| |
| |||||||
Log-Analyse und Auswertung: Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und SpeicherlastWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
14.01.2015, 19:42
| #1 |
| |  Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Guten Abend, Der befallene Rechner zeigte folgende Symptome: Als ich gerufen wurde, war es nicht möglich Programme zu starten. Es stand von AVast eine Meldung auf dem Bildschirm, dass verschiedene Programme in Quarantäne verschoben worden seien. Eingaben in AVAST waren jedoch möglich, ferner war zuvor ein Update der Virusdefinitionen durchgeführt. Allerdings war die Programmversion veraltet. Ein Update des AV Programmes war jedoch möglich. Nach dem Update liess sich der Rechner wieder starten. Ein darauf folgender Scan des Systems ergab kein Ergebnis. Jedoch war die Prozessorlast lt Taskmanager sehr hoch, der Hauptspeicher voll. Beim Windowsstart öffnete sich ein Fenster - irgendwas wollte eine Meldung machen... wie das genau lautete, weiss ich allerdings nicht mehr. Daher habe ich Spybot Search&Destroy ausgeführt, bei dem ein Problem gemeldet wurde, das ich versuchte automatisch lösen zu lassen. Danach schien für's erste das Problem erledigt zu sein, bis beim Useranmeldescreen von Windows plötzlich eine Stimme ertönte, die aus einer Radiosendung zu stammen schien. Eine deutschsprachige Stimme, die etwas von Songcontest babbelte, nach einigen Sekunden war der Spuk erstmal wieder vorbei. Bei manchem Neustart blieb die Prozessorlast unten, bei manchen Programmstart ging sie hoch. Nach Aufruf von Programmen ging die Prozessorlast überproportional hoch, die ausgeführten Programme wurden sehr langsam ausgeführt und der Hauptspeicher wurde immer voller. Ich habe versucht von AVAST ein Logfile zu finden und vermutete es in der APP-Data bei unser, der Inhalt ist aber so gut wie nix: Code:
ATTFilter [0113/141835:ERROR:ipc_channel_win.cc(132)] pipe error: 109
[0113/155221:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/162928:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/174410:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/180035:ERROR:ipc_channel_win.cc(404)] pipe error: 232
[0114/192725:ERROR:ipc_channel_win.cc(132)] pipe error: 109
Von Spybot habe ich keine Logdatei gefunden. FRST.txt: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by Dominik (administrator) on TROLLINGSARUMAN on 14-01-2015 18:06:53
Running from C:\Users\Dominik\Desktop
Loaded Profile: Dominik (Available profiles: Dominik & TogetherCrazyGaming)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\002\fpvoixdaog32.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
() C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8187160 2014-07-28] (Logitech Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation)
Startup: C:\Users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Holland - Verknüpfung.lnk
ShortcutTarget: Holland - Verknüpfung.lnk -> (No File)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3362981809-2306697286-120240772-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: FlowSurf -> {E3F1CA13-EA0E-4617-8D03-3EAA6A94A7E0} -> C:\Program Files\Flowsurf\FlowSurf.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FireFox:
========
FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\amazon-deu.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\proxerme.xml
FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\youtube-videosuche.xml
FF Extension: FT DeepDark - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-03]
FF Extension: Bluhell Firewall - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-31]
FF HKLM\...\Firefox\Extensions: [jid1-tofUlNEIFlkUIA@jetpack] - C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll No File
CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File
CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File
CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File
CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File
CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (FlowSurf) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn [2014-04-19]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-09] (Avast Software)
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [93048 2014-06-16] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] ()
R2 fpvoixdaog32; C:\Program Files\002\fpvoixdaog32.exe [541696 2014-04-19] () [File not signed]
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] ()
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Verifies and fixes application compatibility issues; C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [87208 2015-01-08] ()
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-09] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-04] (DT Soft Ltd)
R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-25] (Eugene V. Muzychenko)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-09] (Avast Software)
S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems)
S3 musbehco; \??\C:\Users\Dominik\AppData\Local\Temp\musbehco.sys [X]
S3 pmem; \??\C:\Users\Dominik\AppData\Local\Temp\_MEI55962\drivers\winpmem32.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 18:06 - 2015-01-14 18:09 - 00019702 _____ () C:\Users\Dominik\Desktop\FRST.txt
2015-01-14 18:06 - 2015-01-14 18:07 - 00000000 ____D () C:\FRST
2015-01-14 18:04 - 2015-01-14 18:05 - 00000476 _____ () C:\Users\Dominik\Desktop\defogger_disable.log
2015-01-14 18:04 - 2015-01-14 18:04 - 00000000 _____ () C:\Users\Dominik\defogger_reenable
2015-01-14 17:52 - 2015-01-14 17:52 - 01115648 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe
2015-01-14 17:52 - 2015-01-14 17:52 - 00050477 _____ () C:\Users\Dominik\Desktop\Defogger.exe
2015-01-14 17:50 - 2015-01-14 17:50 - 00380416 _____ () C:\Users\Dominik\Desktop\rz1b2ley.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 16:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:57 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2015-01-14 16:27 - 00000197 _____ () C:\Windows\system32\2015-01-14-15-27-18.023-AvastVBoxSVC.exe-3216.log
2015-01-13 22:35 - 2015-01-13 22:35 - 280280668 ____N () C:\Windows\MEMORY.DMP
2015-01-13 22:35 - 2015-01-13 22:35 - 00160160 _____ () C:\Windows\Minidump\011315-31875-01.dmp
2015-01-13 15:54 - 2015-01-13 15:54 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-54-55.027-AvastVBoxSVC.exe-792.log
2015-01-13 13:57 - 2015-01-13 13:57 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-57-17.013-AvastVBoxSVC.exe-5424.log
2015-01-13 12:57 - 2015-01-14 16:33 - 00000112 _____ () C:\ProgramData\q485uB3.dat
2015-01-13 12:52 - 2015-01-13 12:53 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-52-33.019-AvastVBoxSVC.exe-3616.log
2015-01-12 13:31 - 2015-01-12 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-12-12-31-33.000-AvastVBoxSVC.exe-3368.log
2015-01-11 15:25 - 2015-01-11 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-25-05.016-AvastVBoxSVC.exe-3124.log
2015-01-11 13:45 - 2015-01-11 13:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-45-48.064-AvastVBoxSVC.exe-3404.log
2015-01-11 13:08 - 2015-01-11 13:08 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-08-40.050-AvastVBoxSVC.exe-3532.log
2015-01-11 12:54 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150111-125459.backup
2015-01-11 12:20 - 2015-01-11 12:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-20-40.098-AvastVBoxSVC.exe-3528.log
2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Dominik\Documents\ProcAlyzer Dumps
2015-01-11 12:12 - 2015-01-11 12:12 - 00039561 _____ () C:\Windows\wininit.ini
2015-01-11 11:28 - 2015-01-11 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-11 11:28 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2015-01-11 11:28 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-11 11:28 - 2015-01-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-11 11:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-01-11 11:26 - 2015-01-11 11:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dominik\Downloads\spybot-2.4.exe
2015-01-11 10:46 - 2015-01-11 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-11-09-46-54.007-AvastVBoxSVC.exe-3012.log
2015-01-10 13:58 - 2015-01-10 13:58 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-58-28.073-AvastVBoxSVC.exe-3244.log
2015-01-10 13:37 - 2015-01-10 13:41 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\Compatibility Verifier
2015-01-09 23:36 - 2015-01-09 23:37 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-36-57.044-aswFe.exe-6088.log
2015-01-09 23:30 - 2015-01-09 23:36 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-30-18.010-aswFe.exe-4644.log
2015-01-09 23:18 - 2015-01-09 23:18 - 00000000 ____D () C:\Windows\system32\vbox
2015-01-09 23:14 - 2015-01-09 23:14 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\AVAST Software
2015-01-09 23:09 - 2015-01-09 23:09 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-09 23:08 - 2015-01-09 23:08 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-09 23:08 - 2015-01-09 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-09 23:08 - 2015-01-09 23:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-09 22:35 - 2015-01-09 22:49 - 00000000 ____D () C:\Users\Dominik\AppData\Local\FreeFixer
2015-01-09 22:35 - 2015-01-09 22:35 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\FreeFixer
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-09 22:25 - 2015-01-14 17:46 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 22:25 - 2015-01-14 17:46 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier
2015-01-08 22:02 - 2015-01-08 22:02 - 00087712 _____ () C:\Users\Dominik\Downloads\GLottery-V2.1.8_Beta.zip
2015-01-08 21:59 - 2015-01-08 21:59 - 00451723 _____ () C:\Users\Dominik\Downloads\totalRP3_build_9.zip
2015-01-08 21:58 - 2015-01-08 21:58 - 00073807 _____ () C:\Users\Dominik\Downloads\MyRolePlay_6.0.0.400.zip
2015-01-08 21:57 - 2015-01-08 21:57 - 01327418 _____ () C:\Users\Dominik\Downloads\Outfitter_5.10b8.zip
2015-01-08 21:51 - 2015-01-08 21:51 - 03841803 _____ () C:\Users\Dominik\Downloads\AuctioneerSuite-5.21c.5521.zip
2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\Users\Dominik\Desktop\Mc Server
2014-12-18 19:27 - 2014-12-19 12:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-12-18 15:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-15 15:44 - 2014-12-15 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2014-12-15 15:44 - 2014-12-15 15:44 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 18:06 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:06 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:04 - 2012-12-31 16:03 - 00000000 ____D () C:\Users\Dominik
2015-01-14 17:56 - 2012-12-31 16:02 - 01947040 _____ () C:\Windows\WindowsUpdate.log
2015-01-14 17:42 - 2014-01-26 21:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 17:42 - 2014-01-18 03:11 - 00000000 ____D () C:\Users\Dominik\AppData\Local\LogMeIn Hamachi
2015-01-14 17:41 - 2009-07-14 05:39 - 00213554 _____ () C:\Windows\setupact.log
2015-01-14 17:40 - 2013-09-15 08:58 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 17:40 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 17:19 - 2012-12-31 22:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 17:17 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Battle.net
2015-01-14 17:17 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\TS3Client
2015-01-14 16:40 - 2014-01-26 21:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 22:35 - 2013-01-28 01:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 22:19 - 2012-12-31 22:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:19 - 2012-12-31 22:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-11 18:18 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Editoren und Player
2015-01-11 12:17 - 2013-01-01 13:03 - 00412990 _____ () C:\Windows\PFRO.log
2015-01-10 01:08 - 2013-11-03 13:53 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\OBS
2015-01-09 23:39 - 2012-12-31 22:22 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-09 23:39 - 2012-12-31 22:22 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-09 23:08 - 2013-06-03 08:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-09 23:08 - 2012-12-31 22:22 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-01-09 23:05 - 2012-12-31 22:21 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-09 23:04 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt
2015-01-09 22:36 - 2012-12-31 16:04 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 22:26 - 2014-08-30 15:10 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-09 15:11 - 2013-01-03 20:56 - 00000000 ____D () C:\Program Files\Steam
2015-01-08 09:55 - 2012-12-31 16:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-08 00:54 - 2013-02-12 11:24 - 00000000 ____D () C:\Users\Dominik\Desktop\Musik
2015-01-05 03:09 - 2014-06-03 15:08 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2015-01-05 03:09 - 2014-05-25 19:53 - 00000000 ____D () C:\Program Files\Overwolf
2014-12-29 00:26 - 2013-01-02 22:25 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\.minecraft
2014-12-28 14:29 - 2013-01-04 23:37 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc
2014-12-27 22:28 - 2013-01-03 04:28 - 00000000 ____D () C:\Program Files\Warcraft III
2014-12-25 13:00 - 2013-01-13 20:05 - 00000000 ____D () C:\Users\Dominik\Desktop\Spiele
2014-12-23 14:54 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Internet
2014-12-22 00:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors
2014-12-19 17:44 - 2013-01-13 18:52 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Thunderbird
2014-12-19 12:59 - 2012-12-31 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-15 08:48 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
Files to move or delete:
====================
C:\ProgramData\q485uB3.dat
Some content of TEMP:
====================
C:\Users\Dominik\AppData\Local\Temp\_is9C45.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-07 19:22
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-01-2015 02
Ran by Dominik at 2015-01-14 18:11:17
Running from C:\Users\Dominik\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
ANNO 1404 - Königsedition (HKLM\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 3.10.0000 - Ubisoft)
Anno 2070 (HKLM\...\Steam App 48240) (Version: - BlueByte)
Artweaver Free 3.1 (HKLM\...\{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1) (Version: 3.1 - Boris Eyrich Software)
Assassin’s Creed Unity (HKLM\...\Steam App 289650) (Version: - Ubisoft)
Assassin's Creed Brotherhood (HKLM\...\Steam App 48190) (Version: - Ubisoft Montreal)
Assassin's Creed II (HKLM\...\Steam App 33230) (Version: - Ubisoft Montreal)
Assassin's Creed Revelations 1.03 (HKLM\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.03 - Ubisoft)
Assassin's Creed(R) III v1.02 (HKLM\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.02 - Ubisoft)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Banished (HKLM\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Bastion (HKLM\...\Steam App 107100) (Version: - Supergiant Games)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
BurnAware Free 7.2 (HKLM\...\BurnAware Free_is1) (Version: - Burnaware)
Cthulhu Saves the World (HKLM\...\Steam App 107310) (Version: - Zeboyd Games)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Deponia (HKLM\...\Steam App 214340) (Version: - Daedalic Entertainment)
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Die Siedler 7 (HKLM\...\{63860309-DA8A-4BAE-9EAE-CE1D6D79340C}) (Version: 1.12.1396 - Ubisoft)
Die Siedler IV (HKLM\...\S4Uninst) (Version: - )
Dungeon Defenders (HKLM\...\Steam App 65800) (Version: - )
DVCCap v6.0.1.115 (HKLM\...\DVCCap_is1) (Version: - Paul Yux & AMT STUDIO 717)
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Fraps (remove only) (HKLM\...\Fraps) (Version: - )
Game Character Hub (HKLM\...\Steam App 292230) (Version: - Sebastien Bini)
Go! Go! Nippon! ~My First Trip to Japan~ (HKLM\...\Steam App 251870) (Version: - OVERDRIVE)
God Mode (HKLM\...\Steam App 227480) (Version: - Old School Games)
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM\...\Steam App 12210) (Version: - Rockstar North)
Hammerwatch (HKLM\...\Steam App 239070) (Version: - Crackshell)
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Newerth (HKLM\...\hon) (Version: 2.3.0 - S2 Games)
Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.650 - Oracle)
King's Bounty: Armored Princess (HKLM\...\Steam App 3170) (Version: - Katauri Interactive)
King's Bounty: The Legend (HKLM\...\Steam App 25900) (Version: - 1C Company)
League of Legends (HKLM\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (Version: 3.0.1 - Riot Games ) Hidden
Logitech Gaming Software 8.55 (HKLM\...\Logitech Gaming Software) (Version: 8.55.137 - Logitech Inc.)
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.291 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.291 - LogMeIn, Inc.) Hidden
Long Live The Queen (Demo) 1.0 (HKLM\...\Long Live The Queen_is1) (Version: - Hanako Games)
Magic 2014 (HKLM\...\Steam App 213850) (Version: - Stainless Games)
Magical Diary Demo (HKLM\...\Steam App 212140) (Version: - Hanako Games)
Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios AB)
Magicka: Wizard Wars (HKLM\...\Steam App 202090) (Version: - Paradox North)
Magicka: Wizards of the Square Tablet (HKLM\...\Steam App 247580) (Version: - Ludosity)
MAGIX Screenshare (HKLM\...\{4696FD4A-A0DF-4F84-BC9D-12D73E1D95D3}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{58503E1E-09E6-400C-A44C-3822D7559794}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Video deluxe MX Premium Download-Version (HKLM\...\MAGIX_MSI_Videodeluxe18_premium) (Version: 11.0.1.4 - MAGIX AG)
MAGIX Video deluxe MX Premium Download-Version (Version: 11.0.1.4 - MAGIX AG) Hidden
Metro 2033 (HKLM\...\Steam App 43110) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 34.0 (x86 de) (HKLM\...\Mozilla Firefox 34.0 (x86 de)) (Version: 34.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Napster 5 Beta (HKLM\...\com.Rhapsody.Napster5) (Version: 1.0.65 - Rhapsody International, Inc)
Napster 5 Beta (Version: 1.0.65 - Rhapsody International, Inc) Hidden
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9713 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version: 1.00.7325.0 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Oblivion (HKLM\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version: - )
OpenAL (HKLM\...\OpenAL) (Version: - )
OpenOffice 4.0.0 (HKLM\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
osu! (HKLM\...\{C3592426-531E-4110-911D-BFECE2CE284C}) (Version: 0.0.0.0 - peppy)
Overwolf (HKLM\...\Overwolf) (Version: 0.82.103.0 - Overwolf Ltd.)
Pinball FX2 (HKLM\...\Steam App 226980) (Version: - )
Pinnacle Systems USB-2 Device Drivers (HKLM\...\{9870C7AE-7C6A-478D-9A75-35827382220F}) (Version: 2.00.0014 - Pinnacle Systems)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6782 - Realtek Semiconductor Corp.)
Retro City Rampage™ (HKLM\...\Steam App 204630) (Version: - Vblank Entertainment, Inc.)
rFactor2 (HKLM\...\rFactor2) (Version: - )
Rise of Nations: Extended Edition (HKLM\...\Steam App 287450) (Version: - SkyBox Labs)
Risen (HKLM\...\Steam App 40300) (Version: - Piranha – Bytes )
Rogue Legacy (HKLM\...\Steam App 241600) (Version: - Cellar Door Games)
RPG Maker VX Ace (HKLM\...\Steam App 220700) (Version: - Enterbrain)
RPG Tycoon (HKLM\...\Steam App 314240) (Version: - Skatanic Studios)
Sacred Citadel (HKLM\...\Steam App 207930) (Version: - Southend)
Saints Row IV (HKLM\...\Steam App 206420) (Version: - Deep Silver Volition)
Saints Row: The Third (HKLM\...\Steam App 55230) (Version: - Volition)
SHIELD Streaming (Version: 2.1.108 - NVIDIA Corporation) Hidden
Skyborn (HKLM\...\Steam App 278460) (Version: - Dancing Dragon Games)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Star Trek Online (HKLM\...\Steam App 9900) (Version: - Cryptic Studios)
StarCraft II (HKLM\...\StarCraft II) (Version: 2.0.11.26825 - Blizzard Entertainment)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
The Binding of Isaac (HKLM\...\Steam App 113200) (Version: - )
The Binding of Isaac: Rebirth (HKLM\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Elder Scrolls III: Morrowind (HKLM\...\Steam App 22320) (Version: - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (HKLM\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Mighty Quest For Epic Loot (HKLM\...\Steam App 239220) (Version: - Ubisoft Montreal)
The Mighty Quest For Epic Loot Version 1.231911 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.231911 - )
Thief - Deadly Shadows Demo (HKLM\...\{EB3CEC18-A1C4-4909-8FE2-0C30D7A07E32}) (Version: 1.0 - )
Thief (HKLM\...\Steam App 239160) (Version: - Eidos-Montréal)
TmNationsForever (HKLM\...\TmNationsForever_is1) (Version: - Nadeo)
To the Moon (HKLM\...\Steam App 206440) (Version: - Freebird Games)
Tom Clancy's Splinter Cell Blacklist (HKLM\...\Steam App 235600) (Version: - Ubisoft Toronto)
Total War: SHOGUN 2 (HKLM\...\Steam App 34330) (Version: - The Creative Assembly)
TrackMania² Stadium (HKLM\...\Steam App 232910) (Version: - Nadeo)
Trine (HKLM\...\Steam App 35700) (Version: - Frozenbyte)
Trine 2 (HKLM\...\Steam App 35720) (Version: - Frozenbyte)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unity (HKLM\...\Unity) (Version: 4.6.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
Uplay (HKLM\...\Uplay) (Version: 4.8 - Ubisoft)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version: - )
Visual Pinball (HKLM\...\{B36C4994-A563-4339-8754-CCCE51314A4C}) (Version: 0.0.4.1226 - Randy Davis)
VLC media player 2.0.8 (HKLM\...\VLC media player) (Version: 2.0.8 - VideoLAN)
Warcraft III (HKLM\...\Warcraft III) (Version: - Blizzard Entertainment)
Winamp (HKLM\...\Winamp) (Version: 5.64 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
Worms Armageddon (HKLM\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
XCOM: Enemy Unknown (HKLM\...\Steam App 200510) (Version: - Firaxis Games)
YTD Video Downloader 4.8.4 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8.4 - GreenTree Applications SRL) <==== ATTENTION
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-3362981809-2306697286-120240772-1001_Classes\CLSID\{cb4c77f0-ab2a-407c-93ac-963769824b18}\localserver32 -> C:\Users\Dominik\AppData\Local\Temp\{b3ede298-ae75-4a1c-ab7e-1b9229b77bbe}\IDriver.NonElevated.exe N (the data entry has 6 more characters).
==================== Restore Points =========================
31-12-2014 20:34:26 Windows Update
06-01-2015 13:43:35 Windows Update
09-01-2015 14:54:02 Windows Update
09-01-2015 22:26:14 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
09-01-2015 23:05:32 avast! antivirus system restore point
09-01-2015 23:09:43 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
10-01-2015 13:39:17 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 10:48:32 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 13:06:51 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
11-01-2015 13:43:56 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-01-2015 13:11:26 Windows Update
14-01-2015 17:18:47 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2015-01-11 12:54 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0768A1E0-41CE-4643-85AD-1897F77A120A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {08A72CAE-6D23-45FE-A3EC-BFA13BBC906F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-09] (AVAST Software)
Task: {204987F5-B8E0-4E72-B84F-9643F258CA16} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {56EE9C2F-1A20-4C42-A060-1831B86118F0} - System32\Tasks\{88C6F5F5-D66E-4456-B7C6-5EF147235624} => pcalua.exe -a "C:\Users\Dominik\Downloads\Stormblade Downloader.exe" -d C:\Users\Dominik\Downloads
Task: {5B1D0D1B-ECF4-4CCA-BA23-E6FA39C4124E} - System32\Tasks\RegistryDr_Popup => C:\Program Files\Registry Dr\Splash.exe <==== ATTENTION
Task: {8120F440-FB53-4E47-8369-E2EA6DDD563B} - System32\Tasks\RegistryDr_Start => C:\Program Files\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {8635CD0C-761A-49DE-A267-817A203A1F4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {A75CD619-D881-4C5E-AD61-1AE83CAEBF6F} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2014-12-29] (Overwolf LTD)
Task: {B30D3AC0-6A9A-4CF8-A15F-BDFD9FEEA06C} - System32\Tasks\{E64B25C8-2FFF-40AC-BCE4-043AEE38812E} => pcalua.exe -a c:\users\dominik\appdata\local\lollipop\lollipop_04192128.bat
Task: {B8A287EB-3876-4EDB-8526-2994F63AC4C1} - System32\Tasks\fsupdate => C:\Program <==== ATTENTION
Task: {D464CBEB-AF6F-4A87-A11B-EBFBB09E99F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-26] (Google Inc.)
Task: {DA5663E5-7977-4356-AE17-01F32F8A7477} - System32\Tasks\{660B291F-42C2-49CA-AFEC-831BB43B7AB2} => pcalua.exe -a D:\setup.exe -d D:\
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2015-01-14 16:27 - 2015-01-14 16:27 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15011400\algo.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 02151544 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxVMM.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 00021488 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxREM.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 04474224 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-04-19 04:09 - 2014-04-19 04:09 - 00541696 _____ () C:\Program Files\002\fpvoixdaog32.exe
2015-01-11 11:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-11 11:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-11 11:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-11 11:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-11 11:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-01-09 22:25 - 2015-01-08 20:58 - 00087208 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
2012-12-31 17:08 - 2010-01-21 01:52 - 00370792 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
2012-12-31 17:08 - 2010-01-21 01:51 - 00062568 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2012-12-31 17:08 - 2010-01-21 01:52 - 00565864 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2012-12-31 17:08 - 2010-01-21 01:52 - 00167528 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2015-01-09 23:08 - 2015-01-09 23:08 - 00317632 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2013-09-15 08:58 - 2014-05-20 01:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-07-28 19:34 - 2014-07-28 19:34 - 00719128 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-07-28 19:37 - 2014-07-28 19:37 - 00850712 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-07-28 19:34 - 2014-07-28 19:34 - 00049432 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-07-28 19:37 - 2014-07-28 19:37 - 00249112 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-01-09 23:08 - 2015-01-09 23:08 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-02 09:40 - 2014-12-02 09:40 - 03758192 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-09 22:25 - 2015-01-08 21:51 - 51252392 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe
2015-01-09 22:25 - 2015-01-07 22:22 - 01360552 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libglesv2.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 00214184 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\libegl.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 00985768 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll
2015-01-09 22:25 - 2015-01-07 22:22 - 16827048 _____ () C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: Verifies and fixes application compatibility issues => 2
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Overwolf => C:\Program Files\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: snpstd3 => C:\Windows\vsnpstd3.exe
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TrayServer => C:\Program Files\MAGIX\Video_deluxe_MX_Premium_Download-Version\TrayServer_de.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-3362981809-2306697286-120240772-500 - Administrator - Disabled)
Dominik (S-1-5-21-3362981809-2306697286-120240772-1001 - Administrator - Enabled) => C:\Users\Dominik
Gast (S-1-5-21-3362981809-2306697286-120240772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3362981809-2306697286-120240772-1002 - Limited - Enabled)
TogetherCrazyGaming (S-1-5-21-3362981809-2306697286-120240772-1062 - Limited - Enabled) => C:\Users\TogetherCrazyGaming
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2015 05:23:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Vorgang:
Für die Sicherung initialisieren
Error: (01/14/2015 05:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x968
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/14/2015 04:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: kernel32.dll, Version: 6.1.7601.18409, Zeitstempel: 0x531599f5
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004c40d
ID des fehlerhaften Prozesses: 0x1a84
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/14/2015 04:42:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: compatibilitycheck.exe, Version: 0.0.0.0, Zeitstempel: 0x54af4124
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x19c8
Startzeit der fehlerhaften Anwendung: 0xcompatibilitycheck.exe0
Pfad der fehlerhaften Anwendung: compatibilitycheck.exe1
Pfad des fehlerhaften Moduls: compatibilitycheck.exe2
Berichtskennung: compatibilitycheck.exe3
Error: (01/13/2015 04:48:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0xff4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 04:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x158c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 04:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0xda8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 03:11:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x1844
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 02:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x4f4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
Error: (01/13/2015 02:24:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004b1e4
ID des fehlerhaften Prozesses: 0x948
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3
System errors:
=============
Error: (01/14/2015 05:49:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (01/14/2015 05:09:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/13/2015 10:35:57 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000001 (0x8366e017, 0x00000000, 0x0000ffff, 0x00000000)C:\Windows\MEMORY.DMP011315-31875-01
Error: (01/13/2015 10:35:53 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 13.01.2015 um 22:34:14 unerwartet heruntergefahren.
Error: (01/13/2015 04:48:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (01/13/2015 04:28:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/13/2015 04:00:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/13/2015 03:51:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/13/2015 03:51:51 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht.
Error: (01/13/2015 03:51:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (01/14/2015 05:23:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: OpenSCManager(NULL,NULL,SC_MANAGER_CONNECT)0x8007045b, Der Computer wird heruntergefahren.
Vorgang:
Für die Sicherung initialisieren
Error: (01/14/2015 05:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e496801d0300e8ea3d58cC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllb5569ba7-9c07-11e4-a0ef-0024211da932
Error: (01/14/2015 04:43:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124kernel32.dll6.1.7601.18409531599f5c00000050004c40d1a8401d030102c75d9feC:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeC:\Windows\system32\kernel32.dll0ada249d-9c04-11e4-a0ef-0024211da932
Error: (01/14/2015 04:42:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: compatibilitycheck.exe0.0.0.054af4124unknown0.0.0.000000000c00000050000000019c801d030102322d5a3C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exeunknownfca5d00a-9c03-11e4-a0ef-0024211da932
Error: (01/13/2015 04:48:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4ff401d02f45abc56640C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll8e92db19-9b3b-11e4-9904-0024211da932
Error: (01/13/2015 04:27:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4158c01d02f41d62d226aC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dllbdb2ae14-9b38-11e4-9904-0024211da932
Error: (01/13/2015 04:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4da801d02f405f9e196bC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dlle6811482-9b34-11e4-9904-0024211da932
Error: (01/13/2015 03:11:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e4184401d02f3652e5acfaC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll17b6e725-9b2e-11e4-af94-0024211da932
Error: (01/13/2015 02:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e44f401d02f348867c31dC:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll4ca149e2-9b29-11e4-af94-0024211da932
Error: (01/13/2015 02:24:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c00000050004b1e494801d02f331a7bc2e6C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll8134f4de-9b27-11e4-af94-0024211da932
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 82%
Total physical RAM: 3071.18 MB
Available physical RAM: 522.23 MB
Total Pagefile: 5117.47 MB
Available Pagefile: 2029.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1903.57 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:102.1 GB) NTFS
Drive s: (Volume) (Fixed) (Total:1862.89 GB) (Free:869.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 80E52B34)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-14 18:43:21
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD3200AAJS-00L7A0 rev.01.03E01 298,09GB
Running: rz1b2ley.exe; Driver: C:\Users\Dominik\AppData\Local\Temp\fwryrkog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x910B5AC4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x911710BA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x910B65A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x910C263C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x910C2688]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x910C2822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x910C25AA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x91171494]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x910C25F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x91171724]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x9117180E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x910C27DC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x910B7390]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x910B5B2A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x910BAB86]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x910B5716]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x91171574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x910B5B90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x910BAF7C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x910B7E78]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x910C2666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x910C26AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x910C2846]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x910C25D0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x910BA47E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x910C275A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x910C261A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x910BA86A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x910C2800]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x91171312]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x910B7CEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x910B79FA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x910B5BF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x910B5C5C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x91171670]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x910B57B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x910B5982]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x910B5910]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x910B755A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x910B76BC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x910B5A0A]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x911713E0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x910B71EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x910B5CC2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x91171244]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestWaitReplyPort + 14A5 83483A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834BD372 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 834C45C0 4 Bytes [C4, 5A, 0B, 91] {LES EBX, [EDX+0xb]; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 834C45E8 4 Bytes [BA, 10, 17, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 834C4648 4 Bytes [A2, 65, 0B, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 834C469C 8 Bytes [3C, 26, 0C, 91, 88, 26, 0C, ...] {CMP AL, 0x26; OR AL, 0x91; MOV [ESI], AH; OR AL, 0x91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 834C46A8 4 Bytes [22, 28, 0C, 91] {AND CH, [EAX]; OR AL, 0x91}
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8367F553 4 Bytes CALL 910B855F \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 836993BB 4 Bytes CALL 910B8575 \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\avastui.exe[1020] kernel32.dll!SetUnhandledExceptionFilter 75DAF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1472] kernel32.dll!SetUnhandledExceptionFilter 75DAF5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@9850F976 1000
---- EOF - GMER 2.1 ----
|
|
14.01.2015, 19:49
| #2 |
| /// the machine /// TB-Ausbilder    | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast hi,
__________________Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
15.01.2015, 16:26
| #3 |
| | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Das erste Logfile von mbar :
__________________Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2015.01.14.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
Dominik :: TROLLINGSARUMAN [administrator]
14.01.2015 20:32:04
mbar-log-2015-01-14 (20-32-04).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 360551
Time elapsed: 56 minute(s), 5 second(s)
Memory Processes Detected: 1
C:\Program Files\002\fpvoixdaog32.exe (Trojan.Agent.SVR) -> 1336 -> Delete on reboot. [054c49aedfaa122492d3563947ba8779]
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\fpvoixdaog32 (Trojan.Agent.SVR) -> Delete on reboot. [054c49aedfaa122492d3563947ba8779]
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files\002\fpvoixdaog32.exe (Trojan.Agent.SVR) -> Delete on reboot. [054c49aedfaa122492d3563947ba8779]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org
Database version: v2015.01.14.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17501
Dominik :: TROLLINGSARUMAN [administrator]
14.01.2015 21:38:17
mbar-log-2015-01-14 (21-38-17).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 360108
Time elapsed: 44 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter 16:11:29.0457 0x2b9c TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
16:11:39.0427 0x2b9c ============================================================
16:11:39.0427 0x2b9c Current date / time: 2015/01/15 16:11:39.0427
16:11:39.0427 0x2b9c SystemInfo:
16:11:39.0428 0x2b9c
16:11:39.0428 0x2b9c OS Version: 6.1.7601 ServicePack: 1.0
16:11:39.0428 0x2b9c Product type: Workstation
16:11:39.0428 0x2b9c ComputerName: TROLLINGSARUMAN
16:11:39.0428 0x2b9c UserName: Dominik
16:11:39.0428 0x2b9c Windows directory: C:\Windows
16:11:39.0428 0x2b9c System windows directory: C:\Windows
16:11:39.0428 0x2b9c Processor architecture: Intel x86
16:11:39.0428 0x2b9c Number of processors: 2
16:11:39.0428 0x2b9c Page size: 0x1000
16:11:39.0428 0x2b9c Boot type: Normal boot
16:11:39.0428 0x2b9c ============================================================
16:11:41.0112 0x2b9c KLMD registered as C:\Windows\system32\drivers\21562139.sys
16:11:41.0479 0x2b9c System UUID: {719F7C7D-2762-CE05-CA3C-FB3A43CD2285}
16:11:41.0919 0x2b9c Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:11:41.0940 0x2b9c Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:11:41.0979 0x2b9c ============================================================
16:11:41.0979 0x2b9c \Device\Harddisk1\DR1:
16:11:41.0984 0x2b9c MBR partitions:
16:11:41.0984 0x2b9c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:11:41.0984 0x2b9c \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
16:11:41.0984 0x2b9c \Device\Harddisk0\DR0:
16:11:41.0990 0x2b9c GPT partitions:
16:11:42.0000 0x2b9c \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {2FE5A3E1-4BE2-4564-B71E-382C0F3E49CD}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
16:11:42.0000 0x2b9c \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {AB6A2DCC-B849-4C12-A585-43F078370A64}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000
16:11:42.0000 0x2b9c MBR partitions:
16:11:42.0000 0x2b9c ============================================================
16:11:42.0037 0x2b9c C: <-> \Device\Harddisk1\DR1\Partition2
16:11:42.0075 0x2b9c S: <-> \Device\Harddisk0\DR0\Partition2
16:11:42.0089 0x2b9c ============================================================
16:11:42.0089 0x2b9c Initialize success
16:11:42.0089 0x2b9c ============================================================
16:12:34.0280 0x2c60 ============================================================
16:12:34.0280 0x2c60 Scan started
16:12:34.0280 0x2c60 Mode: Manual; SigCheck; TDLFS;
16:12:34.0280 0x2c60 ============================================================
16:12:34.0280 0x2c60 KSN ping started
16:12:48.0078 0x2c60 KSN ping finished: true
16:12:50.0018 0x2c60 ================ Scan system memory ========================
16:12:50.0018 0x2c60 System memory - ok
16:12:50.0020 0x2c60 ================ Scan services =============================
16:12:50.0164 0x2c60 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:12:50.0286 0x2c60 1394ohci - ok
16:12:50.0336 0x2c60 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:12:50.0354 0x2c60 ACPI - ok
16:12:50.0405 0x2c60 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:12:50.0452 0x2c60 AcpiPmi - ok
16:12:50.0601 0x2c60 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:12:50.0612 0x2c60 AdobeARMservice - ok
16:12:50.0657 0x2c60 [ CB1719E3EA00A0C114A8AD2655F43754, B38D21C4A7A83904CADEBA96A56AA5D1807C412A8E0BEFC889DF20D02941E570 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:12:50.0668 0x2c60 AdobeFlashPlayerUpdateSvc - ok
16:12:50.0713 0x2c60 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:12:50.0741 0x2c60 adp94xx - ok
16:12:50.0763 0x2c60 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:12:50.0790 0x2c60 adpahci - ok
16:12:50.0808 0x2c60 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:12:50.0821 0x2c60 adpu320 - ok
16:12:50.0839 0x2c60 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:12:51.0022 0x2c60 AeLookupSvc - ok
16:12:51.0090 0x2c60 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
16:12:51.0173 0x2c60 AFD - ok
16:12:51.0216 0x2c60 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:12:51.0227 0x2c60 agp440 - ok
16:12:51.0264 0x2c60 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:12:51.0275 0x2c60 aic78xx - ok
16:12:51.0310 0x2c60 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
16:12:51.0349 0x2c60 ALG - ok
16:12:51.0395 0x2c60 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
16:12:51.0405 0x2c60 aliide - ok
16:12:51.0446 0x2c60 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:12:51.0456 0x2c60 amdagp - ok
16:12:51.0494 0x2c60 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
16:12:51.0502 0x2c60 amdide - ok
16:12:51.0523 0x2c60 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:12:51.0548 0x2c60 AmdK8 - ok
16:12:51.0573 0x2c60 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:12:51.0600 0x2c60 AmdPPM - ok
16:12:51.0646 0x2c60 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:12:51.0657 0x2c60 amdsata - ok
16:12:51.0672 0x2c60 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:12:51.0686 0x2c60 amdsbs - ok
16:12:51.0701 0x2c60 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:12:51.0710 0x2c60 amdxata - ok
16:12:51.0762 0x2c60 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
16:12:51.0788 0x2c60 AppID - ok
16:12:51.0812 0x2c60 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:12:51.0868 0x2c60 AppIDSvc - ok
16:12:51.0934 0x2c60 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
16:12:51.0969 0x2c60 Appinfo - ok
16:12:51.0993 0x2c60 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:12:52.0005 0x2c60 arc - ok
16:12:52.0031 0x2c60 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:12:52.0041 0x2c60 arcsas - ok
16:12:52.0148 0x2c60 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:12:52.0185 0x2c60 aspnet_state - ok
16:12:52.0236 0x2c60 [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
16:12:52.0263 0x2c60 aswHwid - ok
16:12:52.0291 0x2c60 [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:12:52.0301 0x2c60 aswMonFlt - ok
16:12:52.0325 0x2c60 [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
16:12:52.0334 0x2c60 aswRdr - ok
16:12:52.0372 0x2c60 [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
16:12:52.0381 0x2c60 aswRvrt - ok
16:12:52.0445 0x2c60 [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:12:52.0483 0x2c60 aswSnx - ok
16:12:52.0549 0x2c60 [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:12:52.0576 0x2c60 aswSP - ok
16:12:52.0649 0x2c60 [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm C:\Windows\system32\drivers\aswStm.sys
16:12:52.0659 0x2c60 aswStm - ok
16:12:52.0695 0x2c60 [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
16:12:52.0710 0x2c60 aswVmm - ok
16:12:52.0738 0x2c60 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:52.0826 0x2c60 AsyncMac - ok
16:12:52.0878 0x2c60 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
16:12:52.0887 0x2c60 atapi - ok
16:12:52.0964 0x2c60 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:12:53.0080 0x2c60 AudioEndpointBuilder - ok
16:12:53.0093 0x2c60 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:12:53.0118 0x2c60 Audiosrv - ok
16:12:53.0191 0x2c60 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:12:53.0200 0x2c60 avast! Antivirus - ok
16:12:53.0453 0x2c60 [ 496208E0276BFAA171696D7EB38CCC01, B1E0914A2421DA91F9E6442B8BCDD6650D45801A091BC17531312E88E6A46369 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
16:12:53.0532 0x2c60 AvastVBoxSvc - ok
16:12:53.0600 0x2c60 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:12:53.0648 0x2c60 AxInstSV - ok
16:12:53.0694 0x2c60 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:12:53.0751 0x2c60 b06bdrv - ok
16:12:53.0781 0x2c60 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:12:53.0805 0x2c60 b57nd60x - ok
16:12:53.0839 0x2c60 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
16:12:53.0912 0x2c60 BDESVC - ok
16:12:53.0921 0x2c60 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
16:12:53.0973 0x2c60 Beep - ok
16:12:54.0054 0x2c60 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
16:12:54.0136 0x2c60 BFE - ok
16:12:54.0190 0x2c60 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
16:12:54.0339 0x2c60 BITS - ok
16:12:54.0378 0x2c60 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:12:54.0402 0x2c60 blbdrive - ok
16:12:54.0451 0x2c60 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:12:54.0495 0x2c60 bowser - ok
16:12:54.0512 0x2c60 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:12:54.0538 0x2c60 BrFiltLo - ok
16:12:54.0552 0x2c60 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:12:54.0597 0x2c60 BrFiltUp - ok
16:12:54.0643 0x2c60 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
16:12:54.0710 0x2c60 Browser - ok
16:12:54.0734 0x2c60 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:12:54.0792 0x2c60 Brserid - ok
16:12:54.0806 0x2c60 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:54.0853 0x2c60 BrSerWdm - ok
16:12:54.0871 0x2c60 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:54.0920 0x2c60 BrUsbMdm - ok
16:12:54.0953 0x2c60 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:54.0976 0x2c60 BrUsbSer - ok
16:12:54.0987 0x2c60 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:12:55.0018 0x2c60 BTHMODEM - ok
16:12:55.0047 0x2c60 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
16:12:55.0085 0x2c60 bthserv - ok
16:12:55.0124 0x2c60 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:12:55.0148 0x2c60 cdfs - ok
16:12:55.0206 0x2c60 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:12:55.0226 0x2c60 cdrom - ok
16:12:55.0288 0x2c60 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
16:12:55.0313 0x2c60 CertPropSvc - ok
16:12:55.0332 0x2c60 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:12:55.0345 0x2c60 circlass - ok
16:12:55.0369 0x2c60 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
16:12:55.0386 0x2c60 CLFS - ok
16:12:55.0455 0x2c60 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:12:55.0465 0x2c60 clr_optimization_v2.0.50727_32 - ok
16:12:55.0523 0x2c60 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:12:55.0602 0x2c60 clr_optimization_v4.0.30319_32 - ok
16:12:55.0636 0x2c60 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:12:55.0659 0x2c60 CmBatt - ok
16:12:55.0703 0x2c60 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:12:55.0712 0x2c60 cmdide - ok
16:12:55.0775 0x2c60 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
16:12:55.0805 0x2c60 CNG - ok
16:12:55.0820 0x2c60 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:12:55.0830 0x2c60 Compbatt - ok
16:12:55.0854 0x2c60 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:12:55.0867 0x2c60 CompositeBus - ok
16:12:55.0878 0x2c60 COMSysApp - ok
16:12:55.0902 0x2c60 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:12:55.0913 0x2c60 crcdisk - ok
16:12:55.0971 0x2c60 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:12:56.0044 0x2c60 CryptSvc - ok
16:12:56.0106 0x2c60 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
16:12:56.0151 0x2c60 DcomLaunch - ok
16:12:56.0179 0x2c60 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
16:12:56.0212 0x2c60 defragsvc - ok
16:12:56.0257 0x2c60 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:12:56.0286 0x2c60 DfsC - ok
16:12:56.0345 0x2c60 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:12:56.0423 0x2c60 Dhcp - ok
16:12:56.0449 0x2c60 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
16:12:56.0481 0x2c60 discache - ok
16:12:56.0504 0x2c60 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:12:56.0514 0x2c60 Disk - ok
16:12:56.0564 0x2c60 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:12:56.0600 0x2c60 Dnscache - ok
16:12:56.0653 0x2c60 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
16:12:56.0683 0x2c60 dot3svc - ok
16:12:56.0746 0x2c60 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
16:12:56.0791 0x2c60 DPS - ok
16:12:56.0847 0x2c60 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:12:56.0921 0x2c60 drmkaud - ok
16:12:56.0984 0x2c60 [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:12:57.0001 0x2c60 dtsoftbus01 - ok
16:12:57.0046 0x2c60 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:12:57.0083 0x2c60 DXGKrnl - ok
16:12:57.0118 0x2c60 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
16:12:57.0171 0x2c60 EapHost - ok
16:12:57.0213 0x2c60 [ 8F7FC5B1366E345159EF4CA0D7C67DC8, 432AE32E0D934877A4D58B4107AE955BBC5EE82A33B583F641B60FE74E90DA34 ] EasyAntiCheat C:\Windows\system32\EasyAntiCheat.exe
16:12:57.0225 0x2c60 EasyAntiCheat - ok
16:12:57.0333 0x2c60 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:12:57.0458 0x2c60 ebdrv - ok
16:12:57.0508 0x2c60 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
16:12:57.0561 0x2c60 EFS - ok
16:12:57.0639 0x2c60 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:12:57.0699 0x2c60 ehRecvr - ok
16:12:57.0722 0x2c60 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
16:12:57.0751 0x2c60 ehSched - ok
16:12:57.0811 0x2c60 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:12:57.0845 0x2c60 elxstor - ok
16:12:57.0888 0x2c60 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:12:57.0907 0x2c60 ErrDev - ok
16:12:57.0982 0x2c60 [ 6B93B103242C3C30F850F53DBE39ED88, 8ABE54244D947499D6F72434126568C5BC5149CFD764A09454FB6B811233DBA5 ] EuMusDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\vrtaucbl.sys
16:12:57.0992 0x2c60 EuMusDesignVirtualAudioCableWdm - ok
16:12:58.0028 0x2c60 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
16:12:58.0084 0x2c60 EventSystem - ok
16:12:58.0103 0x2c60 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
16:12:58.0131 0x2c60 exfat - ok
16:12:58.0180 0x2c60 Fabs - ok
16:12:58.0197 0x2c60 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:12:58.0231 0x2c60 fastfat - ok
16:12:58.0300 0x2c60 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
16:12:58.0362 0x2c60 Fax - ok
16:12:58.0377 0x2c60 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:12:58.0389 0x2c60 fdc - ok
16:12:58.0407 0x2c60 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
16:12:58.0436 0x2c60 fdPHost - ok
16:12:58.0453 0x2c60 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
16:12:58.0490 0x2c60 FDResPub - ok
16:12:58.0511 0x2c60 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:12:58.0522 0x2c60 FileInfo - ok
16:12:58.0534 0x2c60 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:12:58.0575 0x2c60 Filetrace - ok
16:12:58.0666 0x2c60 [ 5BD96D8C5411ACE71A7EAACAF0EF2903, 2AF58E6060C7DEC44B4CA30E14E164473CD4089AE475DAFFC61DFE56990C1147 ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:12:58.0780 0x2c60 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic ( 1 )
16:13:01.0236 0x2c60 Detect skipped due to KSN trusted
16:13:01.0237 0x2c60 FirebirdServerMAGIXInstance - ok
16:13:01.0256 0x2c60 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:13:01.0281 0x2c60 flpydisk - ok
16:13:01.0312 0x2c60 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:13:01.0326 0x2c60 FltMgr - ok
16:13:01.0401 0x2c60 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
16:13:01.0483 0x2c60 FontCache - ok
16:13:01.0524 0x2c60 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:13:01.0535 0x2c60 FontCache3.0.0.0 - ok
16:13:01.0625 0x2c60 [ 7DFF82ACDAB23414ABC2A95FEF8982F8, 9B2ACC7AA63085B4A571D084406FE48FE184243A1AF80C2492038CFF3737FEE5 ] ForceWare Intelligent Application Manager (IAM) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
16:13:01.0657 0x2c60 ForceWare Intelligent Application Manager (IAM) - ok
16:13:01.0677 0x2c60 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:13:01.0688 0x2c60 FsDepends - ok
16:13:01.0736 0x2c60 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:13:01.0746 0x2c60 Fs_Rec - ok
16:13:01.0797 0x2c60 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:13:01.0814 0x2c60 fvevol - ok
16:13:01.0833 0x2c60 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:13:01.0845 0x2c60 gagp30kx - ok
16:13:01.0907 0x2c60 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
16:13:01.0958 0x2c60 gpsvc - ok
16:13:02.0064 0x2c60 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:13:02.0073 0x2c60 gupdate - ok
16:13:02.0078 0x2c60 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:13:02.0085 0x2c60 gupdatem - ok
16:13:02.0139 0x2c60 [ 833051C6C6C42117191935F734CFBD97, 5EB5672ABC7994A4AFF855A572158B8BE4FC6E541CFD4B9BE4FF2739A9A6AFB8 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
16:13:02.0148 0x2c60 hamachi - ok
16:13:02.0263 0x2c60 [ FF3A98BBD9E5BC7F54C1E44B2CE2C0EA, 70FE64535E254AE22A9E0BFC7D0817FBD8161FB8CD7E15C6E54B3093A6BB0FB8 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
16:13:02.0321 0x2c60 Hamachi2Svc - ok
16:13:02.0346 0x2c60 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:13:02.0392 0x2c60 hcw85cir - ok
16:13:02.0451 0x2c60 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:13:02.0501 0x2c60 HdAudAddService - ok
16:13:02.0539 0x2c60 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:13:02.0572 0x2c60 HDAudBus - ok
16:13:02.0603 0x2c60 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:13:02.0636 0x2c60 HidBatt - ok
16:13:02.0658 0x2c60 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:13:02.0678 0x2c60 HidBth - ok
16:13:02.0702 0x2c60 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:13:02.0730 0x2c60 HidIr - ok
16:13:02.0761 0x2c60 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
16:13:02.0784 0x2c60 hidserv - ok
16:13:02.0833 0x2c60 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:13:02.0915 0x2c60 HidUsb - ok
16:13:02.0964 0x2c60 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
16:13:02.0996 0x2c60 hkmsvc - ok
16:13:03.0013 0x2c60 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:13:03.0099 0x2c60 HomeGroupListener - ok
16:13:03.0141 0x2c60 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:13:03.0171 0x2c60 HomeGroupProvider - ok
16:13:03.0225 0x2c60 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:13:03.0236 0x2c60 HpSAMD - ok
16:13:03.0295 0x2c60 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:13:03.0331 0x2c60 HTTP - ok
16:13:03.0370 0x2c60 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:13:03.0380 0x2c60 hwpolicy - ok
16:13:03.0427 0x2c60 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:13:03.0439 0x2c60 i8042prt - ok
16:13:03.0458 0x2c60 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:13:03.0484 0x2c60 iaStorV - ok
16:13:03.0550 0x2c60 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:13:03.0602 0x2c60 idsvc - ok
16:13:03.0635 0x2c60 IEEtwCollectorService - ok
16:13:03.0654 0x2c60 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:13:03.0664 0x2c60 iirsp - ok
16:13:03.0722 0x2c60 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
16:13:03.0775 0x2c60 IKEEXT - ok
16:13:03.0918 0x2c60 [ 61A1FA7FCE7BC9B7B7D72AB5F59D7264, 362AC2D76A2FDE0AF519CA2994402951DD37AAF5C83E9DF35D884DE05BBE8915 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:13:04.0051 0x2c60 IntcAzAudAddService - ok
16:13:04.0103 0x2c60 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
16:13:04.0112 0x2c60 intelide - ok
16:13:04.0139 0x2c60 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:13:04.0164 0x2c60 intelppm - ok
16:13:04.0197 0x2c60 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:13:04.0238 0x2c60 IPBusEnum - ok
16:13:04.0257 0x2c60 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:04.0292 0x2c60 IpFilterDriver - ok
16:13:04.0368 0x2c60 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:13:04.0410 0x2c60 iphlpsvc - ok
16:13:04.0456 0x2c60 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:13:04.0488 0x2c60 IPMIDRV - ok
16:13:04.0521 0x2c60 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:13:04.0566 0x2c60 IPNAT - ok
16:13:04.0591 0x2c60 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:13:04.0604 0x2c60 IRENUM - ok
16:13:04.0644 0x2c60 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:13:04.0654 0x2c60 isapnp - ok
16:13:04.0705 0x2c60 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:13:04.0731 0x2c60 iScsiPrt - ok
16:13:04.0790 0x2c60 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:13:04.0802 0x2c60 kbdclass - ok
16:13:04.0819 0x2c60 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:13:04.0839 0x2c60 kbdhid - ok
16:13:04.0850 0x2c60 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
16:13:04.0863 0x2c60 KeyIso - ok
16:13:04.0907 0x2c60 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:13:04.0917 0x2c60 KSecDD - ok
16:13:04.0980 0x2c60 [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:13:04.0996 0x2c60 KSecPkg - ok
16:13:05.0022 0x2c60 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:13:05.0090 0x2c60 KtmRm - ok
16:13:05.0122 0x2c60 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:13:05.0190 0x2c60 LanmanServer - ok
16:13:05.0240 0x2c60 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:13:05.0274 0x2c60 LanmanWorkstation - ok
16:13:05.0323 0x2c60 [ 170E7093A77AD586F3A012A3DB651D94, 43A7C3BFBEC8FB255AB2B77C2A9705777EF6607F6BF0E8F2664766116EAAD536 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
16:13:05.0331 0x2c60 LGBusEnum - ok
16:13:05.0398 0x2c60 [ 441669A8B37CF858AA91B0A5DFA4B721, 71301D4401984BFD479E304BF87E840991061AD1F752D627F064645CB243854C ] LGSHidFilt C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
16:13:05.0407 0x2c60 LGSHidFilt - ok
16:13:05.0427 0x2c60 [ D2DD04D1C8DF65EECD1F2C7FB947D43E, 980FCE188FCB57C8F210A4905D345D2D6D32545EFE673BE51B3D3AE18084243B ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
16:13:05.0435 0x2c60 LGVirHid - ok
16:13:05.0473 0x2c60 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:13:05.0494 0x2c60 lltdio - ok
16:13:05.0529 0x2c60 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:13:05.0571 0x2c60 lltdsvc - ok
16:13:05.0583 0x2c60 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:13:05.0613 0x2c60 lmhosts - ok
16:13:05.0691 0x2c60 [ 95D5EDEEB8E98D2996C9ADBFB4EA1ABC, A6EE56B600C6E796390402C80F335475E9F2A36541BA4C1C33D00023DCEE9B3D ] LMIGuardianSvc C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
16:13:05.0705 0x2c60 LMIGuardianSvc - ok
16:13:05.0735 0x2c60 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:13:05.0747 0x2c60 LSI_FC - ok
16:13:05.0776 0x2c60 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:13:05.0787 0x2c60 LSI_SAS - ok
16:13:05.0804 0x2c60 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:13:05.0814 0x2c60 LSI_SAS2 - ok
16:13:05.0831 0x2c60 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:13:05.0841 0x2c60 LSI_SCSI - ok
16:13:05.0855 0x2c60 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
16:13:05.0879 0x2c60 luafv - ok
16:13:05.0957 0x2c60 [ A3E700D78EEC390F1208098CDCA5C6B6, 37D92D4AF24C43B4C468974CBBD55B6DF3AB92780560285039A0B078E566985A ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
16:13:05.0987 0x2c60 MarvinBus - ok
16:13:06.0026 0x2c60 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:13:06.0040 0x2c60 Mcx2Svc - ok
16:13:06.0048 0x2c60 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:13:06.0059 0x2c60 megasas - ok
16:13:06.0093 0x2c60 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:13:06.0116 0x2c60 MegaSR - ok
16:13:06.0138 0x2c60 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
16:13:06.0165 0x2c60 MMCSS - ok
16:13:06.0177 0x2c60 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
16:13:06.0214 0x2c60 Modem - ok
16:13:06.0247 0x2c60 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:13:06.0314 0x2c60 monitor - ok
16:13:06.0373 0x2c60 [ A77205D70D14D153342D357DE5A4E770, 21919DE8FB86CDBF2C33F2CAD9F502A724E5B31F3A70333A651F4FB935ACF427 ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
16:13:06.0445 0x2c60 MotioninJoyXFilter - detected UnsignedFile.Multi.Generic ( 1 )
16:13:10.0347 0x2c60 Detect skipped due to KSN trusted
16:13:10.0347 0x2c60 MotioninJoyXFilter - ok
16:13:10.0393 0x2c60 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:13:10.0404 0x2c60 mouclass - ok
16:13:10.0422 0x2c60 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:13:10.0456 0x2c60 mouhid - ok
16:13:10.0486 0x2c60 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:13:10.0498 0x2c60 mountmgr - ok
16:13:10.0542 0x2c60 [ D1CB0BC1CBA61639FE7162C5476A22C0, 80469683BD18CE0B6E9D9BD3613A63896F3D50A783EFDC15CEA28560C151C6B9 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:13:10.0554 0x2c60 MozillaMaintenance - ok
16:13:10.0587 0x2c60 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
16:13:10.0599 0x2c60 mpio - ok
16:13:10.0621 0x2c60 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:13:10.0648 0x2c60 mpsdrv - ok
16:13:10.0706 0x2c60 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:13:10.0775 0x2c60 MpsSvc - ok
16:13:10.0813 0x2c60 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:13:10.0868 0x2c60 MRxDAV - ok
16:13:10.0917 0x2c60 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:10.0985 0x2c60 mrxsmb - ok
16:13:11.0002 0x2c60 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:11.0028 0x2c60 mrxsmb10 - ok
16:13:11.0076 0x2c60 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:11.0094 0x2c60 mrxsmb20 - ok
16:13:11.0131 0x2c60 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
16:13:11.0141 0x2c60 msahci - ok
16:13:11.0159 0x2c60 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:13:11.0170 0x2c60 msdsm - ok
16:13:11.0204 0x2c60 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
16:13:11.0229 0x2c60 MSDTC - ok
16:13:11.0252 0x2c60 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:13:11.0276 0x2c60 Msfs - ok
16:13:11.0283 0x2c60 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:13:11.0303 0x2c60 mshidkmdf - ok
16:13:11.0352 0x2c60 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:13:11.0362 0x2c60 msisadrv - ok
16:13:11.0392 0x2c60 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:13:11.0424 0x2c60 MSiSCSI - ok
16:13:11.0427 0x2c60 msiserver - ok
16:13:11.0450 0x2c60 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:13:11.0477 0x2c60 MSKSSRV - ok
16:13:11.0489 0x2c60 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:11.0528 0x2c60 MSPCLOCK - ok
16:13:11.0548 0x2c60 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:13:11.0580 0x2c60 MSPQM - ok
16:13:11.0590 0x2c60 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:13:11.0603 0x2c60 MsRPC - ok
16:13:11.0648 0x2c60 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:13:11.0658 0x2c60 mssmbios - ok
16:13:11.0673 0x2c60 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:13:11.0693 0x2c60 MSTEE - ok
16:13:11.0706 0x2c60 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:13:11.0726 0x2c60 MTConfig - ok
16:13:11.0740 0x2c60 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
16:13:11.0750 0x2c60 Mup - ok
16:13:11.0856 0x2c60 musbehco - ok
16:13:11.0910 0x2c60 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
16:13:11.0973 0x2c60 napagent - ok
16:13:12.0018 0x2c60 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:13:12.0048 0x2c60 NativeWifiP - ok
16:13:12.0113 0x2c60 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:13:12.0150 0x2c60 NDIS - ok
16:13:12.0177 0x2c60 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:12.0209 0x2c60 NdisCap - ok
16:13:12.0222 0x2c60 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:12.0260 0x2c60 NdisTapi - ok
16:13:12.0286 0x2c60 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:12.0305 0x2c60 Ndisuio - ok
16:13:12.0351 0x2c60 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:12.0379 0x2c60 NdisWan - ok
16:13:12.0416 0x2c60 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:13:12.0446 0x2c60 NDProxy - ok
16:13:12.0457 0x2c60 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:13:12.0484 0x2c60 NetBIOS - ok
16:13:12.0537 0x2c60 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:13:12.0576 0x2c60 NetBT - ok
16:13:12.0607 0x2c60 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
16:13:12.0620 0x2c60 Netlogon - ok
16:13:12.0650 0x2c60 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
16:13:12.0697 0x2c60 Netman - ok
16:13:12.0806 0x2c60 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:13:12.0851 0x2c60 NetMsmqActivator - ok
16:13:12.0856 0x2c60 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:13:12.0869 0x2c60 NetPipeActivator - ok
16:13:12.0908 0x2c60 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
16:13:12.0966 0x2c60 netprofm - ok
16:13:12.0973 0x2c60 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:13:12.0985 0x2c60 NetTcpActivator - ok
16:13:12.0993 0x2c60 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:13:13.0005 0x2c60 NetTcpPortSharing - ok
16:13:13.0032 0x2c60 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:13:13.0042 0x2c60 nfrd960 - ok
16:13:13.0093 0x2c60 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:13:13.0172 0x2c60 NlaSvc - ok
16:13:13.0189 0x2c60 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:13:13.0209 0x2c60 Npfs - ok
16:13:13.0237 0x2c60 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
16:13:13.0260 0x2c60 nsi - ok
16:13:13.0271 0x2c60 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:13:13.0300 0x2c60 nsiproxy - ok
16:13:13.0416 0x2c60 [ 198FF60A42802C319FBA58FDB13EEE49, 80F098727BE1452BD570F5A1A7F4883BB38B3B4F7F4797D6F276A6E9FFE3B7C1 ] nSvcIp C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
16:13:13.0427 0x2c60 nSvcIp - ok
16:13:13.0499 0x2c60 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:13:13.0545 0x2c60 Ntfs - ok
16:13:13.0571 0x2c60 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
16:13:13.0610 0x2c60 Null - ok
16:13:13.0666 0x2c60 [ B5E37E31C053BC9950455A257526514B, 16E2880621F3AA12BDADE71CD7682CA79E2A199D3C9E3E5927C49DCEF0F6183B ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x32.sys
16:13:13.0706 0x2c60 NVENETFD - ok
16:13:14.0031 0x2c60 [ 2995ADDEE2335B0DDDE8AF7F200248AF, 99954E127BDB5164EB3928C60F5830582A44A9D2D38660DE19E36192C6F3CF7A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:13:14.0342 0x2c60 nvlddmkm - ok
16:13:14.0387 0x2c60 [ 0219B05730635FCAB3A9925D3374C464, FD5ED0FAFA1DB8229B3963C29D7AC98684C5F75772AAE05A79D4452237CF7C1D ] NVNET C:\Windows\system32\DRIVERS\nvmf6232.sys
16:13:14.0413 0x2c60 NVNET - ok
16:13:14.0473 0x2c60 [ C22ADABFABBC2B7AC189C87D87B1ABD6, 20886F806C1C02FA8BAA8B76AFCC32C40FA51921ED8D97F592DF9F92BFA933EE ] NvNetworkService C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
16:13:14.0512 0x2c60 NvNetworkService - ok
16:13:14.0573 0x2c60 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:13:14.0584 0x2c60 nvraid - ok
16:13:14.0610 0x2c60 [ 02A9F366BCB94B286E34825B2094CB38, 1F525EA1C9530FC5361745D0761C8E3AF9BF7CD80087A4791BB8DB8D5DF00115 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
16:13:14.0636 0x2c60 nvsmu - ok
16:13:14.0650 0x2c60 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:13:14.0675 0x2c60 nvstor - ok
16:13:14.0743 0x2c60 [ 048B39EAAAE3A5FDCD7F3B35868298A0, 11C54A465E85B49D085F47C0210B7FF9298A00C3330339350A240CE6C7E5B4B0 ] NvStreamKms C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:13:14.0751 0x2c60 NvStreamKms - ok
16:13:15.0326 0x2c60 [ CE4EF54DD0B8074AA23F863A720904C6, CFE5B5CA8A523D0CE8678C25ACECE804907E56794311C5C769C16087820BC97F ] NvStreamSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
16:13:15.0857 0x2c60 NvStreamSvc - ok
16:13:16.0043 0x2c60 [ FAE39454D10CC50212BC96D182F82C33, 819D225313565BC454045FB622B2C05EB1398133162905FB1E0D89D0D4DDBD8E ] nvsvc C:\Windows\system32\nvvsvc.exe
16:13:16.0067 0x2c60 nvsvc - ok
16:13:16.0116 0x2c60 [ FA3B7E6BD974251CE1160A471B497072, 0ABB83CAECAF9F8E9AD8D3FDD2F2F33419B7317B42D3C0AA62C414A6D887AB38 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad32v.sys
16:13:16.0125 0x2c60 nvvad_WaveExtensible - ok
16:13:16.0167 0x2c60 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:13:16.0180 0x2c60 nv_agp - ok
16:13:16.0224 0x2c60 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:13:16.0248 0x2c60 ohci1394 - ok
16:13:16.0400 0x2c60 [ 5BD397324640379EF6FC22BB0D8CD774, 457CE1D4BBE10904A818084959B5A25EA70DAA77F67488284389628FA0448779 ] OverwolfUpdater C:\Program Files\Overwolf\OverwolfUpdater.exe
16:13:16.0429 0x2c60 OverwolfUpdater - ok
16:13:16.0476 0x2c60 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:13:16.0552 0x2c60 p2pimsvc - ok
16:13:16.0582 0x2c60 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
16:13:16.0627 0x2c60 p2psvc - ok
16:13:16.0647 0x2c60 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:13:16.0682 0x2c60 Parport - ok
16:13:16.0722 0x2c60 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:13:16.0733 0x2c60 partmgr - ok
16:13:16.0744 0x2c60 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:13:16.0768 0x2c60 Parvdm - ok
16:13:16.0786 0x2c60 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:13:16.0805 0x2c60 PcaSvc - ok
16:13:16.0846 0x2c60 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
16:13:16.0859 0x2c60 pci - ok
16:13:16.0893 0x2c60 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
16:13:16.0902 0x2c60 pciide - ok
16:13:16.0917 0x2c60 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:13:16.0931 0x2c60 pcmcia - ok
16:13:16.0946 0x2c60 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
16:13:16.0957 0x2c60 pcw - ok
16:13:16.0983 0x2c60 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:13:17.0053 0x2c60 PEAUTH - ok
16:13:17.0124 0x2c60 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
16:13:17.0217 0x2c60 pla - ok
16:13:17.0257 0x2c60 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:13:17.0329 0x2c60 PlugPlay - ok
16:13:17.0460 0x2c60 pmem - ok
16:13:17.0491 0x2c60 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:13:17.0504 0x2c60 PNRPAutoReg - ok
16:13:17.0518 0x2c60 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:13:17.0537 0x2c60 PNRPsvc - ok
16:13:17.0590 0x2c60 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:13:17.0631 0x2c60 PolicyAgent - ok
16:13:17.0683 0x2c60 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
16:13:17.0708 0x2c60 Power - ok
16:13:17.0726 0x2c60 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:13:17.0762 0x2c60 PptpMiniport - ok
16:13:17.0791 0x2c60 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:13:17.0809 0x2c60 Processor - ok
16:13:17.0867 0x2c60 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
16:13:17.0917 0x2c60 ProfSvc - ok
16:13:17.0965 0x2c60 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:13:17.0977 0x2c60 ProtectedStorage - ok
16:13:18.0000 0x2c60 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:13:18.0030 0x2c60 Psched - ok
16:13:18.0078 0x2c60 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:13:18.0125 0x2c60 ql2300 - ok
16:13:18.0142 0x2c60 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:13:18.0154 0x2c60 ql40xx - ok
16:13:18.0179 0x2c60 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
16:13:18.0210 0x2c60 QWAVE - ok
16:13:18.0217 0x2c60 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:13:18.0239 0x2c60 QWAVEdrv - ok
16:13:18.0251 0x2c60 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:13:18.0280 0x2c60 RasAcd - ok
16:13:18.0298 0x2c60 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:18.0338 0x2c60 RasAgileVpn - ok
16:13:18.0368 0x2c60 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
16:13:18.0393 0x2c60 RasAuto - ok
16:13:18.0406 0x2c60 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:18.0451 0x2c60 Rasl2tp - ok
16:13:18.0498 0x2c60 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
16:13:18.0540 0x2c60 RasMan - ok
16:13:18.0549 0x2c60 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:18.0571 0x2c60 RasPppoe - ok
16:13:18.0597 0x2c60 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:13:18.0630 0x2c60 RasSstp - ok
16:13:18.0684 0x2c60 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:13:18.0720 0x2c60 rdbss - ok
16:13:18.0730 0x2c60 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:13:18.0749 0x2c60 rdpbus - ok
16:13:18.0789 0x2c60 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:18.0815 0x2c60 RDPCDD - ok
16:13:18.0838 0x2c60 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:13:18.0868 0x2c60 RDPENCDD - ok
16:13:18.0873 0x2c60 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:13:18.0913 0x2c60 RDPREFMP - ok
16:13:18.0954 0x2c60 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:13:19.0001 0x2c60 RDPWD - ok
16:13:19.0056 0x2c60 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:13:19.0069 0x2c60 rdyboost - ok
16:13:19.0089 0x2c60 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:13:19.0120 0x2c60 RemoteAccess - ok
16:13:19.0136 0x2c60 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:13:19.0171 0x2c60 RemoteRegistry - ok
16:13:19.0193 0x2c60 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:13:19.0240 0x2c60 RpcEptMapper - ok
16:13:19.0274 0x2c60 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
16:13:19.0291 0x2c60 RpcLocator - ok
16:13:19.0346 0x2c60 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
16:13:19.0375 0x2c60 RpcSs - ok
16:13:19.0408 0x2c60 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:13:19.0432 0x2c60 rspndr - ok
16:13:19.0440 0x2c60 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
16:13:19.0453 0x2c60 SamSs - ok
16:13:19.0509 0x2c60 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:13:19.0520 0x2c60 sbp2port - ok
16:13:19.0546 0x2c60 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:13:19.0593 0x2c60 SCardSvr - ok
16:13:19.0627 0x2c60 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:13:19.0661 0x2c60 scfilter - ok
16:13:19.0734 0x2c60 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
16:13:19.0798 0x2c60 Schedule - ok
16:13:19.0845 0x2c60 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:13:19.0866 0x2c60 SCPolicySvc - ok
16:13:19.0914 0x2c60 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:13:19.0995 0x2c60 SDRSVC - ok
16:13:20.0203 0x2c60 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
16:13:20.0241 0x2c60 SDScannerService - ok
16:13:20.0333 0x2c60 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
16:13:20.0378 0x2c60 SDUpdateService - ok
16:13:20.0407 0x2c60 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
16:13:20.0444 0x2c60 SDWSCService - ok
16:13:20.0470 0x2c60 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:13:20.0499 0x2c60 secdrv - ok
16:13:20.0518 0x2c60 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
16:13:20.0553 0x2c60 seclogon - ok
16:13:20.0563 0x2c60 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
16:13:20.0599 0x2c60 SENS - ok
16:13:20.0630 0x2c60 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:13:20.0669 0x2c60 SensrSvc - ok
16:13:20.0696 0x2c60 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:13:20.0710 0x2c60 Serenum - ok
16:13:20.0734 0x2c60 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:13:20.0758 0x2c60 Serial - ok
16:13:20.0798 0x2c60 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:13:20.0829 0x2c60 sermouse - ok
16:13:20.0897 0x2c60 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
16:13:20.0939 0x2c60 SessionEnv - ok
16:13:20.0970 0x2c60 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:13:20.0982 0x2c60 sffdisk - ok
16:13:21.0008 0x2c60 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:13:21.0041 0x2c60 sffp_mmc - ok
16:13:21.0060 0x2c60 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:13:21.0079 0x2c60 sffp_sd - ok
16:13:21.0097 0x2c60 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:13:21.0109 0x2c60 sfloppy - ok
16:13:21.0140 0x2c60 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:13:21.0192 0x2c60 SharedAccess - ok
16:13:21.0229 0x2c60 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:13:21.0287 0x2c60 ShellHWDetection - ok
16:13:21.0306 0x2c60 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:13:21.0316 0x2c60 sisagp - ok
16:13:21.0345 0x2c60 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:13:21.0356 0x2c60 SiSRaid2 - ok
16:13:21.0368 0x2c60 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:13:21.0378 0x2c60 SiSRaid4 - ok
16:13:21.0397 0x2c60 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:13:21.0432 0x2c60 Smb - ok
16:13:21.0458 0x2c60 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:13:21.0472 0x2c60 SNMPTRAP - ok
16:13:21.0802 0x2c60 [ 11BB0E11D42CC3A43D741D9B30839BE1, FDC35289D966A7CB318C5BD646148E1E2BCC0AB9F9FD4243C82FC567D72DDAE9 ] SNPSTD3 C:\Windows\system32\DRIVERS\snpstd3.sys
16:13:22.0186 0x2c60 SNPSTD3 - ok
16:13:22.0237 0x2c60 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
16:13:22.0247 0x2c60 spldr - ok
16:13:22.0291 0x2c60 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
16:13:22.0337 0x2c60 Spooler - ok
16:13:22.0471 0x2c60 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
16:13:22.0600 0x2c60 sppsvc - ok
16:13:22.0648 0x2c60 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:13:22.0671 0x2c60 sppuinotify - ok
16:13:22.0715 0x2c60 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:13:22.0784 0x2c60 srv - ok
16:13:22.0801 0x2c60 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:13:22.0832 0x2c60 srv2 - ok
16:13:22.0868 0x2c60 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:13:22.0880 0x2c60 srvnet - ok
16:13:22.0915 0x2c60 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:13:22.0954 0x2c60 SSDPSRV - ok
16:13:22.0970 0x2c60 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:13:23.0007 0x2c60 SstpSvc - ok
16:13:23.0089 0x2c60 [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files\Common Files\Steam\SteamService.exe
16:13:23.0124 0x2c60 Steam Client Service - ok
16:13:23.0208 0x2c60 [ BAD1F0D57B842D3C461B02609A7E7396, 737A17B22945BD04AA6AEF121F2561CC8231480796A7564722A3A08AB70F8F67 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:13:23.0232 0x2c60 Stereo Service - ok
16:13:23.0250 0x2c60 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:13:23.0260 0x2c60 stexstor - ok
16:13:23.0322 0x2c60 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
16:13:23.0370 0x2c60 StiSvc - ok
16:13:23.0405 0x2c60 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
16:13:23.0415 0x2c60 swenum - ok
16:13:23.0448 0x2c60 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
16:13:23.0491 0x2c60 swprv - ok
16:13:23.0565 0x2c60 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
16:13:23.0628 0x2c60 SysMain - ok
16:13:23.0681 0x2c60 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
16:13:23.0708 0x2c60 TabletInputService - ok
16:13:23.0754 0x2c60 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
16:13:23.0793 0x2c60 TapiSrv - ok
16:13:23.0812 0x2c60 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
16:13:23.0845 0x2c60 TBS - ok
16:13:23.0918 0x2c60 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:13:24.0000 0x2c60 Tcpip - ok
16:13:24.0055 0x2c60 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:13:24.0087 0x2c60 TCPIP6 - ok
16:13:24.0136 0x2c60 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:13:24.0159 0x2c60 tcpipreg - ok
16:13:24.0178 0x2c60 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:13:24.0212 0x2c60 TDPIPE - ok
16:13:24.0228 0x2c60 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:13:24.0253 0x2c60 TDTCP - ok
16:13:24.0291 0x2c60 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:13:24.0338 0x2c60 tdx - ok
16:13:24.0379 0x2c60 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:13:24.0389 0x2c60 TermDD - ok
16:13:24.0444 0x2c60 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
16:13:24.0509 0x2c60 TermService - ok
16:13:24.0533 0x2c60 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
16:13:24.0565 0x2c60 Themes - ok
16:13:24.0595 0x2c60 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
16:13:24.0618 0x2c60 THREADORDER - ok
16:13:24.0637 0x2c60 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
16:13:24.0676 0x2c60 TrkWks - ok
16:13:24.0748 0x2c60 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:13:24.0781 0x2c60 TrustedInstaller - ok
16:13:24.0823 0x2c60 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:24.0842 0x2c60 tssecsrv - ok
16:13:24.0896 0x2c60 [ FD1D6C73E6333BE727CBCC6054247654, 6F7B9AE1A5986204DB3348D13B303F30FC17624939DA74D6BD114FAEED0FB30E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:13:24.0940 0x2c60 TsUsbFlt - ok
16:13:24.0998 0x2c60 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:13:25.0035 0x2c60 tunnel - ok
16:13:25.0055 0x2c60 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:13:25.0065 0x2c60 uagp35 - ok
16:13:25.0108 0x2c60 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:13:25.0139 0x2c60 udfs - ok
16:13:25.0170 0x2c60 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:13:25.0192 0x2c60 UI0Detect - ok
16:13:25.0237 0x2c60 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:13:25.0248 0x2c60 uliagpkx - ok
16:13:25.0303 0x2c60 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:13:25.0315 0x2c60 umbus - ok
16:13:25.0333 0x2c60 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:13:25.0345 0x2c60 UmPass - ok
16:13:25.0361 0x2c60 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
16:13:25.0398 0x2c60 upnphost - ok
16:13:25.0460 0x2c60 [ A1977C315BF5691DA99235AA4A6907AF, 34B52FBA83F0E1C6B001D0AD1808B00152F731D18AAECC3C53B9918AA89BACEC ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:13:25.0536 0x2c60 usbaudio - ok
16:13:25.0583 0x2c60 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:25.0616 0x2c60 usbccgp - ok
16:13:25.0660 0x2c60 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:13:25.0686 0x2c60 usbcir - ok
16:13:25.0729 0x2c60 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:13:25.0747 0x2c60 usbehci - ok
16:13:25.0802 0x2c60 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:13:25.0827 0x2c60 usbhub - ok
16:13:25.0871 0x2c60 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
16:13:25.0881 0x2c60 usbohci - ok
16:13:25.0916 0x2c60 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:13:25.0941 0x2c60 usbprint - ok
16:13:25.0980 0x2c60 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:26.0057 0x2c60 USBSTOR - ok
16:13:26.0109 0x2c60 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:13:26.0126 0x2c60 usbuhci - ok
16:13:26.0153 0x2c60 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
16:13:26.0185 0x2c60 UxSms - ok
16:13:26.0215 0x2c60 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
16:13:26.0228 0x2c60 VaultSvc - ok
16:13:26.0436 0x2c60 [ 534C6B89EAC808A6C0B98591D37CDF67, 5458E8B3CA2BED60CFD2AD2F2640A6C94C6D1D9B3D9B1A8CA9BE9F1B861B1AB1 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
16:13:26.0450 0x2c60 VBoxAswDrv - ok
16:13:26.0497 0x2c60 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:13:26.0508 0x2c60 vdrvroot - ok
16:13:26.0552 0x2c60 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
16:13:26.0594 0x2c60 vds - ok
16:13:26.0683 0x2c60 [ A9FBDE8CC35011F816132C5486B91964, 1C9229ED493F6985413D543BE5E7FB3BD38EB9672245ADEEAF94F08AEA95A859 ] Verifies and fixes application compatibility issues C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe
16:13:26.0690 0x2c60 Verifies and fixes application compatibility issues - ok
16:13:26.0715 0x2c60 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:26.0739 0x2c60 vga - ok
16:13:26.0754 0x2c60 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:13:26.0786 0x2c60 VgaSave - ok
16:13:26.0822 0x2c60 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:13:26.0834 0x2c60 vhdmp - ok
16:13:26.0899 0x2c60 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:13:26.0910 0x2c60 viaagp - ok
16:13:26.0920 0x2c60 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:13:26.0946 0x2c60 ViaC7 - ok
16:13:26.0981 0x2c60 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
16:13:26.0991 0x2c60 viaide - ok
16:13:27.0033 0x2c60 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:13:27.0043 0x2c60 volmgr - ok
16:13:27.0059 0x2c60 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:13:27.0076 0x2c60 volmgrx - ok
16:13:27.0094 0x2c60 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:13:27.0110 0x2c60 volsnap - ok
16:13:27.0138 0x2c60 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:13:27.0150 0x2c60 vsmraid - ok
16:13:27.0223 0x2c60 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
16:13:27.0288 0x2c60 VSS - ok
16:13:27.0300 0x2c60 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:13:27.0323 0x2c60 vwifibus - ok
16:13:27.0345 0x2c60 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
16:13:27.0383 0x2c60 W32Time - ok
16:13:27.0410 0x2c60 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:13:27.0432 0x2c60 WacomPen - ok
16:13:27.0486 0x2c60 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:13:27.0514 0x2c60 WANARP - ok
16:13:27.0517 0x2c60 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:13:27.0538 0x2c60 Wanarpv6 - ok
16:13:27.0629 0x2c60 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:13:27.0687 0x2c60 WatAdminSvc - ok
16:13:27.0767 0x2c60 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
16:13:27.0866 0x2c60 wbengine - ok
16:13:27.0895 0x2c60 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:13:27.0925 0x2c60 WbioSrvc - ok
16:13:27.0983 0x2c60 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:13:28.0041 0x2c60 wcncsvc - ok
16:13:28.0059 0x2c60 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:13:28.0085 0x2c60 WcsPlugInService - ok
16:13:28.0106 0x2c60 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:13:28.0116 0x2c60 Wd - ok
16:13:28.0173 0x2c60 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:13:28.0202 0x2c60 Wdf01000 - ok
16:13:28.0215 0x2c60 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:13:28.0306 0x2c60 WdiServiceHost - ok
16:13:28.0312 0x2c60 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:13:28.0329 0x2c60 WdiSystemHost - ok
16:13:28.0376 0x2c60 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
16:13:28.0433 0x2c60 WebClient - ok
16:13:28.0461 0x2c60 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:13:28.0499 0x2c60 Wecsvc - ok
16:13:28.0511 0x2c60 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:13:28.0550 0x2c60 wercplsupport - ok
16:13:28.0586 0x2c60 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
16:13:28.0616 0x2c60 WerSvc - ok
16:13:28.0633 0x2c60 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:13:28.0655 0x2c60 WfpLwf - ok
16:13:28.0668 0x2c60 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:13:28.0678 0x2c60 WIMMount - ok
16:13:28.0745 0x2c60 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:13:28.0806 0x2c60 WinDefend - ok
16:13:28.0827 0x2c60 WinHttpAutoProxySvc - ok
16:13:28.0861 0x2c60 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:13:28.0900 0x2c60 Winmgmt - ok
16:13:28.0976 0x2c60 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
16:13:29.0043 0x2c60 WinRM - ok
16:13:29.0078 0x2c60 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:13:29.0095 0x2c60 WinUsb - ok
16:13:29.0149 0x2c60 [ E14FDC8F4FABBD55CAC6F35192232371, FEC0BEA54AF06151593370A98FF1F8F910B7735082DE02967EA54A3A8EF1BDD4 ] WISTechVIDCAP C:\Windows\system32\drivers\wisgostrm.sys
16:13:29.0203 0x2c60 WISTechVIDCAP - ok
16:13:29.0245 0x2c60 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:13:29.0313 0x2c60 Wlansvc - ok
16:13:29.0344 0x2c60 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:13:29.0365 0x2c60 WmiAcpi - ok
16:13:29.0389 0x2c60 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:13:29.0412 0x2c60 wmiApSrv - ok
16:13:29.0500 0x2c60 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:13:29.0592 0x2c60 WMPNetworkSvc - ok
16:13:29.0617 0x2c60 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:13:29.0653 0x2c60 WPCSvc - ok
16:13:29.0697 0x2c60 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:13:29.0759 0x2c60 WPDBusEnum - ok
16:13:29.0780 0x2c60 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:13:29.0805 0x2c60 ws2ifsl - ok
16:13:29.0821 0x2c60 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
16:13:29.0845 0x2c60 wscsvc - ok
16:13:29.0848 0x2c60 WSearch - ok
16:13:29.0940 0x2c60 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
16:13:30.0051 0x2c60 wuauserv - ok
16:13:30.0103 0x2c60 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:13:30.0239 0x2c60 WudfPf - ok
16:13:30.0267 0x2c60 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:30.0290 0x2c60 WUDFRd - ok
16:13:30.0353 0x2c60 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:13:30.0376 0x2c60 wudfsvc - ok
16:13:30.0434 0x2c60 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
16:13:30.0571 0x2c60 WwanSvc - ok
16:13:30.0634 0x2c60 [ EE9144207EE0211EB5656BA6808AC4A0, 8C4EEC5D22C8FA43CAEF1A7C098198BE3DE8804FAFFFF9ADBCC4A9C6157FCD85 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
16:13:30.0644 0x2c60 xusb21 - ok
16:13:30.0655 0x2c60 ================ Scan global ===============================
16:13:30.0706 0x2c60 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
16:13:30.0757 0x2c60 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:13:30.0783 0x2c60 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:13:30.0812 0x2c60 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
16:13:30.0841 0x2c60 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
16:13:30.0858 0x2c60 [ Global ] - ok
16:13:30.0861 0x2c60 ================ Scan MBR ==================================
16:13:30.0867 0x2c60 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:13:31.0125 0x2c60 \Device\Harddisk1\DR1 - ok
16:13:31.0143 0x2c60 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:13:31.0212 0x2c60 \Device\Harddisk0\DR0 - ok
16:13:31.0215 0x2c60 ================ Scan VBR ==================================
16:13:31.0217 0x2c60 [ 83065ED21CC6E1EEE3C677CF36DF47D8 ] \Device\Harddisk1\DR1\Partition1
16:13:31.0218 0x2c60 \Device\Harddisk1\DR1\Partition1 - ok
16:13:31.0222 0x2c60 [ D72AD7ACF565025DD9CF25599C57A6A6 ] \Device\Harddisk1\DR1\Partition2
16:13:31.0223 0x2c60 \Device\Harddisk1\DR1\Partition2 - ok
16:13:31.0227 0x2c60 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition1
16:13:31.0227 0x2c60 \Device\Harddisk0\DR0\Partition1 - ok
16:13:31.0250 0x2c60 [ 8E02A6412756201AE14256ED352D314D ] \Device\Harddisk0\DR0\Partition2
16:13:31.0300 0x2c60 \Device\Harddisk0\DR0\Partition2 - ok
16:13:31.0302 0x2c60 ================ Scan generic autorun ======================
16:13:31.0629 0x2c60 [ 972A8C10BC3C1AB1F0448D0D2846403E, 7CC857D6B52D26EEF92BAB1AEEFD17F4891F5E02B1D293791CFB000C5038B0E5 ] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
16:13:31.0863 0x2c60 RTHDVCPL - ok
16:13:31.0914 0x2c60 Nvtmru - ok
16:13:31.0948 0x2c60 [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
16:13:31.0968 0x2c60 Logitech Download Assistant - ok
16:13:32.0044 0x2c60 [ 44FE94FCDF97E574B6986C5A81758628, D950CF92623CA2AD053F7DCC44B483176D02E721C716255957DA90A083D0F1B9 ] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
16:13:32.0094 0x2c60 NvBackend - ok
16:13:32.0104 0x2c60 [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
16:13:32.0119 0x2c60 ShadowPlay - ok
16:13:32.0383 0x2c60 [ 2B3C122729AD4C6B86B31310030B61AF, 143F34C3C82FFDD1F7727A4E12FE4458826D57AEA475AAEC5F47995BD53C0002 ] C:\Program Files\Logitech Gaming Software\LCore.exe
16:13:32.0542 0x2c60 Launch LCore - ok
16:13:32.0760 0x2c60 [ 63ACD413A25E65C3BF08790C16BA97C2, 8A14C623BB79A0964E4D9F220BE77360171123B59B2AAFD1DBD9D9080586E082 ] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
16:13:32.0840 0x2c60 LogMeIn Hamachi Ui - ok
16:13:33.0041 0x2c60 [ 312C7978F0A42DB0475CE31D884DCE88, 53DBEF2473F39754BB1BC352DB9A32607FD3A2E2DC5E7AA6AE821CABEC00CCD1 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:13:33.0154 0x2c60 AvastUI.exe - ok
16:13:33.0308 0x2c60 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
16:13:33.0387 0x2c60 SDTray - ok
16:13:33.0481 0x2c60 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:13:33.0576 0x2c60 Sidebar - ok
16:13:33.0596 0x2c60 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:13:33.0613 0x2c60 mctadmin - ok
16:13:33.0654 0x2c60 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:13:33.0706 0x2c60 Sidebar - ok
16:13:33.0712 0x2c60 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:13:33.0728 0x2c60 mctadmin - ok
16:13:33.0987 0x2c60 [ D6E2ED7F1F7BE7CCB8676491BF950B57, CBF07EE746F2C27ACC532E83ADC43FBE954DC3C598C4333F13B1A7615AEA9AD5 ] C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe
16:13:34.0085 0x2c60 Akamai NetSession Interface - ok
16:13:34.0131 0x2c60 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\sidebar.exe
16:13:34.0166 0x2c60 Sidebar - ok
16:13:34.0323 0x2c60 [ B1949628130F192DA27FDBAEA516BB6E, 13E5A2EBF0FDAB29CEA1E7FAEB3141233198D9A28353BDBB6FDB03602BE32AC6 ] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe
16:13:34.0457 0x2c60 Spybot-S&D Cleaning - ok
16:13:34.0510 0x2c60 [ 2F0EAAF91FC7A5C70D1F4BE9B18A1CF5, 6075E8ADD4136AC6497C1FE9CC937E6652FAD5024AED1CF901CE107078955C4F ] C:\Windows\System32\StikyNot.exe
16:13:34.0572 0x2c60 RESTART_STICKY_NOTES - ok
16:13:34.0573 0x2c60 Waiting for KSN requests completion. In queue: 256
16:13:35.0573 0x2c60 Waiting for KSN requests completion. In queue: 256
16:13:36.0573 0x2c60 Waiting for KSN requests completion. In queue: 256
16:13:37.0606 0x2c60 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x40000 ( disabled : updated )
16:13:37.0635 0x2c60 Win FW state via NFP2: enabled
16:13:40.0069 0x2c60 ============================================================
16:13:40.0069 0x2c60 Scan finished
16:13:40.0069 0x2c60 ============================================================
16:13:40.0076 0x24a4 Detected object count: 0
16:13:40.0076 0x24a4 Actual detected object count: 0
|
|
15.01.2015, 17:11
| #4 |
| /// the machine /// TB-Ausbilder | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.01.2015, 18:16
| #5 |
| | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast combofix zeigte die Meldung, dass spybot S&D noch im System sei. Ich hatte vor dem Start einen Neustart des Systems durchgeführt, und zuvor Spybot aus dem Autostart herausgenommen, weder wurde mir ein aktiver Dienst, noch das Benachrichtigungssymbol in der Benachrichtigungsleiste angezeigt. daher habe ich die Meldung als "das kannst Du dann ignorieren" interpretiert. Code:
ATTFilter ComboFix 15-01-08.01 - Dominik 15.01.2015 17:48:10.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3071.1090 [GMT 1:00]
ausgeführt von:: c:\users\Dominik\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dominik\AppData\Roaming\InetStat\inetstat.exe
c:\windows\IsUn0407.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-12-15 bis 2015-01-15 ))))))))))))))))))))))))))))))
.
.
2015-01-15 17:04 . 2015-01-15 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-15 17:04 . 2015-01-15 17:04 -------- d-----w- c:\users\TogetherCrazyGaming\AppData\Local\temp
2015-01-14 19:32 . 2015-01-14 19:32 -------- d-----w- c:\programdata\Malwarebytes
2015-01-14 19:31 . 2015-01-15 16:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-01-14 19:31 . 2015-01-14 20:38 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-14 19:29 . 2015-01-14 20:37 79576 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-14 19:03 . 2015-01-14 19:03 -------- d-----w- c:\program files\VS Revo Group
2015-01-14 17:06 . 2015-01-14 17:13 -------- d-----w- C:\FRST
2015-01-14 15:58 . 2014-12-12 05:11 3971512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-01-14 15:58 . 2014-12-12 05:11 3916728 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 15:57 . 2014-12-11 17:47 46592 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 15:57 . 2014-12-19 02:43 164864 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 15:57 . 2014-12-06 03:50 242688 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 15:57 . 2014-12-19 01:34 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 15:55 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA0BC39A-1225-42CB-B4E4-957D71F5A240}\mpengine.dll
2015-01-11 10:28 . 2013-09-20 09:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2015-01-11 10:28 . 2015-01-11 11:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-01-11 10:28 . 2015-01-11 10:30 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2015-01-10 12:37 . 2015-01-10 12:41 -------- d-----w- c:\users\Dominik\AppData\Roaming\Compatibility Verifier
2015-01-09 22:18 . 2015-01-09 22:18 -------- d-----w- c:\windows\system32\vbox
2015-01-09 22:14 . 2015-01-09 22:14 -------- d-----w- c:\users\Dominik\AppData\Roaming\AVAST Software
2015-01-09 22:08 . 2015-01-09 22:08 91496 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-01-09 22:08 . 2015-01-09 22:08 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-01-09 22:08 . 2015-01-09 22:08 291352 ----a-w- c:\windows\system32\aswBoot.exe
2015-01-09 22:08 . 2015-01-09 22:08 43152 ----a-w- c:\windows\avastSS.scr
2015-01-09 21:35 . 2015-01-09 21:49 -------- d-----w- c:\users\Dominik\AppData\Local\FreeFixer
2015-01-09 21:35 . 2015-01-09 21:35 -------- d-----w- c:\users\Dominik\AppData\Roaming\FreeFixer
2015-01-09 21:25 . 2015-01-15 16:35 -------- d-----w- c:\users\Default\AppData\Roaming\Compatibility Verifier
2015-01-09 21:25 . 2015-01-09 21:25 -------- d-----w- c:\users\Default\AppData\Local\Programs
2014-12-18 18:27 . 2014-12-19 11:59 -------- d-----w- c:\program files\Mozilla Thunderbird
2014-12-18 14:50 . 2014-12-13 03:33 115712 ----a-w- c:\windows\system32\ieUnatt.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-13 21:19 . 2012-12-31 21:24 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 21:19 . 2012-12-31 21:24 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-09 22:39 . 2012-12-31 21:22 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2015-01-09 22:39 . 2012-12-31 21:22 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2015-01-09 22:08 . 2013-06-03 07:43 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-01-09 22:08 . 2013-06-03 07:43 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-01-09 22:08 . 2012-12-31 21:22 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-01-09 22:08 . 2012-12-31 21:22 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-01-08 08:55 . 2012-12-31 15:17 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-04 04:38 . 2014-12-11 13:54 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-11 13:54 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-11 13:54 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-11 13:54 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-11 13:54 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-11 13:54 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-11 13:54 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 13:54 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-22 02:20 . 2014-12-11 13:54 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-11 13:54 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-11 13:54 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-11 13:54 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-11 13:54 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 13:54 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-11 13:54 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-11 13:54 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-11 13:54 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-11 13:54 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 13:54 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-11 13:54 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 13:54 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-11 13:54 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-11 20:01 . 2014-11-11 20:01 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2014-11-11 20:01 . 2014-11-11 20:01 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2014-11-11 02:44 . 2014-12-11 13:54 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 14:42 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 14:42 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-11 13:54 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45 . 2014-12-11 13:53 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-30 01:45 . 2014-12-11 13:53 155136 ----a-w- c:\windows\system32\charmap.exe
2014-10-28 14:33 . 2014-08-30 14:12 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2014-10-25 01:32 . 2014-11-13 01:14 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-13 01:52 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-12-11 23:27 3209728 ----a-w- c:\windows\system32\mf.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-01-09 22:08 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Dominik\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-11-19 11733648]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1425208]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-30 2199840]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-04-30 1081112]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-28 8187160]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-12-13 3838800]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-21 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23 3672640 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2014-12-13 16:01 3838800 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Overwolf]
2014-12-29 17:14 40176 ----a-w- c:\program files\Overwolf\Overwolf.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2014-06-24 09:42 4101576 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2006-09-19 08:07 827392 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spybot-S&D Cleaning]
2014-06-24 09:41 4566952 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-11-18 20:23 1940160 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-07-11 00:39 256896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-08-07 16:18 90112 ----a-w- c:\program files\MAGIX\Video_deluxe_MX_Premium_Download-Version\Trayserver_DE.exe
.
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe [2014-06-16 93048]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 musbehco;musbehco;c:\users\Dominik\AppData\Local\Temp\musbehco.sys [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files\Overwolf\OverwolfUpdater.exe [2014-12-29 998640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-06-03 1343400]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-01-09 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-01-09 423784]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-04 242240]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-01-09 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-01-09 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-01-09 91496]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-12-13 1895760]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-12-02 411920]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-30 1617696]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-30 19702048]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-06-27 2088408]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-04-25 171928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-05-19 410968]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-01-09 218192]
S2 Verifies and fixes application compatibility issues;Compatibility Verify;c:\users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe [2015-01-08 87208]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-01-09 3192344]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2013-06-25 50728]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2013-05-30 39960]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-04-30 17240]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-03-31 34080]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-13 10:41 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-31 21:19]
.
2015-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-26 20:50]
.
2015-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-26 20:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>;<local>
FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Nvtmru - c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
c:\users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Holland - Verknüpfung.lnk - (no file)
Notify-SDWinLogon - SDWinLogon.dll
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
AddRemove-S4Uninst - c:\windows\IsUn0407.exe
AddRemove-StarCraft II - c:\program files\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3362981809-2306697286-120240772-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:b6,50,25,75,93,61,1c,f7,36,35,94,dd,60,a5,c4,80,4a,06,f6,72,f1,74,1b,
be,3f,f9,f1,1b,ad,57,40,45,99,7f,1e,e6,5a,f0,a6,43,0f,f2,1c,55,00,e4,fd,56,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-3362981809-2306697286-120240772-1001\Software\SecuROM\License information*]
"datasecu"=hex:d3,b9,f0,80,78,f7,3e,65,ba,7d,1e,df,97,00,2b,df,55,3e,dd,27,60,
8a,18,d5,de,d2,ad,40,aa,79,4a,c4,6b,26,a6,86,d2,64,67,70,44,4f,b8,f4,2c,2b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-01-15 18:07:53
ComboFix-quarantined-files.txt 2015-01-15 17:07
.
Vor Suchlauf: 16 Verzeichnis(se), 108.551.188.480 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 108.802.748.416 Bytes frei
.
- - End Of File - - 6E1E89475160F6BE4FEB0703AFF393F2
A36C5E4F47E84449FF07ED3517B43A31
|
|
15.01.2015, 18:46
| #6 |
| /// the machine /// TB-Ausbilder | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast |
|
16.01.2015, 19:09
| #7 |
| | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Hallo, Nach dem letzten Neustart meldete sich AVAST (obwohl ich auf deaktivieren gedrückt hatte und die Sicherheitsabfrage kam, und in der notification bar den Hinweis erhielt, dass AVAST nicht aktiv sein) eine Meldung, dass es beim Start von Firefox die Erweiterung flowsurf gefunden hätte - die eine schlechte reputation hätte. Hier habe ich keine Aktion durchführen lassen. Die Logs: mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 15.01.2015 Suchlauf-Zeit: 19:09:55 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.15.10 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Dominik Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 370016 Verstrichene Zeit: 36 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 9 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1536, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 540, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1248, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5960, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1092, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4104, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3076, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3752, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 3276, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42] Module: 10 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], Registrierungsschlüssel: 10 PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\CLASSES\CLSID\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f], PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{6CA2A4DE-483E-456B-8634-6445460D7097}, In Quarantäne, [c8ee19deb6d3b18597951ecfa161619f], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, In Quarantäne, [288e62958306dc5ace2ba34905fddf21], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [cbebe611fb8e79bde7b77975d62c1ae6], PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [a01646b199f05cda58c897fae51e60a0], PUP.Optional.RRSavings.A, HKLM\SOFTWARE\rrsavings, In Quarantäne, [4472cd2a19709e988130b4eda75c56aa], PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, In Quarantäne, [fbbb48afb1d8b086547510665da656aa], PUP.Optional.FlowSurf.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF, In Quarantäne, [189e32c5a9e0d85e4a64dd07eb19b050], Registrierungswerte: 3 PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|jid1-tofUlNEIFlkUIA@jetpack, C:\Program Files\Flowsurf\jid1-tofUlNEIFlkUIA@jetpack, In Quarantäne, [3b7bbb3cc3c6082e63d99610b54e4ab6] PUP.Optional.FlowSurf.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\FLOWSURF|chrid, oglkiljdmflopemijdadoiepkhcaodjn, In Quarantäne, [189e32c5a9e0d85e4a64dd07eb19b050] PUP.Optional.QuickStart.A, HKU\S-1-5-21-3362981809-2306697286-120240772-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, In Quarantäne, [eec8a6516c1d5dd99283b8db7b880bf5] Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 15 PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\locales, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.AdPeak.A, C:\temp, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, In Quarantäne, [179f9d5a36535dd90017db5fc340be42], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, In Quarantäne, [179f9d5a36535dd90017db5fc340be42], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.RRSavings.A, C:\Program Files\RrFilter, In Quarantäne, [30866790464310269e21ec569d66c838], PUP.Optional.RRSavings.A, C:\Program Files\RrFilter\SSL, In Quarantäne, [30866790464310269e21ec569d66c838], Dateien: 74 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, In Quarantäne, [3d7929cebbce71c5077bc0b87b86a759], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Löschen bei Neustart, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [c9ed1cdb1178b680e277551a1ee5be42], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\debug.log, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\icudtl.dat, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\libEGL.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.CompatibilityVerifier.A, C:\Users\Dominik\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, In Quarantäne, [05b14fa8a6e332041a3ff57a54af2fd1], PUP.Optional.AdPeak.A, C:\temp\lsp2.log, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], PUP.Optional.AdPeak.A, C:\temp\output.txt, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], PUP.Optional.AdPeak.A, C:\temp\t.txt, In Quarantäne, [1a9c787f7f0a9c9a6ef0d1c551b20000], PUP.Optional.QuickStart.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, In Quarantäne, [d2e4b93e70192016d42006e2a262d729], PUP.Optional.QuickStart.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, In Quarantäne, [22947b7c2f5a79bd8f65e6024bb907f9], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, In Quarantäne, [179f9d5a36535dd90017db5fc340be42], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\background.html, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\extension_info.json.bak, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf-drop.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\flowsurf.css, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\jquery-1.7.2.min.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\main.js.bak, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\manifest.json, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\readme.txt, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\button.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon100.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon128.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon16.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon256.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon32.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon48.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\icons\icon64.png, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_init.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\content_kango.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\invoke_async_module.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\message_target_module.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\includes\userscript_client.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\backgroundscript_engine.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\browser.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\console.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\i18n.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\initialize.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\io.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\kango.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\lang.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\messaging.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\storage.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\userscript_engine.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango\xhr.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\browser_button.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\kango_api.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\options.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\remote_popup_host.html, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], PUP.Optional.FlowSurf.A, C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglkiljdmflopemijdadoiepkhcaodjn\1.5.28_0\kango-ui\ui.js, In Quarantäne, [694d52a54049c86ece41fa4510f3b64a], Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.107 - Bericht erstellt am 15/01/2015 um 20:13:20
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : Dominik - TROLLINGSARUMAN
# Gestartet von : C:\Users\Dominik\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\002
Ordner Gelöscht : C:\Users\Dominik\AppData\Local\FreeFixer
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\FreeFixer
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\NCH Software
Datei Gelöscht : C:\Users\Dominik\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Windows\system32\drivers\netfilter.sys
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\foxydeal.sqlite
***** [ Tasks ] *****
Task Gelöscht : fsupdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8018C54-B702-4D52-9ACC-8CA78911E633}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C6A846C5-D67F-48B4-8552-C22354E56966}
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\usyndication.com
Schlüssel Gelöscht : HKCU\Software\USyndication
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0 (x86 de)
[51dpc675.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[51dpc675.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v39.0.2171.95
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [14338 octets] - [30/04/2014 19:24:18]
AdwCleaner[R1].txt - [1315 octets] - [30/04/2014 19:50:07]
AdwCleaner[R2].txt - [1363 octets] - [02/05/2014 00:59:57]
AdwCleaner[R3].txt - [1484 octets] - [06/06/2014 23:22:50]
AdwCleaner[R4].txt - [2842 octets] - [15/01/2015 20:04:20]
AdwCleaner[S0].txt - [12962 octets] - [30/04/2014 19:25:39]
AdwCleaner[S1].txt - [1376 octets] - [30/04/2014 19:51:00]
AdwCleaner[S2].txt - [1545 octets] - [06/06/2014 23:25:39]
AdwCleaner[S3].txt - [2719 octets] - [15/01/2015 20:13:20]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2779 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x86
Ran by Dominik on 16.01.2015 at 17:33:57,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\System32\Tasks\RegistryDr_Popup
Successfully deleted: [File] C:\Windows\System32\Tasks\RegistryDr_Start
Successfully deleted: [File] "C:\Users\Dominik\favorites\links\startfenster.lnk"
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Dominik\AppData\Roaming\mozilla\firefox\profiles\51dpc675.default\minidumps [484 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2015 at 17:35:47,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01 Ran by Dominik (administrator) on TROLLINGSARUMAN on 16-01-2015 19:06:54 Running from C:\Users\Dominik\Desktop Loaded Profiles: Dominik (Available profiles: Dominik & TogetherCrazyGaming) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8187160 2014-07-28] (Logitech Inc.) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software) HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3362981809-2306697286-120240772-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3362981809-2306697286-120240772-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default FF Homepage: https://www.facebook.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\amazon-deu.xml FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\proxerme.xml FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\youtube-videosuche.xml FF Extension: FT DeepDark - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-03] FF Extension: Bluhell Firewall - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-14] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-31] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll No File CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Profile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17] CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-09] (Avast Software) S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [93048 2014-06-16] (EasyAntiCheat Ltd) R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] () R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] () R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation) S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-09] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-09] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-04] (DT Soft Ltd) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-25] (Eugene V. Muzychenko) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.) R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.) R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-09] (Avast Software) S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Dominik\AppData\Local\Temp\catchme.sys [X] S3 musbehco; \??\C:\Users\Dominik\AppData\Local\Temp\musbehco.sys [X] S3 pmem; \??\C:\Users\Dominik\AppData\Local\Temp\_MEI55962\drivers\winpmem32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 19:06 - 2015-01-16 19:06 - 00000000 ____D () C:\Users\Dominik\Desktop\FRST-OlderVersion 2015-01-16 17:49 - 2015-01-16 17:49 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-49-56.066-AvastVBoxSVC.exe-3504.log 2015-01-16 17:45 - 2015-01-16 17:45 - 00000286 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (3).txt 2015-01-16 17:35 - 2015-01-16 17:35 - 00000992 _____ () C:\Users\Dominik\Desktop\JRT.txt 2015-01-16 17:33 - 2015-01-16 17:33 - 00000000 ____D () C:\Windows\ERUNT 2015-01-16 17:32 - 2015-01-16 17:32 - 01707939 _____ (Thisisu) C:\Users\Dominik\Desktop\JRT.exe 2015-01-16 17:26 - 2015-01-16 17:26 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-26-02.025-AvastVBoxSVC.exe-3908.log 2015-01-16 17:21 - 2015-01-16 17:21 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-21-57.030-AvastVBoxSVC.exe-2964.log 2015-01-16 17:10 - 2015-01-16 17:10 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-10-20.087-AvastVBoxSVC.exe-4084.log 2015-01-16 17:00 - 2015-01-16 17:00 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-00-02.052-AvastVBoxSVC.exe-3696.log 2015-01-16 14:45 - 2015-01-16 14:45 - 00000197 _____ () C:\Windows\system32\2015-01-16-13-45-27.090-AvastVBoxSVC.exe-3408.log 2015-01-15 20:17 - 2015-01-15 20:17 - 00000197 _____ () C:\Windows\system32\2015-01-15-19-17-41.019-AvastVBoxSVC.exe-3828.log 2015-01-15 20:12 - 2015-01-15 20:13 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-12-59.029-aswFe.exe-4604.log 2015-01-15 20:08 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-08-04.058-aswFe.exe-5008.log 2015-01-15 20:02 - 2015-01-15 20:03 - 02191360 _____ () C:\Users\Dominik\Desktop\AdwCleaner_4.107.exe 2015-01-15 19:59 - 2015-01-15 19:59 - 00023039 _____ () C:\Users\Dominik\Desktop\mbam.txt 2015-01-15 19:06 - 2015-01-15 19:06 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-15 19:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-15 19:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-15 18:59 - 2015-01-15 19:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dominik\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-15 18:56 - 2015-01-15 18:56 - 00000197 _____ () C:\Windows\system32\2015-01-15-17-56-39.075-AvastVBoxSVC.exe-2692.log 2015-01-15 18:07 - 2015-01-15 18:07 - 00017812 _____ () C:\ComboFix.txt 2015-01-15 17:44 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-15 17:44 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-15 17:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-15 17:35 - 2015-01-15 18:07 - 00000000 ____D () C:\Qoobox 2015-01-15 17:34 - 2015-01-15 18:05 - 00000000 ____D () C:\Windows\erdnt 2015-01-15 17:32 - 2015-01-15 17:32 - 05609736 ____R (Swearware) C:\Users\Dominik\Desktop\ComboFix.exe 2015-01-15 17:28 - 2015-01-15 17:28 - 00000197 _____ () C:\Windows\system32\2015-01-15-16-28-45.010-AvastVBoxSVC.exe-3576.log 2015-01-15 16:16 - 2015-01-15 16:19 - 00102593 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (2).txt 2015-01-15 16:09 - 2015-01-15 16:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Dominik\Desktop\tdsskiller.exe 2015-01-14 21:36 - 2015-01-14 21:36 - 00000197 _____ () C:\Windows\system32\2015-01-14-20-36-18.044-AvastVBoxSVC.exe-3592.log 2015-01-14 21:17 - 2015-01-14 21:17 - 00000000 ____H () C:\Users\Dominik\Documents\Default.rdp 2015-01-14 20:32 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-14 20:31 - 2015-01-16 18:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-14 20:31 - 2015-01-15 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-14 20:29 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-14 20:28 - 2015-01-15 16:11 - 00000000 ____D () C:\Users\Dominik\Desktop\mbar 2015-01-14 20:26 - 2015-01-14 20:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dominik\Desktop\mbar-1.08.2.1001.exe 2015-01-14 20:21 - 2015-01-14 20:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-19-21-53.063-AvastVBoxSVC.exe-3692.log 2015-01-14 20:03 - 2015-01-14 20:03 - 00001222 _____ () C:\Users\Dominik\Desktop\Revo Uninstaller.lnk 2015-01-14 20:03 - 2015-01-14 20:03 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-01-14 20:00 - 2015-01-14 20:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dominik\Desktop\revosetup95.exe 2015-01-14 19:54 - 2015-01-14 19:54 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-54-07.069-AvastVBoxSVC.exe-3156.log 2015-01-14 19:19 - 2015-01-14 19:19 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-19-08.073-AvastVBoxSVC.exe-3128.log 2015-01-14 18:43 - 2015-01-14 18:43 - 00008989 _____ () C:\Users\Dominik\Desktop\gmer.log 2015-01-14 18:11 - 2015-01-14 18:13 - 00039072 _____ () C:\Users\Dominik\Desktop\Addition.txt 2015-01-14 18:06 - 2015-01-16 19:06 - 00018761 _____ () C:\Users\Dominik\Desktop\FRST.txt 2015-01-14 18:06 - 2015-01-16 19:06 - 00000000 ____D () C:\FRST 2015-01-14 18:04 - 2015-01-14 18:05 - 00000476 _____ () C:\Users\Dominik\Desktop\defogger_disable.log 2015-01-14 18:04 - 2015-01-14 18:04 - 00000000 _____ () C:\Users\Dominik\defogger_reenable 2015-01-14 17:52 - 2015-01-16 19:06 - 01116672 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe 2015-01-14 17:52 - 2015-01-14 17:52 - 00050477 _____ () C:\Users\Dominik\Desktop\Defogger.exe 2015-01-14 17:50 - 2015-01-14 17:50 - 00380416 _____ () C:\Users\Dominik\Desktop\rz1b2ley.exe 2015-01-14 16:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 16:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:57 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:27 - 2015-01-14 16:27 - 00000197 _____ () C:\Windows\system32\2015-01-14-15-27-18.023-AvastVBoxSVC.exe-3216.log 2015-01-13 22:35 - 2015-01-13 22:35 - 280280668 ____N () C:\Windows\MEMORY.DMP 2015-01-13 22:35 - 2015-01-13 22:35 - 00160160 _____ () C:\Windows\Minidump\011315-31875-01.dmp 2015-01-13 15:54 - 2015-01-13 15:54 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-54-55.027-AvastVBoxSVC.exe-792.log 2015-01-13 13:57 - 2015-01-13 13:57 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-57-17.013-AvastVBoxSVC.exe-5424.log 2015-01-13 12:57 - 2015-01-15 18:20 - 00000112 _____ () C:\ProgramData\q485uB3.dat 2015-01-13 12:52 - 2015-01-13 12:53 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-52-33.019-AvastVBoxSVC.exe-3616.log 2015-01-12 13:31 - 2015-01-12 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-12-12-31-33.000-AvastVBoxSVC.exe-3368.log 2015-01-11 15:25 - 2015-01-11 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-25-05.016-AvastVBoxSVC.exe-3124.log 2015-01-11 13:45 - 2015-01-11 13:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-45-48.064-AvastVBoxSVC.exe-3404.log 2015-01-11 13:08 - 2015-01-11 13:08 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-08-40.050-AvastVBoxSVC.exe-3532.log 2015-01-11 12:54 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150111-125459.backup 2015-01-11 12:20 - 2015-01-11 12:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-20-40.098-AvastVBoxSVC.exe-3528.log 2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Dominik\Documents\ProcAlyzer Dumps 2015-01-11 11:28 - 2015-01-11 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-11 11:28 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2015-01-11 11:28 - 2015-01-11 11:28 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-01-11 11:28 - 2015-01-11 11:28 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-01-11 11:28 - 2015-01-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-01-11 11:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2015-01-11 11:26 - 2015-01-11 11:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dominik\Downloads\spybot-2.4.exe 2015-01-11 10:46 - 2015-01-11 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-11-09-46-54.007-AvastVBoxSVC.exe-3012.log 2015-01-10 13:58 - 2015-01-10 13:58 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-58-28.073-AvastVBoxSVC.exe-3244.log 2015-01-09 23:36 - 2015-01-09 23:37 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-36-57.044-aswFe.exe-6088.log 2015-01-09 23:30 - 2015-01-09 23:36 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-30-18.010-aswFe.exe-4644.log 2015-01-09 23:18 - 2015-01-09 23:18 - 00000000 ____D () C:\Windows\system32\vbox 2015-01-09 23:14 - 2015-01-09 23:14 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\AVAST Software 2015-01-09 23:09 - 2015-01-09 23:09 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-01-09 23:08 - 2015-01-09 23:08 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-09 23:08 - 2015-01-09 23:08 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-09 23:08 - 2015-01-09 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-09 23:08 - 2015-01-09 23:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-08 22:02 - 2015-01-08 22:02 - 00087712 _____ () C:\Users\Dominik\Downloads\GLottery-V2.1.8_Beta.zip 2015-01-08 21:59 - 2015-01-08 21:59 - 00451723 _____ () C:\Users\Dominik\Downloads\totalRP3_build_9.zip 2015-01-08 21:58 - 2015-01-08 21:58 - 00073807 _____ () C:\Users\Dominik\Downloads\MyRolePlay_6.0.0.400.zip 2015-01-08 21:57 - 2015-01-08 21:57 - 01327418 _____ () C:\Users\Dominik\Downloads\Outfitter_5.10b8.zip 2015-01-08 21:51 - 2015-01-08 21:51 - 03841803 _____ () C:\Users\Dominik\Downloads\AuctioneerSuite-5.21c.5521.zip 2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\Users\Dominik\Desktop\Mc Server 2014-12-18 19:27 - 2014-12-19 12:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-12-18 15:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 18:40 - 2014-01-26 21:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-16 18:19 - 2012-12-31 22:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-16 17:48 - 2014-01-26 21:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-16 17:48 - 2014-01-18 03:11 - 00000000 ____D () C:\Users\Dominik\AppData\Local\LogMeIn Hamachi 2015-01-16 17:47 - 2013-09-15 08:58 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-16 17:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-16 17:47 - 2009-07-14 05:39 - 00216466 _____ () C:\Windows\setupact.log 2015-01-16 17:46 - 2012-12-31 16:02 - 01103008 _____ () C:\Windows\WindowsUpdate.log 2015-01-15 20:14 - 2013-01-01 13:03 - 00446222 _____ () C:\Windows\PFRO.log 2015-01-15 20:13 - 2014-04-30 19:24 - 00000000 ____D () C:\AdwCleaner 2015-01-15 19:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security 2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-01-15 18:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-01-14 21:33 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media 2015-01-14 18:04 - 2012-12-31 16:03 - 00000000 ____D () C:\Users\Dominik 2015-01-14 17:17 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Battle.net 2015-01-14 17:17 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\TS3Client 2015-01-13 22:35 - 2013-01-28 01:50 - 00000000 ____D () C:\Windows\Minidump 2015-01-13 22:19 - 2012-12-31 22:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-13 22:19 - 2012-12-31 22:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-11 18:18 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Editoren und Player 2015-01-10 01:08 - 2013-11-03 13:53 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\OBS 2015-01-09 23:39 - 2012-12-31 22:22 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-09 23:39 - 2012-12-31 22:22 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-01-09 23:08 - 2013-06-03 08:43 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-09 23:08 - 2013-06-03 08:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-09 23:08 - 2012-12-31 22:22 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-09 23:08 - 2012-12-31 22:22 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-01-09 23:05 - 2012-12-31 22:21 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-09 23:04 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt 2015-01-09 22:36 - 2012-12-31 16:04 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-09 22:26 - 2014-08-30 15:10 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-09 15:11 - 2013-01-03 20:56 - 00000000 ____D () C:\Program Files\Steam 2015-01-08 09:55 - 2012-12-31 16:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-08 00:54 - 2013-02-12 11:24 - 00000000 ____D () C:\Users\Dominik\Desktop\Musik 2015-01-05 03:09 - 2014-06-03 15:08 - 00000000 ____D () C:\Program Files\Common Files\Overwolf 2015-01-05 03:09 - 2014-05-25 19:53 - 00000000 ____D () C:\Program Files\Overwolf 2014-12-29 00:26 - 2013-01-02 22:25 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\.minecraft 2014-12-28 14:29 - 2013-01-04 23:37 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc 2014-12-27 22:28 - 2013-01-03 04:28 - 00000000 ____D () C:\Program Files\Warcraft III 2014-12-25 13:00 - 2013-01-13 20:05 - 00000000 ____D () C:\Users\Dominik\Desktop\Spiele 2014-12-23 14:54 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Internet 2014-12-22 00:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors 2014-12-19 17:44 - 2013-01-13 18:52 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Thunderbird 2014-12-19 12:59 - 2012-12-31 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service Files to move or delete: ==================== C:\ProgramData\q485uB3.dat Some content of TEMP: ==================== C:\Users\Dominik\AppData\Local\Temp\Quarantine.exe C:\Users\Dominik\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-07 19:22 ==================== End Of Log ============================ --- --- --- |
|
16.01.2015, 19:47
| #8 |
| /// the machine /// TB-Ausbilder | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und SpeicherlastESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 22:31
| #9 |
| | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Das macht einen recht guten Eindruck ! Der Prozessor kommt auch mal zur Ruhe, und der Speicherplatz sieht auch wieder gut aus.... Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=dc64219fb533ba44800fa0dff88e83be
# engine=22007
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-16 09:03:21
# local_time=2015-01-16 10:03:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 552414 185862691 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 182737 173073392 0 0
# scanned=347510
# found=12
# cleaned=0
# scan_time=7171
sh=4E475FD620FBCCBB37453AF2BD0427BDA73109FF ft=1 fh=70875884387ffbdb vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=524ED1264811258D64BA2BE8B48005C6D1935713 ft=1 fh=19b60c262a337e59 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=72971E4B87542575A876B36FB87879B416F4EC88 ft=1 fh=eb8c71c588367618 vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterfacef32.dll.vir"
sh=01C9B3D0E073B824021B29F1FD957A8643DF6931 ft=1 fh=9d9cb38b273b86fe vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir"
sh=F34BB16FA7EEF85B106A7C3A3FDEEE95ECF18001 ft=1 fh=7bd5299d4d87abc5 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=FB15CD6ADCD9BDFBF68D5DF5EAEA02BF329F8D4F ft=1 fh=dfa2b1c2f56e7303 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=B733C40B96BCA6CC139230D0F7C4E51CEC12CF35 ft=1 fh=08ea3c71e6c55c1b vn="Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv32.dll.vir"
sh=D6F9F256C03B81C01D6CFF28D2D966F59F786AC3 ft=1 fh=3a3e287aa52ff7e5 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SpAPPSv64.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=EC7EC5D60C5A578BC9953115D368BECD05BA14B2 ft=1 fh=ecbff00cc7dcc0fd vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dominik\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=5E58D4E3CFCA4E841BE1C67B12F70AFEAEB4CF32 ft=1 fh=6f29d94a2c3a0ff5 vn="Variante von Win32/RiskWare.Astori.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Users\Dominik\AppData\Roaming\InetStat\inetstat.exe.vir"
sh=6C6912B7110EBB294CBE5194695C43FA5EA623B3 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Dominik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\1527ad1b-1e440d02"
Code:
ATTFilter Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 65
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.257
Adobe Reader XI
Mozilla Firefox (34.0)
Mozilla Thunderbird (31.3.0)
Google Chrome (39.0.2171.71)
Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015 01 Ran by Dominik (administrator) on TROLLINGSARUMAN on 16-01-2015 22:22:17 Running from C:\Users\Dominik\Desktop Loaded Profiles: Dominik (Available profiles: Dominik & TogetherCrazyGaming) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Akamai Technologies, Inc.) C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11733648 2012-11-19] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2199840 2014-04-30] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8187160 2014-07-28] (Logitech Inc.) HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3838800 2014-12-13] (LogMeIn Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software) HKU\S-1-5-21-3362981809-2306697286-120240772-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Dominik\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-3362981809-2306697286-120240772-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3362981809-2306697286-120240772-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default FF Homepage: https://www.facebook.com/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dominik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin HKU\S-1-5-21-3362981809-2306697286-120240772-1001: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\amazon-deu.xml FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\proxerme.xml FF SearchPlugin: C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\searchplugins\youtube-videosuche.xml FF Extension: FT DeepDark - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-01-03] FF Extension: Bluhell Firewall - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\51dpc675.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-14] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-31] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR Plugin: (Shockwave Flash) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - F:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll No File CHR Plugin: (Wajam) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File CHR Plugin: (Adobe Acrobat) - F:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.170.4) - F:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll No File CHR Plugin: (2007 Microsoft Office system) - F:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.1) - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File CHR Plugin: (Winamp Application Detector) - F:\Program Files\Mozilla Firefox\plugins\npwachk.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npdrmv2.dll No File CHR Plugin: (Microsoft® DRM) - F:\Program Files\Windows Media Player\npwmsdrm.dll No File CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - F:\Program Files\Windows Media Player\npdsplay.dll No File CHR Plugin: (Google Update) - F:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Google Earth Plugin) - F:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File CHR Plugin: (Panda ActiveScan 2.0) - F:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll No File CHR Plugin: (iTunes Application Detector) - F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Ma-Config.com plugin) - F:\Program Files\ma-config.com\nphardwaredetection.dll No File CHR Plugin: (Silverlight Plug-In) - f:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Profile: C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17] CHR Extension: (Google Wallet) - C:\Users\Dominik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-09] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-09] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3192344 2015-01-09] (Avast Software) S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [93048 2014-06-16] (EasyAntiCheat Ltd) S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [370792 2010-01-21] () R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1895760 2014-12-13] (LogMeIn Inc.) R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [411920 2014-12-02] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [167528 2010-01-21] () R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-04-30] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-04-30] (NVIDIA Corporation) S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [998640 2014-12-29] (Overwolf LTD) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2015-01-09] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2015-01-09] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2015-01-09] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2015-01-09] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2015-01-09] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2015-01-09] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2015-01-09] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2015-01-09] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-05-04] (DT Soft Ltd) R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2013-06-25] (Eugene V. Muzychenko) R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.) R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.) R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.) R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation) S3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [99400 2012-05-12] (MotioninJoy) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-04-30] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10252544 2007-03-27] (Sonix Co. Ltd.) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [218192 2015-01-09] (Avast Software) S3 WISTechVIDCAP; C:\Windows\System32\drivers\wisgostrm.sys [226816 2006-11-03] (Pinnacle Systems) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S3 catchme; \??\C:\Users\Dominik\AppData\Local\Temp\catchme.sys [X] S3 musbehco; \??\C:\Users\Dominik\AppData\Local\Temp\musbehco.sys [X] S3 pmem; \??\C:\Users\Dominik\AppData\Local\Temp\_MEI55962\drivers\winpmem32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 22:15 - 2015-01-16 22:15 - 00001079 _____ () C:\Users\Dominik\Desktop\checkup.txt 2015-01-16 22:09 - 2015-01-16 22:09 - 00852504 _____ () C:\Users\Dominik\Desktop\SecurityCheck.exe 2015-01-16 19:54 - 2015-01-16 19:54 - 02347384 _____ (ESET) C:\Users\Dominik\Desktop\esetsmartinstaller_deu.exe 2015-01-16 19:06 - 2015-01-16 19:06 - 00000000 ____D () C:\Users\Dominik\Desktop\FRST-OlderVersion 2015-01-16 17:49 - 2015-01-16 17:50 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-49-56.066-AvastVBoxSVC.exe-3504.log 2015-01-16 17:45 - 2015-01-16 17:45 - 00000286 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (3).txt 2015-01-16 17:35 - 2015-01-16 17:35 - 00000992 _____ () C:\Users\Dominik\Desktop\JRT.txt 2015-01-16 17:33 - 2015-01-16 17:33 - 00000000 ____D () C:\Windows\ERUNT 2015-01-16 17:32 - 2015-01-16 17:32 - 01707939 _____ (Thisisu) C:\Users\Dominik\Desktop\JRT.exe 2015-01-16 17:26 - 2015-01-16 17:26 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-26-02.025-AvastVBoxSVC.exe-3908.log 2015-01-16 17:21 - 2015-01-16 17:21 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-21-57.030-AvastVBoxSVC.exe-2964.log 2015-01-16 17:10 - 2015-01-16 17:10 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-10-20.087-AvastVBoxSVC.exe-4084.log 2015-01-16 17:00 - 2015-01-16 17:00 - 00000197 _____ () C:\Windows\system32\2015-01-16-16-00-02.052-AvastVBoxSVC.exe-3696.log 2015-01-16 14:45 - 2015-01-16 14:45 - 00000197 _____ () C:\Windows\system32\2015-01-16-13-45-27.090-AvastVBoxSVC.exe-3408.log 2015-01-15 20:17 - 2015-01-15 20:17 - 00000197 _____ () C:\Windows\system32\2015-01-15-19-17-41.019-AvastVBoxSVC.exe-3828.log 2015-01-15 20:12 - 2015-01-15 20:13 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-12-59.029-aswFe.exe-4604.log 2015-01-15 20:08 - 2015-01-15 20:12 - 00000247 _____ () C:\Windows\system32\2015-01-15-19-08-04.058-aswFe.exe-5008.log 2015-01-15 20:02 - 2015-01-15 20:03 - 02191360 _____ () C:\Users\Dominik\Desktop\AdwCleaner_4.107.exe 2015-01-15 19:59 - 2015-01-15 19:59 - 00023039 _____ () C:\Users\Dominik\Desktop\mbam.txt 2015-01-15 19:06 - 2015-01-15 19:06 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-15 19:06 - 2015-01-15 19:06 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2015-01-15 19:06 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-15 19:06 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-15 18:59 - 2015-01-15 19:00 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Dominik\Desktop\mbam-setup-2.0.4.1028.exe 2015-01-15 18:56 - 2015-01-15 18:56 - 00000197 _____ () C:\Windows\system32\2015-01-15-17-56-39.075-AvastVBoxSVC.exe-2692.log 2015-01-15 18:07 - 2015-01-15 18:07 - 00017812 _____ () C:\ComboFix.txt 2015-01-15 17:44 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-01-15 17:44 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-01-15 17:44 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-01-15 17:44 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-01-15 17:35 - 2015-01-15 18:07 - 00000000 ____D () C:\Qoobox 2015-01-15 17:34 - 2015-01-15 18:05 - 00000000 ____D () C:\Windows\erdnt 2015-01-15 17:32 - 2015-01-15 17:32 - 05609736 ____R (Swearware) C:\Users\Dominik\Desktop\ComboFix.exe 2015-01-15 17:28 - 2015-01-15 17:28 - 00000197 _____ () C:\Windows\system32\2015-01-15-16-28-45.010-AvastVBoxSVC.exe-3576.log 2015-01-15 16:16 - 2015-01-15 16:19 - 00102593 _____ () C:\Users\Dominik\Desktop\Neues Textdokument (2).txt 2015-01-15 16:09 - 2015-01-15 16:10 - 04187592 _____ (Kaspersky Lab ZAO) C:\Users\Dominik\Desktop\tdsskiller.exe 2015-01-14 21:36 - 2015-01-14 21:36 - 00000197 _____ () C:\Windows\system32\2015-01-14-20-36-18.044-AvastVBoxSVC.exe-3592.log 2015-01-14 21:17 - 2015-01-14 21:17 - 00000000 ____H () C:\Users\Dominik\Documents\Default.rdp 2015-01-14 20:32 - 2015-01-15 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-14 20:31 - 2015-01-16 22:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-14 20:31 - 2015-01-15 17:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2015-01-14 20:29 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-14 20:28 - 2015-01-15 16:11 - 00000000 ____D () C:\Users\Dominik\Desktop\mbar 2015-01-14 20:26 - 2015-01-14 20:27 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Dominik\Desktop\mbar-1.08.2.1001.exe 2015-01-14 20:21 - 2015-01-14 20:21 - 00000197 _____ () C:\Windows\system32\2015-01-14-19-21-53.063-AvastVBoxSVC.exe-3692.log 2015-01-14 20:03 - 2015-01-14 20:03 - 00001222 _____ () C:\Users\Dominik\Desktop\Revo Uninstaller.lnk 2015-01-14 20:03 - 2015-01-14 20:03 - 00000000 ____D () C:\Program Files\VS Revo Group 2015-01-14 20:00 - 2015-01-14 20:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dominik\Desktop\revosetup95.exe 2015-01-14 19:54 - 2015-01-14 19:54 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-54-07.069-AvastVBoxSVC.exe-3156.log 2015-01-14 19:19 - 2015-01-14 19:19 - 00000197 _____ () C:\Windows\system32\2015-01-14-18-19-08.073-AvastVBoxSVC.exe-3128.log 2015-01-14 18:43 - 2015-01-14 18:43 - 00008989 _____ () C:\Users\Dominik\Desktop\gmer.log 2015-01-14 18:11 - 2015-01-14 18:13 - 00039072 _____ () C:\Users\Dominik\Desktop\Addition.txt 2015-01-14 18:06 - 2015-01-16 22:22 - 00018621 _____ () C:\Users\Dominik\Desktop\FRST.txt 2015-01-14 18:06 - 2015-01-16 22:22 - 00000000 ____D () C:\FRST 2015-01-14 18:04 - 2015-01-14 18:05 - 00000476 _____ () C:\Users\Dominik\Desktop\defogger_disable.log 2015-01-14 18:04 - 2015-01-14 18:04 - 00000000 _____ () C:\Users\Dominik\defogger_reenable 2015-01-14 17:52 - 2015-01-16 19:06 - 01116672 _____ (Farbar) C:\Users\Dominik\Desktop\FRST.exe 2015-01-14 17:52 - 2015-01-14 17:52 - 00050477 _____ () C:\Users\Dominik\Desktop\Defogger.exe 2015-01-14 17:50 - 2015-01-14 17:50 - 00380416 _____ () C:\Users\Dominik\Desktop\rz1b2ley.exe 2015-01-14 16:58 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-01-14 16:58 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:57 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:57 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:57 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:57 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:27 - 2015-01-14 16:27 - 00000197 _____ () C:\Windows\system32\2015-01-14-15-27-18.023-AvastVBoxSVC.exe-3216.log 2015-01-13 22:35 - 2015-01-13 22:35 - 280280668 ____N () C:\Windows\MEMORY.DMP 2015-01-13 22:35 - 2015-01-13 22:35 - 00160160 _____ () C:\Windows\Minidump\011315-31875-01.dmp 2015-01-13 15:54 - 2015-01-13 15:54 - 00000197 _____ () C:\Windows\system32\2015-01-13-14-54-55.027-AvastVBoxSVC.exe-792.log 2015-01-13 13:57 - 2015-01-13 13:57 - 00000197 _____ () C:\Windows\system32\2015-01-13-12-57-17.013-AvastVBoxSVC.exe-5424.log 2015-01-13 12:57 - 2015-01-15 18:20 - 00000112 _____ () C:\ProgramData\q485uB3.dat 2015-01-13 12:52 - 2015-01-13 12:53 - 00000197 _____ () C:\Windows\system32\2015-01-13-11-52-33.019-AvastVBoxSVC.exe-3616.log 2015-01-12 13:31 - 2015-01-12 13:32 - 00000197 _____ () C:\Windows\system32\2015-01-12-12-31-33.000-AvastVBoxSVC.exe-3368.log 2015-01-11 15:25 - 2015-01-11 15:25 - 00000197 _____ () C:\Windows\system32\2015-01-11-14-25-05.016-AvastVBoxSVC.exe-3124.log 2015-01-11 13:45 - 2015-01-11 13:45 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-45-48.064-AvastVBoxSVC.exe-3404.log 2015-01-11 13:08 - 2015-01-11 13:08 - 00000197 _____ () C:\Windows\system32\2015-01-11-12-08-40.050-AvastVBoxSVC.exe-3532.log 2015-01-11 12:54 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150111-125459.backup 2015-01-11 12:20 - 2015-01-11 12:20 - 00000197 _____ () C:\Windows\system32\2015-01-11-11-20-40.098-AvastVBoxSVC.exe-3528.log 2015-01-11 12:14 - 2015-01-11 12:14 - 00000000 ____D () C:\Users\Dominik\Documents\ProcAlyzer Dumps 2015-01-11 11:28 - 2015-01-11 12:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-01-11 11:28 - 2015-01-11 11:30 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2015-01-11 11:28 - 2015-01-11 11:28 - 00002131 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-01-11 11:28 - 2015-01-11 11:28 - 00002119 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2015-01-11 11:28 - 2015-01-11 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2015-01-11 11:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe 2015-01-11 11:26 - 2015-01-11 11:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Dominik\Downloads\spybot-2.4.exe 2015-01-11 10:46 - 2015-01-11 10:47 - 00000197 _____ () C:\Windows\system32\2015-01-11-09-46-54.007-AvastVBoxSVC.exe-3012.log 2015-01-10 13:58 - 2015-01-10 13:58 - 00000197 _____ () C:\Windows\system32\2015-01-10-12-58-28.073-AvastVBoxSVC.exe-3244.log 2015-01-09 23:36 - 2015-01-09 23:37 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-36-57.044-aswFe.exe-6088.log 2015-01-09 23:30 - 2015-01-09 23:36 - 00000247 _____ () C:\Windows\system32\2015-01-09-22-30-18.010-aswFe.exe-4644.log 2015-01-09 23:18 - 2015-01-09 23:18 - 00000000 ____D () C:\Windows\system32\vbox 2015-01-09 23:14 - 2015-01-09 23:14 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\AVAST Software 2015-01-09 23:09 - 2015-01-09 23:09 - 00002045 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-01-09 23:08 - 2015-01-09 23:08 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-01-09 23:08 - 2015-01-09 23:08 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-01-09 23:08 - 2015-01-09 23:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-01-09 23:08 - 2015-01-09 23:08 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe 2015-01-09 22:27 - 2015-01-09 22:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe 2015-01-08 22:02 - 2015-01-08 22:02 - 00087712 _____ () C:\Users\Dominik\Downloads\GLottery-V2.1.8_Beta.zip 2015-01-08 21:59 - 2015-01-08 21:59 - 00451723 _____ () C:\Users\Dominik\Downloads\totalRP3_build_9.zip 2015-01-08 21:58 - 2015-01-08 21:58 - 00073807 _____ () C:\Users\Dominik\Downloads\MyRolePlay_6.0.0.400.zip 2015-01-08 21:57 - 2015-01-08 21:57 - 01327418 _____ () C:\Users\Dominik\Downloads\Outfitter_5.10b8.zip 2015-01-08 21:51 - 2015-01-08 21:51 - 03841803 _____ () C:\Users\Dominik\Downloads\AuctioneerSuite-5.21c.5521.zip 2014-12-24 00:53 - 2014-12-24 00:55 - 00000000 ____D () C:\Users\Dominik\Desktop\Mc Server 2014-12-18 19:27 - 2014-12-19 12:59 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird 2014-12-18 15:50 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-16 22:20 - 2014-01-18 03:11 - 00000000 ____D () C:\Users\Dominik\AppData\Local\LogMeIn Hamachi 2015-01-16 22:19 - 2014-01-26 21:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-16 22:19 - 2013-09-15 08:58 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-16 22:19 - 2013-01-01 13:03 - 00447020 _____ () C:\Windows\PFRO.log 2015-01-16 22:19 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-16 22:19 - 2009-07-14 05:39 - 00216634 _____ () C:\Windows\setupact.log 2015-01-16 22:18 - 2012-12-31 16:02 - 01109904 _____ () C:\Windows\WindowsUpdate.log 2015-01-16 21:40 - 2014-01-26 21:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-16 21:19 - 2012-12-31 22:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-16 19:59 - 2012-12-31 16:04 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-16 17:56 - 2009-07-14 05:34 - 00024064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-15 20:13 - 2014-04-30 19:24 - 00000000 ____D () C:\AdwCleaner 2015-01-15 19:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\security 2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default 2015-01-15 18:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public 2015-01-15 18:04 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini 2015-01-14 21:33 - 2009-07-14 03:37 - 00000000 __RSD () C:\Windows\Media 2015-01-14 18:04 - 2012-12-31 16:03 - 00000000 ____D () C:\Users\Dominik 2015-01-14 17:17 - 2014-11-27 19:51 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Battle.net 2015-01-14 17:17 - 2013-01-02 21:58 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\TS3Client 2015-01-13 22:35 - 2013-01-28 01:50 - 00000000 ____D () C:\Windows\Minidump 2015-01-13 22:19 - 2012-12-31 22:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-01-13 22:19 - 2012-12-31 22:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-01-11 18:18 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Editoren und Player 2015-01-10 01:08 - 2013-11-03 13:53 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\OBS 2015-01-09 23:39 - 2012-12-31 22:22 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-01-09 23:39 - 2012-12-31 22:22 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-01-09 23:08 - 2013-06-03 08:43 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-01-09 23:08 - 2013-06-03 08:43 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-01-09 23:08 - 2012-12-31 22:22 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-01-09 23:08 - 2012-12-31 22:22 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-01-09 23:05 - 2012-12-31 22:21 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-01-09 23:04 - 2009-07-14 03:04 - 00002577 _____ () C:\Windows\system32\config.nt 2015-01-09 22:26 - 2014-08-30 15:10 - 00000000 ____D () C:\ProgramData\Package Cache 2015-01-09 15:11 - 2013-01-03 20:56 - 00000000 ____D () C:\Program Files\Steam 2015-01-08 09:55 - 2012-12-31 16:17 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-01-08 00:54 - 2013-02-12 11:24 - 00000000 ____D () C:\Users\Dominik\Desktop\Musik 2015-01-05 03:09 - 2014-06-03 15:08 - 00000000 ____D () C:\Program Files\Common Files\Overwolf 2015-01-05 03:09 - 2014-05-25 19:53 - 00000000 ____D () C:\Program Files\Overwolf 2014-12-29 00:26 - 2013-01-02 22:25 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\.minecraft 2014-12-28 14:29 - 2013-01-04 23:37 - 00000000 ____D () C:\Users\Dominik\AppData\Roaming\vlc 2014-12-27 22:28 - 2013-01-03 04:28 - 00000000 ____D () C:\Program Files\Warcraft III 2014-12-25 13:00 - 2013-01-13 20:05 - 00000000 ____D () C:\Users\Dominik\Desktop\Spiele 2014-12-23 14:54 - 2013-01-06 04:15 - 00000000 ____D () C:\Users\Dominik\Desktop\Internet 2014-12-22 00:39 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Cursors 2014-12-19 17:44 - 2013-01-13 18:52 - 00000000 ____D () C:\Users\Dominik\AppData\Local\Thunderbird 2014-12-19 12:59 - 2012-12-31 16:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service Files to move or delete: ==================== C:\ProgramData\q485uB3.dat Some content of TEMP: ==================== C:\Users\Dominik\AppData\Local\Temp\Quarantine.exe C:\Users\Dominik\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-16 19:46 ==================== End Of Log ============================ |
|
17.01.2015, 12:35
| #10 |
| /// the machine /// TB-Ausbilder | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-3362981809-2306697286-120240772-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
17.01.2015, 13:38
| #11 |
| | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Alles gemacht - fix fertig. Super! Fixlog.txt hätte ich jetzt gerne gepostet - jedoch, Ausschnitt aus Delfix: Code:
ATTFilter Gelöscht : C:\Users\Dominik\Desktop\Fixlog.txt
Da ich keine weiteren Fragen habe, kann ich nur abschließen mit: Ausgezeichnete Arbeit. Wow. Ja, dann kannst Du das Abo von diesem Thread gerne löschen. Vielen, vielen Dank! |
|
17.01.2015, 18:14
| #12 |
| /// the machine /// TB-Ausbilder | Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows7, Zunächst keine Bedienung mehr möglich, jetzt Stimmen. Hohe Prozessor und Speicherlast |
| akamai, bildschirm, browser, computer, dllhost.exe, downloader, error, failed, firefox, flash player, helper, home, homepage, langsam, launch, logfile, popup, problem, prozessor, realtek, refresh, safer networking, scan, security, sekunden, software, svchost.exe, tablet, taskmanager, teredo, windows |
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
Linear-Darstellung
