28 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-12-14 01:28 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2014-12-14 01:28 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2014-12-14 01:28 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-12-14 01:28 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-12-14 01:28 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-12-14 01:28 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2014-12-14 01:28 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2014-12-14 01:28 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2014-12-14 01:28 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-12-14 01:28 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-12-14 01:28 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-12-14 01:28 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-12-14 01:28 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-12-14 01:28 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-12-14 01:28 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2014-12-14 01:28 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-12-14 01:28 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-12-14 01:28 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2014-12-14 01:28 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-12-14 01:28 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2014-12-14 01:28 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-12-14 01:28 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-12-14 01:28 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-12-14 01:28 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-12-14 01:28 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-12-14 01:28 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-12-14 01:28 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-12-14 01:28 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-12-14 01:28 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-12-11 23:14 - 2014-12-11 23:49 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\für mama, kindergeldstelle 2014-12-11 01:08 - 2014-12-11 01:10 - 00016753 _____ () C:\Users\"MEIN NAME"\Desktop\Präsentation.odp 2014-12-08 23:53 - 2014-12-08 23:53 - 00007334 _____ () C:\Users\"MEIN NAME"\Desktop\OpenDocument Text (neu) (3).odt ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-07 21:33 - 2014-07-10 07:13 - 00000000 ____D () C:\FRST 2015-01-07 21:32 - 2014-07-10 08:48 - 02124288 _____ (Farbar) C:\Users\"MEIN NAME"\Downloads\FRST64.exe 2015-01-07 21:32 - 2014-07-10 07:57 - 00037554 _____ () C:\Users\"MEIN NAME"\Downloads\FRST.txt 2015-01-07 21:31 - 2013-12-16 04:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-07 21:11 - 2013-09-20 02:44 - 00000418 _____ () C:\windows\Tasks\WpsUpdateTask_"MEIN NAME".job 2015-01-07 21:02 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru 2015-01-07 20:57 - 2013-09-17 12:09 - 00001142 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-07 20:56 - 2013-09-17 12:15 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2901914888-2273405363-3910051971-1001 2015-01-07 20:45 - 2013-09-30 05:14 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-07 20:45 - 2013-09-30 04:56 - 00766620 _____ () C:\windows\system32\perfh007.dat 2015-01-07 20:45 - 2013-09-30 04:56 - 00159902 _____ () C:\windows\system32\perfc007.dat 2015-01-07 20:40 - 2013-01-28 17:02 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-01-07 20:34 - 2014-08-11 04:05 - 00000000 ___RD () C:\Users\"MEIN NAME"\Dropbox 2015-01-07 20:34 - 2014-08-11 04:02 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox 2015-01-07 20:34 - 2014-07-07 15:17 - 00003308 _____ () C:\windows\System32\Tasks\Intel(R) Rapid Start Technology Manager 2015-01-07 20:33 - 2014-02-03 23:33 - 00000000 ___RD () C:\Users\"MEIN NAME"\SkyDrive 2015-01-07 20:33 - 2014-01-07 21:53 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Deployment 2015-01-07 20:33 - 2013-09-20 11:32 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\PasswordSafe 2015-01-07 20:32 - 2013-09-19 14:32 - 00000000 ____D () C:\AdwCleaner 2015-01-07 20:32 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-07 20:32 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI 2015-01-07 20:11 - 2013-09-20 00:05 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\stickies 2015-01-07 20:09 - 2013-11-12 22:47 - 00000000 ___DC () C:\windows\Panther 2015-01-07 19:31 - 2014-05-22 17:11 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\WorldofTanks 2015-01-07 19:01 - 2013-08-22 16:36 - 00262144 _____ () C:\windows\system32\config\BCD-Template 2015-01-07 18:32 - 2013-08-03 02:15 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten 2015-01-06 19:02 - 2014-10-17 19:22 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\TS3Client 2015-01-06 19:02 - 2014-05-17 23:58 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\TeamViewer 2015-01-06 19:02 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\LogMeIn Hamachi 2015-01-06 19:02 - 2013-09-21 01:27 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-06 19:02 - 2013-09-19 12:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-01-06 19:01 - 2014-01-10 22:59 - 00000000 ____D () C:\windows\Minidump 2015-01-06 18:42 - 2013-09-19 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-06 18:42 - 2013-09-19 13:08 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-06 18:33 - 2013-10-07 11:59 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-06 18:33 - 2013-10-07 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-06 06:39 - 2014-03-05 01:47 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\Spieleecke, Luxusecke 2015-01-06 00:13 - 2014-05-29 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S4League 2015-01-04 23:44 - 2014-04-13 15:41 - 00000000 ____D () C:\Sirius MT2 2015-01-04 21:44 - 2013-10-06 18:30 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\vlc 2015-01-04 20:18 - 2014-11-14 18:18 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-01-04 19:56 - 2013-08-22 15:44 - 00411856 _____ () C:\windows\system32\FNTCACHE.DAT 2015-01-04 19:37 - 2013-11-12 22:53 - 00000000 ____D () C:\Users\"MEIN NAME" 2015-01-04 19:32 - 2013-09-20 03:09 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Downloaded Installations 2015-01-04 19:31 - 2013-01-28 17:03 - 00000000 ____D () C:\Temp 2015-01-04 19:12 - 2014-02-02 12:23 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Skype 2015-01-04 18:27 - 2014-11-04 20:31 - 00000000 ____D () C:\ProgramData\Tunngle 2015-01-04 18:27 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Tunngle 2015-01-04 17:05 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness 2015-01-01 22:12 - 2014-09-23 20:34 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-01 22:12 - 2014-02-02 12:23 - 00000000 ____D () C:\ProgramData\Skype 2014-12-30 19:53 - 2013-06-09 04:35 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\ManiaPlanet 2014-12-30 18:44 - 2013-09-18 17:32 - 00000000 ____D () C:\ProgramData\ManiaPlanet 2014-12-18 19:43 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp 2014-12-18 01:27 - 2014-08-11 04:30 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\Bewerbung für deutsches rotes kreuz 2014-12-15 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache 2014-12-15 13:00 - 2013-09-19 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-12-15 11:39 - 2013-09-18 14:53 - 00000000 ____D () C:\windows\system32\MRT 2014-12-15 11:33 - 2013-09-18 14:53 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-12-15 11:31 - 2014-04-23 19:27 - 00000940 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-12-13 21:43 - 2014-02-04 22:41 - 00000000 _____ () C:\windows\SysWOW64\Access.dat 2014-12-11 23:31 - 2013-12-16 04:07 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-12-11 23:12 - 2014-08-11 04:05 - 00001086 _____ () C:\Users\"MEIN NAME"\Desktop\Dropbox.lnk 2014-12-11 23:12 - 2014-08-11 04:04 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\"MEIN NAME"\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp12mivs.dll C:\Users\"MEIN NAME"\AppData\Local\Temp\Quarantine.exe C:\Users\"MEIN NAME"\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-07 20:56 ==================== End Of Log ============================ --- --- --- [/CODE] |
|
08.01.2015, 07:55
| #7 | |
| /// the machine /// TB-Ausbilder | Trojaner durch Fake- Deutsche Post Mail eingefangenZitat:
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2015, 07:18
| #8 |
| | Trojaner durch Fake- Deutsche Post Mail eingefangen Hallo. -Ich schaue deswegen selbst nochmal nach. Hier die Logs. Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f654856e2014224abf3587aca06b1437
# engine=21872
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-08 06:32:30
# local_time=2015-01-08 07:32:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 4449 4760148 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4583322 11046269 0 0
# scanned=13031
# found=27
# cleaned=0
# scan_time=883
sh=F831FBC6A34556761399CE04D4B421C7BA716480 ft=1 fh=d91bac541848e8d7 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\escortShld.dll.vir"
sh=F6FB123B9F3604629D0CFA93BB8D45DF3DB5E511 ft=1 fh=bae64ff57b12b8e1 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolApp.dll.vir"
sh=8E9985E14F4C259A48F2730C31816FE01FB3F865 ft=1 fh=4002b95c2b374955 vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolEng.dll.vir"
sh=6520D348A6F1EA16BBECE520507946C57065A8FD ft=1 fh=2af50e6cee369def vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolsrv.exe.vir"
sh=57F06A8C7A86599F43AFFF3080D4DA9ADC2FAD73 ft=1 fh=27f83682369f38da vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll.vir"
sh=133303BCE1ECF349510B3998FA793BB4C0C16622 ft=1 fh=a7489edf367e6313 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\uninstall.exe.vir"
sh=30971B5BE14BBEF177CF34714DD35A0174449A15 ft=1 fh=ff621fdc0f8fcec5 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=2F01C136386AECD2D1866C0CCC77E5CAEFD730A0 ft=1 fh=167f3b4e853e9967 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir"
sh=C603324153C97D9BA14D99F6315ED4D4C07722FF ft=1 fh=3730aec9f5fae4d3 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir"
sh=5F9B93362AD1F61823C2FB1D1B8F88D7CD24B400 ft=1 fh=c71c0011c7300b88 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\PriceMeter\pricemeter.exe.vir"
sh=6AD3952EF05C1EF60098A9B263C5FA5039C503D8 ft=1 fh=c71c0011e0e20f1f vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\PriceMeter\pricemeterd.exe.vir"
sh=D5A16616028E9FF2192A63280E2BA3DF599B6CF7 ft=1 fh=c71c00114f3048a7 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\PriceMeter\pricemeterw.exe.vir"
sh=F9FB121B1BB193CCBAC946D45EBDFC2AE502D37A ft=1 fh=c71c0011fdcd5357 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\PriceMeter\uninst.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=22EA12E23878248FEBC79C3B7FD1FA8B91F03725 ft=1 fh=fe2b149769bf0004 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Roaming\OpenCandy\1E100792F86A408499BA1ADACBEE9114\SearchGolTB.exe.vir"
sh=74C6E3B241F0785AD82CD38457559DB57E362778 ft=1 fh=5534255664c89fca vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Roaming\OpenCandy\1E100792F86A408499BA1ADACBEE9114\SetupGolSTEX_p1v0.exe.vir"
sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Roaming\OpenCandy\5883CD2F01EB4F24BCDBFD5C5BB6C401\SSStub_SearchProtect_p1v0.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f654856e2014224abf3587aca06b1437
# engine=21872
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-09 12:19:20
# local_time=2015-01-09 01:19:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 28859 4780958 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 4607732 11067079 0 0
# scanned=361573
# found=42
# cleaned=0
# scan_time=20710
sh=F831FBC6A34556761399CE04D4B421C7BA716480 ft=1 fh=d91bac541848e8d7 vn="Win32/Toolbar.Funmoods evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\escortShld.dll.vir"
sh=F6FB123B9F3604629D0CFA93BB8D45DF3DB5E511 ft=1 fh=bae64ff57b12b8e1 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolApp.dll.vir"
sh=8E9985E14F4C259A48F2730C31816FE01FB3F865 ft=1 fh=4002b95c2b374955 vn="Variante von Win32/Toolbar.Montiera.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolEng.dll.vir"
sh=6520D348A6F1EA16BBECE520507946C57065A8FD ft=1 fh=2af50e6cee369def vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolsrv.exe.vir"
sh=57F06A8C7A86599F43AFFF3080D4DA9ADC2FAD73 ft=1 fh=27f83682369f38da vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll.vir"
sh=133303BCE1ECF349510B3998FA793BB4C0C16622 ft=1 fh=a7489edf367e6313 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\uninstall.exe.vir"
sh=30971B5BE14BBEF177CF34714DD35A0174449A15 ft=1 fh=ff621fdc0f8fcec5 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=2F01C136386AECD2D1866C0CCC77E5CAEFD730A0 ft=1 fh=167f3b4e853e9967 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ytd video downloader\ytd_installer.exe.vir"
sh=C603324153C97D9BA14D99F6315ED4D4C07722FF ft=1 fh=3730aec9f5fae4d3 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll.vir"
sh=5F9B93362AD1F61823C2FB1D1B8F88D7CD24B400 ft=1 fh=c71c0011c7300b88 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\PriceMeter\pricemeter.exe.vir"
sh=6AD3952EF05C1EF60098A9B263C5FA5039C503D8 ft=1 fh=c71c0011e0e20f1f vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\PriceMeter\pricemeterd.exe.vir"
sh=D5A16616028E9FF2192A63280E2BA3DF599B6CF7 ft=1 fh=c71c00114f3048a7 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\PriceMeter\pricemeterw.exe.vir"
sh=F9FB121B1BB193CCBAC946D45EBDFC2AE502D37A ft=1 fh=c71c0011fdcd5357 vn="Variante von Win32/DealPly.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\PriceMeter\uninst.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=972DB9071C719922142BE77CF935C208B66F8DE2 ft=1 fh=c50a95d882970223 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=22EA12E23878248FEBC79C3B7FD1FA8B91F03725 ft=1 fh=fe2b149769bf0004 vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Roaming\OpenCandy\1E100792F86A408499BA1ADACBEE9114\SearchGolTB.exe.vir"
sh=74C6E3B241F0785AD82CD38457559DB57E362778 ft=1 fh=5534255664c89fca vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Roaming\OpenCandy\1E100792F86A408499BA1ADACBEE9114\SetupGolSTEX_p1v0.exe.vir"
sh=843DF0FD9F9C356D5336452FCC2B3374A2BD06DC ft=1 fh=137ef7008edb618f vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\"MEIN NAME"\AppData\Roaming\OpenCandy\5883CD2F01EB4F24BCDBFD5C5BB6C401\SSStub_SearchProtect_p1v0.exe.vir"
sh=D7112B89E84A5E1454ADF4D57CF3486974E979F5 ft=1 fh=a333f919659723d6 vn="Variante von Win32/Packed.Themida evtl. unerwünschte Anwendung" ac=I fn="C:\Sirius MT2\metin2client_Sirius_MT2_01.exe"
sh=FB3F7E2BF56F5EA06763303CDAA0E962E975E063 ft=1 fh=c0dea5299389dc4e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\AppData\Local\Temp\DMR\dmr_72.exe"
sh=849357015BD241BBA507BB6758AAE4FFC80C5743 ft=1 fh=1383402a849c9de7 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\AdwCleaner - CHIP-Downloader.exe"
sh=CA05A98F154209871BAA05A636E9338A47F4B0F7 ft=1 fh=93aa661413024ae5 vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\defragsetup_2.7.exe"
sh=AEE0B5F1AE8564D7E4CCD032EDF7AD88339BFF4E ft=1 fh=88c3bdc65b0afccf vn="Variante von Win32/Systweak.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\Dell_Vostro_3560_Treiber_Update_09-2013.exe"
sh=079E7477AF1B2803B4F0AA9160DE30BD1C070EEA ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\"MEIN NAME"\Downloads\eMu3Ds_Setup.zip"
sh=3A9A5AFD66704AA8A1B276C71E2302F564A95C98 ft=1 fh=422debcc80a25823 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\Fast Video Download - CHIP-Installer.exe"
sh=818E8DAC178674038E9444DCF49EC2802E49C3F4 ft=1 fh=18126990dae7beae vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\Greenpoison Greenpois0n - CHIP-Installer.exe"
sh=9BFBC2246A3DBA040834DF1930E7D8FD442EC6DA ft=1 fh=6ccba9f77af07370 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\Maxthon Cloud Browser - CHIP-Installer.exe"
sh=A5CA7FCBD1C5E1A403AF5FDBA80468F5815C7231 ft=1 fh=fba4b47e11a4d43c vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\Paint NET - CHIP-Installer.exe"
sh=16205E16FA6E81CB427948CAE157FC655FD6FFAF ft=1 fh=dcb6d83232ccd4b5 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\Playmate Wallpaper Annetta Negare - CHIP-Installer.exe"
sh=92480CDC95EFF2862A4B27AD636D75918DA29E62 ft=1 fh=d0e3ec972741e992 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\Playmate Wallpaper Jessica Ashley - CHIP-Installer.exe"
sh=ADB93296A3E2451CEDC989DFE30A41AEF33C3B6D ft=1 fh=5f6c66fe00b77a6e vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\smart-defrag-setup.exe"
sh=190634803480DB2C498606354F06D41D4BE83E8C ft=1 fh=f354dbac3e2133c7 vn="Win32/WinloadSDA.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\Super-Smash-Bros.-Brawl-lnstall.exe"
sh=5DD348A0B0872E4C79EB768531CD4E6C9CA6DDC1 ft=1 fh=fa9beb55989a8b40 vn="Variante von Win32/InstallCore.PO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\"MEIN NAME"\Downloads\winzip175-mediafire_v1.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender avast! Antivirus Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Java 7 Update 45 Java version 32-bit out of Date! Adobe Flash Player 15.0.0.246 Flash Player out of Date! Mozilla Firefox 24.0 Firefox out of Date! Google Chrome (39.0.2171.71) Google Chrome (39.0.2171.95) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Spybot Teatimer.exe is disabled! Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast ng vbox\AvastVBoxSVC.exe AVAST Software Avast ng ngservice.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by "MEIN NAME" (administrator) on "MEIN NAME"PC on 09-01-2015 07:14:13 Running from C:\Users\"MEIN NAME"\Downloads Loaded Profile: "MEIN NAME" (Available profiles: "MEIN NAME" & Administrator) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (CrossLoop) C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (HP) C:\Windows\System32\HPSIsvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (AMD) C:\Windows\System32\atieclxx.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\TaskmgrPro\TaskmgrPro.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe (Dell) C:\Users\"MEIN NAME"\AppData\Local\Apps\2.0\C8ZALKY8.C7R\63MY89XB.YXL\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe (Dropbox, Inc.) C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe (Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe (Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\"MEIN NAME"\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5773640 2013-08-22] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-13] (AVAST Software) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [TaskmgrPro] => C:\Program Files\TaskmgrPro\TaskmpStart.exe [92504 2013-09-05] () HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [35768 2013-12-09] (Overwolf) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [DellSystemDetect] => C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {286156db-5ad5-11e4-bf0f-e0db55d136b3} - "E:\SISetup.exe" HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {94b87bbb-af70-11e3-bed0-e0db55d136b3} - "E:\Startme.exe" HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {e3f38ccb-91dc-11e4-bf1b-6036dda89aa7} - "E:\HTC_Sync_Manager_PC.exe" Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\WinStart.exe (phase6) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk ShortcutTarget: DesktopEarth AutoStart.lnk -> C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe () Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UDPixel.lnk ShortcutTarget: UDPixel.lnk -> C:\Program Files (x86)\UDPixel\UDPixel.exe (hxxp://sam100.free.fr/UDPixel) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-2901914888-2273405363-3910051971-1001] => http=127.0.0.1:49244;https=127.0.0.1:49244 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: https://www.google.com/?trackid=sp-006 FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\DigitalPersona\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.) FF Plugin HKU\S-1-5-21-2901914888-2273405363-3910051971-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default\searchplugins\google-avast.xml FF Extension: Firefox Old Version Update Hotfix - C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-07-29] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2013-01-28] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-14] FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://de.wikipedia.org/wiki/Solid-State-Drive", "hxxp://hukd.mydealz.de/deals/kaufe-mario-kart-8-und-bekomme-eins-von-10-wii-u-spielen-gratis-348180", "hxxp://hukd.mydealz.de/deals/rowenta-vu2540-turbo-silence-hochwertiger-tischventilator-57-vergleichspreis-68-364229", "hxxp://www.ebay.de/itm/Screw-Propeller-Flying-Style-Digital-Alarm-Clock-H443-/280480463541?clk_rvr_id=648712950446", "hxxp://hukd.mydealz.de/deals/apple-iphone-16-gb-bei-24-mobile-552-669?page=3", "hxxp://www.meinestadt.de/deutschland/jobinfo/ausbildung-info", "hxxp://www.0180.info/", "http://www.trojaner-board.de/", "http://www.trojaner-board.de/search....chid=2734463", "hxxp://www.drk-intern.de/adressen/kreisverbaende/detail/0616/", "hxxp://hukd.mydealz.de/deals/fl%C3%BCge-island-basel-51-hin-und-zur%C3%BCck-reise-1-woche-island-flug-transfer-3-hotel-181-391824", "https://www.facebook.com/VirginRadioLebanon/photos/a.355063757936301.1073741826.275155342593810/493895747386434/?type=1&theater", "https://www.youtube.com/watch?v=kvDjMGgAJF8", "https://www.youtube.com/watch?v=Yc8bzl6dqQI&list=UUJ98xGeWxpuKDAb2-Xs01Ug", "https://www.youtube.com/watch?v=BQ2pHDId9xk", "hxxp://hukd.mydealz.de/deals/real-bundesweit-kw48-2x-wilkison-hydro-3-rasierklingen-4-st%C3%BCck-8-klingen-4-87-0-434918", "hxxp://www.amazon.de/Klarstein-Lichtdusche-Summershine-Tageslichtlampe-wohltemperiertes/dp/B00FL1FBPC/ref=cm_cr_pr_product_top", "https://www.qipu.de/" CHR Profile: C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Media Hint) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2014-04-06] CHR Extension: (Angry Birds) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-17] CHR Extension: (Google Docs) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-17] CHR Extension: (Google Drive) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-17] CHR Extension: (Adblock Plus) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-17] CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-09-17] CHR Extension: (Google-Suche) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-17] CHR Extension: (Avast Online Security) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-17] CHR Extension: (Google Maps) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-09-17] CHR Extension: (Google Wallet) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17] CHR Extension: (Better Pop Up Blocker) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-17] CHR Extension: (Bungalow) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo [2013-09-20] CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-07-01] CHR Extension: (Google Mail) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-17] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed] R2 CrossLoopService; C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop) R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-07] (Conexant Systems, Inc.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [File not signed] R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [124536 2012-12-25] (HP) [File not signed] R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH) S3 tvnserver; C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.) R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] () R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2013-12-29] (AVG Technologies) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.) R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] () R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] () R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.) S3 intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [8982208 2012-07-25] (Intel Corporation) [File not signed] R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-11-28] (Marvell Semiconductor, Inc.) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] () S3 s0017bus; C:\Windows\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\system32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\system32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\system32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\system32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\system32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics) R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 07:13 - 2015-01-09 07:13 - 02124288 _____ (Farbar) C:\Users\"MEIN NAME"\Downloads\FRST64 (1).exe 2015-01-08 19:04 - 2015-01-08 19:04 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-08 19:01 - 2015-01-08 19:01 - 00852505 _____ () C:\Users\"MEIN NAME"\Downloads\SecurityCheck.exe 2015-01-08 19:00 - 2015-01-08 19:00 - 02347384 _____ (ESET) C:\Users\"MEIN NAME"\Downloads\esetsmartinstaller_deu.exe 2015-01-08 18:58 - 2015-01-08 18:59 - 00001590 _____ () C:\windows\setupact.log 2015-01-08 18:58 - 2015-01-08 18:58 - 00000000 _____ () C:\windows\setuperr.log 2015-01-08 17:56 - 2015-01-08 17:57 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\PCDr 2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____D () C:\ProgramData\PCDr 2015-01-07 22:39 - 2015-01-07 22:39 - 00000197 _____ () C:\windows\system32\2015-01-07-21-39-07.089-AvastVBoxSVC.exe-4040.log 2015-01-07 21:32 - 2015-01-07 21:32 - 00000000 ____D () C:\Users\"MEIN NAME"\Downloads\FRST-OlderVersion 2015-01-07 20:59 - 2015-01-07 20:59 - 00000752 _____ () C:\Users\"MEIN NAME"\Desktop\JRT.txt 2015-01-07 20:46 - 2015-01-07 20:46 - 01707939 _____ (Thisisu) C:\Users\"MEIN NAME"\Downloads\JRT (1).exe 2015-01-07 20:34 - 2015-01-07 20:35 - 00000197 _____ () C:\windows\system32\2015-01-07-19-34-55.031-AvastVBoxSVC.exe-3568.log 2015-01-07 20:29 - 2015-01-07 20:29 - 02173952 _____ () C:\Users\"MEIN NAME"\Downloads\AdwCleaner_4.106 (2).exe 2015-01-07 20:28 - 2015-01-07 20:28 - 00003978 _____ () C:\mbam.txt 2015-01-07 20:27 - 2015-01-07 20:27 - 00003986 _____ () C:\MALWARE test.txt 2015-01-07 20:09 - 2015-01-07 20:32 - 00006244 _____ () C:\windows\PFRO.log 2015-01-07 20:09 - 2015-01-07 20:10 - 00000197 _____ () C:\windows\system32\2015-01-07-19-09-44.051-AvastVBoxSVC.exe-3968.log 2015-01-07 19:36 - 2015-01-07 19:36 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-07 19:36 - 2015-01-07 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-07 19:36 - 2015-01-07 19:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-07 19:36 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-01-07 19:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-01-07 19:32 - 2015-01-07 19:32 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\"MEIN NAME"\Downloads\mbam-setup-2.0.4.1028.exe 2015-01-07 19:26 - 2015-01-07 19:26 - 00001286 _____ () C:\Users\"MEIN NAME"\Desktop\Revo Uninstaller.lnk 2015-01-07 19:26 - 2015-01-07 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-07 19:25 - 2015-01-07 19:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\"MEIN NAME"\Downloads\revosetup95 (1).exe 2015-01-07 01:37 - 2015-01-07 01:37 - 00007334 _____ () C:\Users\"MEIN NAME"\Desktop\blabla célinefail.odt 2015-01-06 21:39 - 2015-01-09 07:00 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-06 21:39 - 2015-01-07 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-06 21:39 - 2015-01-06 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-06 21:36 - 2015-01-06 22:13 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\mbar 2015-01-06 21:36 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-01-06 21:12 - 2015-01-06 21:12 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\"MEIN NAME"\Desktop\TDSSKiller42.exe 2015-01-06 21:09 - 2015-01-06 21:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\"MEIN NAME"\Downloads\mbar-1.08.2.1001.exe 2015-01-06 21:07 - 2015-01-06 21:07 - 01991306 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate_2015_01.zip 2015-01-06 21:07 - 2015-01-06 21:07 - 01174352 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate Wallpaper Jessica Ashley - CHIP-Installer.exe 2015-01-06 21:07 - 2015-01-06 21:07 - 00000000 __SHD () C:\Users\"MEIN NAME"\AppData\Local\EmieBrowserModeList 2015-01-06 20:54 - 2015-01-06 20:54 - 00012838 _____ () C:\Users\"MEIN NAME"\Desktop\an den Trojaner-Board Helfer SChraube.odt 2015-01-06 19:41 - 2015-01-09 02:47 - 00550646 _____ () C:\windows\WindowsUpdate.log 2015-01-06 19:10 - 2015-01-06 19:10 - 00054941 _____ () C:\Users\"MEIN NAME"\Downloads\Addition.txt 2015-01-06 18:42 - 2015-01-06 18:42 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-06 18:39 - 2015-01-06 18:40 - 04188536 _____ (Piriform Ltd) C:\Users\"MEIN NAME"\Downloads\ccsetup501_slim.exe 2015-01-06 18:11 - 2015-01-06 18:11 - 00003292 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-2901914888-2273405363-3910051971-1001 2015-01-05 04:36 - 2015-01-05 04:36 - 00000197 _____ () C:\windows\system32\2015-01-05-03-36-40.091-AvastVBoxSVC.exe-3980.log 2015-01-04 21:35 - 2015-01-04 21:35 - 01707939 _____ (Thisisu) C:\Users\"MEIN NAME"\Downloads\JRT.exe 2015-01-04 21:01 - 2015-01-04 21:01 - 00000197 _____ () C:\windows\system32\2015-01-04-20-01-42.003-AvastVBoxSVC.exe-1308.log 2015-01-04 19:57 - 2015-01-04 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2015-01-04 19:56 - 2015-01-04 19:56 - 00000197 _____ () C:\windows\system32\2015-01-04-18-56-48.003-AvastVBoxSVC.exe-4104.log 2015-01-04 19:42 - 2015-01-04 19:42 - 02173952 _____ () C:\Users\"MEIN NAME"\Downloads\adwcleaner_4.106.exe 2015-01-04 19:42 - 2015-01-04 19:42 - 02173952 _____ () C:\Users\"MEIN NAME"\Downloads\adwcleaner_4.106 (1).exe 2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\HTC 2015-01-04 19:37 - 2015-01-07 22:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\HTC MediaHub 2015-01-04 19:37 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\HTC 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Apple Computer 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Apple Computer 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\.android 2015-01-04 19:36 - 2015-01-04 19:36 - 00002049 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2015-01-04 19:34 - 2015-01-04 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2015-01-04 19:34 - 2015-01-04 19:34 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications 2015-01-04 19:30 - 2015-01-04 19:36 - 00000000 ____D () C:\Program Files (x86)\HTC 2015-01-04 19:30 - 2015-01-04 19:30 - 00000000 ____D () C:\ProgramData\HTC 2014-12-30 16:13 - 2014-12-30 16:13 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\Meine empfangenen Dateien 2014-12-27 17:45 - 2014-12-27 17:45 - 01344495 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate_2014_11.zip 2014-12-27 17:44 - 2014-12-27 17:44 - 01174352 _____ () C:\Users\"MEIN NAME"\Downloads\Playmate Wallpaper Annetta Negare - CHIP-Installer.exe 2014-12-27 11:18 - 2014-12-27 11:18 - 00000197 _____ () C:\windows\system32\2014-12-27-10-18-09.025-AvastVBoxSVC.exe-4108.log 2014-12-19 23:22 - 2014-12-19 23:22 - 00000197 _____ () C:\windows\system32\2014-12-19-22-22-04.069-AvastVBoxSVC.exe-3952.log 2014-12-15 22:09 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-12-15 22:09 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-12-15 13:00 - 2014-12-15 13:00 - 00000197 _____ () C:\windows\system32\2014-12-15-12-00-25.092-AvastVBoxSVC.exe-3880.log 2014-12-15 13:00 - 2014-12-15 13:00 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery 2014-12-15 11:31 - 2014-12-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-15 11:31 - 2014-12-15 11:31 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-14 01:41 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupStatusProvider.dll 2014-12-14 01:41 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-14 01:41 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2014-12-14 01:41 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2014-12-14 01:29 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-12-14 01:29 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-12-14 01:29 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-12-14 01:29 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-12-14 01:29 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll 2014-12-14 01:29 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll 2014-12-14 01:29 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys 2014-12-14 01:28 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-12-14 01:28 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-12-14 01:28 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2014-12-14 01:28 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-12-14 01:28 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-12-14 01:28 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-12-14 01:28 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-12-14 01:28 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-12-14 01:28 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2014-12-14 01:28 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2014-12-14 01:28 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-12-14 01:28 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-12-14 01:28 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-12-14 01:28 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2014-12-14 01:28 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2014-12-14 01:28 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2014-12-14 01:28 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-12-14 01:28 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-12-14 01:28 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-12-14 01:28 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-12-14 01:28 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-12-14 01:28 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-12-14 01:28 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2014-12-14 01:28 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-12-14 01:28 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-12-14 01:28 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2014-12-14 01:28 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-12-14 01:28 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2014-12-14 01:28 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-12-14 01:28 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-12-14 01:28 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-12-14 01:28 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-12-14 01:28 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-12-14 01:28 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-12-14 01:28 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-12-14 01:28 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-12-14 01:28 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-12-11 23:14 - 2014-12-11 23:49 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\für mama, kindergeldstelle 2014-12-11 01:08 - 2014-12-11 01:10 - 00016753 _____ () C:\Users\"MEIN NAME"\Desktop\Präsentation.odp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 07:14 - 2014-07-10 07:57 - 00036837 _____ () C:\Users\"MEIN NAME"\Downloads\FRST.txt 2015-01-09 07:14 - 2014-07-10 07:13 - 00000000 ____D () C:\FRST 2015-01-09 07:11 - 2013-09-20 02:44 - 00000418 _____ () C:\windows\Tasks\WpsUpdateTask_"MEIN NAME".job 2015-01-09 07:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru 2015-01-09 06:57 - 2013-09-17 12:09 - 00001142 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-09 06:31 - 2013-12-16 04:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-08 23:27 - 2013-08-03 02:15 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten 2015-01-08 19:02 - 2013-09-30 05:14 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-08 19:02 - 2013-09-30 04:56 - 00766620 _____ () C:\windows\system32\perfh007.dat 2015-01-08 19:02 - 2013-09-30 04:56 - 00159902 _____ () C:\windows\system32\perfc007.dat 2015-01-08 18:19 - 2013-09-17 12:15 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2901914888-2273405363-3910051971-1001 2015-01-08 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness 2015-01-08 17:57 - 2013-08-22 16:36 - 00262144 _____ () C:\windows\system32\config\BCD-Template 2015-01-08 17:07 - 2013-01-28 17:02 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-01-08 17:03 - 2014-08-11 04:05 - 00000000 ___RD () C:\Users\"MEIN NAME"\Dropbox 2015-01-08 17:03 - 2014-08-11 04:02 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox 2015-01-08 17:03 - 2014-07-07 15:17 - 00003308 _____ () C:\windows\System32\Tasks\Intel(R) Rapid Start Technology Manager 2015-01-08 17:03 - 2013-09-20 11:32 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\PasswordSafe 2015-01-08 17:03 - 2013-09-20 00:05 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\stickies 2015-01-08 17:02 - 2014-02-03 23:33 - 00000000 ___RD () C:\Users\"MEIN NAME"\SkyDrive 2015-01-08 17:02 - 2014-01-07 21:53 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Deployment 2015-01-07 22:36 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-07 21:32 - 2014-07-10 08:48 - 02124288 _____ (Farbar) C:\Users\"MEIN NAME"\Downloads\FRST64.exe 2015-01-07 20:32 - 2013-09-19 14:32 - 00000000 ____D () C:\AdwCleaner 2015-01-07 20:32 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI 2015-01-07 20:09 - 2013-11-12 22:47 - 00000000 ___DC () C:\windows\Panther 2015-01-07 19:31 - 2014-05-22 17:11 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\WorldofTanks 2015-01-06 19:02 - 2014-10-17 19:22 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\TS3Client 2015-01-06 19:02 - 2014-05-17 23:58 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\TeamViewer 2015-01-06 19:02 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\LogMeIn Hamachi 2015-01-06 19:02 - 2013-09-21 01:27 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-06 19:02 - 2013-09-19 12:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-01-06 19:01 - 2014-01-10 22:59 - 00000000 ____D () C:\windows\Minidump 2015-01-06 18:42 - 2013-09-19 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-06 18:42 - 2013-09-19 13:08 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-06 18:33 - 2013-10-07 11:59 - 00001141 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-06 18:33 - 2013-10-07 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-06 06:39 - 2014-03-05 01:47 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\Spieleecke, Luxusecke 2015-01-06 00:13 - 2014-05-29 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S4League 2015-01-04 23:44 - 2014-04-13 15:41 - 00000000 ____D () C:\Sirius MT2 2015-01-04 21:44 - 2013-10-06 18:30 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\vlc 2015-01-04 20:18 - 2014-11-14 18:18 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-01-04 19:56 - 2013-08-22 15:44 - 00411856 _____ () C:\windows\system32\FNTCACHE.DAT 2015-01-04 19:37 - 2013-11-12 22:53 - 00000000 ____D () C:\Users\"MEIN NAME" 2015-01-04 19:32 - 2013-09-20 03:09 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Downloaded Installations 2015-01-04 19:31 - 2013-01-28 17:03 - 00000000 ____D () C:\Temp 2015-01-04 19:12 - 2014-02-02 12:23 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Skype 2015-01-04 18:27 - 2014-11-04 20:31 - 00000000 ____D () C:\ProgramData\Tunngle 2015-01-04 18:27 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Tunngle 2015-01-01 22:12 - 2014-09-23 20:34 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-01 22:12 - 2014-02-02 12:23 - 00000000 ____D () C:\ProgramData\Skype 2014-12-30 19:53 - 2013-06-09 04:35 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\ManiaPlanet 2014-12-30 18:44 - 2013-09-18 17:32 - 00000000 ____D () C:\ProgramData\ManiaPlanet 2014-12-18 19:43 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp 2014-12-18 01:27 - 2014-08-11 04:30 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\Bewerbung für deutsches rotes kreuz 2014-12-15 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache 2014-12-15 13:00 - 2013-09-19 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-12-15 11:39 - 2013-09-18 14:53 - 00000000 ____D () C:\windows\system32\MRT 2014-12-15 11:33 - 2013-09-18 14:53 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-12-15 11:31 - 2014-04-23 19:27 - 00000940 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-12-13 21:43 - 2014-02-04 22:41 - 00000000 _____ () C:\windows\SysWOW64\Access.dat 2014-12-11 23:31 - 2013-12-16 04:07 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-12-11 23:12 - 2014-08-11 04:05 - 00001086 _____ () C:\Users\"MEIN NAME"\Desktop\Dropbox.lnk 2014-12-11 23:12 - 2014-08-11 04:04 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\"MEIN NAME"\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxg76ef.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-08 01:54 ==================== End Of Log ============================ [/CODE] |
|
09.01.2015, 09:29
| #9 |
| /// the machine /// TB-Ausbilder | Trojaner durch Fake- Deutsche Post Mail eingefangen Java, Flash und Firefox updaten. Download Ordner leeren. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: [S-1-5-21-2901914888-2273405363-3910051971-1001] => http=127.0.0.1:49244;https=127.0.0.1:49244
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Frisches FRST Log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.01.2015, 19:39
| #10 |
| | Trojaner durch Fake- Deutsche Post Mail eingefangen Hallo! Also erst einmal: seit der Durchführung der ersten von dir angeleiteten Initiativaktionen hatte ich zumindest keine Warnungen mehr von Avast, dass ich auf eine Malwareseite zugreifen würde (obwohl ich derweil nichts tat). zum Back-up Registry: beim Laptop meiner Freundin wurde beim Starten des Trojan emoval Tools ein "Back-Up registry" erfolgreich durchgeführt. Bei mir wurde das über die letzten 2 Jahre meines Laptopslebens immer mal wieder versucht, und schlug immer fehl. Ich kam nicht dahinter, was die Fehlermeldung bedeutete. Dann: Der Eset-Scan hat ungefair 7 Stunden gebraucht, lief dann durch die Nacht. Heute morgen wollte ich das noch schnell posten (hab ich ja gemacht), dann den Laptop herunterfahren.- Ging nicht, ist von selbst immer wieder direkt anschließend hochgefahren. Google nennt als Möglichkeit einen grundsätzlichen Softwarefehler, aber was habe ich getan? Vor allem funktioniert es jetzt wieder, habe ihn gerade geschafft herunterzufahren. Oft, auch beim Starten von FRST kommt folgende Meldung: "Application Error: EAccessViolation in module ERUNT.exe at 00003A3E. Access violation at address 00403A3E in module ´ERUNT.exe´. Write of access 007600SD." -Was hat das zu bedeuten? -Hier die geforderten Daten: Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by "MEIN NAME" at 2015-01-09 19:00:28 Run:1
Running from C:\Users\"MEIN NAME"\Documents
Loaded Profile: "MEIN NAME" (Available profiles: "MEIN NAME" & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyServer: [S-1-5-21-2901914888-2273405363-3910051971-1001] => http=127.0.0.1:49244;https=127.0.0.1:49244
Emptytemp:
*****************
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
EmptyTemp: => Removed 836.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:01:00 ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015 Ran by "MEIN NAME" (administrator) on "MEIN NAME"PC on 09-01-2015 19:12:39 Running from C:\Users\"MEIN NAME"\Documents Loaded Profile: "MEIN NAME" (Available profiles: "MEIN NAME" & Administrator) Platform: Windows 8.1 Pro (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (CrossLoop) C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe (DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (HP) C:\Windows\System32\HPSIsvc.exe (Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe (Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Crystal Dew World) C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe () C:\Program Files\TaskmgrPro\TaskmgrPro.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe (Dell) C:\Users\"MEIN NAME"\AppData\Local\Apps\2.0\C8ZALKY8.C7R\63MY89XB.YXL\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (phase6) C:\Program Files (x86)\phase6\phase6_19\WinStart\WinStart.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Dropbox, Inc.) C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Farbar) C:\Users\"MEIN NAME"\Documents\FRST64 (1).exe (SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe (Zhorn Software) C:\Program Files (x86)\Stickies\stickies.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2774864 2013-01-09] (ELAN Microelectronics Corp.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [5773640 2013-08-22] (Dell Inc.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-08-07] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-08] (AVAST Software) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [TaskmgrPro] => C:\Program Files\TaskmgrPro\TaskmpStart.exe [92504 2013-09-05] () HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\Overwolf.exe [35768 2013-12-09] (Overwolf) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [HP Officejet 6500 E710n-z (NET)] => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [DellSystemDetect] => C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {286156db-5ad5-11e4-bf0f-e0db55d136b3} - "E:\SISetup.exe" HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {94b87bbb-af70-11e3-bed0-e0db55d136b3} - "E:\Startme.exe" HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\MountPoints2: {e3f38ccb-91dc-11e4-bf1b-6036dda89aa7} - "E:\HTC_Sync_Manager_PC.exe" Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk ShortcutTarget: p6_19_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_19\WinStart\WinStart.exe (phase6) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopEarth AutoStart.lnk ShortcutTarget: DesktopEarth AutoStart.lnk -> C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe () Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech Gaming Software\EReg\eReg.exe (Leader Technologies/Logitech) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk ShortcutTarget: Password Safe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk ShortcutTarget: Stickies.lnk -> C:\Program Files (x86)\Stickies\stickies.exe (Zhorn Software) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6500 E710n-z (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UDPixel.lnk ShortcutTarget: UDPixel.lnk -> C:\Program Files (x86)\UDPixel\UDPixel.exe (hxxp://sam100.free.fr/UDPixel) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft) Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default FF DefaultSearchEngine: Google (avast) FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006 FF SearchEngineOrder.1: Google (avast) FF SelectedSearchEngine: Google (avast) FF Homepage: https://www.google.com/?trackid=sp-006 FF Keyword.URL: https://www.google.com/search/?trackid=sp-006 FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\DigitalPersona\Bin\ChromeExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.) FF Plugin HKU\S-1-5-21-2901914888-2273405363-3910051971-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF SearchPlugin: C:\Users\"MEIN NAME"\AppData\Roaming\Mozilla\Firefox\Profiles\u2f0mu7s.default\searchplugins\google-avast.xml FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2013-01-28] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-14] FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://de.wikipedia.org/wiki/Solid-State-Drive", "hxxp://hukd.mydealz.de/deals/kaufe-mario-kart-8-und-bekomme-eins-von-10-wii-u-spielen-gratis-348180", "hxxp://hukd.mydealz.de/deals/rowenta-vu2540-turbo-silence-hochwertiger-tischventilator-57-vergleichspreis-68-364229", "hxxp://www.ebay.de/itm/Screw-Propeller-Flying-Style-Digital-Alarm-Clock-H443-/280480463541?clk_rvr_id=648712950446", "hxxp://hukd.mydealz.de/deals/apple-iphone-16-gb-bei-24-mobile-552-669?page=3", "hxxp://www.meinestadt.de/deutschland/jobinfo/ausbildung-info", "hxxp://www.0180.info/", "http://www.trojaner-board.de/", "http://www.trojaner-board.de/search....chid=2734463", "hxxp://www.drk-intern.de/adressen/kreisverbaende/detail/0616/", "hxxp://hukd.mydealz.de/deals/fl%C3%BCge-island-basel-51-hin-und-zur%C3%BCck-reise-1-woche-island-flug-transfer-3-hotel-181-391824", "https://www.facebook.com/VirginRadioLebanon/photos/a.355063757936301.1073741826.275155342593810/493895747386434/?type=1&theater", "https://www.youtube.com/watch?v=kvDjMGgAJF8", "https://www.youtube.com/watch?v=Yc8bzl6dqQI&list=UUJ98xGeWxpuKDAb2-Xs01Ug", "https://www.youtube.com/watch?v=BQ2pHDId9xk", "hxxp://hukd.mydealz.de/deals/real-bundesweit-kw48-2x-wilkison-hydro-3-rasierklingen-4-st%C3%BCck-8-klingen-4-87-0-434918", "hxxp://www.amazon.de/Klarstein-Lichtdusche-Summershine-Tageslichtlampe-wohltemperiertes/dp/B00FL1FBPC/ref=cm_cr_pr_product_top", "https://www.qipu.de/" CHR Profile: C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Media Hint) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb [2014-04-06] CHR Extension: (Angry Birds) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-09-17] CHR Extension: (Google Docs) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-17] CHR Extension: (Google Drive) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-17] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-09] CHR Extension: (YouTube) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-17] CHR Extension: (Adblock Plus) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-09-17] CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2013-09-17] CHR Extension: (Google-Suche) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-17] CHR Extension: (Avast Online Security) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-17] CHR Extension: (Google Maps) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2013-09-17] CHR Extension: (Google Wallet) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-17] CHR Extension: (Better Pop Up Blocker) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic [2013-09-17] CHR Extension: (Bungalow) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo [2013-09-20] CHR Extension: (PAYBACK Internet Assistent für Google Chrome) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbfjbhoglggakhkngkbfehgghkaadeba [2014-07-01] CHR Extension: (Google Mail) - C:\Users\"MEIN NAME"\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-17] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software) S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-08-07] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-08-07] (BlueStack Systems, Inc.) R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed] R2 CrossLoopService; C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\CrossLoopService.exe [569072 2012-01-06] (CrossLoop) R2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2012-08-07] (Conexant Systems, Inc.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [100752 2013-04-22] (ELAN Microelectronics Corp.) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2011-01-21] (HP) [File not signed] R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [124536 2012-12-25] (HP) [File not signed] R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation) R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] () S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [96184 2013-12-09] (Overwolf) R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1914728 2012-09-12] (SoftThinks SAS) S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [762320 2014-11-04] (Tunngle.net GmbH) S3 tvnserver; C:\Users\"MEIN NAME"\AppData\Local\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.) R3 Apowersoft_AudioDevice; C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] () R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2013-12-29] (AVG Technologies) S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-08-07] (BlueStack Systems) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.) R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHARD64; C:\WINDOWS\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software) R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] () R2 DRHMSR64; C:\WINDOWS\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] () R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.) S3 intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [8982208 2012-07-25] (Intel Corporation) [File not signed] R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-09] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation) S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-11-28] (Marvell Semiconductor, Inc.) R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] () S3 s0017bus; C:\Windows\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation) S3 s0017mdfl; C:\Windows\system32\DRIVERS\s0017mdfl.sys [19496 2008-10-21] (MCCI Corporation) S3 s0017mdm; C:\Windows\system32\DRIVERS\s0017mdm.sys [152616 2008-10-21] (MCCI Corporation) S3 s0017mgmt; C:\Windows\system32\DRIVERS\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation) S3 s0017nd5; C:\Windows\system32\DRIVERS\s0017nd5.sys [34856 2008-10-21] (MCCI Corporation) S3 s0017obex; C:\Windows\system32\DRIVERS\s0017obex.sys [128552 2008-10-21] (MCCI Corporation) S3 s0017unic; C:\Windows\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [71832 2012-07-13] (STMicroelectronics) R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation) S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation) S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 19:12 - 2015-01-09 19:12 - 00034679 _____ () C:\Users\"MEIN NAME"\Documents\FRST.txt 2015-01-09 19:06 - 2015-01-09 19:06 - 00003022 _____ () C:\windows\System32\Tasks\SystemToolsDailyTest-Retry 2015-01-09 19:05 - 2015-01-09 19:05 - 00000197 _____ () C:\windows\system32\2015-01-09-18-05-06.048-AvastVBoxSVC.exe-4216.log 2015-01-09 18:52 - 2015-01-09 18:52 - 00001165 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-09 18:48 - 2015-01-09 18:48 - 01174352 _____ () C:\Users\"MEIN NAME"\Downloads\Firefox - CHIP-Installer.exe 2015-01-09 18:11 - 2015-01-09 18:57 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\Download-Ordner Inhalt, auszusortieren 2015-01-09 07:13 - 2015-01-09 07:13 - 02124288 _____ (Farbar) C:\Users\"MEIN NAME"\Documents\FRST64 (1).exe 2015-01-08 19:04 - 2015-01-08 19:04 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-08 18:58 - 2015-01-08 18:59 - 00001590 _____ () C:\windows\setupact.log 2015-01-08 18:58 - 2015-01-08 18:58 - 00000000 _____ () C:\windows\setuperr.log 2015-01-08 17:56 - 2015-01-08 17:57 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\PCDr 2015-01-08 17:56 - 2015-01-08 17:56 - 00000000 ____D () C:\ProgramData\PCDr 2015-01-07 22:39 - 2015-01-07 22:39 - 00000197 _____ () C:\windows\system32\2015-01-07-21-39-07.089-AvastVBoxSVC.exe-4040.log 2015-01-07 20:59 - 2015-01-07 20:59 - 00000752 _____ () C:\Users\"MEIN NAME"\Desktop\JRT.txt 2015-01-07 20:34 - 2015-01-07 20:35 - 00000197 _____ () C:\windows\system32\2015-01-07-19-34-55.031-AvastVBoxSVC.exe-3568.log 2015-01-07 20:28 - 2015-01-07 20:28 - 00003978 _____ () C:\mbam.txt 2015-01-07 20:27 - 2015-01-07 20:27 - 00003986 _____ () C:\MALWARE test.txt 2015-01-07 20:09 - 2015-01-09 19:02 - 00006820 _____ () C:\windows\PFRO.log 2015-01-07 20:09 - 2015-01-07 20:10 - 00000197 _____ () C:\windows\system32\2015-01-07-19-09-44.051-AvastVBoxSVC.exe-3968.log 2015-01-07 19:36 - 2015-01-07 19:36 - 00001120 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-07 19:36 - 2015-01-07 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-07 19:36 - 2015-01-07 19:36 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-07 19:36 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-01-07 19:36 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-01-07 19:26 - 2015-01-07 19:26 - 00001286 _____ () C:\Users\"MEIN NAME"\Desktop\Revo Uninstaller.lnk 2015-01-07 19:26 - 2015-01-07 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2015-01-07 01:37 - 2015-01-07 01:37 - 00007334 _____ () C:\Users\"MEIN NAME"\Desktop\blabla célinefail.odt 2015-01-06 21:39 - 2015-01-09 19:03 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-06 21:39 - 2015-01-07 19:36 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-06 21:39 - 2015-01-06 22:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-06 21:36 - 2015-01-06 22:13 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\mbar 2015-01-06 21:36 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-01-06 21:12 - 2015-01-06 21:12 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\"MEIN NAME"\Desktop\TDSSKiller42.exe 2015-01-06 21:07 - 2015-01-06 21:07 - 00000000 __SHD () C:\Users\"MEIN NAME"\AppData\Local\EmieBrowserModeList 2015-01-06 20:54 - 2015-01-06 20:54 - 00012838 _____ () C:\Users\"MEIN NAME"\Desktop\an den Trojaner-Board Helfer SChraube.odt 2015-01-06 19:41 - 2015-01-09 19:05 - 00725018 _____ () C:\windows\WindowsUpdate.log 2015-01-06 18:42 - 2015-01-06 18:42 - 00000836 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-06 18:11 - 2015-01-06 18:11 - 00003292 _____ () C:\windows\System32\Tasks\avastBCLRestartS-1-5-21-2901914888-2273405363-3910051971-1001 2015-01-05 04:36 - 2015-01-05 04:36 - 00000197 _____ () C:\windows\system32\2015-01-05-03-36-40.091-AvastVBoxSVC.exe-3980.log 2015-01-04 21:01 - 2015-01-04 21:01 - 00000197 _____ () C:\windows\system32\2015-01-04-20-01-42.003-AvastVBoxSVC.exe-1308.log 2015-01-04 19:57 - 2015-01-04 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2015-01-04 19:56 - 2015-01-04 19:56 - 00000197 _____ () C:\windows\system32\2015-01-04-18-56-48.003-AvastVBoxSVC.exe-4104.log 2015-01-04 19:38 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\HTC 2015-01-04 19:37 - 2015-01-09 19:03 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\HTC MediaHub 2015-01-04 19:37 - 2015-01-04 19:38 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\HTC 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Apple Computer 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Apple Computer 2015-01-04 19:37 - 2015-01-04 19:37 - 00000000 ____D () C:\Users\"MEIN NAME"\.android 2015-01-04 19:36 - 2015-01-04 19:36 - 00002049 _____ () C:\Users\Public\Desktop\HTC Sync Manager.lnk 2015-01-04 19:34 - 2015-01-04 19:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC 2015-01-04 19:34 - 2015-01-04 19:34 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications 2015-01-04 19:30 - 2015-01-04 19:36 - 00000000 ____D () C:\Program Files (x86)\HTC 2015-01-04 19:30 - 2015-01-04 19:30 - 00000000 ____D () C:\ProgramData\HTC 2014-12-30 16:13 - 2014-12-30 16:13 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\Meine empfangenen Dateien 2014-12-27 11:18 - 2014-12-27 11:18 - 00000197 _____ () C:\windows\system32\2014-12-27-10-18-09.025-AvastVBoxSVC.exe-4108.log 2014-12-19 23:22 - 2014-12-19 23:22 - 00000197 _____ () C:\windows\system32\2014-12-19-22-22-04.069-AvastVBoxSVC.exe-3952.log 2014-12-15 22:09 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe 2014-12-15 22:09 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe 2014-12-15 13:00 - 2014-12-15 13:00 - 00000197 _____ () C:\windows\system32\2014-12-15-12-00-25.092-AvastVBoxSVC.exe-3880.log 2014-12-15 13:00 - 2014-12-15 13:00 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery 2014-12-15 11:31 - 2014-12-15 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi 2014-12-15 11:31 - 2014-12-15 11:31 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi 2014-12-14 01:41 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupStatusProvider.dll 2014-12-14 01:41 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\windows\SysWOW64\DeviceSetupStatusProvider.dll 2014-12-14 01:41 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2014-12-14 01:41 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2014-12-14 01:29 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-12-14 01:29 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-12-14 01:29 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2014-12-14 01:29 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2014-12-14 01:29 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\windows\system32\MrmCoreR.dll 2014-12-14 01:29 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\windows\SysWOW64\MrmCoreR.dll 2014-12-14 01:29 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys 2014-12-14 01:29 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\windows\system32\Drivers\intelpep.sys 2014-12-14 01:28 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-12-14 01:28 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-12-14 01:28 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2014-12-14 01:28 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-12-14 01:28 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2014-12-14 01:28 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-12-14 01:28 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-12-14 01:28 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-12-14 01:28 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2014-12-14 01:28 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2014-12-14 01:28 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-12-14 01:28 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-12-14 01:28 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-12-14 01:28 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll 2014-12-14 01:28 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2014-12-14 01:28 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2014-12-14 01:28 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-12-14 01:28 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-12-14 01:28 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-12-14 01:28 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-12-14 01:28 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-12-14 01:28 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-12-14 01:28 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2014-12-14 01:28 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-12-14 01:28 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-12-14 01:28 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll 2014-12-14 01:28 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-12-14 01:28 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2014-12-14 01:28 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-12-14 01:28 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-12-14 01:28 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-12-14 01:28 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-12-14 01:28 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-12-14 01:28 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-12-14 01:28 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-12-14 01:28 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-12-14 01:28 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-12-13 17:01 - 2014-12-13 17:01 - 00045112 ____H (LogMeIn Inc.) C:\windows\system32\Drivers\Hamdrv.sys 2014-12-11 23:14 - 2014-12-11 23:49 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\für mama, kindergeldstelle 2014-12-11 01:08 - 2014-12-11 01:10 - 00016753 _____ () C:\Users\"MEIN NAME"\Desktop\Präsentation.odp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-09 19:12 - 2014-07-10 07:13 - 00000000 ____D () C:\FRST 2015-01-09 19:11 - 2014-02-03 23:33 - 00000000 ___RD () C:\Users\"MEIN NAME"\SkyDrive 2015-01-09 19:11 - 2014-01-07 21:53 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Deployment 2015-01-09 19:11 - 2013-09-20 11:32 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\PasswordSafe 2015-01-09 19:11 - 2013-09-20 02:44 - 00000418 _____ () C:\windows\Tasks\WpsUpdateTask_"MEIN NAME".job 2015-01-09 19:11 - 2013-09-20 00:05 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\stickies 2015-01-09 19:10 - 2013-01-28 17:02 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-01-09 19:09 - 2013-09-30 05:14 - 01780340 _____ () C:\windows\system32\PerfStringBackup.INI 2015-01-09 19:09 - 2013-09-30 04:56 - 00766620 _____ () C:\windows\system32\perfh007.dat 2015-01-09 19:09 - 2013-09-30 04:56 - 00159902 _____ () C:\windows\system32\perfc007.dat 2015-01-09 19:03 - 2014-07-07 15:17 - 00003314 _____ () C:\windows\System32\Tasks\Intel(R) Rapid Start Technology Manager 2015-01-09 19:02 - 2013-12-16 04:07 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2015-01-09 19:02 - 2013-10-07 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-09 19:02 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2015-01-09 19:01 - 2013-11-13 00:26 - 07626240 ___SH () C:\Users\"MEIN NAME"\Downloads\Thumbs.db 2015-01-09 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru 2015-01-09 19:01 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI 2015-01-09 18:57 - 2013-09-17 12:15 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2901914888-2273405363-3910051971-1001 2015-01-09 18:57 - 2013-09-17 12:09 - 00001142 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-09 18:52 - 2013-10-07 11:59 - 00001177 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-09 18:52 - 2013-10-07 11:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-09 18:35 - 2013-12-16 04:07 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2015-01-09 18:35 - 2013-12-16 04:07 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Adobe 2015-01-09 18:10 - 2013-11-13 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-01-09 18:09 - 2013-11-13 17:17 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2015-01-09 18:09 - 2013-11-13 17:17 - 00000000 ____D () C:\Program Files (x86)\Java 2015-01-09 18:09 - 2013-10-09 22:42 - 00000000 ____D () C:\ProgramData\Oracle 2015-01-09 15:34 - 2013-10-06 18:30 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\vlc 2015-01-09 14:03 - 2014-08-11 04:05 - 00000000 ___RD () C:\Users\"MEIN NAME"\Dropbox 2015-01-09 14:03 - 2014-08-11 04:02 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox 2015-01-09 13:58 - 2014-04-11 11:42 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2015-01-09 13:58 - 2014-04-11 11:42 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2015-01-09 13:58 - 2014-04-11 11:42 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2015-01-09 13:58 - 2014-04-11 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-09 07:22 - 2013-08-03 02:15 - 00000000 ____D () C:\Users\Public\Documents\phase6_19_Daten 2015-01-08 18:01 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness 2015-01-08 17:57 - 2013-08-22 16:36 - 00262144 _____ () C:\windows\system32\config\BCD-Template 2015-01-07 20:32 - 2013-09-19 14:32 - 00000000 ____D () C:\AdwCleaner 2015-01-07 20:09 - 2013-11-12 22:47 - 00000000 ___DC () C:\windows\Panther 2015-01-07 19:31 - 2014-05-22 17:11 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\WorldofTanks 2015-01-06 19:02 - 2014-10-17 19:22 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\TS3Client 2015-01-06 19:02 - 2014-05-17 23:58 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\TeamViewer 2015-01-06 19:02 - 2014-02-01 22:22 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\LogMeIn Hamachi 2015-01-06 19:02 - 2013-09-21 01:27 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-01-06 19:02 - 2013-09-19 12:39 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-01-06 19:01 - 2014-01-10 22:59 - 00000000 ____D () C:\windows\Minidump 2015-01-06 18:42 - 2013-09-19 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-06 18:42 - 2013-09-19 13:08 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-06 06:39 - 2014-03-05 01:47 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\Spieleecke, Luxusecke 2015-01-06 00:13 - 2014-05-29 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S4League 2015-01-04 23:44 - 2014-04-13 15:41 - 00000000 ____D () C:\Sirius MT2 2015-01-04 20:18 - 2014-11-14 18:18 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update 2015-01-04 19:56 - 2013-08-22 15:44 - 00411856 _____ () C:\windows\system32\FNTCACHE.DAT 2015-01-04 19:37 - 2013-11-12 22:53 - 00000000 ____D () C:\Users\"MEIN NAME" 2015-01-04 19:32 - 2013-09-20 03:09 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Local\Downloaded Installations 2015-01-04 19:31 - 2013-01-28 17:03 - 00000000 ____D () C:\Temp 2015-01-04 19:12 - 2014-02-02 12:23 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Skype 2015-01-04 18:27 - 2014-11-04 20:31 - 00000000 ____D () C:\ProgramData\Tunngle 2015-01-04 18:27 - 2014-02-04 21:59 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Tunngle 2015-01-01 22:12 - 2014-09-23 20:34 - 00000000 ___RD () C:\Program Files (x86)\Skype 2015-01-01 22:12 - 2014-02-02 12:23 - 00000000 ____D () C:\ProgramData\Skype 2014-12-30 19:53 - 2013-06-09 04:35 - 00000000 ____D () C:\Users\"MEIN NAME"\Documents\ManiaPlanet 2014-12-30 18:44 - 2013-09-18 17:32 - 00000000 ____D () C:\ProgramData\ManiaPlanet 2014-12-18 19:43 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp 2014-12-18 01:27 - 2014-08-11 04:30 - 00000000 ____D () C:\Users\"MEIN NAME"\Desktop\Bewerbung für deutsches rotes kreuz 2014-12-15 13:31 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\rescache 2014-12-15 13:00 - 2013-09-19 14:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sr-Latn-RS 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sr-Latn-CS 2014-12-15 12:57 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\PolicyDefinitions 2014-12-15 11:39 - 2013-09-18 14:53 - 00000000 ____D () C:\windows\system32\MRT 2014-12-15 11:33 - 2013-09-18 14:53 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-12-15 11:31 - 2014-04-23 19:27 - 00000940 _____ () C:\Users\Public\Desktop\LogMeIn Hamachi.lnk 2014-12-13 21:43 - 2014-02-04 22:41 - 00000000 _____ () C:\windows\SysWOW64\Access.dat 2014-12-11 23:12 - 2014-08-11 04:05 - 00001086 _____ () C:\Users\"MEIN NAME"\Desktop\Dropbox.lnk 2014-12-11 23:12 - 2014-08-11 04:04 - 00000000 ____D () C:\Users\"MEIN NAME"\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox Some content of TEMP: ==================== C:\Users\"MEIN NAME"\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9b3a28.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-08 01:54 ==================== End Of Log ============================ [/CODE] Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015
Ran by "MEIN NAME" at 2015-01-09 19:13:25
Running from C:\Users\"MEIN NAME"\Documents
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
8GadgetPack (HKLM-x32\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Alt.Binz 0.39.4 (HKLM-x32\...\Alt.Binz) (Version: 0.39.4 - Rdl)
AMD Catalyst Install Manager (HKLM\...\{C7A772A4-73CF-EB06-172F-75C5F6C80AAC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Anki (HKLM-x32\...\Anki) (Version: - )
Apowersoft Bildschirmrekorder Pro V1.1.9 (HKLM-x32\...\{BADAA284-1D15-4EBB-B1E5-7C86603CDBBB}_is1) (Version: 1.1.9 - Apowersoft)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BenVista PhotoZoom Classic 4.1.4 (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\PhotoZoom Classic 4) (Version: 4.1.4 - BenVista Ltd.)
Blackthorne (HKLM-x32\...\{C563EEF9-17FF-4563-8B78-82AF0C4577CE}) (Version: 1.0.0 - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{7E6316CA-5ED0-4EF9-9920-A92115E286B7}) (Version: 0.7.17.916 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bontago (HKLM-x32\...\Bontago) (Version: 1.0 - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.35 - Abelssoft)
Classic Shell (HKLM\...\{FEA1590B-540A-41FC-A95C-664493C82A21}) (Version: 3.6.8 - IvoSoft)
Conexant HD Audio (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 1.0.52.0 - Conexant)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.40.0 - Conexant)
CPUID CPU-Z 1.66.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor Pro 1.20 (HKLM\...\CPUID HWMonitorPro_is1) (Version: - )
Crashday (HKLM-x32\...\{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}) (Version: 0 - ATARI)
CrossLoop 2.82 (HKLM-x32\...\CrossLoop_is1) (Version: 2.82 - CrossLoop, Inc.)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.2 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell System Detect (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Dell Touchpad (HKLM\...\Elantech) (Version: 11.3.5.4 - ELAN Microelectronic Corp.)
DesktopEarth (HKLM-x32\...\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}) (Version: 2.1.1 - CodeFromThe70s.org)
DigitalPersona Fingerprint Software 6.2 (HKLM\...\{A59EF3E5-F532-4E13-9FCF-48B2836FE060}) (Version: 6.2.0.300 - DigitalPersona, Inc.)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dr. Hardware 2013 13.5d (HKLM-x32\...\Dr. Hardware 2013_is1) (Version: - Peter A. Gebhard)
Dropbox (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DxO FilmPack 3 (HKLM\...\{6E98BFB0-55E3-4D3C-8C10-B44F6063535E}) (Version: 3.4.94.0 - DxO Labs)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FILEminimizer Suite (HKLM-x32\...\FILEminimizer Suite_is1) (Version: - balesio AG)
Flashtool (HKLM-x32\...\Flashtool) (Version: 0.9.10.1 - Androxyde)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free Alarm Clock 2.7.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 2.7 - Comfort Software Group)
Free YouTube to MP3 Converter version 3.12.20.1230 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
GameMaker-Studio 1.2 (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\GameMaker-Studio12) (Version: - YoYo Games Ltd.)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HD Video Converter Factory Pro (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\HDVideoConverterFactoryPro) (Version: - WonderFox Soft, Inc. All Rights Reserved.)
HP ePrint (HKLM-x32\...\{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}) (Version: 14.0.14176.1823 - Hewlett-Packard)
HP LaserJet Professional CP1020 Series (HKLM\...\HP LaserJet Professional CP1020 Series) (Version: - )
HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät (HKLM\...\{56F91CE8-0168-4619-8FEC-13F5087E40F8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Hilfe (HKLM-x32\...\{130E5108-547F-4482-91EE-F45C784E08C7}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppcp1025LaserJetService (HKLM-x32\...\{F31BF057-0D5E-485E-ADFD-560314A27912}) (Version: 1.00.0000 - Hewlett-Packard)
hppLaserJetService (x32 Version: 007.015.00635 - Hewlett-Packard) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.14.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.37.2 - HTC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IM-Magic Partition Resizer Professional 2013 (HKLM-x32\...\IM-Magic Partition Resizer Professional) (Version: 2013 - IM Magic Inc.)
Inpaint 5.5 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Interaktive Sprachreise - Vokabeltrainer English (HKLM-x32\...\VTE_16_689501) (Version: - digital publishing AG)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kalenderchen 5 (HKLM-x32\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
kikin Plugin (NO23 Edition) 1.11 (HKLM-x32\...\kikin Plugin (NO23 Edition)) (Version: 1.11 - kikin)
Kingsoft Presentation (8.1.0.2948) (HKLM-x32\...\Kingsoft Presentation) (Version: 8.1.0.2948 - Kingsoft Corp.)
K-Lite Codec Pack 10.3.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
Kvisoft Data Recovery1.5.2 (HKLM-x32\...\Kvisoft Data Recovery_is1) (Version: 1.5.2 - Kvisoft Co.,Ltd.)
LibreOffice 4.1.1.2 (HKLM-x32\...\{F1EE568A-171F-4C06-9BE6-2395BED067A3}) (Version: 4.1.1.2 - The Document Foundation)
LingoPad 2.5.1 (Build 325) (HKLM-x32\...\LingoPad_is1) (Version: 2.5.1 - Lingo4you GbR)
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Macrorit Disk Partition Expert Professional 2013 (HKLM-x32\...\Macrorit Disk Partition Expert Professional) (Version: 2013 - Macrorit Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.2000 - Maxthon International Limited)
Metin2 (HKLM-x32\...\Metin2_is1) (Version: - Gameforge 4D GmbH)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Monitor Calibration Wizard 1.0 (HKLM-x32\...\Monitor Calibration Wizard) (Version: - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
MSI Afterburner 4.0.0 (HKLM-x32\...\Afterburner) (Version: 4.0.0 - MSI Co., LTD)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Opera Stable 25.0.1614.71 (HKLM-x32\...\Opera 25.0.1614.71) (Version: 25.0.1614.71 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
Overwolf (HKLM-x32\...\{030F4BB3-F3C3-4A74-905C-44672D1ECB76}) (Version: 0.47.284 - Overwolf)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r4600) (Version: - )
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.210.0 - Tracker Software Products Ltd)
Perspective 1.0 (HKLM-x32\...\Perspective) (Version: 1.0 - Widdershins)
phase6_19 (HKLM-x32\...\{65D70656-D248-4C83-B594-E3029C43B37A}) (Version: 1.90.0000 - phase6)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.15.026 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.18.621.2013 - Realtek)
Realtek USB 2.0 Card Reader Software (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: - )
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rise Of Legends (HKLM-x32\...\InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}) (Version: 1.00.0000 - Microsoft Game Studios)
Rise Of Legends (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
RivaTuner Statistics Server 6.2.0 (HKLM-x32\...\RTSS) (Version: 6.2.0 - Unwinder)
Runes of Magic (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 6.0.0.2647 - Gameforge Productions GmbH)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3_is1) (Version: 3.1 - IObit)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.2.201402071544 - Sony Mobile Communications AB)
Sony PC Companion 2.10.211 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0028 - ST Microelectronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stickies 7.1e (HKLM-x32\...\ZhornStickies) (Version: - Zhorn Software)
TaskmgrPro V1.4.5 (HKLM\...\TaskmgrPro_is1) (Version: - GoldGingko Software)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tipard DVD Ripper Platinum 6.2.20 (HKLM-x32\...\{C145A9AD-BD43-4255-B5F9-2803289C2F96}_is1) (Version: 6.2.20 - Tipard Studio)
Torchlight (HKLM-x32\...\Torchlight_is1) (Version: - GOG.com)
Tunngle Version Tunngle (HKLM-x32\...\Tunngle_is1) (Version: Tunngle - Tunngle.net GmbH)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
UDPixel.exe (HKLM-x32\...\UDPixel) (Version: - )
Validity Sensors DDK (HKLM\...\{40BEDF44-88CF-4FF6-8790-882484452003}) (Version: 4.4.231.0 - Validity Sensors, Inc.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WordMatch (HKLM-x32\...\WordMatch) (Version: - )
XBMC (HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\XBMC) (Version: - Team XBMC)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2901914888-2273405363-3910051971-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-12-2014 19:39:24 Windows Update
27-12-2014 11:35:47 Geplanter Prüfpunkt
05-01-2015 05:01:47 Geplanter Prüfpunkt
07-01-2015 19:27:37 Revo Uninstaller's restore point - PhoXo
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {008E2B35-337F-4A7B-99A2-A7C06A3F6B5F} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-11-10] (CHIP)
Task: {038E9733-51D5-4E0B-B93D-B6A7BD09BB4E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-09] (Adobe Systems Incorporated)
Task: {0990D63D-5A59-42C3-A599-505698A7DA5C} - System32\Tasks\CrystalDiskInfo => C:\Program Files (x86)\CrystalDiskInfo\DiskInfo.exe [2013-04-24] (Crystal Dew World)
Task: {0F81D5F9-CF65-45FD-84CB-6F1CD4524DED} - System32\Tasks\SmartDefrag3_Startup => C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [2014-03-10] (IObit)
Task: {153E9CB3-CBD3-446C-BEB5-F080CADC78A1} - System32\Tasks\Intel(R) Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-08] (Intel)
Task: {28E5397B-965B-4798-B838-E6A2D681EB6E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {4133F9C9-3E24-4103-890C-EB1A45169721} - System32\Tasks\Opera scheduled Autoupdate 1380525839 => C:\Program Files (x86)\Opera\launcher.exe [2014-11-14] (Opera Software)
Task: {4388B81A-3E0B-4F55-8ECE-298F7351E557} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {6264AB10-3D3C-4101-8E78-6F0BDABA4199} - System32\Tasks\{519BC508-53DB-45C9-84CF-0EF1DAB43713} => pcalua.exe -a "C:\Users\"MEIN NAME"\Desktop\Project M\wit-v2.29a-r5186-cygwin\windows-install.exe" -d "C:\Users\"MEIN NAME"\Desktop\Project M\wit-v2.29a-r5186-cygwin"
Task: {64189BC5-EBDB-457A-8769-E48FE224DE52} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {65A701E7-8C74-410B-9796-A480A9AAF83D} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-03-10] (IObit)
Task: {696BF4C9-EBE9-44D7-9289-9372E06995CC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {74426CC3-4CE0-4119-A348-15D321736929} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {7CE0AA23-0EF9-4F7B-8C56-4390303ABACB} - System32\Tasks\WpsUpdateTask_"MEIN NAME" => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe [2011-08-24] (Kingsoft Corp. Ltd.)
Task: {7DBB7FC0-06B9-48EE-B1B8-385BEE6BB304} - System32\Tasks\SystemToolsDailyTest-Retry => uaclauncher.exe
Task: {86578881-F4D5-48AE-914F-9C731E650EEE} - System32\Tasks\avastBCLRestartS-1-5-21-2901914888-2273405363-3910051971-1001 => Chrome.exe
Task: {A147AA5B-9076-4946-9EA1-9F6CD8251FD8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-15] (Microsoft Corporation)
Task: {B01CEC4F-A518-49BA-8782-BB1670FE266F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {D6D764C0-089F-479D-A813-6487EAB62BCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17] (Google Inc.)
Task: {F1FA038F-D843-4B90-A076-0814A7168319} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-14] (AVAST Software)
Task: {F2E385FD-11EF-4BE3-9946-0FCC658184A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-17] (Google Inc.)
Task: {F66A3B11-DB13-4E1D-844C-C173393DCF3D} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2014-12-10] (Maxthon International ltd.)
Task: {F6C89968-9838-496F-A35D-DF23407FA82D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {FCE1FB10-4193-4735-B5DC-AD94E401FE67} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\WpsUpdateTask_"MEIN NAME".job => C:\Program Files (x86)\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe
==================== Loaded Modules (whitelisted) =============
2014-10-24 17:58 - 2012-11-28 03:18 - 00129024 ____N () C:\windows\System32\HPCP1020LM.DLL
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2013-01-28 16:59 - 2012-04-25 03:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-11-14 18:17 - 2014-11-14 18:17 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-14 18:17 - 2014-11-14 18:17 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-18 15:10 - 2014-12-18 15:10 - 00821600 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2013-10-03 23:42 - 2013-10-03 23:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-09-22 13:40 - 2013-09-05 17:42 - 00337752 _____ () C:\Program Files\TaskmgrPro\TaskmgrPro.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-01-09 11:17 - 2015-01-09 11:17 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010900\algo.dll
2014-11-14 18:17 - 2014-11-14 18:17 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-12-18 15:06 - 2014-12-18 15:06 - 00031080 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00607376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00059752 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2014-12-18 15:08 - 2014-12-18 15:08 - 00036216 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-12-18 15:09 - 2014-12-18 15:09 - 00080248 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-12-18 15:11 - 2014-12-18 15:11 - 00129376 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2014-12-18 15:14 - 2014-12-18 15:14 - 00223592 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2013-09-19 14:22 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-19 14:22 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-19 14:22 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-19 14:22 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-19 14:22 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-17 16:30 - 2012-09-05 17:55 - 00892288 _____ () C:\Program Files (x86)\IObit\Smart Defrag 3\webres.dll
2014-02-08 19:30 - 2013-09-12 11:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-01-28 17:03 - 2012-09-12 21:18 - 02003304 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2013-01-28 17:03 - 2012-08-06 10:59 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2013-01-28 17:03 - 2012-08-06 10:59 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2015-01-09 19:11 - 2015-01-09 19:11 - 00098816 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32api.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00110080 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\pywintypes27.dll
2015-01-09 19:11 - 2015-01-09 19:11 - 00364544 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\pythoncom27.dll
2015-01-09 19:11 - 2015-01-09 19:11 - 00045568 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\_socket.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 01160704 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\_ssl.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00320512 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32com.shell.shell.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00713216 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\_hashlib.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 01175040 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\wx._core_.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00805888 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\wx._gdi_.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00811008 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\wx._windows_.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 01062400 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\wx._controls_.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00735232 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\wx._misc_.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00557056 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\pysqlite2._sqlite.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00128512 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\_elementtree.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00127488 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\pyexpat.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00087552 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\_ctypes.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00119808 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32file.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00108544 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32security.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00007168 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\hashobjs_ext.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00167936 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32gui.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00018432 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32event.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00038912 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32inet.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00011264 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32crypt.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00070656 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\wx._html2.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00027136 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\_multiprocessing.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00035840 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32process.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00686080 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\unicodedata.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00122368 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\wx._wizard.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00024064 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32pipe.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00025600 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32pdh.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00525640 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\windows._lib_cacheinvalidation.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00010240 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\select.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00017408 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32profile.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00022528 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\win32ts.pyd
2015-01-09 19:11 - 2015-01-09 19:11 - 00078336 _____ () C:\Users\"MEIN NAME"\AppData\Local\Temp\_MEI34002\wx._animate.pyd
2014-11-14 18:18 - 2014-11-14 18:18 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-09 19:11 - 2015-01-09 19:11 - 00043008 _____ () c:\Users\"MEIN NAME"\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9b3a28.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\"MEIN NAME"\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-20 00:05 - 2013-09-20 00:05 - 00049152 _____ () C:\Program Files (x86)\Stickies\shook70.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-13 20:58 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\windows\SysWOW64\CN09T110P605JW:NW
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\Users\"MEIN NAME"\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\"MEIN NAME"\SkyDrive.old:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "QuickSet"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\StartupFolder: => "DesktopEarth AutoStart.lnk"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\StartupFolder: => "Sidebar.lnk"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\StartupFolder: => "Logitech . Produktregistrierung.lnk"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\StartupFolder: => "UDPixel.lnk"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2901914888-2273405363-3910051971-1001\...\StartupApproved\Run: => "Sony PC Companion"
========================= Accounts: ==========================
Administrator (S-1-5-21-2901914888-2273405363-3910051971-500 - Administrator - Disabled) => C:\Users\Administrator
"MEIN NAME" (S-1-5-21-2901914888-2273405363-3910051971-1001 - Administrator - Enabled) => C:\Users\"MEIN NAME"
Gast (S-1-5-21-2901914888-2273405363-3910051971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2901914888-2273405363-3910051971-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/09/2015 07:11:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17284 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1214
Startzeit: 01d02c3681efb9f9
Endzeit: 0
Anwendungspfad: C:\windows\Explorer.EXE
Berichts-ID: e81abc54-982a-11e4-bf22-6036dda89aa7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/09/2015 07:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm backgroundTaskHost.exe, Version 6.3.9600.16384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 12e4
Startzeit: 01d02c3683746ec5
Endzeit: 4294967295
Anwendungspfad: C:\WINDOWS\system32\backgroundTaskHost.exe
Berichts-ID: 76e5ad9e-982a-11e4-bf22-6036dda89aa7
Vollständiger Name des fehlerhaften Pakets: Microsoft.WindowsAlarms_6.3.9654.20335_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (01/09/2015 07:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1324
Startzeit: 01d02c36837b95e9
Endzeit: 4294967295
Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe
Berichts-ID: 76e34b6b-982a-11e4-bf22-6036dda89aa7
Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1
Error: (01/09/2015 07:07:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: launcher.exe_Opera Internet Browser, Version: 25.0.1614.71, Zeitstempel: 0x5465527b
Name des fehlerhaften Moduls: launcher_lib.dll, Version: 0.0.0.0, Zeitstempel: 0x54655251
Ausnahmecode: 0x80000003
Fehleroffset: 0x00015100
ID des fehlerhaften Prozesses: 0xbd0
Startzeit der fehlerhaften Anwendung: 0xlauncher.exe_Opera Internet Browser0
Pfad der fehlerhaften Anwendung: launcher.exe_Opera Internet Browser1
Pfad des fehlerhaften Moduls: launcher.exe_Opera Internet Browser2
Berichtskennung: launcher.exe_Opera Internet Browser3
Vollständiger Name des fehlerhaften Pakets: launcher.exe_Opera Internet Browser4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: launcher.exe_Opera Internet Browser5
Error: (01/09/2015 07:03:03 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1".
Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert.
Error: (01/09/2015 07:02:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPLaserJetService.exe, Version: 7.15.635.0, Zeitstempel: 0x4d39aa4e
Name des fehlerhaften Moduls: hppccompio.DLL, Version: 1.3.0.24, Zeitstempel: 0x4c9685d0
Ausnahmecode: 0xc0000417
Fehleroffset: 0x000073bf
ID des fehlerhaften Prozesses: 0x814
Startzeit der fehlerhaften Anwendung: 0xHPLaserJetService.exe0
Pfad der fehlerhaften Anwendung: HPLaserJetService.exe1
Pfad des fehlerhaften Moduls: HPLaserJetService.exe2
Berichtskennung: HPLaserJetService.exe3
Vollständiger Name des fehlerhaften Pakets: HPLaserJetService.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: HPLaserJetService.exe5
Error: (01/09/2015 06:59:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ERUNT.exe, Version: 0.0.0.0, Zeitstempel: 0x2a425e19
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eeb4a3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00076b61
ID des fehlerhaften Prozesses: 0x3bf4
Startzeit der fehlerhaften Anwendung: 0xERUNT.exe0
Pfad der fehlerhaften Anwendung: ERUNT.exe1
Pfad des fehlerhaften Moduls: ERUNT.exe2
Berichtskennung: ERUNT.exe3
Vollständiger Name des fehlerhaften Pakets: ERUNT.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ERUNT.exe5
Error: (01/09/2015 06:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39490734
Error: (01/09/2015 06:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39490734
Error: (01/09/2015 06:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/09/2015 07:03:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/09/2015 07:03:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%14001
Error: (01/09/2015 07:02:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "BlueStacks Android Service" ist vom Dienst "BlueStacks Hypervisor" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (01/09/2015 07:02:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Hypervisor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/09/2015 06:30:43 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.2.101 mit dem Computer mit der
Netzwerkhardwareadresse 00-1A-2B-A2-A6-D6 ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (01/09/2015 07:21:41 AM) (Source: DCOM) (EventID: 10010) (User: "MEIN NAME"PC)
Description: {06622D85-6856-4460-8DE1-A81921B41C4B}
Error: (01/09/2015 07:19:42 AM) (Source: DCOM) (EventID: 10010) (User: "MEIN NAME"PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (01/09/2015 07:19:42 AM) (Source: DCOM) (EventID: 10010) (User: "MEIN NAME"PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (01/09/2015 07:19:42 AM) (Source: DCOM) (EventID: 10010) (User: "MEIN NAME"PC)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
Error: (01/09/2015 07:19:41 AM) (Source: DCOM) (EventID: 10010) (User: "MEIN NAME"PC)
Description: App.AppX8x3pehn0s58gw7jw07387r2wg6318fxw.wwa
Microsoft Office Sessions:
=========================
Error: (01/09/2015 07:11:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.3.9600.17284121401d02c3681efb9f90C:\windows\Explorer.EXEe81abc54-982a-11e4-bf22-6036dda89aa7
Error: (01/09/2015 07:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: backgroundTaskHost.exe6.3.9600.1638412e401d02c3683746ec54294967295C:\WINDOWS\system32\backgroundTaskHost.exe76e5ad9e-982a-11e4-bf22-6036dda89aa7Microsoft.WindowsAlarms_6.3.9654.20335_x64__8wekyb3d8bbweApp
Error: (01/09/2015 07:08:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689132401d02c36837b95e94294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe76e34b6b-982a-11e4-bf22-6036dda89aa7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1
Error: (01/09/2015 07:07:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: launcher.exe_Opera Internet Browser25.0.1614.715465527blauncher_lib.dll0.0.0.0546552518000000300015100bd001d02c371f48d26dC:\Program Files (x86)\Opera\launcher.exeC:\Program Files (x86)\Opera\25.0.1614.71\launcher_lib.dll5d6ef7a6-982a-11e4-bf22-6036dda89aa7
Error: (01/09/2015 07:03:03 PM) (Source: SideBySide) (EventID: 79) (User: )
Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNameC:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
Error: (01/09/2015 07:02:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPLaserJetService.exe7.15.635.04d39aa4ehppccompio.DLL1.3.0.244c9685d0c0000417000073bf81401d02c366f20e872C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exeC:\windows\SYSTEM32\hppccompio.DLLba3f1717-9829-11e4-bf22-6036dda89aa7
Error: (01/09/2015 06:59:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ERUNT.exe0.0.0.02a425e19ntdll.dll6.3.9600.1727853eeb4a3c000000500076b613bf401d02c36034ca215C:\windows\ERUNT.exeC:\windows\SYSTEM32\ntdll.dll41d5e6cd-9829-11e4-bf21-6036dda89aa7
Error: (01/09/2015 06:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 39490734
Error: (01/09/2015 06:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 39490734
Error: (01/09/2015 06:17:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
CodeIntegrity Errors:
===================================
Date: 2014-11-14 01:21:10.095
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.990
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.831
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.735
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.262
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.153
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2014-11-14 01:21:09.055
Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 50%
Total physical RAM: 6013.27 MB
Available physical RAM: 2976.03 MB
Total Pagefile: 10877.27 MB
Available Pagefile: 7426.47 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:921.66 GB) (Free:249.2 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.49 GB) (Free:0.17 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:8.37 GB) (Free:0.24 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7BA981E6)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 28FC915C)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
09.01.2015, 20:50
| #11 |
| /// the machine /// TB-Ausbilder | Trojaner durch Fake- Deutsche Post Mail eingefangen Wie dein Registry Backup will auch Erunt auf die Registry zugreifen um diese zu sichern. Dort scheint ein generelles ZUgriffproblem zu herrschen. 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 11:59
| #12 |
| | Trojaner durch Fake- Deutsche Post Mail eingefangen Hallo. Ich habe gestern das repairtool durchlaufen lassen, während des Repairvorgangs gedankenverloren auf "shutdown system" geklickt, weil ich schlafen gehen wollte. kurz ging das schwarze Fenster weg und dann, etwas verzögert wieder weiter. Das hätte ich wohl nicht machen sollen. direkt merke ich jetzt keinen Fehler am System, schaute nach einem Logfile nach dem Restart, finde aber keines. Wie kann ich prüfen, was erfolgreich war und wo nun Fehler sind? Überdies können Sie ja dann nicht das Logfile checken. Was nun? |
|
10.01.2015, 13:13
| #13 |
| /// the machine /// TB-Ausbilder | Trojaner durch Fake- Deutsche Post Mail eingefangen Das Log brauch ich nit. Was besteht aktuell noch an Problemen?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.01.2015, 18:51
| #14 |
| | Trojaner durch Fake- Deutsche Post Mail eingefangen aktuell kein von mir bemerkbares. Gehst du davon aus, dass dann jetzt alles wieder ok ist?- also, auch Virenmäßig? |
|
10.01.2015, 20:29
| #15 |
| /// the machine /// TB-Ausbilder | Trojaner durch Fake- Deutsche Post Mail eingefangen Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Trojaner durch Fake- Deutsche Post Mail eingefangen |
| antivirus, blockiert, bluestacks, bonjour, browser, ccsetup, computer, converter, cpu-z, crystaldiskinfo, downloader, dringend, dvdvideosoft ltd., entfernen, fake mail, flash player, google, homepage, igdpmd64.sys, internet, launch, livecomm.exe, mozilla, mp3, netzwerk, officejet, post-email, refresh, registry, rundll, scan, software, svchost.exe, system, tracker, trackid, trojaner, vista, windows, windowsapps |
dann auf 
und dann auf 
. 
Linear-Darstellung
